Merge branch 'production' into max/zt/revamp-policies-section

Author: maxvp

public/__redirects

@@ -2352,8 +2352,8 @@
 /logs/get-started/enable-destinations/* /logs/logpush/logpush-job/enable-destinations/:splat 301
 /logs/reference/log-fields/* /logs/logpush/logpush-job/datasets/:splat 301
 /speed/optimization/other/* /speed/optimization/ 301
-/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices 301
-/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/ 301
+/cloudflare-one/connections/connect-devices/* /cloudflare-one/team-and-resources/devices/:splat 301
+/cloudflare-one/connections/connect-networks/* /cloudflare-one/networks/connectors/cloudflare-tunnel/:splat 301
 
 # AI Crawl Control
 /ai-audit/* /ai-crawl-control/:splat 301

src/content/docs/automatic-platform-optimization/get-started/activate-cf-wp-plugin.mdx

@@ -39,9 +39,9 @@ The Cloudflare APO WordPress plugin does not support multisite WordPress install
 
    <DashButton url="/?to=/:account/:zone/speed/optimization" />
 
-3. Go to **Content Optimization**.
-4. For **Automatic Platform Optimization for WordPress**, select **Purchase**.
-5. Enter your payment information and select **Confirm payment**.
+2. Go to **Content Optimization**.
+3. For **Automatic Platform Optimization for WordPress**, select **Purchase**.
+4. Enter your payment information and select **Confirm payment**.
 
 ## Install and activate the Cloudflare WordPress plugin
 

src/content/docs/automatic-platform-optimization/get-started/confirm-dns-records.mdx

@@ -1,21 +1,23 @@
 ---
-title: Confirm DNS Records
+title: Confirm DNS records
 pcx_content_type: how-to
 sidebar:
   order: 6
 head:
   - tag: title
     content: Confirm DNS records
-
 ---
 
-Before you change your nameserver, confirm your DNS records are displaying correctly.
+import { DashButton } from "~/components";
+
+Before you change your nameservers, confirm your DNS records are displaying correctly.
+
+1. In the Cloudflare dashboard, go to the DNS **Records** page.
+
+   <DashButton url="/?to=/:account/:zone/dns/records" />
 
-1. Open your Cloudflare dashboard and select your account.
-2. Select your domain from the dropdown.
-3. Select the **DNS** > **Records** tile. DNS management for your domain displays.
-4. To add a record, select **Add record.**
-5. To edit an existing record, select **Edit** for the appropriate record.
-6. After making your changes, select **Save**.
+2. To add a record, select **Add record**.
+3. To edit an existing record, select **Edit** for the appropriate record.
+4. After making your changes, select **Save**.
 
 After you confirm your DNS records, [change your nameservers](/automatic-platform-optimization/get-started/change-nameservers/).

src/content/docs/automatic-platform-optimization/get-started/verify-apo-works.mdx

@@ -21,7 +21,7 @@ You can check whether or not APO is working by verifying APO headers are present
 - `cf-edge-cache` | `cache, platform=wordpress`
   - The `cf-edge-cache` headers confirms the WordPress plugin is installed and enabled.
 
-In a terminal, use the following cURL. The header `'accept: text/html'` is important
+In a terminal, use the following cURL. The header `'accept: text/html'` is important.
 
 ```sh
 curl -svo /dev/null -A "CF" 'https://example.com/' -H 'accept: text/html' 2>&1 | grep 'cf-cache-status\|cf-edge\|cf-apo-via'
@@ -42,4 +42,4 @@ As always, `cf-cache-status` displays if the asset hit the cache or was consider
 
 ## Verify the APO integration and WordPress integration work
 
-Open your WordPress site and publish a change. When the integration is working, the page is cached with `cf-cache-status: HIT` and `cf-apo-via: tcache`
+Open your WordPress site and publish a change. When the integration is working, the page is cached with `cf-cache-status: HIT` and `cf-apo-via: tcache`.

src/content/docs/cache/how-to/cache-rules/create-api.mdx

@@ -12,7 +12,7 @@ head:
 
 import { Details, APIRequest } from "~/components"
 
-Use the [Rulesets API](https://developers.cloudflare.com/ruleset-engine/rulesets-api/) to create a cache rule via API. To configure Cloudflare’s API refer to the [API documentation](/fundamentals/api/get-started/).
+Use the [Rulesets API](/ruleset-engine/rulesets-api/) to create a cache rule via API. To configure Cloudflare’s API refer to the [API documentation](/fundamentals/api/get-started/).
 
 ## Basic rule settings
 

src/content/docs/cloudflare-one/account-limits.mdx

@@ -66,8 +66,9 @@ This page lists the default account limits for rules, applications, fields, and
 | ---------------------------------------- | ----- |
 | `cloudflared` tunnels per account        | 1,000 |
 | WARP Connectors per account              | 10    |
-| Routes per tunnel                       | 1,000 |
+| Routes per tunnel                        | 1,000 |
 | Active `cloudflared` replicas per tunnel | 25    |
+| Virtual networks per account             | 1,000 |
 
 ## Digital Experience Monitoring (DEX)
 

src/content/docs/cloudflare-one/applications/configure-apps/self-hosted-public-app.mdx

@@ -10,6 +10,8 @@ import { Render } from "~/components";
 
 You can securely publish internal tools and applications by adding Cloudflare Access as an authentication layer between the end user and your origin server.
 
+This guide covers how to make a web application accessible to anyone on the Internet via a public hostname. If you would like to make the application available over a private IP or hostname, refer to [Add a self-hosted private application](/cloudflare-one/applications/non-http/self-hosted-private-app/).
+
 ## Prerequisites
 
 - An [active domain on Cloudflare](/fundamentals/manage-domains/add-site/)

src/content/docs/cloudflare-one/networks/connectors/cloudflare-tunnel/configure-tunnels/cipher-suites.mdx

@@ -0,0 +1,16 @@
+---
+pcx_content_type: reference
+title: Cipher suites
+---
+
+Cloudflare Tunnel connections use the cipher suites supported by `cloudflared`, which relies on the Go TLS library for its TLS implementation. When establishing a TLS connection to your origin, `cloudflared` will negotiate the most secure cipher suite supported by both sides.
+
+The following table lists the cipher suites supported by cloudflared:
+
+| Protocol support | Cipher suites |
+|------------------|----------------|
+| TLS 1.3 only | `TLS_AES_128_GCM_SHA256`<br />`TLS_AES_256_GCM_SHA384`<br />`TLS_CHACHA20_POLY1305_SHA256` |
+| TLS 1.2 only | `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`<br />`TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`<br />`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`<br />`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`<br />`TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256`<br />`TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` |
+| Up to and including TLS 1.2 | `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`<br />`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`<br />`TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA`<br />`TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` |
+
+

src/content/docs/log-explorer/api.mdx

@@ -9,15 +9,10 @@ Configuration and Log searches are also available via a public API.
 
 ## Authentication
 
-Log Explorer is available to users with the following permissions:
-
-- **Logs Edit**: users with Logs Edit permissions can enable datasets.
-- **Logs Read**: users with Logs Read permissions can run queries via the UI or API.
-
-Note that these permissions exist at the account and zone level and you need the appropriate permission level for the datasets you wish to query.
-
 Authentication with the API can be done via an API token or API key with an email. Refer to [Create API token](/fundamentals/api/get-started/create-token/) for further instructions.
 
+For detailed information on permissions required for each Log Explorer feature, refer to the [Permissions](/log-explorer/#permissions) section.
+
 ## Query data
 
 Log Explorer includes a SQL API for submitting queries. 

src/content/docs/log-explorer/index.mdx

@@ -22,6 +22,21 @@ Log Explorer provides access to Cloudflare logs with all the context available w
 
 Contract customers can choose to store their logs in Log Explorer for up to two years, at an additional cost of $0.10 per GB per month. Customers interested in this feature can contact their account team to have it added to their contract.
 
+## Permissions
+
+Access to Log Explorer features is controlled through specific permissions. Each permission grants users the ability to perform certain actions, such as querying logs, managing datasets, or creating dashboards. 
+ 
+| Feature | Required Permission | Description |
+|----------|--------------------|--------------|
+| **Manage datasets** | `Logs Edit` | Add, enable, or disable datasets. |
+| **Log Search** | `Logs Read` | Query logs in the dashboard or via API. |
+| **Log Search (save query)** | `Logs Write` | Save log search queries. |
+| **Custom dashboards** | `Analytics Read` | Create and view custom dashboards. |
+
+These permissions apply across both the dashboard and the API, and must be granted at either the account or zone level depending on which datasets you need to access.
+
+Authentication with the API can be done via an API token or API key with an email. Refer to [Create API token](/fundamentals/api/get-started/create-token/) for further instructions.
+
 ## Features
 
 <Feature header="Log Search" href="/log-explorer/log-search/">