[Gateway] Update selector descriptions (#24374)

maxvp · web-flow · commit 379f790fca76 · 2025-08-12T16:34:45.000-05:00
* Update security category

* Add Radar cross link

* Add source selectors

* Update destination IP

* Update source IP

* Add descriptions to URL selectors
diff --git a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
@@ -89,7 +89,10 @@ Gateway matches egress traffic against the following selectors, or criteria:
 
 ### Destination IP
 
-<Render file="gateway/selectors/destination-ip" />
+<Render
+	file="gateway/selectors/destination-ip"
+	params={{ APIendpoint: "net.dst.ip" }}
+/>
 
 ### Destination Port
 
@@ -142,7 +145,10 @@ The country of the user making the request. <Render file="gateway/selectors/sour
 
 ### Source IP
 
-<Render file="gateway/selectors/source-ip-net" />
+<Render
+	file="gateway/selectors/source-ip"
+	params={{ APIendpoint: "net.src.ip" }}
+/>
 
 ### Source Port
 
@@ -253,20 +259,25 @@ Additionally, to use these selectors to filter traffic onboarded with WARP, you
 
 2. In your WARP [device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/), configure your [Split Tunnel](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/) depending on the mode:
 
-   <Tabs> <TabItem label="Exclude IPs and domains">
+   <Tabs>
+
+   <TabItem label="Exclude IPs and domains">
    1. [Remove the route](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#remove-a-route) to the IP address `100.64.0.0/10` from your Split Tunnel exclude list.
-   2. [Add routes](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to exclude the following IP addresses:
-      - `100.64.0.0/12`
+   2. [Add routes](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to exclude the following IP addresses: - `100.64.0.0/12`
       - `100.81.0.0/16`
       - `100.82.0.0/15`
       - `100.84.0.0/14`
       - `100.88.0.0/13`
       - `100.96.0.0/11`
 
-   </TabItem> <TabItem label="Include IPs and domains">
+   </TabItem>
+
+   <TabItem label="Include IPs and domains">
    1. Add the required [Zero Trust domains](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-domains) or [IP addresses](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#cloudflare-zero-trust-ip-addresses) to your Split Tunnel include list.
    2. [Add a route](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to include the IP address `100.80.0.0/16`.
 
-   </TabItem> </Tabs>
+   </TabItem>
+
+   </Tabs>
 
 The WARP client must be set to _Gateway with WARP_ mode for traffic affected by these selectors to route correctly.
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -436,9 +436,10 @@ Only applies to traffic sent through the [WARP client](/cloudflare-one/connectio
 Only applies to traffic sent through the [WARP client](/cloudflare-one/connections/connect-devices/warp/set-up-warp/#gateway-with-warp-default).
 :::
 
-| UI name        | API example                        |
-| -------------- | ---------------------------------- |
-| Destination IP | `http.conn.dst_ip == "10.0.0.0/8"` |
+<Render
+	file="gateway/selectors/destination-ip"
+	params={{ APIendpoint: "http.conn.dst_ip" }}
+/>
 
 ### Device Posture
 
@@ -555,12 +556,16 @@ Scans HTTP traffic for the presence of social security numbers and other PII. Yo
 
 ### HTTP Method
 
+The HTTP request method used in the traffic.
+
 | UI name     | API example                    |
 | ----------- | ------------------------------ |
 | HTTP Method | `http.request.method == "GET"` |
 
 ### HTTP Response
 
+The HTTP response status code received by the traffic.
+
 | UI name | API example                          |
 | ------- | ------------------------------------ |
 | URL     | `http.response.status_code == "200"` |
@@ -593,9 +598,10 @@ The country of the user making the request. <Render file="gateway/selectors/sour
 
 ### Source IP
 
-| UI name   | API example                        |
-| --------- | ---------------------------------- |
-| Source IP | `http.conn.src_ip == "10.0.0.0/8"` |
+<Render
+	file="gateway/selectors/source-ip"
+	params={{ APIendpoint: "http.conn.src_ip" }}
+/>
 
 ### URL
 
@@ -607,21 +613,27 @@ The country of the user making the request. <Render file="gateway/selectors/sour
 
 ### URL Path
 
+The pathname of a webpage's URL.
+
 | UI name  | API example                             |
 | -------- | --------------------------------------- |
 | URL Path | `http.request.uri.path == \"/foo/bar\"` |
 
 ### URL Path and Query
 
+The pathname and query of a webpage's URL.
+
 | UI name            | API example                                                     |
 | ------------------ | --------------------------------------------------------------- |
 | URL Path and Query | `http.request.uri.path_and_query == \"/foo/bar?ab%242=%2A342\"` |
 
 ### URL Query
 
-| UI name   | API example                          |
-| --------- | ------------------------------------ |
-| URL Query | `not(http.request.uri.query in $%s)` |
+The query of a webpage's URL.
+
+| UI name   | API example                                 |
+| --------- | ------------------------------------------- |
+| URL Query | `http.request.uri.query == "ab%242=%2A342"` |
 
 ### Users
 
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
@@ -278,7 +278,10 @@ Gateway matches network traffic against the following selectors, or criteria.
 
 ### Destination IP
 
-<Render file="gateway/selectors/destination-ip" />
+<Render
+	file="gateway/selectors/destination-ip"
+	params={{ APIendpoint: "net.dst.ip" }}
+/>
 
 ### Destination Port
 
@@ -301,16 +304,14 @@ The inferred network protocol based on Cloudflare's [protocol detection](/cloudf
 <Render file="gateway/selectors/protocol" />
 
 :::note
-
 To enable Gateway filtering on TCP and UDP, go to **Settings** > **Network** > **Proxy**. Network policies apply to all enabled protocols unless you use the **Protocol** selector within a policy.
-
 :::
 
 ### Proxy Endpoint
 
 <Render file="gateway/selectors/proxy-endpoint" />
 
-### Security Risks
+### Security Categories
 
 <Render
 	file="gateway/selectors/security-risks"
@@ -354,7 +355,10 @@ The country of the user making the request. <Render file="gateway/selectors/sour
 
 ### Source IP
 
-<Render file="gateway/selectors/source-ip-net" />
+<Render
+	file="gateway/selectors/source-ip"
+	params={{ APIendpoint: "net.src.ip" }}
+/>
 
 ### Source Port
 
@@ -376,9 +380,7 @@ The country of the user making the request. <Render file="gateway/selectors/sour
 <Render file="gateway/comparison-operators" />
 
 :::note
-
 The _in_ operator allows you to specify IP addresses or networks using CIDR notation.
-
 :::
 
 ## Value
diff --git a/src/content/docs/radar/glossary.mdx b/src/content/docs/radar/glossary.mdx
@@ -123,7 +123,7 @@ Cloudflare Speed Test measures latency multiple times over the course of the tes
 
 ## Content categories
 
-Cloudflare uses a variety of data sources to categorize domains. Using Cloudflare Radar, you can view the content categories associated with a given domain. Cloudflare customers using Cloudflare Gateway or [1.1.1.1 for Families](/1.1.1.1/setup/#1111-for-families) can decide to block certain categories, like "Adult Content", in addition to security threats like malware and phishing.
+Cloudflare uses a variety of data sources to categorize domains. Using Cloudflare Radar, you can view the content categories associated with a given domain. Cloudflare customers using [Cloudflare Gateway](/cloudflare-one/policies/gateway/domain-categories/) or [1.1.1.1 for Families](/1.1.1.1/setup/#1111-for-families) can decide to block certain categories, like "Adult Content", in addition to security threats like malware and phishing.
 
 In some cases, a domain may be miscategorized. For example, a social media site might be categorized as "Shopping & Auctions". If you believe a domain is miscategorized, or a domain has not yet been categorized, please provide your suggested category using [this form](https://radar.cloudflare.com/domains/feedback) to bring it to our attention.
 
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/destination-ip.mdx b/src/content/partials/cloudflare-one/gateway/selectors/destination-ip.mdx
@@ -1,9 +1,10 @@
 ---
-{}
+params:
+  - APIendpoint
 ---
 
 The IP address of the request's target.
 
-| UI name        | API example               |
-| -------------- | ------------------------- |
-| Destination IP | `net.dst.ip == 192.0.2.0` |
+| UI name        | API example                                                |
+| -------------- | ---------------------------------------------------------- |
+| Destination IP | <code>any({props.APIendpoint}[*] in \{10.0.0.0/8\})</code> |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/net-http-content-categories.mdx b/src/content/partials/cloudflare-one/gateway/selectors/net-http-content-categories.mdx
@@ -3,8 +3,8 @@ params:
   - APIendpoint
 ---
 
+Applications within a specific [security category](/cloudflare-one/policies/gateway/domain-categories/#content-categories) as categorized by [Cloudflare Radar](/radar/glossary/#content-categories).
+
 | UI name            | API example                                       |
 | ------------------ | ------------------------------------------------- |
 | Content Categories | <code>any({props.APIendpoint}[*] in \{1\})</code> |
-
-For more information, refer to the list of [content categories](/cloudflare-one/policies/gateway/domain-categories/#content-categories).
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/security-risks.mdx b/src/content/partials/cloudflare-one/gateway/selectors/security-risks.mdx
@@ -5,8 +5,8 @@ params:
 
 import { Markdown } from "~/components";
 
+Applications within a specific [security category](/cloudflare-one/policies/gateway/domain-categories/#security-categories) as categorized by [Cloudflare Radar](/radar/glossary/#content-categories).
+
 | UI name        | API example                                       |
 | -------------- | ------------------------------------------------- |
 | Security Risks | <code>any({props.APIendpoint}[*] in \{1\})</code> |
-
-For more information, refer to the list of [security categories](/cloudflare-one/policies/gateway/domain-categories/#security-categories).
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-ip-net.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-ip-net.mdx
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-ip.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-ip.mdx
@@ -0,0 +1,10 @@
+---
+params:
+  - APIendpoint
+---
+
+The originating IP address or addresses of a device proxied by Gateway.
+
+| UI name   | API example                                           |
+| --------- | ----------------------------------------------------- |
+| Source IP | <code>{props.APIendpoint}[*] in \{10.0.0.0/8\}</code> |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/source-port.mdx b/src/content/partials/cloudflare-one/gateway/selectors/source-port.mdx
@@ -1,8 +1,9 @@
 ---
 {}
-
 ---
 
+The originating port of a device proxied by Gateway.
+
 | UI name     | API example              |
 | ----------- | ------------------------ |
 | Source Port | `net.src.port == "2222"` |
