Skip to content

Commit 37ff8b7

Browse files
[API Shield] Fallthrough Action + SV2 for all (#17034)
* plans page * plans table * fallthrough action * availabilities * Apply suggestions from code review Co-authored-by: Jun Lee <[email protected]> --------- Co-authored-by: Jun Lee <[email protected]>
1 parent cbc1aef commit 37ff8b7

File tree

9 files changed

+62
-10
lines changed

9 files changed

+62
-10
lines changed

src/content/docs/api-shield/api-gateway.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ pcx_content_type: concept
33
type: overview
44
title: API Gateway
55
sidebar:
6-
order: 4
6+
order: 5
77

88
---
99

src/content/docs/api-shield/changelog.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ title: Changelog
44
changelog_file_name:
55
- api-shield
66
sidebar:
7-
order: 9
7+
order: 10
88

99
---
1010

src/content/docs/api-shield/frequently-asked-questions.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ pcx_content_type: faq
33
title: FAQ
44
structured_data: true
55
sidebar:
6-
order: 7
6+
order: 8
77

88
---
99

src/content/docs/api-shield/glossary.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Glossary
33
pcx_content_type: glossary
44
sidebar:
5-
order: 8
5+
order: 9
66

77
---
88

src/content/docs/api-shield/management-and-monitoring/index.mdx

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,12 +3,14 @@ pcx_content_type: concept
33
type: overview
44
title: Management and Monitoring
55
sidebar:
6-
order: 5
6+
order: 6
77
label: Endpoint Management
88

99
---
1010

11-
import { GlossaryTooltip } from "~/components"
11+
import { GlossaryTooltip, Plan } from "~/components"
12+
13+
<Plan type="all" />
1214

1315
Monitor the health of your <GlossaryTooltip term="API endpoint">API endpoints</GlossaryTooltip> by saving, updating, and monitoring performance metrics using API Shield’s Endpoint Management.
1416

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
---
2+
title: Plans
3+
pcx_content_type: overview
4+
type: overview
5+
sidebar:
6+
order: 3
7+
8+
---
9+
10+
Free, Pro, Business, and Enterprise customers without an API Gateway subcription can access [Endpoint Management](/api-shield/management-and-monitoring/) and [Schema Validation](/api-shield/security/schema-validation/), but no other [API Gateway](/api-shield/api-gateway/) features.
11+
12+
To subscribe to API Gateway, upgrade to an Enterprise plan and contact your account team.
13+
14+
Limits to endpoints apply to Endpoint Management and Schema Validation. Refer to the table below for limits based on your zone plan.
15+
16+
| Plan type | Saved endpoints | Uploaded schemas | Total uploaded schema size (MB) | Rule action |
17+
| --- | --- | --- | --- | --- |
18+
| **Free** | 100 | 3 | 1 | `Block` only |
19+
| **Pro** | 200 | 4 | 2 | `Block` only |
20+
| **Business** | 500 | 5 | 5 | `Block` only |
21+
| **Enterprise without API Gateway** | 500 | 5 | 5 | `Log` or `Block` |
22+
| **Enterprise with API Gateway** | 10,000 | 10+ | 10+ | `Log` or `Block` |

src/content/docs/api-shield/reference/index.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
pcx_content_type: reference
33
title: Reference
44
sidebar:
5-
order: 6
5+
order: 7
66
group:
77
hideIndex: true
88

src/content/docs/api-shield/security/index.mdx

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ pcx_content_type: navigation
33
type: overview
44
title: Security
55
sidebar:
6-
order: 3
6+
order: 4
77

88
---
99

src/content/docs/api-shield/security/schema-validation/index.mdx

Lines changed: 30 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,9 @@ sidebar:
66

77
---
88

9-
import { GlossaryDefinition, GlossaryTooltip } from "~/components"
9+
import { GlossaryDefinition, GlossaryTooltip, Plan } from "~/components"
10+
11+
<Plan type="all" />
1012

1113
<GlossaryDefinition term="API schema" />
1214

@@ -69,6 +71,30 @@ At this time, learned schemas will not overwrite customer-uploaded schemas. If a
6971
If an endpoint is currently protected by a learned schema, the date of the last applied learned schema will be shown in the current schema field.
7072
:::
7173

74+
### Add validation by adding a fallthrough rule
75+
76+
A fallthrough rule acts as a catch-all for requests that do not match endpoints in [Endpoint Management](/api-shield/management-and-monitoring/).
77+
78+
By ensuring that all your endpoints in a schema are added to Endpoint Management, the fallthrough action can protect you against legacy or zombie endpoints that your team may be unaware of.
79+
80+
To set up a fallthrough action:
81+
82+
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain.
83+
2. Go to **Security** > **API Shield**.
84+
3. Under **Settings**, go to **Fallthrough settings**.
85+
4. Select **Use Template**.
86+
5. Choose one or more hostnames from the drop down menu. The fallthrough rule will act on all traffic that does not match an existing endpoint in Endpoint Management to the selected hostnames.
87+
6. Select **Continue to custom rule**.
88+
7. Name your rule and select your action.
89+
8. Select **Save as draft** to deploy later, or **Deploy** to deploy now.
90+
91+
Your current fallthrough rules can be viewed in the custom rules list or in API Shield's settings under **Fallthrough settings**.
92+
93+
:::note
94+
95+
You can use the `cf.api_gateway.fallthrough_triggered` syntax in your own custom rule for a more customized logic check. This detection will evaluate as `true` when a request does not match an endpoint in Endpoint Management, so it is important to check against your API's hostname or root path to ensure that you are not blocking any non-API traffic on your zone.
96+
:::
97+
7298
### Change the action of an entire schema
7399

74100
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain.
@@ -159,7 +185,9 @@ Schema Validation supports [OpenAPI Version 3.0.x schemas](https://spec.openapis
159185

160186
Currently, API Shield does not support some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
161187

162-
There is a limit of 10,000 total operations for enabled schemas.
188+
There is a limit of 10,000 total operations for enabled schemas for Enterprise customers subscribed to [API Gateway](/api-shield/api-gateway/). To raise this limit, contact your account team.
189+
190+
For limits on Free, Pro, Business, or Enterprise customers not subscribed to API Gateway, refer to [Plans](/api-shield/plans/).
163191

164192
### Required fields
165193

0 commit comments

Comments
 (0)