Merge branch 'cloudflare:production' into patch-7

Author: cdisher

src/content/docs/cloudflare-one/connections/connect-devices/user-side-certificates/index.mdx

@@ -15,12 +15,12 @@ Gateway [generates a unique root CA](#generate-a-cloudflare-root-certificate) fo
 
 Zero Trust will indicate if a certificate is ready for use in inspection based on its deployment status:
 
-| Deployment status | Description                                                                                                    |
-| ----------------- | -------------------------------------------------------------------------------------------------------------- |
-| Inactive          | The certificate has been generated by or uploaded to Cloudflare but is not deployed across the global network. |
-| Pending           | The certificate is being activated or deactivated for use.                                                     |
-| Active            | The certificate is deployed across the Cloudflare global network and ready to be turned on.                    |
-| Active and In-Use | The certificate is turned on. Gateway will use the certificate for inspection.                                 |
+| Deployment status    | Description                                                                                                    |
+| -------------------- | -------------------------------------------------------------------------------------------------------------- |
+| Inactive             | The certificate has been generated by or uploaded to Cloudflare but is not deployed across the global network. |
+| Pending              | The certificate is being activated or deactivated for use.                                                     |
+| Available            | The certificate is deployed across the Cloudflare global network and ready to be turned on.                    |
+| Available and In-Use | The certificate is turned on. Gateway will use the certificate for inspection.                                 |
 
 ## Generate a Cloudflare root certificate
 
@@ -39,10 +39,10 @@ Each Zero Trust account can generate a new root certificate a maximum of three t
 ## Activate a root certificate
 
 :::note
-Zero Trust accounts using the Cloudflare certificate prior to 2024-10-17 will need to redeploy and activate the newly generated certificate. Zero Trust accounts created during or after 2024-10-17 will use an active certificate by default.
+Zero Trust accounts using the Cloudflare certificate prior to 2024-10-17 will need to redeploy and activate the newly generated certificate. Zero Trust accounts created during or after 2024-10-17 will use an available certificate by default.
 :::
 
-Once a certificate is generated in or uploaded to Zero Trust, you need to activate it. Activating a certificate deploys it across the Cloudflare network. You can have up to 25 active certificates at once.
+Once a certificate is generated in or uploaded to Zero Trust, you need to activate it. Activating a certificate deploys it across the Cloudflare network. You can have up to 25 available certificates at once.
 
 To activate your root certificate:
 
@@ -51,7 +51,7 @@ To activate your root certificate:
 3. Select the certificate you want to activate.
 4. Select **Activate**.
 
-The status of the certificate will change to **Pending** while it deploys. Once the status of your certificate is **Active**, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/) or [manually](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/).
+The status of the certificate will change to **Pending** while it deploys. Once the status of your certificate is **Available**, you can install it on your user's devices either [with WARP](/cloudflare-one/connections/connect-devices/user-side-certificates/automated-deployment/) or [manually](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/).
 
 Once you deploy and install your certificate, you can turn it on for use in inspection:
 
@@ -60,4 +60,4 @@ Once you deploy and install your certificate, you can turn it on for use in insp
 3. Select the certificate you want to turn on.
 4. In **Basic information**, select **Confirm and turn on certificate**.
 
-You can set multiple certificates to **Active**, but you can only turn on one certificate for use in inspection at a time. Setting a certificate as **In-Use** will set any other turned on certificates as **Active** and prevent them from being used for inspection until turned on again.
+You can set multiple certificates to **Available**, but you can only turn on one certificate for use in inspection at a time. Setting a certificate as **In-Use** will set any other turned on certificates as **Active** and prevent them from being used for inspection until turned on again.

src/content/docs/cloudflare-one/policies/browser-isolation/isolation-policies.mdx

@@ -3,10 +3,9 @@ pcx_content_type: reference
 title: Isolation policies
 sidebar:
   order: 2
-
 ---
 
-import { Render } from "~/components"
+import { Render, Tabs, TabItem } from "~/components";
 
 With Browser Isolation, you can define policies to dynamically isolate websites based on identity, security threats, or content.
 
@@ -28,12 +27,10 @@ If instead you need to isolate specific pages, you can list the domains for whic
 
 :::note[Isolate identity providers for applications]
 
-
 Existing cookies and sessions from non-isolated browsing are not sent to the remote browser. Websites that implement single sign-on using third-party cookies will also need to be isolated.
 
 For example, if `example.com` authenticates using Google Workspace, you will also need to isolate the top level [Google Workspace URLs](https://support.google.com/a/answer/9012184).
 
-
 :::
 
 ## Do Not Isolate
@@ -46,7 +43,7 @@ You can choose to disable isolation for certain destinations or categories. The
 
 ## Policy settings
 
-The following optional settings appear in the Gateway HTTP policy builder when you select the *Isolate* action. Enable these settings to [prevent data loss](https://blog.cloudflare.com/data-protection-browser/) when users interact with untrusted websites in the remote browser.
+The following optional settings appear in the Gateway HTTP policy builder when you select the _Isolate_ action. Enable these settings to [prevent data loss](https://blog.cloudflare.com/data-protection-browser/) when users interact with untrusted websites in the remote browser.
 
 ### Disable copy / paste
 
@@ -62,7 +59,7 @@ Prohibits users from performing keyboard input into the remote web page.
 
 :::note
 
-Mouse input remains available (to allow users to browse a website by following hyperlinks and scrolling). This does not prevent user input into third-party virtual keyboards within a remote web page. 
+Mouse input remains available (to allow users to browse a website by following hyperlinks and scrolling). This does not prevent user input into third-party virtual keyboards within a remote web page.
 :::
 
 ### Disable upload
@@ -71,7 +68,7 @@ Prohibits users from uploading files from their local machine into a remote web
 
 :::note
 
-This option does not prevent files being uploaded to websites from third-party cloud file managers or files downloaded into the remote browser download bar from other isolated websites. To prevent files being uploaded from the remote browser into an isolated website, use HTTP Policies to block by [Upload Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type). 
+This option does not prevent files being uploaded to websites from third-party cloud file managers or files downloaded into the remote browser download bar from other isolated websites. To prevent files being uploaded from the remote browser into an isolated website, use HTTP Policies to block by [Upload Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type).
 :::
 
 ### Disable download
@@ -80,7 +77,7 @@ Prohibits users from exporting files from the remote browser to their local mach
 
 :::note
 
-This option does not prevent files from being downloaded into the remote browser. To prevent files being downloaded into the remote browser, use HTTP Policies to block by [Download Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type). 
+This option does not prevent files from being downloaded into the remote browser. To prevent files being downloaded into the remote browser, use HTTP Policies to block by [Download Mime Type](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-mime-type).
 :::
 
 ### Disable clipboard redirection
@@ -91,7 +88,7 @@ Prevents copying isolated content from the remote browser to their local clipboa
 
 This option does not prevent clipboard interactions between isolated websites. Use [Disable copy / paste](/cloudflare-one/policies/browser-isolation/isolation-policies/#disable-copy--paste) to prohibit clipboard use on sensitive isolated applications.
 
-Disable copy / paste and Disable clipboard redirection are mutually exclusive and cannot be used in conjunction with each other. 
+Disable copy / paste and Disable clipboard redirection are mutually exclusive and cannot be used in conjunction with each other.
 :::
 
 ## Common policies
@@ -100,36 +97,170 @@ Disable copy / paste and Disable clipboard redirection are mutually exclusive an
 
 Isolate security threats such as malware and phishing.
 
-| Selector       | Operator | Value              | Action  |
-| -------------- | -------- | ------------------ | ------- |
-| Security Risks | in       | All security risks | Isolate |
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector            | Operator | Value                | Action  |
+| ------------------- | -------- | -------------------- | ------- |
+| Security Categories | in       | _All security risks_ | Isolate |
+
+</TabItem>
+
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Isolate all security threats",
+  "description": "Isolate security threats such as malware and phishing",
+  "enabled": true,
+  "action": "isolate",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(http.request.uri.security_category[*] in {68 178 80 83 176 175 117 131 134 151 153})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
 
 ### Isolate high risk content
 
 Isolate high risk content categories such as newly registered domains.
 
-| Selector           | Operator | Value          | Action  |
-| ------------------ | -------- | -------------- | ------- |
-| Content categories | in       | Security Risks | Isolate |
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector           | Operator | Value            | Action  |
+| ------------------ | -------- | ---------------- | ------- |
+| Content Categories | in       | _Security Risks_ | Isolate |
+
+</TabItem>
+
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Isolate high risk content",
+  "description": "Isolate high risk content categories such as newly registered domains",
+  "enabled": true,
+  "action": "isolate",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(http.request.uri.content_category[*] in {32 169 177 128})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
 
 ### Isolate news and media
 
 Isolate news and media sites, which are targets for malvertising attacks.
 
-| Selector           | Operator | Value          | Action  |
-| ------------------ | -------- | -------------- | ------- |
-| Content categories | in       | News and Media | Isolate |
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector           | Operator | Value            | Action  |
+| ------------------ | -------- | ---------------- | ------- |
+| Content Categories | in       | _News and Media_ | Isolate |
+
+</TabItem>
+
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Isolate news and media",
+  "description": "Isolate news and media sites, which are targets for malvertising attacks",
+  "enabled": true,
+  "action": "isolate",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(http.request.uri.content_category[*] in {122})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
 
 ### Isolate uncategorized content
 
 Isolate content that has not been categorized by [Cloudflare Radar](/radar/).
 
-| Selector           | Operator | Value                  | Action  |
-| ------------------ | -------- | ---------------------- | ------- |
-| Content categories | not in   | All content categories | Isolate |
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector           | Operator | Value                    | Action  |
+| ------------------ | -------- | ------------------------ | ------- |
+| Content Categories | not in   | _All content categories_ | Isolate |
+
+</TabItem>
+
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Isolate uncategorized content",
+  "description": "Isolate content not categorized by Cloudflare Radar",
+  "enabled": true,
+  "action": "isolate",
+  "filters": [
+    "http"
+  ],
+  "traffic": "not(any(http.request.uri.content_category[*] in {2 67 125 133 3 75 183 89 182 6 90 91 144 150 7 70 74 76 79 92 96 100 106 107 116 120 121 122 127 139 156 164 99 9 101 137 10 103 146 11 12 77 98 108 110 111 118 126 129 172 168 113 33 179 166 15 115 119 124 141 161 17 85 87 102 157 135 138 180 162 140 142 32 169 177 128 22 73 82 88 148 23 24 181 71 72 173 78 84 86 94 97 104 105 114 174 93 130 132 136 147 149 154 158 152 26 69 184 81 95 109 123 145 155 159 160 163 165 167}))",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
 
 ### Isolate ChatGPT
 
 Isolate the use of ChatGPT.
 
-<Render file="gateway/policies/isolate-chatgpt" />
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector    | Operator | Value     | Action  |
+| ----------- | -------- | --------- | ------- |
+| Application | in       | _ChatGPT_ | Isolate |
+
+In **Configure policy settings**, you can customize restrictions for ChatGPT. For example, to prevent your users from inputting sensitive information, you can select **Disable copy / paste** and **Disable file uploads**.
+
+</TabItem>
+
+<TabItem label="API">
+
+```bash
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule \
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Isolate ChatGPT",
+  "description": "Isolate the use of ChatGPT",
+  "enabled": true,
+  "action": "isolate",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(app.ids[*] in {1199})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>

src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-policies/common-policies.mdx

@@ -21,6 +21,8 @@ The **Allow** action functions as an implicit logger, providing visibility into
 | DLP Profile        | in       | _Financial Information_ | And   | Allow  |
 | Content Categories | in       | _File Sharing_          |       |        |
 
+## Block file types
+
 <Render file="gateway/policies/block-file-types" />
 
 For more information on what file formats DLP can scan, refer to [Supported file types](/cloudflare-one/policies/data-loss-prevention/#supported-file-types).