Merge branch 'production' into ranbel/delete-legacy-tunnels

Author: ranbel

public/__redirects

@@ -229,7 +229,7 @@
 /argo-tunnel/getting-started/installation/ /cloudflare-one/connections/connect-networks/get-started/ 301
 /argo-tunnel/quickstart/ /cloudflare-one/connections/connect-networks/get-started/ 301
 /argo-tunnel/reference/arguments/ /cloudflare-one/connections/connect-networks/configure-tunnels/ 301
-/argo-tunnel/reference/load-balancing/ /cloudflare-one/connections/connect-networks/routing-to-tunnel/lb/ 301
+/argo-tunnel/reference/load-balancing/ /cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/ 301
 /argo-tunnel/reference/service/ /cloudflare-one/connections/connect-networks/configure-tunnels/ 301
 /argo-tunnel/trycloudflare/ /cloudflare-one/connections/connect-networks/do-more-with-tunnels/trycloudflare/ 301
 
@@ -653,8 +653,8 @@
 /fundamentals/reference/the-internet/ /fundamentals/concepts/the-internet/ 301
 /fundamentals/reference/http-request-headers/ /fundamentals/reference/http-headers/ 301
 /fundamentals/security/browser-integrity-check/ /waf/tools/browser-integrity-check/ 301
-/fundamentals/signed-exchanges/ /speed/optimization/other/signed-exchanges/ 301
-/fundamentals/signed-exchanges/amp-real-ulr/reference/ /speed/optimization/other/amp-real-url/reference/ 301
+/fundamentals/signed-exchanges/ /speed/optimization/ 301
+/fundamentals/signed-exchanges/amp-real-ulr/reference/ /speed/optimization/ 301
 /fundamentals/speed/aim/ /speed/aim/ 301
 /fundamentals/speed/optimization/ /speed/optimization/ 301
 /fundamentals/speed/prefetch-urls/ /speed/optimization/content/prefetch-urls/ 301
@@ -1040,6 +1040,8 @@
 /load-balancing/local-traffic-management/ /load-balancing/private-network/ 301
 /load-balancing/local-traffic-management/ltm-tunnels-setup/ /load-balancing/private-network/tunnels-setup/ 301
 /load-balancing/local-traffic-management/ltm-magic-wan/ /load-balancing/private-network/magic-wan/ 301
+/load-balancing/private-network/tunnels-setup/ /load-balancing/private-network/warp-to-tunnel/ 301
+/load-balancing/private-network/warp/ /load-balancing/private-network/warp-to-tunnel/ 301
 
 # logs
 /logs/log-fields/ /logs/logpush/logpush-job/datasets/ 301
@@ -1341,19 +1343,19 @@
 /fundamentals/network/0-rtt-connection-resumption/ /speed/optimization/protocol/0-rtt-connection-resumption/ 301
 /support/speed/essentials/will-cloudflares-image-optimization-features-help-if-im-already-optimizing-images/ /speed/optimization/images/troubleshooting/multiple-optimizations/ 301
 /support/speed/optimization-delivery/configuring-cloudflare-mirage/ /speed/optimization/images/mirage/ 301
-/support/speed/optimization-mobile/understanding-cloudflare-mobile-redirect/ /speed/optimization/other/mobile-redirect/ 301
+/support/speed/optimization-mobile/understanding-cloudflare-mobile-redirect/ /rules/url-forwarding/examples/perform-mobile-redirects/ 301
 /support/speed/optimization-file-size/using-cloudflare-auto-minify/ /speed/optimization/content/ 301
 /support/speed/optimization-file-size/what-will-cloudflare-compress/ /speed/optimization/content/compression/ 301
 /speed/optimization/content/brotli/ /speed/optimization/content/compression/ 301
 /speed/optimization/content/brotli/enable/ /speed/optimization/content/compression/ 301
 /speed/optimization/content/brotli/content-compression/ /speed/optimization/content/compression/ 301
 /support/speed/optimization-file-size/why-isnt-auto-minify-working/ /speed/optimization/content/troubleshooting/ 301
-/support/speed/optimization-mobile/why-is-the-mobile-redirect-i-set-up-through-cloudflare-redirecting-my-static-assets/ /speed/optimization/other/troubleshooting/mobile-redirect-affect-static-assets/ 301
-/speed/optimization/other/amp-real-ulr/ /speed/optimization/other/amp-real-url/ 301
-/speed/optimization/other/amp-real-ulr/reference/ /speed/optimization/other/amp-real-url/reference/ 301
+/support/speed/optimization-mobile/why-is-the-mobile-redirect-i-set-up-through-cloudflare-redirecting-my-static-assets/ /rules/url-forwarding/examples/perform-mobile-redirects/ 301
+/speed/optimization/other/amp-real-ulr/ /speed/optimization/ 301
+/speed/optimization/other/amp-real-ulr/reference/ /speed/optimization/ 301
 /speed/optimization/other/mobile-redirect/ /rules/url-forwarding/examples/perform-mobile-redirects/ 301
-/speed/optimization/other/troubleshooting/mobile-redirect-affect-static-assets/ /speed/optimization/other/ 301
-/speed/optimization/other/troubleshooting/ /speed/optimization/other/ 301
+/speed/optimization/other/troubleshooting/mobile-redirect-affect-static-assets/ /speed/optimization/ 301
+/speed/optimization/other/troubleshooting/ /speed/optimization/ 301
 /speed/optimization/content/auto-minify/ /speed/optimization/content/ 301
 /speed/optimization/content/troubleshooting/auto-minify-not-working/ /speed/optimization/content/troubleshooting/ 301
 /speed/optimization/content/speculation/ /speed/optimization/content/speed-brain/ 301
@@ -2203,6 +2205,7 @@
 /cloudflare-one/connections/connect-networks/private-net/private-hostnames-ips/ /cloudflare-one/connections/connect-networks/private-net/cloudflared/private-dns/ 301
 /cloudflare-one/connections/connect-networks/private-net/tunnel-virtual-networks/ /cloudflare-one/connections/connect-networks/private-net/cloudflared/tunnel-virtual-networks/ 301
 /cloudflare-one/connections/connect-networks/private-net/warp-connector/vpc-deployments/ /cloudflare-one/connections/connect-networks/private-net/warp-connector/tips/ 301
+/cloudflare-one/connections/connect-networks/routing-to-tunnel/lb/ /cloudflare-one/connections/connect-networks/routing-to-tunnel/public-load-balancers/ 301
 /argo-tunnel/faq/ /cloudflare-one/faq/cloudflare-tunnels-faq/ 301
 /cloudflare-one/policies/browser-isolation/clientless-browser-isolation/ /cloudflare-one/policies/browser-isolation/setup/clientless-browser-isolation/ 301
 /cloudflare-one/connections/connect-devices/agentless/dns-over-https/ /cloudflare-one/connections/connect-devices/agentless/dns/dns-over-https/ 301
@@ -2214,6 +2217,7 @@
 /cloudflare-one/connections/connect-devices/warp/warp-settings/ /cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/ 301
 /cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cloudflare-cert/ /cloudflare-one/connections/connect-devices/warp/user-side-certificates/manual-deployment/ 301
 /cloudflare-one/connections/connect-devices/warp/user-side-certificates/install-cert-with-warp/ /cloudflare-one/connections/connect-devices/warp/user-side-certificates/automated-deployment/ 301
+/cloudflare-one/connections/connect-networks/private-net/cloudflared/load-balancing/ /cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/ 301
 /cloudflare-one/connections/connect-networks/locations/ /cloudflare-one/connections/connect-devices/agentless/dns/locations/ 301
 /cloudflare-one/connections/connect-networks/get-started/create-local-tunnel/ /cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/ 301
 /cloudflare-one/connections/connect-networks/configure-tunnels/remote-management/ /cloudflare-one/connections/connect-networks/configure-tunnels/cloudflared-parameters/ 301
@@ -2325,9 +2329,9 @@
 /fundamentals/get-started/setup/troubleshooting/* /fundamentals/setup/account-setup/add-site/ 301
 /fundamentals/get-started/basic-tasks/account-security/* /fundamentals/account-and-billing/account-security/:splat 301
 /fundamentals/get-started/setup/account-setup/* /fundamentals/account-and-billing/account-setup/:splat 301
-/fundamentals/speed/amp-real-ulr/* /speed/optimization/other/amp-real-ulr/:splat 301
+/fundamentals/speed/amp-real-ulr/* /speed/optimization/:splat 301
 /fundamentals/speed/rocket-loader/* /speed/optimization/content/rocket-loader/:splat 301
-/fundamentals/speed/signed-exchanges/* /speed/optimization/other/signed-exchanges/:splat 301
+/fundamentals/speed/signed-exchanges/* /speed/optimization/:splat 301
 /fundamentals/speed/speed-test/* /speed/observatory/:splat 301
 /speed/speed-test/* /speed/observatory/:splat 301
 /http-applications/* /version-management/:splat 301
@@ -2347,6 +2351,7 @@
 /fundamentals/setup/manage-members/* /fundamentals/manage-members/:splat 301
 /logs/get-started/enable-destinations/* /logs/logpush/logpush-job/enable-destinations/:splat 301
 /logs/reference/log-fields/* /logs/logpush/logpush-job/datasets/:splat 301
+/speed/optimization/other/* /speed/optimization/ 301
 
 # AI Crawl Control
 /ai-audit/* /ai-crawl-control/:splat 301

src/content/changelog/waf/2025-10-17-emergency-waf-release.mdx

@@ -0,0 +1,229 @@
+---
+title: New detections released for WAF managed rulesets
+description: New Cloudflare WAF managed rulesets release to improve protection against attacker-controlled payloads
+date: 2025-10-17
+---
+
+import { RuleID } from "~/components";
+
+This week we introduced several new detections across Cloudflare Managed Rulesets, expanding coverage for high-impact vulnerability classes such as SSRF, SQLi, SSTI, Reverse Shell attempts, and Prototype Pollution. These rules aim to improve protection against attacker-controlled payloads that exploit misconfigurations or unvalidated input in web applications.
+
+**Key Findings**
+
+New detections added for multiple exploit categories:
+
+SSRF (Server-Side Request Forgery) — new rules targeting both local and cloud metadata abuse patterns (Beta).
+
+SQL Injection (SQLi) — rules for common patterns, sleep/time-based injections, and string/wait function exploitation across headers and URIs.
+
+SSTI (Server-Side Template Injection) — arithmetic-based probe detections introduced across URI, header, and body fields.
+
+Reverse Shell and XXE payloads — enhanced heuristics for command execution and XML external entity misuse.
+
+Prototype Pollution — new Beta rule identifying common JSON payload structures used in object prototype poisoning.
+
+PHP Wrapper Injection and HTTP Parameter Pollution detections — to catch path traversal and multi-parameter manipulation attempts.
+
+Anomaly Header Checks — detecting CRLF injection attempts in header names.
+
+**Impact**
+
+These updates help detect multi-vector payloads that blend SSRF + RCE or SQLi + SSTI attacks, especially in cloud-hosted applications with exposed metadata endpoints or unsafe template rendering.
+
+Prototype Pollution and HTTP parameter pollution rules address emerging JavaScript supply-chain exploitation patterns increasingly seen in real-world incidents.
+
+<table style="width: 100%">
+	<thead>
+		<tr>
+			<th>Ruleset</th>
+			<th>Rule ID</th>
+			<th>Legacy Rule ID</th>
+			<th>Description</th>
+			<th>Previous Action</th>
+			<th>New Action</th>
+			<th>Comments</th>
+		</tr>
+	</thead>
+	<tbody>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="72f0ff933fb0492eb71cda50589f2a1d" /></td>
+			<td>N/A</td>
+			<td>Anomaly:Header - name - CR, LF</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="5d0377e4435f467488614170132fab7e" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - Reverse Shell - Body</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="54e32f7f802c4a699182e8921a027008" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - Reverse Shell - Header</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="7cbda8dbafbc465d9b64a8f2958d0486" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - Reverse Shell - URI</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="b9f3420674cf481da32333dc8e0cf7ad" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - XXE - Body</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="ad55483512f0440b81426acdbf8aab5e" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - SQLi - Common Patterns - Header URI</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="849c0618d1674f1c92ba6f9b2e466337" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - SQLi - Sleep Function - Header URI</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="1b4db4c4bd0649c095c27c6cb686ab47" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - SQLi - String Function - Header URI</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="fa2055b84af94ba4b925f834b0633709" /></td>
+			<td>N/A</td>
+			<td>Generic Rules - SQLi - WaitFor Function - Header URI</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="158177dec2504acdba1f2da201a076eb" /></td>
+			<td>N/A</td>
+			<td>SSRF - Local - Beta</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="98bfd6bb46074d5b8d1c4b39743a63ec" /></td>
+			<td>N/A</td>
+			<td>SSRF - Local - 2 - Beta</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="54e1733b10da4a599e06c6fbc2e84e2d" /></td>
+			<td>N/A</td>
+			<td>SSRF - Cloud - Beta</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="ecd26d61a75e46f6a4449a06ab8af26f" /></td>
+			<td>N/A</td>
+			<td>SSRF - Cloud - 2 - Beta</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="c16f4e133c4541f293142d02e6e8dc5b" /></td>
+			<td>N/A</td>
+			<td>SSTI - Arithmetic Probe - URI</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="f4fd9904e7624666b8c49cd62550d794" /></td>
+			<td>N/A</td>
+			<td>SSTI - Arithmetic Probe - Header</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="5c0875604f774c36a4f9b69c659d12a6" /></td>
+			<td>N/A</td>
+			<td>SSTI - Arithmetic Probe - Body</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="fae6fa37ae9249d58628e54b1a3e521e" /></td>
+			<td>N/A</td>
+			<td>PHP Wrapper Injection</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="9c02e585db34440da620eb668f76bd74" /></td>
+			<td>N/A</td>
+			<td>PHP Wrapper Injection</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="cb67fe56a84747b8b64277dc091e296d" /></td>
+			<td>N/A</td>
+			<td>HTTP parameter pollution</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+		<tr>
+			<td>Cloudflare Managed Ruleset</td>
+			<td><RuleID id="443b54d984944cd69043805ee34214ef" /></td>
+			<td>N/A</td>
+			<td>Prototype Pollution - Common Payloads - Beta</td>
+			<td>N/A</td>
+			<td>Disabled</td>
+			<td>This is a New Detection</td>
+		</tr>
+	</tbody>
+</table>

src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/tunnel-availability/deploy-replicas.mdx

@@ -0,0 +1,56 @@
+---
+pcx_content_type: how-to
+title: Deploy cloudflared replicas
+sidebar:
+  order: 2
+---
+
+import { Render } from "~/components";
+
+To deploy multiple instances of `cloudflared`, you can create and configure one tunnel and run it on multiple hosts. If your tunnel runs as a service, only one `cloudflared` instance is allowed per host.
+
+You can run the same tunnel across various `cloudflared` processes for up to 100 connections (25 replicas) per tunnel. Cloudflare Load Balancers and DNS records can still point to the tunnel and its UUID. Traffic will be sent to all `cloudflared` processes associated with the tunnel.
+
+:::tip[Deploy replicas in Kubernetes]
+For information about running `cloudflared` in a Kubernetes deployment, refer to the [Kubernetes guide](/cloudflare-one/connections/connect-networks/deployment-guides/kubernetes/).
+:::
+
+## Remotely-managed tunnels
+
+1. To create a remotely-managed tunnel, follow the [dashboard setup guide](/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/).
+2. On the **Tunnels** page, select your newly created tunnel.
+3. In the side panel, scroll down to **Connectors** to view the `cloudflared` instances for that tunnel.
+3. Select **Edit**.
+4. Select the operating system of the host where you want to deploy a replica.
+5. Copy the installation command and run it on the host.
+
+The new replica will appear on the **Connectors** list for the tunnel. All replicas will serve the same routes and use the same configuration parameters.
+
+## Locally-managed tunnels
+
+1. To create a locally-managed tunnel, complete Steps 1 through 5 in the [CLI setup guide](/cloudflare-one/connections/connect-networks/do-more-with-tunnels/local-management/create-local-tunnel/).
+
+2. Run your newly created tunnel.
+
+   ```sh
+   cloudflared tunnel run <NAME>
+   ```
+
+   This will start a `cloudflared` instance and generate a unique `connector_id`.
+
+3. In a separate window or on another host, run the same command again:
+
+   ```sh
+   cloudflared tunnel run <NAME>
+   ```
+
+   This will initialize another `cloudflared` instance and generate another `connector_id`.
+
+4. Run `tunnel info` to show each `cloudflared` instance running your tunnel:
+
+   ```sh
+   cloudflared tunnel info <NAME>
+   ```
+
+This will output your tunnel UUID as well as two Connector IDs, one for each `cloudflared` process running your tunnel. With this command, you can also see that your tunnel is now being served by eight connections.
+