diff --git a/api/v1alpha1/ext_auth_types.go b/api/v1alpha1/ext_auth_types.go
index 0670ed4b676e..880d61033dc6 100644
--- a/api/v1alpha1/ext_auth_types.go
+++ b/api/v1alpha1/ext_auth_types.go
@@ -33,6 +33,8 @@ type ExtAuth struct {
 	// +optional
 	HeadersToExtAuth []string `json:"headersToExtAuth,omitempty"`
 
+	BodyToExtAuth *string `json:"bodyToExtAuth,omitempty"`
+
 	// FailOpen is a switch used to control the behavior when a response from the External Authorization service cannot be obtained.
 	// If FailOpen is set to true, the system allows the traffic to pass through.
 	// Otherwise, if it is set to false or not set (defaulting to false),
diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
index 3c2d2af31ede..e2d490fa9016 100644
--- a/internal/gatewayapi/securitypolicy.go
+++ b/internal/gatewayapi/securitypolicy.go
@@ -888,6 +888,7 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *reso
 	extAuth := &ir.ExtAuth{
 		Name:             irConfigName(policy),
 		HeadersToExtAuth: policy.Spec.ExtAuth.HeadersToExtAuth,
+		BodyToExtAuth:    policy.Spec.ExtAuth.BodyToExtAuth,
 		FailOpen:         policy.Spec.ExtAuth.FailOpen,
 		Traffic:          traffic,
 		RecomputeRoute:   policy.Spec.ExtAuth.RecomputeRoute,
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 5e26af0f4794..a861b45a75f1 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -994,6 +994,8 @@ type ExtAuth struct {
 	// +optional
 	HeadersToExtAuth []string `json:"headersToExtAuth,omitempty"`
 
+	BodyToExtAuth *string `json:"bodyToExtAuth,omitempty"`
+
 	// FailOpen is a switch used to control the behavior when a response from the External Authorization service cannot be obtained.
 	// If FailOpen is set to true, the system allows the traffic to pass through.
 	// Otherwise, if it is set to false or not set (defaulting to false),
diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go
index 7d7cc6a72274..95f10933259b 100644
--- a/internal/xds/translator/extauth.go
+++ b/internal/xds/translator/extauth.go
@@ -117,6 +117,13 @@ func extAuthConfig(extAuth *ir.ExtAuth) *extauthv3.ExtAuthz {
 		})
 	}
 
+	if extAuth.BodyToExtAuth != nil {
+		config.WithRequestBody = &extauthv3.BufferSettings{
+			AllowPartialMessage: false,
+			PackAsBytes:         false,
+		}
+	}
+
 	if len(headersToExtAuth) > 0 {
 		config.AllowedHeaders = &matcherv3.ListStringMatcher{
 			Patterns: headersToExtAuth,