[WAF, Terraform] Improve Terraform info and links from/to the WAF (#19681)

Also adds some Terraform links to Rules features

Author: pedrosousa

src/content/docs/rules/transform/index.mdx

@@ -37,6 +37,8 @@ Alternatively, create a transform rule from scratch in the dashboard or via Clou
 - [HTTP response header modification rules](/rules/transform/response-header-modification/create-dashboard/)
 - [Managed Transforms](/rules/transform/managed-transforms/)
 
+For Terraform examples, refer to [Transform Rules configuration using Terraform](/terraform/additional-configurations/transform-rules/).
+
 Refer to [Rules language](/ruleset-engine/rules-language/) for more information on building expressions for Transform Rules.
 
 ## Availability

src/content/docs/rules/transform/managed-transforms/configure.mdx

@@ -7,9 +7,9 @@ head: []
 description: Learn how to configure Managed Transforms.
 ---
 
-import { Details, TabItem, Tabs } from "~/components";
+import { Details, TabItem, Tabs, Render } from "~/components";
 
-<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+<Tabs syncKey="dashPlusAPIPlusTerraform"> <TabItem label="Dashboard">
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and website.
 
@@ -182,4 +182,28 @@ The response will include all the available Managed Transforms and their new sta
 
 </Details>
 
+</TabItem> <TabItem label="Terraform">
+
+<Render file="v4-code-snippets" product="terraform" />
+
+Use the `cloudflare_managed_headers` Terraform resource to configure Managed Transforms. For example:
+
+```tf
+resource "cloudflare_managed_headers" "tf_example" {
+  zone_id = "<ZONE_ID>"
+
+  managed_request_headers {
+    id      = "add_visitor_location_headers"
+    enabled = true
+  }
+
+  managed_response_headers {
+    id      = "remove_x-powered-by_header"
+    enabled = true
+  }
+}
+```
+
+Make sure you include the Managed Transforms you are updating in the correct object (`managed_request_headers` or `managed_response_headers`).
+
 </TabItem> </Tabs>

src/content/docs/rules/transform/managed-transforms/index.mdx

@@ -15,7 +15,7 @@ Managed Transforms allow you to perform common adjustments to HTTP request and r
 
 For a complete list, refer to [Available Managed Transforms](/rules/transform/managed-transforms/reference/).
 
-When you enable a Managed Transform, Cloudflare internally deploys one or more Transform Rules to handle the common configuration you selected. These generated rules will not count against the maximum number of Transform Rules available in your Cloudflare plan.
+When you enable a Managed Transform, Cloudflare internally deploys one or more Transform Rules to handle the common configuration you selected. These generated rules will not count against the [maximum number of Transform Rules](/rules/transform/#availability) available in your Cloudflare plan.
 
 Enabled Managed Transforms will apply to all inbound requests for the zone.
 
@@ -25,4 +25,4 @@ The generated internal Transform Rules will not appear in the Transform Rules li
 
 ## Next steps
 
-For dashboard and API instructions, refer to [Configure Managed Transforms](/rules/transform/managed-transforms/configure/).
+For dashboard, API, and Terraform instructions, refer to [Configure Managed Transforms](/rules/transform/managed-transforms/configure/).

src/content/docs/rules/transform/request-header-modification/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Create a rule using Terraform
+external_link: /terraform/additional-configurations/transform-rules/#create-an-http-request-header-modification-rule
+sidebar:
+  order: 4
+---

src/content/docs/rules/transform/response-header-modification/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Create a rule using Terraform
+external_link: /terraform/additional-configurations/transform-rules/#create-an-http-response-header-modification-rule
+sidebar:
+  order: 4
+---

src/content/docs/rules/transform/url-rewrite/index.mdx

@@ -33,7 +33,7 @@ Rewrite URL rules can perform static or dynamic rewrites:
 - **Static rewrite**: Replaces a given part of a request URL (path or query string) with a static string.
 - **Dynamic rewrite**: Supports more advanced scenarios where you use a rewrite expression to define the resulting path or query string.
 
-Create rewrite URL rules [in the dashboard](/rules/transform/url-rewrite/create-dashboard/) or [via API](/rules/transform/url-rewrite/create-api/).
+Create rewrite URL rules [in the dashboard](/rules/transform/url-rewrite/create-dashboard/), [via Cloudflare API](/rules/transform/url-rewrite/create-api/), or [using Terraform](/terraform/additional-configurations/transform-rules/#create-a-rewrite-url-rule).
 
 ## Serve images from custom paths
 

src/content/docs/rules/transform/url-rewrite/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Create a rule using Terraform
+external_link: /terraform/additional-configurations/transform-rules/#create-a-rewrite-url-rule
+sidebar:
+  order: 4
+---

src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx

@@ -1,24 +1,25 @@
 ---
-title: DDoS managed rulesets
+title: DDoS managed rulesets configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 3
+  label: DDoS managed rulesets
 head:
   - tag: title
-    content: Configure DDoS managed rulesets with Terraform
+    content: DDoS managed rulesets configuration using Terraform
 ---
 
-import { Render } from "~/components";
+import { Render, RuleID } from "~/components";
 
-This page provides examples of configuring DDoS managed rulesets in your zone or account using Terraform. It covers the following configurations:
+This page provides examples of configuring [DDoS managed rulesets](/ddos-protection/managed-rulesets/) in your zone or account using Terraform. It covers the following configurations:
 
 - [Example: Configure HTTP DDoS Attack Protection](#example-configure-http-ddos-attack-protection)
 - [Example: Configure Network-layer DDoS Attack Protection](#example-configure-network-layer-ddos-attack-protection)
 - [Use case: Mitigate large HTTP DDoS attacks and monitor flagged traffic](#use-case-mitigate-large-http-ddos-attacks-and-monitor-flagged-traffic)
 
 DDoS managed rulesets are always enabled. Depending on your Cloudflare services, you may be able to adjust their behavior.
 
-For more information on DDoS managed rulesets, refer to [Managed rulesets](/ddos-protection/managed-rulesets/) in the Cloudflare DDoS Protection documentation. For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation.
+For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation.
 
 ## Before you start
 
@@ -34,7 +35,7 @@ For more information on DDoS managed rulesets, refer to [Managed rulesets](/ddos
 
 ## Example: Configure HTTP DDoS Attack Protection
 
-This example configures the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) managed ruleset for a zone using Terraform, changing the sensitivity level of rule with ID fdfdac75430c4c47a959592f0aa5e68a to `low`.
+This example configures the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) managed ruleset for a zone using Terraform, changing the sensitivity level of rule with ID <RuleID id="fdfdac75430c4c47a959592f0aa5e68a" /> to `low`.
 
 <Render file="v4-code-snippets" />
 
@@ -70,7 +71,7 @@ For more information about HTTP DDoS Attack Protection, refer to [HTTP DDoS Atta
 
 ## Example: Configure Network-layer DDoS Attack Protection
 
-This example configures the [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/) managed ruleset for an account using Terraform, changing the sensitivity level of rule with ID 599dab0942ff4898ac1b7797e954e98b to `low` using an override.
+This example configures the [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/) managed ruleset for an account using Terraform, changing the sensitivity level of rule with ID <RuleID id="599dab0942ff4898ac1b7797e954e98b" /> to `low` using an override.
 
 :::caution[Important]
 

src/content/docs/terraform/additional-configurations/rate-limiting-rules.mdx

@@ -1,18 +1,17 @@
 ---
-title: Rate limiting rules
+title: Rate limiting rules configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 4
+  label: Rate limiting rules
 head:
   - tag: title
-    content: Configure rate limiting rules with Terraform
+    content: Rate limiting rules configuration using Terraform
 ---
 
 import { Details, Render } from "~/components";
 
-This page provides an example of creating a rate limiting rule in a zone using Terraform.
-
-For more information on rate limiting rules, refer to [Rate limiting rules](/waf/rate-limiting-rules/) in the Cloudflare WAF documentation.
+This page provides examples of creating [rate limiting rules](/waf/rate-limiting-rules/) in a zone or account using Terraform.
 
 :::note
 
@@ -31,7 +30,7 @@ For more information on configuring the previous version of rate limiting rules
 
 ---
 
-## Create a rate limiting rule
+## Create a rate limiting rule at the zone level
 
 This example creates a rate limiting rule in zone with ID `<ZONE_ID>` blocking traffic that exceeds the configured rate:
 
@@ -62,14 +61,15 @@ resource "cloudflare_ruleset" "zone_rl" {
 
 <Render file="add-new-rule" params={{ one: "rate limiting rule" }} /> <br />
 
-<Details header="Account-level example configuration">
+## Create a rate limiting rule at the account level
 
-:::note[Before you start]
+:::note[Notes]
 
-- Account-level rate limiting configuration requires an Enterprise plan with a paid add-on.
+- [Account-level rate limiting configuration](/waf/account/) requires an Enterprise plan with a paid add-on.
 
 - Custom rulesets deployed at the account level will only apply to incoming traffic of zones on an Enterprise plan. The expression of your `execute` rule must end with `and cf.zone.plan eq "ENT"`.
-  :::
+
+:::
 
 This example defines a [custom ruleset](/ruleset-engine/custom-rulesets/) with a single rate limiting rule in account with ID `<ACCOUNT_ID>` that blocks traffic for the `/api/` path exceeding the configured rate. The second `cloudflare_ruleset` resource defines an `execute` rule that deploys the custom ruleset for traffic addressed at `example.com`.
 
@@ -120,7 +120,7 @@ resource "cloudflare_ruleset" "account_rl_entrypoint" {
 }
 ```
 
-</Details>
+<Render file="add-new-rule" params={{ one: "rate limiting rule" }} /> <br />
 
 ## Create an advanced rate limiting rule
 

src/content/docs/terraform/additional-configurations/transform-rules.mdx

@@ -1,21 +1,21 @@
 ---
-title: Transform Rules
+title: Transform Rules configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 6
+  label: Transform Rules
 head:
   - tag: title
-    content: Configure Transform Rules with Terraform
+    content: Transform Rules configuration using Terraform
 ---
 
 import { Render } from "~/components";
 
-This page provides examples of creating Transform Rules in a zone using Terraform. The examples cover the following scenarios:
+This page provides examples of creating [Transform Rules](/rules/transform/) in a zone using Terraform. The examples cover the following scenarios:
 
 - [Create a Rewrite URL Rule](#create-a-rewrite-url-rule)
 - [Create an HTTP Request Header Modification Rule](#create-an-http-request-header-modification-rule)
-
-For more information on Transform Rules, refer to [Transform Rules](/rules/transform/).
+- [Create an HTTP Response Header Modification Rule](#create-an-http-response-header-modification-rule)
 
 ## Before you start