gateway block page

Author: ranbel

public/__redirects

@@ -2389,6 +2389,7 @@
 /cloudflare-one/identity/users/scim/ /cloudflare-one/team-and-resources/users/scim/ 301
 /cloudflare-one/applications/login-page/ /cloudflare-one/reusable-components/custom-pages/access-login-page/ 301
 /cloudflare-one/applications/block-page/ /cloudflare-one/reusable-components/custom-pages/access-block-page/ 301
+/cloudflare-one/policies/gateway/block-page/ /cloudflare-one/reusable-components/custom-pages/gateway-block-page/ 301
 /cloudflare-one/applications/app-library/ /cloudflare-one/team-and-resources/app-library/ 301
 /cloudflare-one/applications/bookmarks/ /cloudflare-one/access-controls/applications/bookmarks/ 301
 /cloudflare-one/applications/app-launcher/ /cloudflare-one/access-controls/access-settings/app-launcher/ 301

src/content/changelog/gateway/2025-04-11-http-redirect-custom-block-page-redirect.mdx

@@ -12,4 +12,4 @@ You can now use more flexible redirect capabilities in Cloudflare One with Gatew
 - A new **Redirect** action is available in the HTTP policy builder, allowing admins to redirect users to any URL when their request matches a policy. You can choose to preserve the original URL and query string, and optionally include policy context via query parameters.
 - For **Block** actions, admins can now configure a custom URL to display when access is denied. This block page redirect is set at the account level and can be overridden in DNS or HTTP policies. Policy context can also be passed along in the URL.
 
-Learn more in our documentation for [HTTP Redirect](/cloudflare-one/traffic-policies/http-policies/#redirect) and [Block page redirect](/cloudflare-one/traffic-policies/block-page/#redirect-to-a-block-page).
+Learn more in our documentation for [HTTP Redirect](/cloudflare-one/traffic-policies/http-policies/#redirect) and [Block page redirect](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/#redirect-to-a-block-page).

src/content/docs/cloudflare-one/traffic-policies/block-page.mdx renamed to src/content/docs/cloudflare-one/reusable-components/custom-pages/gateway-block-page.mdx

@@ -275,7 +275,7 @@ curl --silent "https://<ACCOUNT_ID>.cloudflare-gateway.com/dns-query?name=exampl
 --header "CF-Authorization: <USER_DOH_TOKEN>" | jq
 ```
 
-If the site is blocked and you have turned on the [block page](/cloudflare-one/traffic-policies/block-page/#configure-policy-block-behavior) for the policy, the query will return `162.159.36.12` (the IP address of the Gateway block page). If the block page is disabled, the response will be `0.0.0.0`.
+If the site is blocked and you have turned on the [block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/#configure-policy-block-behavior) for the policy, the query will return `162.159.36.12` (the IP address of the Gateway block page). If the block page is disabled, the response will be `0.0.0.0`.
 
 <Details header="Example response">
 

src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/dns-over-https.mdx

@@ -29,7 +29,7 @@ import { Details, Render } from "~/components";
 
 The [WARP client](/cloudflare-one/team-and-resources/devices/warp/) can automatically install a Cloudflare certificate or [custom root certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate/) on Windows, macOS, and Debian/Ubuntu Linux devices. On mobile devices and Red Hat-based systems, you will need to [install the certificate manually](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/).
 
-The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/traffic-policies/http-policies/tls-decryption/), display custom [block pages](/cloudflare-one/traffic-policies/block-page/), and more.
+The certificate is required if you want to [apply HTTP policies to encrypted websites](/cloudflare-one/traffic-policies/http-policies/tls-decryption/), display custom [block pages](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/), and more.
 
 ## Install a certificate using WARP
 

src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/automated-deployment.mdx

@@ -14,7 +14,7 @@ import { Render, Tabs, TabItem, APIRequest } from "~/components";
 Only available on Enterprise plans.
 :::
 
-Enterprise customers who do not wish to install a [Cloudflare certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required a Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/traffic-policies/block-page/).
+Enterprise customers who do not wish to install a [Cloudflare certificate](/cloudflare-one/team-and-resources/devices/user-side-certificates/manual-deployment/) have the option to upload their own root certificate to Cloudflare. This feature is sometimes referred to as Bring Your Own Public Key Infrastructure (BYOPKI). Gateway will use your uploaded certificate to encrypt all sessions between the end user and Gateway, enabling all HTTPS inspection features that previously required a Cloudflare certificate. You can upload multiple certificates to your account, but only one can be active at any given time. You also need to upload a private key to intercept domains with JIT certificates and to enable the [block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/).
 
 You can upload up to five custom root certificates. If your organization requires more than five certificates, contact your account team.
 

src/content/docs/cloudflare-one/team-and-resources/devices/user-side-certificates/custom-certificate.mdx

@@ -49,7 +49,7 @@ If you are using Split Tunnels in Include mode, you must include the following d
 
 #### Block page
 
-If you are using Split Tunnels in Include mode and have [DNS policies](/cloudflare-one/traffic-policies/dns-policies/) with the [block page](/cloudflare-one/traffic-policies/block-page/) enabled, you must include the IPs that blocked domains will resolve to. Unless you are using a [dedicated or BYOIP resolver IP](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip) the block page will resolve to:
+If you are using Split Tunnels in Include mode and have [DNS policies](/cloudflare-one/traffic-policies/dns-policies/) with the [block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/) enabled, you must include the IPs that blocked domains will resolve to. Unless you are using a [dedicated or BYOIP resolver IP](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip) the block page will resolve to:
 
 - `162.159.36.12`
 - `162.159.46.12`

src/content/docs/cloudflare-one/team-and-resources/devices/warp/configure-warp/route-traffic/split-tunnels.mdx

@@ -141,7 +141,7 @@ Policies with Block actions block DNS queries to reach destinations you specify
 
 #### Custom block page
 
-When choosing the Block action, turn on **Modify Gateway block behavior** to respond to queries with a block page to display to users who go to blocked websites. Optionally, you can override your global block page setting with a URL redirect for the specific DNS policy. For more information, refer to [Block page](/cloudflare-one/traffic-policies/block-page/).
+When choosing the Block action, turn on **Modify Gateway block behavior** to respond to queries with a block page to display to users who go to blocked websites. Optionally, you can override your global block page setting with a URL redirect for the specific DNS policy. For more information, refer to [Block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/).
 
 If the block page is turned off for a policy, Gateway will respond to queries blocked at the DNS level with an `A` record of `0.0.0.0` for IPv4 destinations, or with an `AAAA` record of `::` for IPv6 destinations. The browser will display its default connection error page.
 

src/content/docs/cloudflare-one/traffic-policies/dns-policies/index.mdx

@@ -23,7 +23,7 @@ For example, if you created a policy to block `example.com`, you can do the foll
 
 2. Type `dig example.com` (`nslookup example.com` if you are using Windows) and press **Enter**.
 
-3. If the [block page](/cloudflare-one/traffic-policies/block-page/) is turned off for the policy, you should see `REFUSED` in the answer section:
+3. If the [block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/) is turned off for the policy, you should see `REFUSED` in the answer section:
 
    ```sh
    dig example.com
@@ -46,7 +46,7 @@ For example, if you created a policy to block `example.com`, you can do the foll
    ;; MSG SIZE  rcvd: 29
    ```
 
-   If the [block page](/cloudflare-one/traffic-policies/block-page/) is enabled for the policy, you should see `NOERROR` in the answer section with `162.159.36.12` and `162.159.46.12` as the answers:
+   If the [block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/) is enabled for the policy, you should see `NOERROR` in the answer section with `162.159.36.12` and `162.159.46.12` as the answers:
 
    ```sh null
    dig example.com

src/content/docs/cloudflare-one/traffic-policies/dns-policies/test-dns-filtering.mdx

@@ -56,7 +56,7 @@ The **Untrusted certificate action** determines how to handle insecure requests.
 | Option       | Action                                                                                                                                                                                                                                               |
 | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | Error        | Display Gateway error page. Matches the default behavior when no action is configured.                                                                                                                                                               |
-| Block        | Display [block page](/cloudflare-one/traffic-policies/block-page/) as set in Zero Trust.                                                                                                                                                             |
+| Block        | Display [block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/) as set in Zero Trust.                                                                                                                                                             |
 | Pass through | Bypass insecure connection warnings and seamlessly connect to the upstream. For more information on what statuses are bypassed, refer to the [troubleshooting FAQ](/cloudflare-one/faq/troubleshooting/#i-see-error-526-when-browsing-to-a-website). |
 
 ### Block
@@ -130,7 +130,7 @@ API value: `redirect`
 
 The Redirect action allows you to redirect matched HTTP requests to a different URL you specify. For example, if your users browse to the public web page of a SaaS app, you can redirect them to your own self-hosted instance, a single sign-on page, or an internal policy page.
 
-To redirect URLs with a Block action and the block page, refer to [Redirect to a block page](/cloudflare-one/traffic-policies/block-page/#redirect-to-a-block-page).
+To redirect URLs with a Block action and the block page, refer to [Redirect to a block page](/cloudflare-one/reusable-components/custom-pages/gateway-block-page/#redirect-to-a-block-page).
 
 #### Policy settings