scraping detections

Author: patriciasantaana

src/content/docs/bots/additional-configurations/detection-ids/account-takeover-detections.mdx

@@ -0,0 +1,82 @@
+---
+pcx_content_type: concept
+title: Account takeover detections
+sidebar:
+  order: 3
+---
+
+import { Render, Tabs, TabItem, Steps, DashButton } from "~/components"
+
+Using the detection IDs below, you can detect and mitigate account takeover attacks. You can monitor the number of login requests for a given software and network combination, as well as the percentage of login errors. When it reaches a suspicious level, you can prevent these attacks by using [custom rules](/waf/custom-rules/), [rate limiting rules](/waf/rate-limiting-rules/), and [Workers](/workers/).
+
+| Detection ID | Description                              |
+| ------------ | ---------------------------------------- |
+| `201326592`  | Observes all login failures to the zone. |
+| `201326593`  | Observes all login traffic to the zone.  |
+| `201326598`  | Sets a dynamic threshold based on the normal traffic that is unique to the zone.<br /><br /> When the ID matches a login failure, Bot Management sets the [bot score](/bots/concepts/bot-score/) to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |
+
+### Challenges for account takeover detections
+
+Cloudflare's [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) can limit brute-force attacks on your login endpoints.
+
+To access account takeover detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Custom rules**, select **Create rule**.
+            4. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem> 
+    <TabItem label="New dashboard" icon="rocket">
+		<Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Custom rule**.
+            3. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+	</TabItem> 
+</Tabs>
+
+```js title="Rule example"
+
+(any(cf.bot_management.detection_ids[*] eq 201326593))
+```
+
+### Limit logins with account takeover detections
+
+Rate limiting rules can limit the number of logins from a particular IP, JA4 fingerprint, or country.
+
+To use rate limiting rules with account takeover detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Rate limiting rules**, select **Create rule**.
+            4. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
+            5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+  </TabItem> 
+  <TabItem label="New dashboard" icon="rocket">
+		<Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Rate limiting rule**.
+            3. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
+            4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem> 
+</Tabs>
+
+:::tip[Enhanced with leaked credential detections]
+The rule can be enhanced with Leaked Credential Checks. Refer to the [WAF documentation](/waf/detections/leaked-credentials/) for more information on how to include leaked credentials and account takeover detections in a rate limiting rule. 
+
+:::

src/content/docs/bots/additional-configurations/detection-ids/additional-detections.mdx

@@ -0,0 +1,12 @@
+---
+pcx_content_type: concept
+title: Additional detections
+sidebar:
+  order: 4
+---
+
+## Additional detections
+
+| Detection ID | Description                              |
+| ------------ | ---------------------------------------- |
+| `50331651`   | Observes traffic from residential proxy networks and similar commercial proxies. <br /><br />When the ID matches a request, Bot Management sets the bot score to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |

src/content/docs/bots/additional-configurations/detection-ids.mdx renamed to src/content/docs/bots/additional-configurations/detection-ids/index.mdx

@@ -90,90 +90,6 @@ and not any(cf.bot_management.detection_ids[*] in {3355446 12577893})
 
 ---
 
-## Account takeover detections
-
-Using the detection IDs below, you can detect and mitigate account takeover attacks. You can monitor the number of login requests for a given software and network combination, as well as the percentage of login errors. When it reaches a suspicious level, you can prevent these attacks by using [custom rules](/waf/custom-rules/), [rate limiting rules](/waf/rate-limiting-rules/), and [Workers](/workers/).
-
-| Detection ID | Description                              |
-| ------------ | ---------------------------------------- |
-| `201326592`  | Observes all login failures to the zone. |
-| `201326593`  | Observes all login traffic to the zone.  |
-| `201326598`  | Sets a dynamic threshold based on the normal traffic that is unique to the zone.<br /><br /> When the ID matches a login failure, Bot Management sets the [bot score](/bots/concepts/bot-score/) to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |
-
-### Challenges for account takeover detections
-
-Cloudflare's [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) can limit brute-force attacks on your login endpoints.
-
-To access account takeover detections:
-
-<Tabs syncKey="dashNewNav"> 
-	<TabItem label="Old dashboard">
-		<Steps>
-      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-      2. Go to **Security** > **WAF**.
-      3. Under **Custom Rules**, select **Create rule**.
-      4. Fill out the form using **Bot Detection IDs** along with other necessary information.
-      5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-    </Steps>
-  </TabItem> 
-  <TabItem label="New dashboard" icon="rocket">
-		<Steps>
-      1. In the Cloudflare dashboard, go to the **Security rules** page.
-
-          <DashButton url="/?to=/:account/:zone/security/security-rules" />
-      2. Select **Create rule** and choose **Custom rule**.
-      3. Fill out the form using **Bot Detection IDs** along with other necessary information.
-      4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-      </Steps>
-	</TabItem> 
-</Tabs>
-
-```js title="Rule example"
-
-(any(cf.bot_management.detection_ids[*] eq 201326593))
-```
-
-### Limit logins with account takeover detections
-
-Rate limiting rules can limit the number of logins from a particular IP, JA4 Fingerprint, or country.
-
-To use rate limiting rules with account takeover detections:
-
-<Tabs syncKey="dashNewNav"> 
-	<TabItem label="Old dashboard">
-		<Steps>
-      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-      2. Go to **Security** > **WAF**.
-      3. Under **Rate limiting rules**, select **Create rule**.
-      4. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
-      5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-    </Steps>
-  </TabItem> 
-  <TabItem label="New dashboard" icon="rocket">
-		<Steps>
-      1. In the Cloudflare dashboard, go to the **Security rules** page.
-
-          <DashButton url="/?to=/:account/:zone/security/security-rules" />
-      2. Select **Create rule** and choose **Rate limiting rule**.
-      3. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
-      4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
-    </Steps>
-  </TabItem> 
-</Tabs>
-
-:::note
-The rule can be enhanced with Leaked Credential Checks. Refer to the [WAF documentation](/waf/detections/leaked-credentials/) for more information on how to include leaked credentials and account takeover detections in a rate limiting rule. 
-
-:::
-
-## Additional detections
-
-| Detection ID | Description                              |
-| ------------ | ---------------------------------------- |
-| `50331651`   | Observes traffic from residential proxy networks and similar commercial proxies. <br /><br />When the ID matches a request, Bot Management sets the bot score to 29 and uses [anomaly detection](/bots/concepts/bot-detection-engines/#anomaly-detection-enterprise) as its score source. |
-
----
-
 ## Bot Detection IDs via Logpush
 
 You can create or edit existing Logpush jobs to include the new Bot Detection IDs field which will provide an array of IDs for each request that has heuristics match on it. The `BotDetectionIDs` field is available as part of the HTTP Requests dataset and you can add it to new or existing jobs via the Logpush API or on the Cloudflare dashboard. This is the primary method to discover Detection IDs.

src/content/docs/bots/additional-configurations/detection-ids/scraping-detections.mdx

@@ -0,0 +1,84 @@
+---
+pcx_content_type: concept
+title: Scraping detections
+sidebar:
+  order: 3
+---
+
+import { Render, Tabs, TabItem, Steps, DashButton } from "~/components"
+
+Scraping behavioral detection IDs allow you to better protect your website from volumetric scraping attacks by identifying anomalous behavior. The detection IDs below are specifically designed to catch suspicious scraping activity at the zone-level.
+
+| Detection ID | Description |
+| --- | --- |
+| `50331648` | Observes patterns of requests sent to your zone, dynamically analyzing behavior by ASN. |
+| `50331649` | Observes patterns of requests sent to your zone, dynamically analyzing behavior by JA4 fingerprint. |
+
+## Challenges for scraping detections
+
+Cloudflare's [Managed Challenge](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended) can limit scraping attacks on your website.
+
+To access scraping detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Custom rules**, select **Create rule**.
+            4. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem>
+    <TabItem label="New dashboard" icon="rocket">
+        <Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Custom rule**.
+            4. Fill out the form using **Bot Detection IDs** along with other necessary information.
+            5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+	</TabItem> 
+</Tabs>
+
+```js title="Rule example"
+
+(any(cf.bot_management.detection_ids[*] eq 50331649))
+```
+
+:::tip[Best practice]
+If you are choosing to challenge as your rule action, check for any API calls on which you do not want to issue a challenge. To exclude requests to such paths, edit the [WAF custom rule](/waf/custom-rules/) to exclude the relevant paths. 
+:::
+
+## Limit scraping requests with scraping detections
+
+Rate limiting rules can limit the number of requests from a particular ASN or JA4 Fingerprint so long as it continues to exhibit suspicious behavior.
+
+To use rate limiting rules with scraping detections:
+
+<Tabs syncKey="dashNewNav"> 
+	<TabItem label="Old dashboard">
+		<Steps>
+            1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+            2. Go to **Security** > **WAF**.
+            3. Under **Rate limiting rules**, select **Create rule**.
+            4. Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
+            5. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+  </TabItem> 
+  <TabItem label="New dashboard" icon="rocket">
+		<Steps>
+            1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+                <DashButton url="/?to=/:account/:zone/security/security-rules" />
+            2. Select **Create rule** and choose **Rate limiting rule**.
+            3.Fill out the form using the **Custom expression builder** and `cf.bot_management_detection_ids` along with other necessary information.
+            4. Select **Save as draft** to return to it later, or **Deploy** to deploy the rule.
+        </Steps>
+    </TabItem>
+</Tabs>
+
+:::note
+Detection IDs `50331648` and `50331649` are dynamically re-calculated, meaning a single fingerprint would not be permanently rate limited unless it continues to remain suspicious at all times. Rate limiting on these detection IDs allows for more lenient controls, as opposed to immediately challenging or blocking.
+:::