updated auth param

dkleinF5 · dkleinF5 · commit 4aa5df72a3ff · 2025-12-11T14:41:06.000Z
diff --git a/content/waf/policies/external-references.md b/content/waf/policies/external-references.md
@@ -552,9 +552,10 @@ The request will _not be blocked_ because this violation is set to alarm in the
 
 ### Authenticating External References with Basic Auth
 
-For any external reference section in your policy that uses an HTTP or HTTPS link, you can include a `basicAuth` object with the username (`user`) and the base64-encoded password (`passwordBase64`).  
+For any type of external reference in your policy that uses an HTTP or HTTPS link—including simple URL references and OpenAPI references—you can include a `basicAuth` object, which specifies the username (user) and base64-encoded password (passwordBase64) for HTTP Basic Authentication.
 
 **Example:**
+This example uses `responsePageReference`, but the same `basicAuth` configuration applies to any supported external reference (such as OpenAPI or other URL references) that uses an HTTP/HTTPS link.
 
 ```json
 {
@@ -568,7 +569,7 @@ For any external reference section in your policy that uses an HTTP or HTTPS lin
         "link": "https://securedomain.com:8081/response-pages.txt",
         "basicAuth": {
             "user": "<user>",
-            "passwordBase64": "<password>"
+            "passwordBase64": "<passwordBase64>"
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -552,9 +552,10 @@ The request will _not be blocked_ because this violation is set to alarm in the`
`552`	`552`
`553`	`553`	`### Authenticating External References with Basic Auth`
`554`	`554`
`555`		-For any external reference section in your policy that uses an HTTP or HTTPS link, you can include a `basicAuth` object with the username (`user`) and the base64-encoded password (`passwordBase64`).
	`555`	+For any type of external reference in your policy that uses an HTTP or HTTPS link—including simple URL references and OpenAPI references—you can include a `basicAuth` object, which specifies the username (user) and base64-encoded password (passwordBase64) for HTTP Basic Authentication.
`556`	`556`
`557`	`557`	`Example:`
	`558`	+This example uses `responsePageReference`, but the same `basicAuth` configuration applies to any supported external reference (such as OpenAPI or other URL references) that uses an HTTP/HTTPS link.
`558`	`559`
`559`	`560`	```json
`560`	`561`	`{`
`@@ -568,7 +569,7 @@ For any external reference section in your policy that uses an HTTP or HTTPS lin`
`568`	`569`	`"link": "https://securedomain.com:8081/response-pages.txt",`
`569`	`570`	`"basicAuth": {`
`570`	`571`	`"user": "<user>",`
`571`		`- "passwordBase64": "<password>"`
	`572`	`+ "passwordBase64": "<passwordBase64>"`
`572`	`573`	`}`
`573`	`574`	`}`
`574`	`575`	`}`