Adjust formatting

maxvp · maxvp · commit 3192b2fcf769 · 2025-02-06T16:54:41.000-06:00
diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/recommended-dns-policies.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/recommended-dns-policies.mdx
@@ -3,24 +3,29 @@ title: Recommended DNS policies
 pcx_content_type: learning-unit
 sidebar:
   order: 3
-
 ---
 
-import { Details, Render, Tabs, TabItem } from "~/components"
+import { Details, Render, Tabs, TabItem } from "~/components";
 
 We recommend you add the following DNS policies to build an Internet and SaaS app security strategy for your organization.
 
-
 <Details header="All-DNS-Domain-Allowlist">
-<Tabs syncKey="dashPlusAPI">
+
 Allowlist any known domains and hostnames. With this policy, you ensure that your users can access your organization's domains even if the domains fall under a blocked category, such as **Newly Seen Domains** or **Login Screens**.
+
+<Tabs syncKey="dashPlusAPI">
+
 <TabItem label="Dashboard">
+
 | Selector | Operator | Value           | Logic | Action |
 | -------- | -------- | --------------- | ----- | ------ |
-| Domain   | in list  | *Known Domains* | Or    | Allow  |
-| Host     | in list  | *Known Domains* |       |        |
+| Domain   | in list  | _Known Domains_ | Or    | Allow  |
+| Host     | in list  | _Known Domains_ |       |        |
+
 </TabItem>
+
 <TabItem label="API">
+
 ```sh
 curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \
@@ -38,8 +43,11 @@ curl --request POST \
   "traffic": "any(dns.domains[*] in $<Global Whitelist UUID>) or dns.fqdn in $<Global Whitelist UUID>"
 }'
 ```
+
 </TabItem>
+
 <TabItem label="Terraform">
+
 ```tf
 resource "cloudflare_zero_trust_gateway_policy" "dns_whitelist_policy" {
   account_id  = var.account_id
@@ -52,23 +60,29 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_whitelist_policy" {
   traffic     = "any(dns.domains[*] in ${"$"}${cloudflare_zero_trust_list.domain_whitelist.id}) or dns.fqdn in ${"$"}${cloudflare_zero_trust_list.domain_whitelist.id}"
 }
 ```
+
 </TabItem>
 </Tabs>
 </Details>
 
-
 <Details header="Quarantined-Users-DNS-Restricted-Access">
 
 <Render file="zero-trust/blocklist-restricted-users" />
+
 <Tabs syncKey="dashPlusAPI">
+
 <TabItem label="Dashboard">
-| Selector         | Operator			| Value															| Logic | Action |
-| ---------------- | ------------ | --------------------------------- | ----- | ------ |
-| Domain           | not in list  | *Allowed Remediation Domains*     | Or    | Block  |
-| Host             | not in list  | *Allowed Remediation Domains*     | And   |        |
-| User Group Names | in						| *Quarantined Users*								|       |        |
+
+| Selector         | Operator    | Value                         | Logic | Action |
+| ---------------- | ----------- | ----------------------------- | ----- | ------ |
+| Domain           | not in list | _Allowed Remediation Domains_ | Or    | Block  |
+| Host             | not in list | _Allowed Remediation Domains_ | And   |        |
+| User Group Names | in          | _Quarantined Users_           |       |        |
+
 </TabItem>
+
 <TabItem label="API">
+
 ```sh
 curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \
@@ -92,8 +106,11 @@ curl --request POST \
     }
 	}'
 ```
+
 </TabItem>
+
 <TabItem label="Terraform">
+
 ```tf
 resource "cloudflare_zero_trust_gateway_policy" "dns_restrict_quarantined_users" {
   account_id  = var.account_id
@@ -113,47 +130,53 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_restrict_quarantined_users"
 		}
 }
 ```
+
 </TabItem>
 </Tabs>
-
 </Details>
 
-
 <Details header="All-DNS-SecurityCategories-Blocklist">
 
 <Render file="zero-trust/blocklist-security-categories" />
 
-<Render file="gateway/policies/block-security-categories" product="cloudflare-one" />
-
+<Render
+	file="gateway/policies/block-security-categories"
+	product="cloudflare-one"
+/>
 
 </Details>
 
-
 <Details header="All-DNS-ContentCategories-Blocklist">
 
-<Render file="zero-trust/blocklist-content-categories" params={{ one: "DNS", two: "Security Risks" }} />
-
+<Render
+	file="zero-trust/blocklist-content-categories"
+	params={{ one: "DNS", two: "Security Risks" }}
+/>
 
 </Details>
 
-
 <Details header="All-DNS-Application-Blocklist">
 
 <Render file="zero-trust/blocklist-application" />
 
-
 </Details>
 
-
 <Details header="All-DNS-GeoCountryIP-Blocklist">
+
 Block websites hosted in countries categorized as high risk. The designation of such countries may result from your organization's users or through the implementation of regulations including [EAR](https://www.tradecompliance.pitt.edu/embargoed-and-sanctioned-countries), [OFAC](https://orpa.princeton.edu/export-controls/sanctioned-countries), and [ITAR](https://www.tradecompliance.pitt.edu/embargoed-and-sanctioned-countries).
+
 <Tabs syncKey="dashPlusAPI">
+
 <TabItem label="Dashboard">
+
 | Selector                        | Operator | Value                                                                                                                                                           | Action |
 | ------------------------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
-| Resolved Country IP Geolocation | in       | *Afghanistan*, *Belarus*, *Congo (Kinshasa)*, *Cuba*, *Iran*, *Iraq*, *Korea (North)*, *Myanmar*, *Russian Federation*, *Sudan*, *Syria*, *Ukraine*, *Zimbabwe* | Block  |
+| Resolved Country IP Geolocation | in       | _Afghanistan_, _Belarus_, _Congo (Kinshasa)_, _Cuba_, _Iran_, _Iraq_, _Korea (North)_, _Myanmar_, _Russian Federation_, _Sudan_, _Syria_, _Ukraine_, _Zimbabwe_ | Block  |
+
 </TabItem>
+
 <TabItem label="API">
+
 ```sh
 curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \
@@ -175,8 +198,11 @@ curl --request POST \
     }
 }'
 ```
+
 </TabItem>
+
 <TabItem label="Terraform">
+
 ```tf
 resource "cloudflare_zero_trust_gateway_policy" "dns_geolocation_block_policy" {
   account_id  = var.account_id
@@ -193,21 +219,27 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_geolocation_block_policy" {
     }
 }
 ```
+
 </TabItem>
 </Tabs>
-
 </Details>
 
-
 <Details header="All-DNS-DomainTopLevel-Blocklist">
+
 Block frequently misused top-level domains (TLDs) to reduce security risks, especially when there is no discernible advantage to be gained from allowing access. Similarly, restricting access to specific country-level TLDs may be necessary to comply with regulations such as [OFAC](https://orpa.princeton.edu/export-controls/sanctioned-countries) and [ITAR](https://www.tradecompliance.pitt.edu/embargoed-and-sanctioned-countries).
+
 <Tabs syncKey="dashPlusAPI">
+
 <TabItem label="Dashboard">
+
 | Selector | Operator      | Value                                                                                                    | Action |
 | -------- | ------------- | -------------------------------------------------------------------------------------------------------- | ------ |
 | Domain   | matches regex | `[.](cn\|ru)$ or [.](rest\|hair\|top\|live\|cfd\|boats\|beauty\|mom\|skin\|okinawa)$ or [.](zip\|mobi)$` | Block  |
+
 </TabItem>
+
 <TabItem label="API">
+
 ```sh
 curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \
@@ -229,8 +261,11 @@ curl --request POST \
     }
   }'
 ```
+
 </TabItem>
+
 <TabItem label="Terraform">
+
 ```tf
 resource "cloudflare_zero_trust_gateway_policy" "dns_blacklist_policy" {
   account_id  = var.account_id
@@ -247,23 +282,28 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_blacklist_policy" {
     }
 }
 ```
+
 </TabItem>
 </Tabs>
-
 </Details>
 
-
 <Details header="All-DNS-DomainPhishing-Blocklist">
 
 Block misused domains to protect your users against sophisticated phishing attacks, such as domains that specifically target your organization. For example, the following policy blocks specific keywords associated with an organization or its authentication services (such as `okta`, `2fa`, `cloudflare` and `sso`) while still allowing access to known domains.
+
 <Tabs syncKey="dashPlusAPI">
+
 <TabItem label="Dashboard">
+
 | Selector | Operator      | Value                                       | Logic | Action |
 | -------- | ------------- | ------------------------------------------- | ----- | ------ |
-| Domain   | not in list   | *Known Domains*                             | And   | Block  |
+| Domain   | not in list   | _Known Domains_                             | And   | Block  |
 | Domain   | matches regex | `.*okta.*\|.*cloudflare.*\|.*mfa.*\|.sso.*` |       |        |
+
 </TabItem>
+
 <TabItem label="API">
+
 ```sh
 curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \
@@ -286,8 +326,11 @@ curl --request POST \
 
 		}'
 ```
+
 </TabItem>
+
 <TabItem label="Terraform">
+
 ```tf
 resource "cloudflare_zero_trust_gateway_policy" "dns_phishing_domains_block" {
   account_id  = var.account_id
@@ -304,25 +347,29 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_phishing_domains_block" {
     }
 }
 ```
+
 </TabItem>
 </Tabs>
-
 </Details>
 
-
 <Details header="All-DNS-ResolvedIP-Blocklist">
 
 Block specific IP addresses that are malicious or pose a threat to your organization.
 
 <Render file="zero-trust/threat-intelligence-automation" />
 
 <Tabs syncKey="dashPlusAPI">
+
 <TabItem label="Dashboard">
+
 | Selector    | Operator | Value          | Action |
 | ----------- | -------- | -------------- | ------ |
-| Resolved IP | in list  | *IP Blocklist* | Block  |
+| Resolved IP | in list  | _IP Blocklist_ | Block  |
+
 </TabItem>
+
 <TabItem label="API">
+
 ```sh
 curl --request POST \
   --url https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rules \
@@ -344,8 +391,11 @@ curl --request POST \
     }
 	}'
 ```
+
 </TabItem>
+
 <TabItem label="Terraform">
+
 ```tf
 resource "cloudflare_zero_trust_gateway_policy" "dns_resolvedip_blocklist_rule" {
   account_id  = var.account_id
@@ -362,15 +412,13 @@ resource "cloudflare_zero_trust_gateway_policy" "dns_resolvedip_blocklist_rule"
     }
 }
 ```
+
 </TabItem>
 </Tabs>
-
 </Details>
 
-
 <Details header="All-DNS-DomainHost-Blocklist">
 
 <Render file="zero-trust/blocklist-domain-host" params={{ one: "DNS" }} />
 
-
-</Details>
+</Details>
