diff --git a/content/nap-waf/v4/configuration-guide/configuration.md b/content/nap-waf/v4/configuration-guide/configuration.md
index e96be795..3d834f39 100644
--- a/content/nap-waf/v4/configuration-guide/configuration.md
+++ b/content/nap-waf/v4/configuration-guide/configuration.md
@@ -660,7 +660,8 @@ systematic, username/password combinations to discover legitimate authentication
 To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. 
 When brute force patterns are detected, the NGINX App Protect WAF policy either trigger an alarm or block the attack if the failed 
 login attempts reached a maximum threshold for a specific username or coming from a specific IP address.
-To enable brute force protection, at least one login page must be created.
+To enable brute force protection, at least one login page must be created. 
+The login page entity is created separately and is not included in the brute force configuration block.
 
 ---
 
@@ -722,7 +723,8 @@ Example1: A single brute force configuration is applied universally to all login
 }
 ```
 
-Example2: Different brute force configurations can be defined for individual login pages.
+Example2: Different brute force configurations can be defined for individual login pages. 
+          With each configuration referencing a specific login page.
 ```json
 {
     "policy": {
diff --git a/content/nap-waf/v5/configuration-guide/configuration.md b/content/nap-waf/v5/configuration-guide/configuration.md
index 1121f768..f4c9ed13 100644
--- a/content/nap-waf/v5/configuration-guide/configuration.md
+++ b/content/nap-waf/v5/configuration-guide/configuration.md
@@ -798,7 +798,8 @@ systematic, username/password combinations to discover legitimate authentication
 To prevent brute force attacks, NGINX App Protect WAF monitors IP addresses, usernames, and the number of failed login attempts beyond a maximum threshold. 
 When brute force patterns are detected, the NGINX App Protect WAF policy either trigger an alarm or block the attack if the failed 
 login attempts reached a maximum threshold for a specific username or coming from a specific IP address.
-To enable brute force protection, at least one login page must be created.
+To enable brute force protection, at least one login page must be created. 
+The login page entity is created separately and is not included in the brute force configuration block
 
 ---
 
@@ -861,7 +862,8 @@ Example1: A single brute force configuration is applied universally to all login
 }
 ```
 
-Example2: Different brute force configurations can be defined for individual login pages.
+Example2: Different brute force configurations can be defined for individual login pages. 
+          With each configuration referencing a specific login page.
 ```json
 {
     "policy": {