add doc on handling categories and app types in gateway via terraform

Rex Scaria · Rex Scaria · commit 34c3e937b6b6 · 2025-04-25T12:21:13.000-04:00
diff --git a/src/content/docs/cloudflare-one/policies/gateway/application-app-types.mdx b/src/content/docs/cloudflare-one/policies/gateway/application-app-types.mdx
@@ -76,3 +76,37 @@ To turn on the Microsoft 365 integration:
 3. To verify the policy was created, select **View policy**. Alternatively, go to **Gateway** > **Firewall policies** > **HTTP**. A policy named Microsoft 365 Auto Generated will be enabled in your list.
 
 All future Microsoft 365 traffic will bypass Gateway logging and filtering. To disable this behavior, turn off or delete the policy.
+
+### How to use app types in terraform?
+
+For terraform users, we offer app types list as a dataset, so that you don't have to mention them by integer id, and instead you can mention them in your policy by the app name.
+
+Example terraform app types setup
+
+<pre> 
+```
+data "cloudflare_zero_trust_gateway_app_types_list" "gateway_apptypes" {
+  account_id     = "<accounbt-id-string>"
+}
+
+
+locals  {
+  apptypes_map = merge([
+    for c in data.cloudflare_zero_trust_gateway_app_types_list.gateway_apptypes.result : {(c.name) = c.id}]...)
+}
+
+resource "cloudflare_zero_trust_gateway_policy" "zt_block_dns_apps" {
+    account_id     = "<accounbt-id-string>"
+    name           = "DNS Blocked apps"
+    action         = "block"
+    traffic        = "any(app.ids[*] in {${join(" ", [
+            local.apptypes_map["Discord"], 
+            local.apptypes_map["GoToMeeting"], 
+            local.apptypes_map["Greenhouse"], 
+            local.apptypes_map["Zelle"], 
+            local.apptypes_map["Microsoft Visual Studio"]
+            ])}})"
+}
+
+```
+</pre>
diff --git a/src/content/docs/cloudflare-one/policies/gateway/domain-categories.mdx b/src/content/docs/cloudflare-one/policies/gateway/domain-categories.mdx
@@ -229,3 +229,44 @@ Then, the initial categorization is refined via:
 3. Machine learning models. Our algorithms, including DGA Domains, DNS tunneling, and phishing detection models analyze patterns and behaviors to detect new and evolving threats.
 
 4. Community feedback. Through a review process, Cloudflare assesses feedback by both our internal models and threat analysts. This ensures that our categorizations reflect the most current and accurate threat intelligence.
+
+## How to use categories in terraform?
+
+For terraform users, we offer categories as a dataset, so that you don't have to mention them by integer id, and instead you can mention them in your policy by the category name.
+
+Example terraform category setup
+
+<pre> 
+```
+data "cloudflare_zero_trust_gateway_categories_list" "categories" {
+  account_id     = "<accounbt-id-string>"
+}
+
+
+locals {
+  main_categories_map = {
+    for idx, c in data.cloudflare_zero_trust_gateway_categories_list.categories[0].result: 
+        c.name => c.id
+  }
+
+  subcategories_map = merge(flatten([
+    for idx, c in data.cloudflare_zero_trust_gateway_categories_list.categories[0].result: {
+        for k,v in coalesce(c.subcategories, []): v.name => v.id
+    }])...)
+}
+
+resource "cloudflare_zero_trust_gateway_policy" "zt_block_dns_tech_categories" {
+    account_id     = "<accounbt-id-string>"
+    name           = "DNS Blocked"
+    action         = "block"
+    traffic        = "any(dns.content_category[*] in {${join(" ", [
+           local.main_categories_map["Technology"], 
+           local.subcategories_map["APIs"], 
+           local.subcategories_map["Artificial Intelligence"], 
+           local.subcategories_map["Content Servers"], 
+           local.subcategories_map["Translator"]
+           ])}})"
+}
+
+```
+</pre>
