diff --git a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
index caa2fd9b4..8365c054e 100644
--- a/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/http/ext_authz/v2/ext_authz.proto
@@ -9,7 +9,8 @@ import "validate/validate.proto";
 
 // [#not-implemented-hide:]
 // External Authorization filter calls out to an external service over the
-// gRPC Authorization API defined by :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
+// gRPC Authorization API defined by
+// :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
 // A failed check will cause this filter to return 403 Forbidden.
 message ExtAuthz {
 
@@ -18,9 +19,8 @@ message ExtAuthz {
 
   // The filter's behaviour in case the external authorization service does
   // not respond back. If set to true then in case of failure to get a
-  // response back from the authorization service allow the traffic.
+  // response back from the authorization service or getting a response that
+  // is NOT denied then traffic will be permitted.
   // Defaults to false.
-  // If set to true and the response from the authorization service is NOT
-  // Denied then the traffic will be permitted.
   bool failure_mode_allow = 2;
 }
diff --git a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
index eb0fe7f0c..f6716386f 100644
--- a/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
+++ b/envoy/config/filter/network/ext_authz/v2/ext_authz.proto
@@ -9,7 +9,8 @@ import "validate/validate.proto";
 
 // [#not-implemented-hide:]
 // External Authorization filter calls out to an external service over the
-// gRPC Authorization API defined by :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
+// gRPC Authorization API defined by
+// :ref:`external_auth <envoy_api_msg_auth.CheckRequest>`.
 // A failed check will cause this filter to close the TCP connection.
 message ExtAuthz {
   // The prefix to use when emitting statistics.
@@ -20,9 +21,8 @@ message ExtAuthz {
 
   // The filter's behaviour in case the external authorization service does
   // not respond back. If set to true then in case of failure to get a
-  // response back from the authorization service allow the traffic.
+  // response back from the authorization service or getting a response that
+  // is NOT denied then traffic will be permitted.
   // Defaults to false.
-  // If set to true and the response from the authorization service is NOT
-  // Denied then the traffic will be permitted.
   bool failure_mode_allow = 3;
 }