Add Google policies

maxvp · maxvp · commit a82544f27eaa · 2024-12-26T14:07:57.000-06:00
diff --git a/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-policies/common-policies.mdx b/src/content/docs/cloudflare-one/policies/data-loss-prevention/dlp-policies/common-policies.mdx
@@ -21,6 +21,8 @@ The **Allow** action functions as an implicit logger, providing visibility into
 | DLP Profile        | in       | _Financial Information_ | And   | Allow  |
 | Content Categories | in       | _File Sharing_          |       |        |
 
+## Block file types
+
 <Render file="gateway/policies/block-file-types" />
 
 For more information on what file formats DLP can scan, refer to [Supported file types](/cloudflare-one/policies/data-loss-prevention/#supported-file-types).
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/common-policies.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/common-policies.mdx
@@ -320,9 +320,37 @@ If you are using the [Browser Isolation add-on](/cloudflare-one/policies/browser
 
 When accessing origin servers with certificates not signed by a public certificate authority, you must bypass TLS decryption.
 
-| Selector | Operator | Value               | Action         |
-| -------- | -------- | ------------------- | -------------- |
-| Domain   | in       | `internal.site.com` | Do Not Inspect |
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector | Operator | Value                  | Action         |
+| -------- | -------- | ---------------------- | -------------- |
+| Domain   | in       | `internal.example.com` | Do Not Inspect |
+
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Bypass internal site inspection",
+  "description": "Bypass TLS decryption for internal sites with self-signed certificates",
+  "enabled": true,
+  "action": "off",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(http.conn.domains[*] in {\"internal.example.com\"})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
+
+## Block file types
 
 <Render file="gateway/policies/block-file-types" />
 
@@ -332,29 +360,72 @@ For more information on supported file types, refer to [Download and Upload File
 
 To enable Gateway inspection for Google Drive traffic, you must [add a Cloudflare certificate to Google Drive](/cloudflare-one/connections/connect-devices/user-side-certificates/manual-deployment/#google-drive-for-desktop).
 
-### Block Google Drive uploads
-
-Block file uploads to Google Drive.
-
-| Selector         | Operator      | Value        | Logic | Action |
-| ---------------- | ------------- | ------------ | ----- | ------ |
-| Application      | in            | Google Drive | And   | Block  |
-| Upload Mime Type | matches regex | `.*`         |       |        |
-
 ### Block Google Drive downloads
 
 Block file downloads from Google Drive.
 
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
 | Selector         | Operator      | Value                      | Logic | Action |
 | ---------------- | ------------- | -------------------------- | ----- | ------ |
-| Application      | in            | Google Drive               | And   | Block  |
+| Application      | in            | _Google Drive_             | And   | Block  |
 | URL Path & Query | matches regex | `.*(e=download\|export).*` |       |        |
 
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Block Google Drive downloads",
+  "description": "Block file downloads from Google Drive",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(app.ids[*] in {554}) and http.request.uri.path_and_query matches \".*(e=download\\|export).*\"",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
+
 ### Block Gmail downloads
 
 Block file downloads from Gmail.
 
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
 | Selector         | Operator | Value                                   | Logic | Action |
 | ---------------- | -------- | --------------------------------------- | ----- | ------ |
 | Host             | is       | `mail-attachment.googleusercontent.com` | And   | Block  |
 | URL Path & Query | is       | `/attachment/u/0`                       |       |        |
+
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Block Gmail downloads",
+  "description": "Block file downloads from Gmail",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "http"
+  ],
+  "traffic": "http.request.host == \"mail-attachment.googleusercontent.com\" and http.request.uri.path_and_query matches \"/attachment/u/0\"",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
diff --git a/src/content/partials/cloudflare-one/gateway/policies/block-file-types.mdx b/src/content/partials/cloudflare-one/gateway/policies/block-file-types.mdx
@@ -2,11 +2,37 @@
 {}
 ---
 
-## Block file types
+import { Tabs, TabItem } from "~/components";
 
 Block the upload or download of files based on their type.
 
-| Selector           | Operator | Value                                   | Logic | Action |
-| ------------------ | -------- | --------------------------------------- | ----- | ------ |
-| Upload File Type   | in       | _Microsoft Office Word Document (docx)_ | And   | Block  |
-| Download File Type | in       | _PDF (pdf)_                             |       |        |
+<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+
+| Selector            | Operator | Value                                   | Logic | Action |
+| ------------------- | -------- | --------------------------------------- | ----- | ------ |
+| Upload File Types   | in       | _Microsoft Office Word Document (docx)_ | And   | Block  |
+| Download File Types | in       | _PDF (pdf)_                             |       |        |
+
+</TabItem>
+
+<TabItem label="API">
+
+```sh
+curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\
+--header "Content-Type: application/json" \
+--header "Authorization: Bearer <API_TOKEN>" \
+--data '{
+  "name": "Block file types",
+  "description": "Block the upload or download of files based on their type",
+  "enabled": true,
+  "action": "block",
+  "filters": [
+    "http"
+  ],
+  "traffic": "any(http.upload.file.types[*] in {\"docx\"}) and any(http.download.file.types[*] in {\"pdf\"})",
+  "identity": "",
+  "device_posture": ""
+}'
+```
+
+</TabItem> </Tabs>
