Adding in last bits of feedback

Author: dcpena

src/assets/images/learning-paths/mtls/waf-custom-rule.png

@@ -18,7 +18,7 @@ By default, mTLS uses Client Certificates issued by a Cloudflare Managed CA. Clo
 1. Go to your Cloudflare dashboard and selecting your account.
 2. Select **SSL/TLS** > **[Client Certificates](/ssl/client-certificates/)** tab and add the Hosts (hostnames) you want to [enable mTLS](/ssl/client-certificates/enable-mtls/) for. 
 
-    Example host: [mtls-test.example.com](https://mtls-test.example.com/)
+    `Example host: [mtls-test.example.com](https://mtls-test.example.com/)`
 
 3. Select **Create Certificate** to generate the private key (usually referred to as Private Certificate) and Certificate Signing Request (CSR) with Cloudflare (which includes the Public Certificate), or use your own private key and CSR. Using your own allows you to also [label client certificates](/ssl/client-certificates/label-client-certificate/).
 

src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx

@@ -99,7 +99,7 @@ Contact your account team for more information.
 [Revoked](/api-shield/security/mtls/configure/#check-for-revoked-certificates) Client Certificates are not automatically blocked unless you have an active WAF Custom Rule specifically checking for and blocking them. This check only applies to Client Certificates issued by the Cloudflare-managed CA. Cloudflare currently does not check certificate revocation lists (CRL) for CAs that have been uploaded by the customer ([BYO CA](/ssl/client-certificates/byo-ca/)). One can opt for Workers to manage a custom business logic and block revoked Client Certificates. See the [Workers section](/learning-paths/mtls/mtls-workers/) for more information.
 :::
 
-In order to effectively implement mTLS with Cloudflare, it is strongly recommended to properly configure the [Cloudflare WAF](/waf/). Review the available []`cf.tls_*`](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_cipher) dynamic fields.
+In order to effectively implement mTLS with Cloudflare, it is strongly recommended to properly configure the [Cloudflare WAF](/waf/). Review the available [`cf.tls_*`](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_cipher) dynamic fields.
 
 Example WAF Custom Rule with action block:
 
@@ -121,6 +121,8 @@ Another example WAF Custom Rule with action block, using the [cf.tls_client_auth
 
 Here's another example of a WAF custome rule to associate a serial number with a hostname: 
 
+![Example expression of a WAF Custom Rule to associate a serial number with a hostname](~/assets/images/learning-paths/mtls/waf-custom-rule.png)
+
 ```txt
 (http.host in {"mtls.example.com" "mtls2.example.com"} and cf.tls_client_auth.cert_serial ne "ADD_STRING_OF_CLIENT_CERT_SERIAL")
 ```

src/content/docs/learning-paths/mtls/mtls-app-security/related-features.mdx

@@ -104,7 +104,7 @@ cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=clie
 
 Follow the steps outlined in the [developer documentation](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration).
 
-Using the example from Step 2: upload the **\`ca.pem\`** to your Cloudflare Access account via the [Dashboard](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration) or [Cloudflare API](/api/operations/access-mtls-authentication-add-an-mtls-certificate).
+Using the example from Step 2: upload the `ca.pem` to your Cloudflare Access account via the [Dashboard](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/#add-mtls-authentication-to-your-access-configuration) or [Cloudflare API](/api/operations/access-mtls-authentication-add-an-mtls-certificate).
 
 Do not forget to enter the fully-qualified domain names (FQDN / associated hostnames) that will use this CA certificate.
 
@@ -116,7 +116,7 @@ Additionally, authenticated requests also send the `Cf-Access-Jwt-Assertion\` JW
 
 Finally, the hostname you want to protect with mTLS needs to be added as a [self-hosted app](/cloudflare-one/applications/configure-apps/self-hosted-apps/) in Cloudflare Access, defining an [Access Policy](/cloudflare-one/policies/access/) which uses the action [Service Auth](/cloudflare-one/policies/access/#service-auth) and the Selector *“Valid Certificate”*, or simply requiring an [IdP](/cloudflare-one/identity/idp-integration/) authentication. You can also take advantage of extra requirements, such as the “Common Name” (CN), which expects the indicated hostname, and more [Selectors](/cloudflare-one/policies/access/#selectors). Alternatively, one can also [extend ZTNA with external authorization and serverless computing](/reference-architecture/diagrams/sase/augment-access-with-serverless/).
 
-## Usage
+## Demo
 
 :::note
 Make sure that you are not using any VPN that could interfere with the certificates or TLS decryption.

src/content/docs/learning-paths/mtls/mtls-cloudflare-access/index.mdx

@@ -11,7 +11,7 @@ There are different ways to implement mTLS authentication. The most common ones
 
 This version of mTLS is for device certificates, primarily focused on the number of IoT devices, not user devices.
 
-here we recommend using [mTLS with Application Security](/learning-paths/mtls/mtls-app-security/).
+Here we recommend using [mTLS with Application Security](/learning-paths/mtls/mtls-app-security/).
 
 ## Option 2: mTLS User Authentication