fix(ddos): address review feedback from DavidJKTofan and zeinjaber

- Promote origin protection link to a note callout for visibility
- Fix incorrect security level statement — replace with 'disable I'm Under Attack mode'
- Update 'Custom Pages' to 'Error Pages' in dashboard nav path

Author: dmmulroy

src/content/docs/ddos-protection/best-practices/proactive-defense.mdx

@@ -44,7 +44,9 @@ Cloudflare edge protection is only effective if attackers cannot bypass it by re
 4. Restrict your origin firewall to accept HTTP/HTTPS traffic only from [Cloudflare IP ranges](https://www.cloudflare.com/ips/) and any explicitly trusted IPs you identified.
 5. As an extra precaution, if your origin IP has been previously targeted or exposed, contact your hosting provider to request a new origin IP address.
 
-For a comprehensive list of origin protection methods (including Cloudflare Tunnel, authenticated origin pulls, and more), refer to [Protect your origin server](/fundamentals/security/protect-your-origin-server/).
+:::note
+For a comprehensive list of origin protection methods — including Cloudflare Tunnel, authenticated origin pulls, and additional options depending on your setup — refer to [Protect your origin server](/fundamentals/security/protect-your-origin-server/).
+:::
 
 ---
 

src/content/docs/fundamentals/reference/under-attack-mode.mdx

@@ -79,7 +79,7 @@ If only certain pages or sections are under attack, use a [configuration rule](/
 
 ### Selectively disable for specific areas
 
-If you have enabled Under Attack mode site-wide but it breaks certain parts of your site (for example, API endpoints or areas that serve non-browser traffic), use a [configuration rule](/rules/configuration-rules/) to set the security level to a lower value for those paths.
+If you have enabled Under Attack mode site-wide but it breaks certain parts of your site (for example, API endpoints or areas that serve non-browser traffic), use a [configuration rule](/rules/configuration-rules/) to disable I'm Under Attack mode for those paths.
 
 ### Use WAF custom rules for targeted challenges
 
@@ -92,7 +92,7 @@ When attack traffic clusters from a specific source, use [WAF custom rules](/waf
 - **Under Attack mode applies challenges at Cloudflare's edge.** Challenge outcomes are recorded in [Cloudflare security analytics](/waf/analytics/security-events/). Requests reach your origin only after a challenge is solved, via a valid `cf_clearance` cookie, or when traffic is excluded from Under Attack mode through configuration rules.
 - **Non-browser traffic will be blocked.** Under Attack mode requires JavaScript execution, so API clients, mobile apps, and automated integrations will fail the challenge. Use configuration rules or WAF custom rules to exclude these paths or traffic types.
 - **Disable when the attack subsides.** Under Attack mode is designed as a temporary measure. Once attack traffic returns to normal, turn it off to avoid unnecessarily challenging legitimate visitors.
-- **Consider customizing the challenge page.** You can brand the interstitial page shown to visitors during the challenge. Go to **Configurations** > **Custom Pages** > **Managed Challenge / I'm Under Attack Mode** to configure a custom page.
+- **Consider customizing the challenge page.** You can brand the interstitial page shown to visitors during the challenge. Go to **Configurations** > **Error Pages** > **Managed Challenge / I'm Under Attack Mode** to configure a custom page.
 
 ---