cloudflare
diff --git a/‎src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx‎
Lines changed: 2 additions & 2 deletions b/‎src/content/docs/cloudflare-one/connections/connect-devices/agentless/pac-files.mdx‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management.mdx‎
Lines changed: 79 additions & 76 deletions b/‎src/content/docs/cloudflare-one/connections/connect-networks/configure-tunnels/remote-management.mdx‎
Lines changed: 79 additions & 76 deletions
diff --git a/‎src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/cloudflare-one/identity/idp-integration/entra-id.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/cloudflare-one/policies/access/policy-management.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/cloudflare-one/policies/access/policy-management.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/cloudflare-one/policies/browser-isolation/isolation-policies.mdx‎
Lines changed: 5 additions & 5 deletions b/‎src/content/docs/cloudflare-one/policies/browser-isolation/isolation-policies.mdx‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx‎
Lines changed: 13 additions & 13 deletions b/‎src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx‎
Lines changed: 13 additions & 13 deletions
@@ -64,7 +64,7 @@ https://<SUBDOMAIN>.proxy.cloudflare-gateway.com
 
    ```bash
    curl https://api.cloudflare.com/client/v4/accounts/<ACCOUNT_ID>/gateway/proxy_endpoints \
-   --header "Authorization: Bearer <API_TOKEN>" \
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    --header "Content-Type: application/json" \
    --data '{"name": "any_name", "ips": ["<PUBLIC_IP>", "<PUBLIC_IP2>", "<PUBLIC_IP3>"]}'
    ```
@@ -212,7 +212,7 @@ To get the domain of a proxy endpoint:
 
    ```bash
    curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/proxy_endpoints \
-   --header "Authorization: Bearer <API_TOKEN>"
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
    ```
 
    ```json {8} output
 
@@ -185,95 +185,98 @@ Cloudflare recommends rotating the tunnel token at a regular cadence to reduce t
 
 To rotate a tunnel token:
 
-1. Refresh the token on Cloudflare:
+1.  Refresh the token on Cloudflare:
 
-      <Tabs syncKey="dashPlusAPI">
-<TabItem label="Dashboard">
+          <Tabs syncKey="dashPlusAPI">
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels**.
-1. Select a `cloudflared` tunnel and select **Edit**.
-1. Select **Refresh token**.
-1. Copy the `cloudflared` installation command for your operating system. This command contains the new token.
+    <TabItem label="Dashboard">
 
-      </TabItem>
-<TabItem label="API">
+1.  In [Zero Trust](https://one.dash.cloudflare.com/), go to **Networks** > **Tunnels**.
+1.  Select a `cloudflared` tunnel and select **Edit**.
+1.  Select **Refresh token**.
+1.  Copy the `cloudflared` installation command for your operating system. This command contains the new token.
 
-   1. Generate a random base64 string (minimum size 32 bytes) to use as a tunnel secret:
-
-      ```sh
-      openssl rand -base64 32
-      ```
-
-      ```sh output
-      AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg=
-      ```
-
-   2. Make a `PATCH` request to the [Cloudflare Tunnel](/api/resources/zero_trust/subresources/tunnels/methods/edit/) endpoint:
-
-      ```sh
-      curl --request PATCH \
-      https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/$TUNNEL_ID \
-      --header 'Content-Type: application/json' \
-      --header "Authorization: Bearer <API_TOKEN>" \
-      --data '{
-      	"name": "Example tunnel",
-      	"tunnel_secret": "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
-      }'
-      ```
-
-      ```sh output {18}
-      {
-      	"success": true,
-      	"errors": [],
-      	"messages": [],
-      	"result": {
-      		"id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
-      		"account_tag": "699d98642c564d2e855e9661899b7252",
-      		"created_at": "2024-12-04T22:03:26.291225Z",
-      		"deleted_at": null,
-      		"name": "Example tunnel",
-      		"connections": [],
-      		"conns_active_at": null,
-      		"conns_inactive_at": "2024-12-04T22:03:26.291225Z",
-      		"tun_type": "cfd_tunnel",
-      		"metadata": {},
-      		"status": "inactive",
-      		"remote_config": true,
-      		"token": "eyJhIjoiNWFiNGU5Z..."
-      	}
-      }
-      ```
-
-   3. Copy the `token` value shown in the output.
-
-      </TabItem>
-</Tabs>
+          </TabItem>
 
-   After refreshing the token, `cloudflared` can no longer establish new connections to Cloudflare using the old token. However, existing connectors will remain active and the tunnel will continue serving traffic.
+    <TabItem label="API">
 
-1. On half of your `cloudflared` replicas, update `cloudflared` to use the new token. For example, on a Linux host:
+    1.  Generate a random base64 string (minimum size 32 bytes) to use as a tunnel secret:
 
-   ```sh
-   sudo cloudflared service install <TOKEN>
-   ```
+        ```sh
+        openssl rand -base64 32
+        ```
 
-1. Restart `cloudflared`:
+        ```sh output
+        AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg=
+        ```
 
-   ```sh
-   sudo systemctl restart cloudflared.service
-   ```
+    2.  Make a `PATCH` request to the [Cloudflare Tunnel](/api/resources/zero_trust/subresources/tunnels/methods/edit/) endpoint:
 
-1. Confirm that the service started correctly:
+        ```sh
+        curl --request PATCH \
+        https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/$TUNNEL_ID \
+        --header 'Content-Type: application/json' \
+        --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
+        --data '{
+        	"name": "Example tunnel",
+        	"tunnel_secret": "AQIDBAUGBwgBAgMEBQYHCAECAwQFBgcIAQIDBAUGBwg="
+        }'
+        ```
 
-   ```sh
-   sudo systemctl status cloudflared
-   ```
+        ```sh output {18}
+        {
+        	"success": true,
+        	"errors": [],
+        	"messages": [],
+        	"result": {
+        		"id": "f70ff985-a4ef-4643-bbbc-4a0ed4fc8415",
+        		"account_tag": "699d98642c564d2e855e9661899b7252",
+        		"created_at": "2024-12-04T22:03:26.291225Z",
+        		"deleted_at": null,
+        		"name": "Example tunnel",
+        		"connections": [],
+        		"conns_active_at": null,
+        		"conns_inactive_at": "2024-12-04T22:03:26.291225Z",
+        		"tun_type": "cfd_tunnel",
+        		"metadata": {},
+        		"status": "inactive",
+        		"remote_config": true,
+        		"token": "eyJhIjoiNWFiNGU5Z..."
+        	}
+        }
+        ```
+
+    3.  Copy the `token` value shown in the output.
+
+              </TabItem>
+
+        </Tabs>
+
+    After refreshing the token, `cloudflared` can no longer establish new connections to Cloudflare using the old token. However, existing connectors will remain active and the tunnel will continue serving traffic.
+
+1.  On half of your `cloudflared` replicas, update `cloudflared` to use the new token. For example, on a Linux host:
+
+    ```sh
+    sudo cloudflared service install <TOKEN>
+    ```
+
+1.  Restart `cloudflared`:
+
+    ```sh
+    sudo systemctl restart cloudflared.service
+    ```
+
+1.  Confirm that the service started correctly:
+
+    ```sh
+    sudo systemctl status cloudflared
+    ```
 
-   While these replicas are connecting to Cloudflare with the new token, traffic will automatically route through the other replicas.
+    While these replicas are connecting to Cloudflare with the new token, traffic will automatically route through the other replicas.
 
-1. Wait 10 minutes for traffic to route through the new connectors.
+1.  Wait 10 minutes for traffic to route through the new connectors.
 
-1. Repeat steps 2, 3, and 4 for the second half of the replicas.
+1.  Repeat steps 2, 3, and 4 for the second half of the replicas.
 
 The tunnel token is now fully rotated. The old token is no longer in use.
 
@@ -287,7 +290,7 @@ If your tunnel token is compromised, we recommend taking the following steps:
    ```sh
    curl --request DELETE \
    https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/cfd_tunnel/$TUNNEL_ID/connections \
-   --header "Authorization: Bearer <API_TOKEN>"
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
    ```
 
    This will clean up any unauthorized connections and prevent users from connecting to your network.
 
@@ -279,7 +279,7 @@ You can require users to re-enter their credentials into Entra ID whenever they
    ```sh {17}
    curl --request PUT \
    https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/identity_providers/$IDENTITY_PROVIDER_ID \
-   --header "Authorization: Bearer <API_TOKEN>" \
+   --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
    --header "Content-Type: application/json" \
    --data '{
    		"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
 
@@ -83,7 +83,7 @@ You can use the API to convert a legacy policy into a reusable policy. To conver
 ```bash
 curl --request PUT \
 https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/access/apps/$APP_ID/policies/$POLICY_ID/make_reusable \
---header "Authorization: Bearer <API_TOKEN>"
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN"
 ```
 
 The policy is now removed from the applications endpoint (`/access/apps/$APP_ID/policies`) and managed using the [reusable policies endpoints](/api/resources/zero_trust/subresources/access/subresources/policies/)(`/access/policies/$POLICY_ID`).
@@ -136,7 +136,7 @@ Isolate security threats such as malware and phishing.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate all security threats",
   "description": "Isolate security threats such as malware and phishing",
@@ -170,7 +170,7 @@ Isolate high risk content categories such as newly registered domains.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate high risk content",
   "description": "Isolate high risk content categories such as newly registered domains",
@@ -204,7 +204,7 @@ Isolate news and media sites, which are targets for malvertising attacks.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate news and media",
   "description": "Isolate news and media sites, which are targets for malvertising attacks",
@@ -238,7 +238,7 @@ Isolate content that has not been categorized by [Cloudflare Radar](/radar/).
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate uncategorized content",
   "description": "Isolate content not categorized by Cloudflare Radar",
@@ -274,7 +274,7 @@ In **Configure policy settings**, you can customize restrictions for ChatGPT. Fo
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Isolate ChatGPT",
   "description": "Isolate the use of ChatGPT",
 
@@ -31,7 +31,7 @@ This policy allows users to access official corporate domains. By deploying the
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Allow corporate domains",
   "description": "Allow any internal corporate domains added to a list",
@@ -94,7 +94,7 @@ You can implement policies to block websites hosted in countries categorized as
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block banned countries",
   "description": "Block access to banned countries",
@@ -129,7 +129,7 @@ Blocking [frequently misused](https://www.spamhaus.org/statistics/tlds/) top-lev
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block top-level domains",
   "description": "Block top-level domains that are frequently used for malicious practices",
@@ -163,7 +163,7 @@ To protect against [sophisticated phishing attacks](https://blog.cloudflare.com/
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block phishing attacks",
   "description": "Block attempts to phish specific domains targeting your organization",
@@ -198,7 +198,7 @@ To safeguard user privacy, some organizations will block tracking domains such a
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block online tracking",
   "description": "Block domains used for tracking at an OS level",
@@ -233,7 +233,7 @@ Block specific IP addresses that are known to be malicious or pose a threat to y
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block malicious IPs",
   "description": "Block specific IP addresses that are known to be malicious or pose a threat to your organization",
@@ -268,7 +268,7 @@ The CIPA (Children's Internet Protection Act) Filter is a collection of subcateg
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Turn on CIPA filter",
   "description": "Block access to unwanted or harmful online content for children",
@@ -301,7 +301,7 @@ SafeSearch is a feature of search engines that helps you filter explicit or offe
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Hide explicit search results",
   "description": "Force SafeSearch on search engines to filter explicit or offensive content",
@@ -335,7 +335,7 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Check user identity",
   "description": "Filter traffic based on a user identity group name",
@@ -373,7 +373,7 @@ The following example includes two policies. The first policy allows the specifi
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Allow social media for Marketing",
   "description": "Allow access to social media sites for users in the Marketing group",
@@ -405,7 +405,7 @@ curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Block social media",
   "description": "Block social media for all other users",
@@ -448,7 +448,7 @@ Force users to connect with IPv4 by blocking IPv6 resolution.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Force IPv4",
   "description": "Force users to connect with IPv4 by blocking IPv6 resolution",
@@ -482,7 +482,7 @@ Force users to connect with IPv6 by blocking IPv4 resolution.
 ```bash
 curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/rule \
 --header "Content-Type: application/json" \
---header "Authorization: Bearer <API_TOKEN>" \
+--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
 --data '{
   "name": "Force IPv6",
   "description": "Force users to connect with IPv6 by blocking IPv4 resolution",