Update block page in other sections

maxvp · maxvp · commit 82e4e6628917 · 2025-04-09T17:42:37.000-05:00
diff --git a/src/content/docs/cloudflare-one/faq/getting-started-faq.mdx b/src/content/docs/cloudflare-one/faq/getting-started-faq.mdx
@@ -36,10 +36,10 @@ After changing your team name, you will need to check your Block page, Login pag
 To verify that your team name change is successfully rendering on the Block page, Login page and App Launcher:
 
 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Settings** > **Custom Pages**.
-2. Find the **Block page** and **Login page** > select **Customize** next to the page you would like to review first.
+2. Find the **Account Gateway block page** and **Login page** sections, then select **Customize** next to the page you would like to review first.
 3. Review that the value in **Your Organization's name** matches your new team name.
 4. If the desired name is not already displayed, change the value to your desired team name and select **Save**.
-5. Check both pages (**Block page** and **Login page**) to set **Your Organization's name** as your desired team name.
+5. Check both pages (**Account Gateway block page** and **Login page**) to set **Your Organization's name** as your desired team name.
 
 The App Launcher will display the same team name set on the Login page, so you do not need to update the **Your Organization's name** field in the App Launcher page.
 
diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx
@@ -82,8 +82,8 @@ With the [Request Context Categories](/cloudflare-one/policies/gateway/dns-polic
 
 <Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
 
-| Selector                 | Operator | Value   | Action |
-| ------------------------ | -------- | ------- | ------ |
+| Selector                 | Operator | Value     | Action |
+| ------------------------ | -------- | --------- | ------ |
 | Request Context Category | is       | _Present_ | Block  |
 
 </TabItem>
@@ -485,7 +485,7 @@ Enterprise users can pair these policies with an [egress policy](/cloudflare-one
 Optionally, you can use the Domain selector to control the IP version for specific sites.
 
 :::note
-To ensure traffic routes through your preferred IP version, disable **Display block page**.
+To ensure traffic routes through your preferred IP version, turn off **Modify Gateway block behavior**.
 :::
 
 ### Force IPv4
diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
@@ -142,7 +142,7 @@ Policies with Block actions block DNS queries to reach destinations you specify
 
 When choosing the Block action, turn on **Modify Gateway block behavior** to respond to queries with a block page to display to users who go to blocked websites. Optionally, you can override your global block page setting with a URL redirect for the specific DNS policy. For more information, refer to [Block page](/cloudflare-one/policies/gateway/block-page/).
 
-If the block page is disabled, Gateway will respond to queries blocked at the DNS level with an `A` record of `0.0.0.0` for IPv4 destinations, or with an `AAAA` record of `::` for IPv6 destinations. The browser will display its default connection error page.
+If the block page is turned off for a policy, Gateway will respond to queries blocked at the DNS level with an `A` record of `0.0.0.0` for IPv4 destinations, or with an `AAAA` record of `::` for IPv6 destinations. The browser will display its default connection error page.
 
 #### WARP client block notifications
 
diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/test-dns-filtering.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/test-dns-filtering.mdx
@@ -23,7 +23,7 @@ For example, if you created a policy to block `example.com`, you can do the foll
 
 2. Type `dig example.com` (`nslookup example.com` if you are using Windows) and press **Enter**.
 
-3. If the [block page](/cloudflare-one/policies/gateway/block-page/) is disabled for the policy, you should see `REFUSED` in the answer section:
+3. If the [block page](/cloudflare-one/policies/gateway/block-page/) is turned off for the policy, you should see `REFUSED` in the answer section:
 
    ```sh
    dig example.com
diff --git a/src/content/docs/learning-paths/cybersafe/gateway-onboarding/index.mdx b/src/content/docs/learning-paths/cybersafe/gateway-onboarding/index.mdx
@@ -3,7 +3,6 @@ title: Onboarding Cloudflare Gateway
 pcx_content_type: overview
 sidebar:
   order: 4
-
 ---
 
 Now that your Cloudflare environment is ready and you have established a foundation of the technical concepts behind Project Cybersafe Schools, you are ready to test and onboard your DNS traffic.
@@ -12,9 +11,9 @@ Now that your Cloudflare environment is ready and you have established a foundat
 
 By the end of this module, you will be able to:
 
-* Explain the different methods to proxy your traffic to Gateway.
-* Create a Gateway location and understand its purpose.
-* Verify your Gateway environment by proxing local DNS traffic.
-* Create a test policy to validate functionality.
-* Deploy Cloudflare’s recommended CIPA rule.
-* Customize the block page to ensure a seamless look and feel.
+- Explain the different methods to proxy your traffic to Gateway.
+- Create a Gateway location and understand its purpose.
+- Verify your Gateway environment by proxing local DNS traffic.
+- Create a test policy to validate functionality.
+- Deploy Cloudflare's recommended CIPA rule.
+- Customize the block page to ensure a seamless look and feel.
diff --git a/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx b/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx
@@ -33,7 +33,7 @@ To distinguish queries originating from the service provider from those coming f
 If stable and defined source IPv4 addresses cannot be assigned to the on-premises DNS servers, service providers can instead use unique destination location endpoints. Each location is assigned a distinct [DoT](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-tls-dot) and [DoH](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-over-https-doh) hostname, as well as a unique [destination IPv6 address](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#ipv4ipv6-address). Additionally, Cloudflare can provide unique [destination IPv4 addresses upon request](/cloudflare-one/connections/connect-devices/agentless/dns/locations/dns-resolver-ips/#dns-resolver-ip).
 :::
 
-DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/en-gb/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an `[Override](/cloudflare-one/policies/gateway/dns-policies/#override)` action can redirect the DNS query to a block page hosted by the service provider.
+DNS filtering is then enforced through DNS policies set up by the service provider to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of risky domains using [its extensive threat intelligence](https://www.cloudflare.com/en-gb/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an `[Override](/cloudflare-one/policies/gateway/dns-policies/#override)` action or [block page URL redirect](/cloudflare-one/policies/gateway/block-page/#redirect-to-a-block-page) can redirect the DNS query to a block page hosted by the service provider.
 
 ![Figure 2: A DNS policy to prevent users from navigating to malicious domains. The action is to override and redirect the DNS query to a block page hosted by the service provider.](~/assets/images/reference-architecture/gateway-dns-for-isp/gateway-dns-for-isp-image-02.svg)
 
diff --git a/src/content/docs/reference-architecture/diagrams/sase/gateway-for-protective-dns.mdx b/src/content/docs/reference-architecture/diagrams/sase/gateway-for-protective-dns.mdx
@@ -29,7 +29,7 @@ IT administrators forward public DNS requests to Cloudflare where they are filte
 
 To distinguish queries originating from the government departments and agencies they are responsible for, admins configure a location in the Cloudflare dashboard. When a DNS location is created, Gateway assigns IPv4/IPv6 addresses and DNS over TLS/HTTPS (DoT/DoH) hostnames for that location. These IP addresses and hostnames are then used by the admins to send DNS queries for resolution. In turn, the administrator configures the location object with the public IP addresses of their on-premises DNS servers, allowing Cloudflare to accurately associate queries with the corresponding location.
 
-DNS filtering is then enforced through policies set up by the administrator to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of high risk domains using [its extensive threat intelligence](https://www.cloudflare.com/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an [Override](/cloudflare-one/policies/gateway/dns-policies/#override) action can redirect the DNS query to a block page hosted by the government agency.
+DNS filtering is then enforced through policies set up by the administrator to detect domains linked to [security risks](/cloudflare-one/policies/gateway/domain-categories/#security-categories). Cloudflare continuously updates the list of high risk domains using [its extensive threat intelligence](https://www.cloudflare.com/security/). When a DNS query matches a flagged domain, the corresponding action specified in the DNS policy is executed. This action can be a '[Block](/cloudflare-one/policies/gateway/dns-policies/#block),' where Gateway responds with `0.0.0.0` for IPv4 queries or `::` for IPv6 queries, or displays a [custom block page hosted by Cloudflare](/cloudflare-one/policies/gateway/block-page/). Alternatively, an [Override](/cloudflare-one/policies/gateway/dns-policies/#override) action or [block page URL redirect](/cloudflare-one/policies/gateway/block-page/#redirect-to-a-block-page) can redirect the DNS query to a block page hosted by the government agency.
 
 Cloudflare's own threat intelligence can be seamlessly integrated with threat intelligence data provided by the agency or third-party sources. In this setup, the agency or the third-party entity acts as a [threat feed provider](/security-center/indicator-feeds/) to Cloudflare. This enables IT admins to create DNS policies that combine Cloudflare's security risk categories with the data sourced by the agency, for a unified and enhanced security posture (see diagram below). Additionally, [publicly available custom indicator feeds](/security-center/indicator-feeds/#publicly-available-feeds) can be accessed by eligible public and private sector organizations without the need to establish a provider relationship, further expanding security capabilities.
 
@@ -78,13 +78,15 @@ When inspecting HTTP traffic, Cloudflare prevents interference by decrypting, in
 ### Threat protection
 
 When Cloudflare Gateway is performing HTTP inspection, it extends protection beyond DNS security by enabling additional capabilities to safeguard users as they browse the Internet:
+
 - **Anti-virus scanning (AV):** Users are protected when downloading or uploading files to or from the Internet. [Files are scanned](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/) in real time to detect malicious content.
 - **Sandboxing:** For files not previously seen, Cloudflare Gateway can [quarantine them in a secure sandbox environment for analysis](/cloudflare-one/policies/gateway/http-policies/file-sandboxing/). In this sandbox, Cloudflare monitors the file's actions and compares them against known malware patterns. Files are only released to users if no malicious content is detected.
 - **Remote Browser Isolation (RBI):** [Isolation policies](/cloudflare-one/policies/browser-isolation/) can be configured to safeguard users when accessing potentially risky websites. For example, [if a user attempts to visit a newly seen domain that triggers an isolation policy](/cloudflare-one/policies/browser-isolation/isolation-policies/), the website's active content is executed in a secure, isolated browser hosted in the nearest Cloudflare data center. This ensures that zero-day attacks and malware are mitigated before they can impact the user. This remote browsing experience is seamless and transparent, allowing users to continue using their preferred browsers and workflows. Every browser tab and window is automatically isolated, and sessions are deleted when closed.
 
 ### Data protection
 
 In addition to threat protection, Cloudflare Gateway enables the implementation of robust data protection policies during HTTP inspection, including:
+
 - **File upload controls:** Administrators can enforce policies that monitor and [restrict file uploads](/cloudflare-one/policies/gateway/http-policies/#download-and-upload-file-types) to the Internet, preventing the inadvertent sharing of sensitive data.
 - **Data Loss Prevention (DLP):** [DLP policies](/cloudflare-one/policies/data-loss-prevention/) can be deployed to identify and block unauthorized sharing of confidential or classified information. For more details, see [securing data in transit](/reference-architecture/diagrams/security/securing-data-in-transit/).
 - **Remote Browser Isolation (RBI):** Beyond threat protection, [isolation policies](/cloudflare-one/policies/browser-isolation/) can enforce [user action restrictions](/cloudflare-one/policies/browser-isolation/isolation-policies/#policy-settings), such as disabling copy/paste functionality or keyboard inputs, to safeguard sensitive information. For additional information, refer to [securing data in use](/reference-architecture/diagrams/security/securing-data-in-use/).
diff --git a/src/content/docs/reference-architecture/diagrams/security/securing-data-in-transit.mdx b/src/content/docs/reference-architecture/diagrams/security/securing-data-in-transit.mdx
@@ -59,7 +59,7 @@ The following diagram shows a common flow for how Cloudflare inspects a request
 1. User attempts to upload a file to a SaaS application (via a secure tunnel to Cloudflare created by our [device agent](/cloudflare-one/connections/connect-devices/warp/download-warp/)). [Clientless](/cloudflare-one/connections/connect-devices/agentless/) options are supported as well.
 2. Cloudflare's [Secure Web Gateway](/cloudflare-one/policies/gateway/) (SWG) will first verify that the user is permitted to use the requested SaaS application, and then scrutinize the file's payload for [malicious code](/cloudflare-one/policies/gateway/http-policies/antivirus-scanning/) and [sensitive data](/cloudflare-one/policies/data-loss-prevention/).
 3. The DLP profile determines the file contains national identifiers like US Social Security Numbers (SSN).
-4. The SWG policy is configured with a ['block' action](/cloudflare-one/policies/gateway/http-policies/#block), so the attempt is [logged](/cloudflare-one/policies/data-loss-prevention/dlp-policies/logging-options/#log-the-payload-of-matched-rules) and a [block page](/cloudflare-one/policies/gateway/block-page/) returned to the end user's web browser.
+4. The Gateway policy is configured with a [Block action](/cloudflare-one/policies/gateway/http-policies/#block), so the attempt is [logged](/cloudflare-one/policies/data-loss-prevention/dlp-policies/logging-options/#log-the-payload-of-matched-rules) and a [block page](/cloudflare-one/policies/gateway/block-page/) returned to the end user's web browser.
 
 ## Related resources
 
