cloudflare
diff --git a/‎src/content/docs/api-shield/security/jwt-validation/transform-rules.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/api-shield/security/jwt-validation/transform-rules.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/bots/troubleshooting.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/bots/troubleshooting.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/custom-metadata.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/custom-metadata.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/fundamentals/basic-tasks/trace-request/how-to.mdx‎
Lines changed: 2 additions & 2 deletions b/‎src/content/docs/fundamentals/basic-tasks/trace-request/how-to.mdx‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎src/content/docs/fundamentals/reference/http-request-headers.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/fundamentals/reference/http-request-headers.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx‎
Lines changed: 1 addition & 1 deletion b/‎src/content/docs/learning-paths/mtls/mtls-app-security/index.mdx‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/content/docs/learning-paths/mtls/mtls-app-security/related-features.mdx‎
Lines changed: 8 additions & 7 deletions b/‎src/content/docs/learning-paths/mtls/mtls-app-security/related-features.mdx‎
Lines changed: 8 additions & 7 deletions
@@ -34,4 +34,4 @@ As an example, to send the header `x-send-jwt-claim-user` request header to the
 4. Enter a rule name and a filter expression, if applicable.
 5. Choose **Set dynamic**.
 6. Set the header name.
-7. Set the value to `lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "claim_name")`, where `<TOKEN_CONFIGURATION_ID>` is your token configuration ID found in JWT Validation and `claim_name` is the [JWT claim](/ruleset-engine/rules-language/fields/dynamic-fields/#json-web-tokens-validation-claims) you want to add to the header.
+7. Set the value to `lookup_json_string(http.request.jwt.claims["<TOKEN_CONFIGURATION_ID>"][0], "claim_name")`, where `<TOKEN_CONFIGURATION_ID>` is your token configuration ID found in JWT Validation and `claim_name` is the [JWT claim](/ruleset-engine/rules-language/fields/reference/http.request.jwt.claims/) you want to add to the header.
@@ -90,7 +90,7 @@ Cloudflare has built an allowlist of good, automated bots, e.g. Google Search En
 
 This allowlist is large based on reverse DNS verification, meaning that the IPs we allow really match the requesting service. In addition to this, Cloudflare uses multiple validation methods including ASN blocks and public lists. If none of these validation types are available for a customer, we use internal Cloudflare data and machine learning to identify legitimate IP addresses from good bots.
 
-To allow traffic from good bots, use the [Verified Bot](/ruleset-engine/rules-language/fields/dynamic-fields/#cfbot_managementverified_bot) field in your WAF custom rule.
+To allow traffic from good bots, use the [Verified Bot](/ruleset-engine/rules-language/fields/reference/cf.bot_management.verified_bot/) field in your WAF custom rule.
 
 ---
 
 
@@ -83,7 +83,7 @@ export default {
 
 ## Accessing custom metadata in a rule expression
 
-Use the [`cf.hostname.metadata`](/ruleset-engine/rules-language/fields/dynamic-fields/#cfhostnamemetadata) field to access the metadata object in rule expressions. To obtain the different values from the JSON object, use the [`lookup_json_string`](/ruleset-engine/rules-language/functions/#lookup_json_string) function.
+Use the [`cf.hostname.metadata`](/ruleset-engine/rules-language/fields/reference/cf.hostname.metadata/) field to access the metadata object in rule expressions. To obtain the different values from the JSON object, use the [`lookup_json_string`](/ruleset-engine/rules-language/functions/#lookup_json_string) function.
 
 The following rule expression defines that there will be a rule match if the `security_tag` value in custom metadata contains the value `low`:
 
 
@@ -34,9 +34,9 @@ import { GlossaryTooltip } from "~/components"
    * **Protocol** (HTTP protocol version)
    * **Request headers**
    * **Cookies**
-   * **Geolocation** (request source [country](/ruleset-engine/rules-language/fields/standard-fields/#ipsrccountry), [region](/ruleset-engine/rules-language/fields/standard-fields/#ipsrcregion), and [city](/ruleset-engine/rules-language/fields/standard-fields/#ipsrccity))
+   * **Geolocation** (request source [country](/ruleset-engine/rules-language/fields/reference/ip.src.country/), [region](/ruleset-engine/rules-language/fields/reference/ip.src.region/), and [city](/ruleset-engine/rules-language/fields/reference/ip.src.city/))
    * [**Bot score**](/bots/concepts/bot-score/)
-   * <GlossaryTooltip term="threat score" link="/ruleset-engine/rules-language/fields/dynamic-fields/#cfthreat_score">**Threat score**</GlossaryTooltip>
+   * <GlossaryTooltip term="threat score" link="/ruleset-engine/rules-language/fields/reference/cf.threat_score/">**Threat score**</GlossaryTooltip>
    * **Request body** (for `POST`, `PUT`, and `PATCH` requests)
    * **Skip challenge** (skips a Cloudflare-issued [challenge](/waf/reference/cloudflare-challenges/), if any, allowing the trace to continue)
 
 
@@ -134,7 +134,7 @@ The intended purpose of this header is to provide a means for recipients (for ex
 
 :::note
 
-When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/dynamic-fields/#cfworkerupstream_zone) dynamic field, which contains the same value and exists for the same purpose.
+When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/reference/cf.worker.upstream_zone/) dynamic field, which contains the same value and exists for the same purpose.
 
 :::
 
 
@@ -63,7 +63,7 @@ Use the values from the previous step.
 
 mTLS is verified and checked in the [Cloudflare WAF phase](/waf/reference/phases/). This is done by creating WAF [Custom Rules](/waf/custom-rules/) using the dynamic fields.
 
-All Client Certificate details can be found in the [`cf.tls_*`](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_cipher) dynamic fields in the [Cloudflare Ruleset Engine](/ruleset-engine/).
+All Client Certificate details can be found in the [`cf.tls_*`](/ruleset-engine/rules-language/fields/reference/) fields in the [Cloudflare Ruleset Engine](/ruleset-engine/).
 
 Example WAF Custom Rule with action block:
 
 
@@ -13,7 +13,7 @@ To make it easier to differentiate between Client Certificates, you can generate
 
 In cases of noticing excessive traffic, anomalous traffic (strange sequences of requests), or generally too many attack attempts registered from specific devices using your Client Certificates, it is best to [revoke](/ssl/client-certificates/revoke-client-certificate/) those.
 
-Additionally, ensure to have a WAF [Custom Rule](/waf/custom-rules/) in place to block [revoked](/api-shield/security/mtls/configure/#check-for-revoked-certificates) Client Certificates. Review the available [`cf.tls_*`](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_cipher) dynamic fields.
+Additionally, ensure to have a WAF [Custom Rule](/waf/custom-rules/) in place to block [revoked](/api-shield/security/mtls/configure/#check-for-revoked-certificates) Client Certificates. Review the available [`cf.tls_*`](/ruleset-engine/rules-language/fields/reference/) fields.
 
 Example WAF Custom Rule with action block:
 
@@ -47,7 +47,7 @@ Each Enterprise account can upload up to five CAs, though this can be increased.
 
 ## Client Certificate Deployment
 
-There are different ways to safely and securely deploy Client Certificates across devices. 
+There are different ways to safely and securely deploy Client Certificates across devices.
 
 Some of the most used methods are [embedding](/ssl/client-certificates/configure-your-mobile-app-or-iot-device/#3-embed-the-client-certificate-in-your-mobile-app) the Client Certificate into an application and allowing user devices to download and install that app, or use mobile device management (MDM) to distribute certificates across devices, or to allow user devices to directly download and install the Client Certificate into a device's Certificate Store.
 
@@ -60,6 +60,7 @@ In complex microservices environments, you can leverage Service Mesh to automate
 It is generally recommended to [customize the cipher suites](/ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/) of your Cloudflare [Edge Certificates](/ssl/edge-certificates/). This only applies to the Edge Certificates, not Client Certificates.
 
 The recommended TLS versions for mTLS are:
+
 - TLS 1.2: still broadly compatible and secure.
 - TLS 1.3: preferred for new implementations due to its enhanced security and efficiency.
 
@@ -99,7 +100,7 @@ Contact your account team for more information.
 [Revoked](/api-shield/security/mtls/configure/#check-for-revoked-certificates) Client Certificates are not automatically blocked unless you have an active WAF Custom Rule specifically checking for and blocking them. This check only applies to Client Certificates issued by the Cloudflare-managed CA. Cloudflare currently does not check certificate revocation lists (CRL) for CAs that have been uploaded by the customer ([BYO CA](/ssl/client-certificates/byo-ca/)). One can opt for Workers to manage a custom business logic and block revoked Client Certificates. See the [Workers section](/learning-paths/mtls/mtls-workers/) for more information.
 :::
 
-In order to effectively implement mTLS with Cloudflare, it is strongly recommended to properly configure the [Cloudflare WAF](/waf/). Review the available [`cf.tls_*`](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_cipher) dynamic fields.
+In order to effectively implement mTLS with Cloudflare, it is strongly recommended to properly configure the [Cloudflare WAF](/waf/). Review the available [`cf.tls_*`](/ruleset-engine/rules-language/fields/reference/) fields.
 
 Example WAF Custom Rule with action block:
 
@@ -111,27 +112,28 @@ Example WAF Custom Rule with action block:
 
 This expression will check if the request is coming from one of the hostnames and will block the request if the Client Certificate is either not verified or revoked.
 
-Another example WAF Custom Rule with action block, using the [cf.tls_client_auth.cert_fingerprint_sha256](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_client_authcert_fingerprint_sha256) field, for a specific Client Certificate (replace `ADD_STRING_OF_CLIENT_CERT_SHA256_FINGERPRINT`):
+Another example WAF Custom Rule with action block, using the [`cf.tls_client_auth.cert_fingerprint_sha256`](/ruleset-engine/rules-language/fields/reference/cf.tls_client_auth.cert_fingerprint_sha256/) field, for a specific Client Certificate (replace `ADD_STRING_OF_CLIENT_CERT_SHA256_FINGERPRINT`):
 
 ![Example expression of a WAF Custom Rule with action block using the cf.tls_client_auth.cert_fingerprint_sha256 field](~/assets/images/learning-paths/mtls/waf-client-certificates-fingerprint.png)
 
 ```txt
 (http.request.uri.path in {"/headers"} and http.host in {"mtls.example.com" "mtls2.example.com"} and not cf.tls_client_auth.cert_verified and cf.tls_client_auth.cert_fingerprint_sha256 ne "ADD_STRING_OF_CLIENT_CERT_SHA256_FINGERPRINT")
 ```
 
-Here is another example of a WAF custom rule to associate a serial number with a hostname: 
+Here is another example of a WAF custom rule to associate a serial number with a hostname:
 
 ![Example expression of a WAF Custom Rule to associate a serial number with a hostname](~/assets/images/learning-paths/mtls/waf-custom-rule.png)
 
 ```txt
 (http.host in {"mtls.example.com" "mtls2.example.com"} and cf.tls_client_auth.cert_serial ne "ADD_STRING_OF_CLIENT_CERT_SERIAL")
 ```
 
-This expression will check for a specific [Client Certificate serial number](/ruleset-engine/rules-language/fields/dynamic-fields/#cftls_client_authcert_serial) linked to specific hostnames, allowing for more granular control. 
+This expression will check for a specific [Client Certificate serial number](/ruleset-engine/rules-language/fields/reference/cf.tls_client_auth.cert_serial/) linked to specific hostnames, allowing for more granular control.
 
 ## Rate Limiting by Client Certificates
 
 By enabling [forwarding a certificate](/ssl/client-certificates/enable-mtls/#cloudflare-api) via the Cloudflare API, the first request of an mTLS connection will include the following headers:
+
 - `Cf-Client-Cert-Der-Base64` (raw certificate in DER format, encoded as base64)
 - `Cf-Client-Cert-Sha256` (SHA256 fingerprint of the certificate)
 
@@ -156,6 +158,5 @@ In addition to mTLS, customers can purchase [API Shield](/api-shield/) features,
 
 Cloudflare Workers can provide details around the Client Certificate, such as returning information via headers to the client or to the origin server. Learn more in the [mTLS with Workers section](/learning-paths/mtls/mtls-workers/) below.
 
-
 :::note
 Snippets do not support any [Bindings](/workers/runtime-apis/bindings/) and do not work with mTLS. However, you can [validate JSON web tokens (JWT)](/rules/snippets/examples/jwt-validation/).