Add block category partials

Author: maxvp

src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx

@@ -63,34 +63,10 @@ Block [security categories](/cloudflare-one/policies/gateway/domain-categories/#
 
 The categories included in this policy are not always a security threat, but blocking them can help minimize the risk that your organization is exposed to. For more information, refer to [domain categories](/cloudflare-one/policies/gateway/domain-categories/).
 
-<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
-
-| Selector           | Operator | Value                                                     | Action |
-| ------------------ | -------- | --------------------------------------------------------- | ------ |
-| Content Categories | in       | _Questionable Content_, _Security Risks_, _Miscellaneous_ | Block  |
-
-</TabItem>
-
-<TabItem label="API">
-
-```bash
-curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
---header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
---data '{
-  "name": "Block content categories",
-  "description": "Block common content categories that may pose a risk",
-  "enabled": true,
-  "action": "block",
-  "filters": [
-    "dns"
-  ],
-  "traffic": "any(dns.content_category[*] in {17 85 87 102 157 135 138 180 162 32 169 177 128 15 115 119 124 141 161})",
-  "identity": ""
-}'
-```
-
-</TabItem> </Tabs>
+<Render
+	file="gateway/policies/dash-plus-api/dns-block-content-categories"
+	product="cloudflare-one"
+/>
 
 ## Block unauthorized applications
 

src/content/docs/cloudflare-one/policies/gateway/http-policies/common-policies.mdx

@@ -92,35 +92,10 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
 
 Block content categories which go against your organization's acceptable use policy.
 
-<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
-
-| Selector           | Operator | Value                      | Action |
-| ------------------ | -------- | -------------------------- | ------ |
-| Content Categories | in       | _Adult Themes_, _Gambling_ | Block  |
-
-</TabItem>
-
-<TabItem label="API">
-
-```bash
-curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
---header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
---data '{
-  "name": "Block content categories",
-  "description": "Block access to unauthorized adult and gambling applications",
-  "enabled": true,
-  "action": "block",
-  "filters": [
-    "http"
-  ],
-  "traffic": "any(http.request.uri.content_category[*] in {2 67 125 133 99})",
-  "identity": "",
-  "device_posture": ""
-}'
-```
-
-</TabItem> </Tabs>
+<Render
+	file="gateway/policies/dash-plus-api/http-block-content-categories"
+	product="cloudflare-one"
+/>
 
 ## Block unauthorized applications
 

src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx

@@ -85,7 +85,7 @@ The Allow action allows outbound traffic to reach destinations you specify withi
 
 | Selector           | Operator | Value       | Action |
 | ------------------ | -------- | ----------- | ------ |
-| Content Categories | in       | `Education` | Allow  |
+| Content Categories | in       | _Education_ | Allow  |
 
 #### Untrusted certificates
 

src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/recommended-dns-policies.mdx

@@ -149,8 +149,13 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_restrict_quarantined_users"
 <Details header="All-DNS-ContentCategories-Blocklist">
 
 <Render
-	file="zero-trust/blocklist-content-categories"
-	params={{ one: "DNS", two: "Security Risks" }}
+	file="zero-trust/content-categories-description"
+	params={{ policyType: "DNS" }}
+/>
+
+<Render
+	file="gateway/policies/dash-plus-api/dns-block-content-categories"
+	product="cloudflare-one"
 />
 
 </Details>

src/content/docs/learning-paths/secure-internet-traffic/build-http-policies/recommended-http-policies.mdx

@@ -3,86 +3,81 @@ title: Recommended HTTP policies
 pcx_content_type: learning-unit
 sidebar:
   order: 5
-
 ---
 
-import { Details, Render } from "~/components"
+import { Details, Render } from "~/components";
 
 We recommend you add the following HTTP policies to build an Internet and SaaS app security strategy for your organization.
 
-
 <Details header="All-HTTP-Application-InspectBypass">
 
 Bypass HTTP inspection for applications that use embedded certificates. This will help avoid any certificate pinning errors that may arise from an initial rollout.
 
-<Render file="gateway/policies/do-not-inspect-applications" product="cloudflare-one" />
-
+<Render
+	file="gateway/policies/do-not-inspect-applications"
+	product="cloudflare-one"
+/>
 
 </Details>
 
-
 <Details header="Android-HTTP-Application-InspectionBypass">
 
 Bypass HTTPS inspection for Android applications (such as Google Drive) that use certificate pinning, which is incompatible with Gateway inspection.
 
 | Selector                     | Operator | Value                             | Logic | Action         |
 | ---------------------------- | -------- | --------------------------------- | ----- | -------------- |
-| Application                  | in       | *Google Drive*                    | And   | Do Not Inspect |
-| Passed Device Posture Checks | in       | *OS Version Android (OS version)* |       |                |
-
+| Application                  | in       | _Google Drive_                    | And   | Do Not Inspect |
+| Passed Device Posture Checks | in       | _OS Version Android (OS version)_ |       |                |
 
 </Details>
 
-
 <Details header="All-HTTP-Domain-Inspection-Bypass">
 
 Bypass HTTP inspection for a custom list of domains identified as incompatible with TLS inspection.
 
 | Selector | Operator | Value                    | Logic | Action         |
 | -------- | -------- | ------------------------ | ----- | -------------- |
-| Domain   | in list  | *DomainInspectionBypass* | Or    | Do Not Inspect |
-| Domain   | in list  | *Known Domains*          |       |                |
-
+| Domain   | in list  | _DomainInspectionBypass_ | Or    | Do Not Inspect |
+| Domain   | in list  | _Known Domains_          |       |                |
 
 </Details>
 
-
 <Details header="All-HTTP-SecurityRisks-Blocklist">
 
 <Render file="zero-trust/blocklist-security-categories" />
 
 | Selector       | Operator | Value                | Action |
 | -------------- | -------- | -------------------- | ------ |
-| Security Risks | in       | *All security risks* | Block  |
-
+| Security Risks | in       | _All security risks_ | Block  |
 
 </Details>
 
-
 <Details header="All-HTTP-ContentCategories-Blocklist">
 
-<Render file="zero-trust/blocklist-content-categories" params={{ one: "HTTP", two: "Questionable Content, Security Risks, Miscellaneous, Adult Themes, Gambling" }} />
+<Render
+	file="zero-trust/content-categories-description"
+	params={{ policyType: "HTTP" }}
+/>
 
+<Render
+	file="gateway/policies/dash-plus-api/http-block-content-categories"
+	product="cloudflare-one"
+/>
 
 </Details>
 
-
 <Details header="All-HTTP-DomainHost-Blocklist">
 
 <Render file="zero-trust/blocklist-domain-host" params={{ one: "HTTP" }} />
 
-
 </Details>
 
-
 <Details header="All-HTTP-Application-Blocklist">
 
 <Render file="zero-trust/blocklist-application" />
 
-
 </Details>
 
-
 <Details header="PrivilegedUsers-HTTP-Any-Isolate">
 
 Isolate traffic for privileged users who regularly access critical systems or execute actions such as threat analysis and malware testing.
@@ -91,33 +86,28 @@ Security teams often need to perform threat analysis or malware testing that cou
 
 | Selector         | Operator | Value              | Action  |
 | ---------------- | -------- | ------------------ | ------- |
-| User Group Names | in       | *Privileged Users* | Isolate |
-
+| User Group Names | in       | _Privileged Users_ | Isolate |
 
 </Details>
 
-
 <Details header="Quarantined-Users-HTTP-Restricted-Access">
 
 <Render file="zero-trust/blocklist-restricted-users" />
 
 | Selector         | Operator    | Value                           | Logic | Action |
 | ---------------- | ----------- | ------------------------------- | ----- | ------ |
-| Destination IP   | not in list | *Quarantined-Users-IPAllowlist* | And   | Block  |
-| User Group Names | in          | *Quarantined Users*             |       |        |
-
+| Destination IP   | not in list | _Quarantined-Users-IPAllowlist_ | And   | Block  |
+| User Group Names | in          | _Quarantined Users_             |       |        |
 
 </Details>
 
-
 <Details header="All-HTTP-Domain-Isolate">
 
 Isolate high risk domains or create a custom list of known risky domains to avoid data exfiltration or malware infection. Ideally, your incident response teams can update the blocklist with an [API automation](/security-center/intel-apis/) to provide real-time threat protection.
 
 | Selector           | Operator | Value                              | Logic | Action  |
 | ------------------ | -------- | ---------------------------------- | ----- | ------- |
-| Content Categories | in       | *New Domain*, *Newly Seen Domains* | Or    | Isolate |
-| Domain             | in list  | *Domain Isolation*                 |       |         |
-
+| Content Categories | in       | _New Domain_, _Newly Seen Domains_ | Or    | Isolate |
+| Domain             | in list  | _Domain Isolation_                 |       |         |
 
 </Details>

src/content/partials/cloudflare-one/gateway/policies/block-cipa.mdx

@@ -1,8 +1,7 @@
 ---
 {}
-
 ---
 
 | Selector           | Operator | Value         | Action |
 | ------------------ | -------- | ------------- | ------ |
-| Content categories | in       | `CIPA Filter` | Block  |
+| Content Categories | in       | _CIPA Filter_ | Block  |

src/content/partials/cloudflare-one/gateway/policies/block-file-types.mdx

@@ -18,9 +18,9 @@ Block the upload or download of files based on their type.
 <TabItem label="API">
 
 ```bash
-curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
+curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block file types",
   "description": "Block the upload or download of files based on their type",

src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/dns-block-content-categories.mdx

@@ -0,0 +1,49 @@
+---
+{}
+---
+
+import { Tabs, TabItem } from "~/components";
+
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector           | Operator | Value                                                     | Action |
+| ------------------ | -------- | --------------------------------------------------------- | ------ |
+| Content Categories | in       | _Questionable Content_, _Security Risks_, _Miscellaneous_ | Block  |
+
+</TabItem>
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+--data '{
+  "name": "Block content categories",
+  "description": "Block common content categories that may pose a risk",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "dns"
+  ],
+  "traffic": "any(dns.content_category[*] in {17 85 87 102 157 135 138 180 162 32 169 177 128 15 115 119 124 141 161})",
+  "identity": ""
+}'
+```
+
+</TabItem>
+<TabItem label="Terraform">
+
+```tf
+resource "cloudflare_zero_trust_gateway_policy" "block_content_categories" {
+  account_id  = var.account_id
+  name        = "Block content categories"
+  description = "Block common content categories that may pose a risk"
+  enabled     = true
+  action      = "block"
+  filters     = ["dns"]
+  traffic     = "any(dns.content_category[*] in {17 85 87 102 157 135 138 180 162 32 169 177 128 15 115 119 124 141 161})"
+  identity    = ""
+}
+```
+
+</TabItem> </Tabs>

src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/dns-block-security-categories.mdx

@@ -44,12 +44,6 @@ resource "cloudflare_zero_trust_gateway_policy" "block_security_threats" {
   action      = "block"
   filters     = ["dns"]
   traffic     = "any(dns.security_category[*] in {68 178 80 83 176 175 117 131 134 151 153})"
-	rule_settings {
-			block_page_enabled = true
-			notification_settings {
-					enabled = true
-				}
-		}
 }
 ```
 

src/content/partials/cloudflare-one/gateway/policies/dash-plus-api/http-block-content-categories.mdx

@@ -0,0 +1,35 @@
+---
+{}
+---
+
+import { Tabs, TabItem } from "~/components";
+
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector           | Operator | Value                                                                                 | Action |
+| ------------------ | -------- | ------------------------------------------------------------------------------------- | ------ |
+| Content Categories | in       | _Questionable Content_, _Security Risks_, _Miscellaneous_, _Adult Themes_, _Gambling_ | Block  |
+
+</TabItem>
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+--data '{
+  "name": "Block content categories",
+  "description": "Block access to unauthorized applications",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(http.request.uri.content_category[*] in {17 85 87 102 157 135 138 180 162 32 169 177 128 15 115 119 124 141 161 2 67 125 133 99})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem>
+</Tabs>