Merge branch 'production' into add-async-queue-marks

Author: kodster28

public/__redirects

@@ -716,7 +716,10 @@
 /learning-paths/cybersafe/concepts/what-is-area1/ /learning-paths/cybersafe/concepts/what-is-email-security/ 301
 /learning-paths/cybersafe/area1-onboarding/ /learning-paths/cybersafe/email-security-onboarding/ 301
 
-
+## zero-trust-web access / clientless-access
+/learning-paths/zero-trust-web-access/concepts/reverse-proxy-server/ https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/ 301
+/zero-trust-web-access/concepts/zero-trust/ https://www.cloudflare.com/learning/security/glossary/what-is-zero-trust/ 301
+/learning-paths/zero-trust-web-access/concepts/zero-trust-web-access/ /learning-paths/clientless-access/concepts/what-is-clientless-access/ 301
 
 ## dns-filtering / secure-internet-traffic
 /learning-paths/dns-filtering/ /learning-paths/secure-internet-traffic/ 301
@@ -743,7 +746,7 @@
 /learning-paths/secure-internet-traffic/ /learning-paths/secure-internet-traffic/concepts/ 301
 /learning-paths/secure-o365-email/ /learning-paths/secure-o365-email/concepts/ 301
 /learning-paths/workers/ /learning-paths/workers/concepts/ 301
-/learning-paths/zero-trust-web-access/ /learning-paths/zero-trust-web-access/concepts/ 301
+/learning-paths/clientless-access/ /learning-paths/clientless-access/concepts/ 301
 /learning-paths/application-security/default-traffic-security/security-level/ /learning-paths/application-security/default-traffic-security/browser-integrity/ 301
 
 # more redirects in the /dynamic/ section
@@ -1916,6 +1919,8 @@
 /learning-paths/dns-filtering/create-policy/* /learning-paths/secure-internet-traffic/build-dns-policies/:splat 301
 ## Secure your Internet Traffic
 /learning-paths/secure-internet-traffic/connect-devices/* /learning-paths/secure-internet-traffic/connect-devices-networks/:splat 301
+## Zero Trust Web Access --> Clientless Access
+/learning-paths/zero-trust-web-access/* /learning-paths/clientless-access/:splat 301
 
 # Cloudflare for SaaS
 /ssl/ssl-for-saas/common-tasks/* /cloudflare-for-platforms/cloudflare-for-saas/ 301

src/assets/images/changelog/access/example-scim-log.png

@@ -0,0 +1,11 @@
+---
+title: Cloudflare Zero Trust SCIM User and Group Provisioning Logs
+description: View all user and group updates, creation and deletion events made via SCIM across all of your IdP instances in one place
+date: 2025-04-09T6:00:00Z
+---
+
+[Cloudflare Zero Trust SCIM provisioning](/cloudflare-one/identity/users/scim) now has a full audit log of all create, update and delete event from any SCIM Enabled IdP. The [SCIM logs](/cloudflare-one/insights/logs/scim-logs/) support filtering by IdP, Event type, Result and many more fields. This will help with debugging user and group update issues and questions.
+
+SCIM logs can be found on the Zero Trust Dashboard under Logs -> SCIM provisioning
+
+![Example SCIM Logs](~/assets/images/changelog/access/example-scim-log.png)

src/content/changelog/access/2025-04-09-SCIM-provisioning-logs.mdx

@@ -1,10 +1,26 @@
 ---
 pcx_content_type: overview
 title: AI Labyrinth
+sidebar:
+  order: 7
 ---
 
-import { Render } from "~/components"
+import { Render, Tabs, TabItem } from "~/components"
 
 The AI Labyrinth adds invisible links on your webpage with specific `Nofollow` tags to block AI crawlers that do not adhere to the recommended guidelines and crawl without permission. AI crawlers that scrape your website content without permission will be stuck in a maze of never-ending links, and their details are recorded and used by all Cloudflare customers who choose to block [AI bots](/bots/concepts/bot/#ai-bots).
 
 These links do not impact your search engine optimization (SEO) or your website's appearance, and are only seen by bots. AI bots that respect no-crawl instructions will safely ignore this honeypot.
+
+To enable [AI Labyrinth](/bots/additional-configurations/ai-labyrinth) based on your plan: 
+
+<Tabs>
+  <TabItem label="Bot Fight Mode">
+    <Render file="ai-labyrinth-enable" params={{ one: "Bot Fight Mode" }} />
+  </TabItem>
+  <TabItem label="Super Bot Fight Mode">
+    <Render file="ai-labyrinth-enable" params={{ one: "Super Bot Fight Mode" }} />
+  </TabItem>
+    <TabItem label="Bot Management for Enterprise">
+    <Render file="ai-labyrinth-enable" params={{ one: "Bot Management" }} />
+  </TabItem>
+</Tabs>

src/content/docs/bots/additional-configurations/ai-labyrinth.mdx

@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Static resource protection
 sidebar:
-  order: 7
+  order: 8
 
 ---
 

src/content/docs/bots/additional-configurations/static-resources.mdx

@@ -42,10 +42,6 @@ To disable Bot Fight Mode:
 You can view blocked AI bot traffic via [Security Analytics](/waf/analytics/security-analytics/). 
 :::
 
-### Enable AI Labyrinth
-
-<Render file="ai-labyrinth-enable" params={{ one: "Bot Fight Mode" }} />
-
 ## Visibility
 
 You can see bot-related actions by going to **Security** > **Events**. Any requests challenged by this product will be labeled **Bot Fight Mode** in the **Service** field. This allows you to observe, analyze, and follow trends in your bot traffic over time.

src/content/docs/bots/get-started/bot-fight-mode.mdx

@@ -47,28 +47,30 @@ Cloudflare recommends that you deploy the following basic settings and customize
 You can view blocked AI bot traffic via [Security Analytics](/waf/analytics/security-analytics/).
 :::
 
-### Enable AI Labyrinth
+### Enable Javascript detections
 
-<Render file="ai-labyrinth-enable" params={{ one: "Bot Management" }} />
-
-### Enable Javascript Detections
-
-Enabling [JavaScript Detections](/bots/additional-configurations/javascript-detections/) validates that the browser can run JavaScript, and is stored in the `cf.bot_management.js_detection.passed` variable.
+Enabling [JavaScript detections](/bots/additional-configurations/javascript-detections/) validates that the browser can run JavaScript, and is stored in the `cf.bot_management.js_detection.passed` variable.
 
 <Render file="javascript-detections-enable" params={{ one: "Bot Management" }} />
 
 ### Deploy default templates
 
-Cloudflare has [default templates](https://dash.cloudflare.com/?to=/:account/:zone/security/security-rules?template=bot_traffic) for definite bots, which we are very confident are automated (bot score 1) and likely bots that have many bot tells (bot score 2-29). In our templates, we recommend to allow verified bots like Google SEO crawler and access to static resources, which should be cached anyway.
+Cloudflare has [default templates](https://dash.cloudflare.com/?to=/:account/:zone/security/security-rules?template=bot_traffic) for definite bots, which have a [bot score](/bots/concepts/bot-score/) of 1, and likely bots which have a bot score of 2 to 29. In our templates, Cloudflare recommends to allow verified bots such as Google SEO Crawler and access to cached static resources.
 
 - [Definite Bots template](https://dash.cloudflare.com/?to=/:account/:zone:/security/security-rules/custom-rules/create?template=Definitely%20Bots): Targets malicious bot traffic while ignoring verified bots and routes delivering static content.
 
-    `(cf.bot_management.score eq 1 and not cf.bot_management.verified_bot and not cf.bot_management.static_resource)`
+    ```txt wrap
+    (cf.bot_management.score eq 1 and not cf.bot_management.verified_bot and not cf.bot_management.static_resource)
+    ```
 
 - [Likely Bots template](https://dash.cloudflare.com/?to=/:account/:zone/security/security-rules/custom-rules/create?template=Likely%20Bots): Targets traffic likely to be malicious bots while ignoring verified bots and routes with static content. It may contain a small amount of non-bot traffic.
 
-    `(cf.bot_management.score ge 2 and cf.bot_management.score le 29 and not cf.bot_management.verified_bot and not cf.bot_management.static_resource)`
+    ```txt wrap
+    (cf.bot_management.score ge 2 and cf.bot_management.score le 29 and not cf.bot_management.verified_bot and not cf.bot_management.static_resource)
+    ```
 
 - (Optional) [JavaScript detections template](https://dash.cloudflare.com/?to=/:account/:zone/security/security-rules/custom-rules/create?template=JavaScript%20Verified%20URLs): If you enabled JavaScript detections, then set up a [managed challenge](/fundamentals/security/cloudflare-challenges/#managed-challenge-recommended), make sure to add a method and URI path. JavaScript detections improves security for URLs that should only expect JavaScript-enabled clients.
 
-    `(not cf.bot_management.js_detection.passed and http.request.method eq "" and http.request.uri.path in {""})`
+    ```txt wrap
+    (not cf.bot_management.js_detection.passed and http.request.method eq "" and http.request.uri.path in {""})
+    ```

src/content/docs/bots/get-started/bot-management.mdx

@@ -49,10 +49,6 @@ Accounts with an Enterprise subscription but not the [Bot Management add-on](/bo
 You can view blocked AI bot traffic via [Security Analytics](/waf/analytics/security-analytics/). 
 :::
 
-### Enable AI Labyrinth
-
-<Render file="ai-labyrinth-enable" params={{ one: "Super Bot Fight Mode" }} />
-
 ## Analytics
 
 ### Bot Report

src/content/docs/bots/get-started/super-bot-fight-mode.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Deploy clientless access
+external_link: /learning-paths/clientless-access/concepts/
+sidebar:
+  order: 3
+---

src/content/docs/cloudflare-one/implementation-guides/clientless-access.mdx

@@ -31,8 +31,8 @@ Implementation guides cover deployment steps and best practices for specific Clo
 </LinkTitleCard>
 
 <LinkTitleCard
-	title="Deploy Zero Trust Web Access"
-	href="/learning-paths/zero-trust-web-access/concepts/"
+	title="Deploy clientless access"
+	href="/learning-paths/clientless-access/concepts/"
 	icon="laptop"
 >
 	Secure access to internal web applications without a device client.