spacing

patriciasantaana · patriciasantaana · commit 9f8d544a7ada · 2025-09-03T08:59:34.000-07:00
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/create-rule.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/create-rule.mdx
@@ -17,9 +17,8 @@ To create a [SYN flood rule](/ddos-protection/advanced-ddos-systems/overview/adv
 {/* prettier-ignore */}
 <Steps>
 	1. In the Cloudflare dashboard, go to the **L3/4 DDoS protection** page.
- 
+
 		<DashButton url="/?to=/:account/network-security/ddos" />
-		
 	2. Go to **Advanced Protection** > **Advanced TCP Protection**.
 	3. Depending on the rule you are creating, do one of the following:
 		- Under **SYN Flood Protection**, select **Create SYN flood rule**.
@@ -42,7 +41,7 @@ To create a [SYN flood rule](/ddos-protection/advanced-ddos-systems/overview/adv
 	2. Go to **Advanced Protection** > **General settings**.
 	3. Add the prefixes you wish to onboard. Advanced DNS Protection will only be applied to the prefixes you onboard. If you already onboarded the desired prefixes when you configured Advanced TCP Protection, you do not need to take any other action.
 		:::note
-			Currently, the list of onboarded prefixes is shared with Advanced TCP Protection. Any onboarded prefixes will be subject to both Advanced TCP Protection and Advanced DNS Protection, assuming that your account team has done the initial configuration of both systems. However, you can leave Advanced TCP Protection in monitoring mode.
+		Currently, the list of onboarded prefixes is shared with Advanced TCP Protection. Any onboarded prefixes will be subject to both Advanced TCP Protection and Advanced DNS Protection, assuming that your account team has done the initial configuration of both systems. However, you can leave Advanced TCP Protection in monitoring mode.
 		:::
 	4. Go to **Advanced DNS Protection**. 
 	5. Select **Create Advanced DNS Protection rule**. 
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/exclude-prefix.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/exclude-prefix.mdx
@@ -12,6 +12,7 @@ To exclude a prefix or a prefix subset from Advanced DDoS Protection:
 
 <Steps>
   1. In the Cloudflare dashboard, go to the **L3/4 DDoS protection** page.
+      
       <DashButton url="/?to=/:account/network-security/ddos" />
   2. Go to **Advanced Protection**.
   3. [Add the prefix](/ddos-protection/advanced-ddos-systems/how-to/add-prefix/) you previously onboarded to Magic Transit to Advanced TCP Protection.
diff --git a/src/content/docs/ddos-protection/managed-rulesets/http/http-overrides/override-examples.mdx b/src/content/docs/ddos-protection/managed-rulesets/http/http-overrides/override-examples.mdx
@@ -37,16 +37,17 @@ To remedy a false positive:
 <Tabs syncKey="dashNewNav"> <TabItem label="Old dashboard">
 
 1. In the Cloudflare dashboard, go to the Network analytics page.
+      
       <DashButton url="/?to=/:account/network-analytics" />
  2. Apply filters to the displayed data.
   <Details header="For WAF/CDN customers">
-  1. Select the zone that is experiencing DDoS attack false positives.
-  2. Go to **Security** > **Events**.
-  3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
+    1. Select the zone that is experiencing DDoS attack false positives.
+    2. Go to **Security** > **Events**.
+    3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
   </Details>
   <Details header="For Magic Transit and Spectrum customers">
-  1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
-  2. Identify the legitimate traffic that is causing the false positives. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
+    1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
+    2. Identify the legitimate traffic that is causing the false positives. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
   </Details>
 3. Scroll down to **Top events by source** > **HTTP DDoS rules**.
 4. Copy the rule name.
@@ -57,17 +58,18 @@ To remedy a false positive:
 
 </TabItem> <TabItem label="New dashboard" icon="rocket">
 
-1. In the Cloudflare dashboard), go to the Network analytics page.
+1. In the Cloudflare dashboard, go to the Network analytics page.
+      
       <DashButton url="/?to=/:account/network-analytics" />
 2. Apply filters to the displayed data.
   <Details header="For WAF/CDN customers">
-  1. Select the zone that is experiencing DDoS attack false positives.
-  2. Go to **Security** > **Analytics** > **Events** tab.
-  3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
+    1. Select the zone that is experiencing DDoS attack false positives.
+    2. Go to **Security** > **Analytics** > **Events** tab.
+    3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
   </Details>
   <Details header="For Magic Transit and Spectrum customers">
-  1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
-  1. Identify the legitimate traffic that is causing the false positives. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
+    1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
+    2. Identify the legitimate traffic that is causing the false positives. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
   </Details>
 3. Scroll down to **Top events by source** > **HTTP DDoS rules**.
 4. Copy the rule name.
@@ -123,13 +125,13 @@ If you are experiencing a DDoS attack detected by Cloudflare and the applied mit
       <DashButton url="/?to=/:account/network-analytics" />
 2. Apply filters to the displayed data.
   <Details header="For WAF/CDN customers">
-  1. Select the zone that is experiencing an incomplete mitigation of a DDoS attack.
-  2. Go to **Security** > **Events**.
-  3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
+    1. Select the zone that is experiencing an incomplete mitigation of a DDoS attack.
+    2. Go to **Security** > **Events**.
+    3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
   </Details>
   <Details header="For Magic Transit and Spectrum customers">
-  1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
-  2. Identify the DDoS attack that is having incomplete mitigations. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
+    1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
+    2. Identify the DDoS attack that is having incomplete mitigations. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
   </Details>
 3. Scroll down to **Top events by source** > **HTTP DDoS rules**.
 4. Copy the rule name.
@@ -144,13 +146,13 @@ If you are experiencing a DDoS attack detected by Cloudflare and the applied mit
       <DashButton url="/?to=/:account/network-analytics" />
 2. Apply filters to the displayed data.
   <Details header="For WAF/CDN customers">
-  1. Select the zone that is experiencing an incomplete mitigation of a DDoS attack.
-  2. Go to **Security** > **Analytics** > **Events** tab.
-  3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
+    1. Select the zone that is experiencing an incomplete mitigation of a DDoS attack.
+    2. Go to **Security** > **Analytics** > **Events** tab.
+    3. Select **Add filter** and filter by `Service equals HTTP DDoS`.
   </Details>
   <Details header="For Magic Transit and Spectrum customers">
-  1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
-  2. Identify the DDoS attack that is having incomplete mitigations. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
+    1. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
+    2. Identify the DDoS attack that is having incomplete mitigations. Use the Attack ID number included in the DDoS alert (if you received one), or apply dashboard filters such as destination IP address and port.
   </Details>
 3. Scroll down to **Top events by source** > **HTTP DDoS rules**.
 4. Copy the rule name.
