Added Surge Readiness learning path

Author: dcpena

src/content/docs/learning-paths/surge-readiness/concepts/custom-pages.mdx

@@ -0,0 +1,22 @@
+---
+title: Custom pages
+pcx_content_type: overview
+sidebar:
+  order: 2
+---
+
+Design your custom HTML page and host it online anywhere. Once published, Cloudflare will use the customized page instead of serving our standard page to your visitors.
+
+Note: We encourage you to customize every page to provide a consistent branding experience for your users. Origin Error pages can also be activated for 502,504, and 404 errors.
+
+Pages you can customize:
+
+- IP Block
+- WAF Block
+- 500 Class Errors
+- 1000 Class Errors
+- Always Online Error
+- Basic Security Challenge
+- WAF Challenge
+- Country Challenge
+- I'm Under Attack Mode Challenge

src/content/docs/learning-paths/surge-readiness/concepts/index.mdx

@@ -0,0 +1,45 @@
+---
+title: Prerequisites
+pcx_content_type: overview
+sidebar:
+  order: 1
+---
+
+import { DashButton } from "~/components";
+
+Reach out to your Customer Success Manager at least 30 days prior to the expected traffic surge to schedule a Security Optimization walkthrough with your Customer Solution Engineer.
+
+To learn more about our service offerings, refer to [Customer Success offerings](https://www.cloudflare.com/success-offerings/).
+
+## Register your users
+
+For the security and protection of your account, be sure to register all account users.
+
+1. In the Cloudflare dashboard, go to the  **Manage Account** > **Members** page.
+
+    <DashButton url="/?to=/:account/members" />
+
+2. Select more than one Super Administrator to ensure appropriate access when needed.
+
+Failure to register account users can create issues with our ticketing system. Unverified users who contact support will be funneled to the self-serve queue rather than the Enterprise queue which can result in long wait times.
+
+We strongly advise against credential-sharing which can jeopardize the trust and safety of your account.
+
+Note: Refer to [Manage members](/fundamentals/setup/manage-members/) to learn how to review and update registered account users. 
+
+## Confirm user and domain administration
+
+- **Multi-User:** Provide role-based permissions to a group of users to better control the administration of your domains. Each user has their own role and limited API key.
+- **Enforce 2FA:** Ensure your entire dashboard is secure by [enforcing 2-factor authentication](/fundamentals/setup/account/account-security/2fa/) for your organization.
+  - To disable 2FA, submit a support ticket and allow 1-2 business days to validate your request.
+- **Leverage API Access:** Work easily with our system programmatically using our [API](https://api.cloudflare.com).
+
+## Additional items
+
+- Check when your [SSL Certificates expire (only custom and origin certificates)](/ssl/edge-certificates/custom-certificates/renewing/)
+  - Note: Certificates managed by Cloudflare are auto-renewed
+- Review your Operational and Disaster recovery preparedness
+    - Enable Load Balancing with smart cache strategies: Use [Cloudflare Load Balancing](/reference-architecture/architectures/load-balancing) to distribute traffic across multiple healthy origins, and increase cache-hit ratios by leveraging [custom cache rules](/cache/performance-review/cache-analytics) and [edge compute](/learning/cdn/caching-static-and-dynamic-content) (e.g., Cloudflare Workers) to offload origin traffic during high-demand periods.
+    - Configure failover pools and back up DNS with a playbook: Set up [Cloudflare Load Balancer failover pools](/reference-architecture/architectures/load-balancing) to automatically redirect traffic to healthy origins if one fails. Export DNS records for safekeeping and prepare a clear [incident response plan](https://www.cloudflare.com/learning/performance/preventing-downtime) that includes steps for re-routing or recovery.
+- Review and update your current users' access?
+- Check your domain registry validity

src/content/docs/learning-paths/surge-readiness/performance/analytics.mdx

@@ -0,0 +1,24 @@
+---
+title: Analytics
+pcx_content_type: overview
+sidebar:
+  order: 4
+---
+
+## Workers Analytics Engine
+
+Use the [Workers Analytics Engine](/analytics/analytics-engine/) to send unlimited-cardinality data from your Worker to a time-series database. Query it with SQL.
+
+
+## Account and zone analytics
+
+Use [Account and zone analytics](/analytics/account-and-zone-analytics/) to provide details about the requests and traffic related to your Cloudflare accounts and zones.
+
+
+## Cloudflare Network Analytics
+
+Use [Cloudflare Network Analytics](/analytics/network-analytics/) to Provide near real-time visibility into network and transport-layer traffic patterns and DDoS attacks.
+
+## GraphQL Analytics API
+
+Use the [GraphQL Analytics API](/analytics/graphql-api/) to provide\ all of your performance, security, and reliability data from one endpoint. Select exactly what you need, from one metric for a domain to multiple metrics aggregated for your account.

src/content/docs/learning-paths/surge-readiness/performance/caching.mdx

@@ -0,0 +1,86 @@
+---
+title: Caching
+pcx_content_type: overview
+sidebar:
+  order: 2
+---
+
+import { DashButton } from "~/components";
+
+## Optimize caching
+
+By default, Cloudflare [caches static content](/cache/concepts/default-cache-behavior/) such as images, CSS, and JavaScript. However, you can extend Cloudflare caching to work with HTML by creating custom [Cache Rules](cache/how-to/cache-rules/).
+
+
+### Cache more requests
+
+1. In  the Cloudflare dashboard, go to the **Caching** > **Cache Rules** page. 
+
+    <DashButton url="/?to=/:account/:zone/caching/cache-rules" />
+
+2. Select **Create rule**.
+3. For When incoming requests match, enter either your entire website or a specific path on your application, based on the Hostname or URI Path. Refer to the [available fields](/cache/how-to/cache-rules/settings/#fields).
+4. For Cache eligibility, define how these requests should be cached and for how long. Refer to the available [cache eligibility settings](/cache/how-to/cache-rules/settings/#eligible-for-cache-settings).
+5. You can then monitor the effectiveness of your cache settings using [Cache Analytics](/cache/performance-review/cache-analytics/) and update your configuration according to our [Cache performance guide](/cache/performance-review/cache-performance/).
+
+
+### Advanced cache optimizations
+
+
+
+* [Custom Cache Keys](/cache/how-to/cache-keys/) allows you to precisely set the cacheability setting for any resource.
+* [Origin Cache Control](/cache/concepts/cache-control/) can be used to let the Cache-Control headers tell Cloudflare how to handle content from the origin server.
+
+
+## Tiered Cache
+
+[Tiered Cache](/cache/how-to/tiered-cache/) uses the size of Cloudflare's network to reduce requests to customer origin servers by dramatically increasing cache hit ratios.
+
+It works by dividing Cloudflare's data centers into a hierarchy of lower-tiers and upper-tiers. If content is not cached in lower-tier data centers (generally the ones closest to a visitor), the lower-tier requests an upper-tier for the content. If the upper-tier does not have the content, only the upper-tier will initiate a request to the origin. This practice improves bandwidth efficiency by limiting the number of Cloudflare data centers that can ask the origin for content.
+
+Refer to [Enable Tiered Cache](/cache/how-to/tiered-cache/#enable-tiered-cache) to get started.
+
+
+### Cache Reserve
+
+[Cache Reserve](/cache/advanced-configuration/cache-reserve/) is a large, persistent data store implemented on top of [R2](/r2/).
+
+With a single click in the dashboard, your cacheable content will be written to Cache Reserve. In the same way that Tiered Cache builds a hierarchy of caches between your visitors and your origin, Cache Reserve serves as the ultimate [upper-tier cache](/cache/how-to/tiered-cache/) that will reserve storage space for your assets for as long as you want.
+
+This ensures that your content is served from cache longer, shielding your origin from unneeded egress fees.
+
+
+## Cloudflare Waiting Room
+
+[Cloudflare Waiting Room](/waiting-room/) allows you to route excess users of your website to a customized waiting room, helping preserve customer experience and protect origin servers from being overwhelmed with requests.
+
+
+## Use Cloudflare IP addresses
+
+Take action to prevent attacks to your application during peak season by configuring your firewall to only accept traffic from Cloudflare IP addresses. By only allowing [Cloudflare IPs ↗](https://www.cloudflare.com/ips), you can prevent attackers from bypassing Cloudflare and sending requests directly to your origin.
+
+Refer to [Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/) for more information.
+
+
+## Monitor traffic
+
+You can use the Cloudflare dashboard to closely monitor the traffic on your domain and fine-tune your cache and security settings accordingly.
+
+
+### Zone and Account analytics
+
+[Cloudflare zone analytics](/analytics/account-and-zone-analytics/zone-analytics/) gives you access to a wide range of metrics, collected at the website or domain level.
+
+[Cloudflare account analytics](/analytics/account-and-zone-analytics/account-analytics/) lets you access a wide range of aggregated metrics from all the sites under a specific Cloudflare account.
+
+
+### Security Analytics and Security Events
+
+[Security Analytics](https://developers.cloudflare.com/waf/analytics/security-analytics/) displays information about all incoming HTTP requests for your domain, including requests not handled by Cloudflare security products.
+
+You can also use the [Security Events](/waf/analytics/security-events/) to review mitigated requests and tailor your security configurations.
+
+
+### Cache Analytics
+
+You can use [Cache Analytics](/cache/performance-review/cache-analytics/) to improve site performance or reduce origin web server traffic. Cache Analytics helps determine if resources are missing from cache, expired, or ineligible for caching.

src/content/docs/learning-paths/surge-readiness/performance/index.mdx

@@ -0,0 +1,8 @@
+---
+title: Performance
+pcx_content_type: overview
+sidebar:
+  group:
+    hideIndex: true
+  order: 3
+---

src/content/docs/learning-paths/surge-readiness/performance/logs.mdx

@@ -0,0 +1,25 @@
+---
+title: Logs
+pcx_content_type: overview
+sidebar:
+  order: 3
+---
+
+## Logpush
+
+Use [Logpush](/logs/get-started/) to push your request or event logs to your cloud service provider using Logpush, which can be configured via the Cloudflare dashboard or API.
+
+
+## Instant Logs
+
+Use [Instant Logs](/logs/instant-logs/) to view HTTP request logs instantly in the Cloudflare dashboard or the CLI.
+
+
+## Logs Engine
+
+Use the [Logs Engine](/logs/r2-log-retrieval/) to store your logs in R2 and query them directly.  
+
+
+## Log Explorer
+
+Use the [Log Explorer](/log-explorer/) to store and explore your Cloudflare logs directly within the Cloudflare dashboard or API. 

src/content/docs/learning-paths/surge-readiness/security/block-agents-lock-zones.mdx

@@ -0,0 +1,23 @@
+---
+title: Block user agents and lock zones
+pcx_content_type: overview
+sidebar:
+  order: 6
+---
+
+
+[User Agent (UA) Blocking](/waf/tools/user-agent-blocking/) rules match against specific User-Agent request headers sent by the browser or application accessing your site. UA rules are applied against the entire domain, and after a rule is triggered, you can decide which action to take against the visitor.
+
+Actions:
+
+- Block: Ensures that an IP address will never be allowed to access your site
+-CAPTCHA Challenge: Rules will be shown a CAPTCHA before allowed access
+- Javascript Challenge: Rules will be shown 5 second javascript confirmation
+
+## Zone Lockdown
+
+[Zone lockdown](/waf/tools/zone-lockdown/) rules allow you to define paths and only allow specific, trusted IPs to those paths. Any requests to those paths from non-whitelisted IPs will be automatically blocked with an 1106 HTTP code. This ability is particularly useful for locking down administrative or staging portions of your application.
+
+# Defend content with Scrape Shield
+
+Scrape Shield is a collection of settings meant to protect your site's content.

src/content/docs/learning-paths/surge-readiness/security/confirm-account-security.mdx

@@ -0,0 +1,12 @@
+---
+title: Confirm account security
+pcx_content_type: overview
+sidebar:
+  order: 2
+---
+
+import { DirectoryListing } from "~/components";
+
+Review the list below for guidance on securing your account.
+
+<DirectoryListing folder="fundamentals/account/account-security" />

src/content/docs/learning-paths/surge-readiness/security/control-domain-access.mdx

@@ -0,0 +1,62 @@
+---
+title: Control domain access
+pcx_content_type: overview
+sidebar:
+  order: 8
+---
+
+[IP Access Rules](/waf/tools/ip-access-rules/) specify an action based on the origin of your user across a single domain or all of the domains in your account.
+
+IP Access Rules can be applied based on:
+
+
+
+* IPv4 address or range: Specified in CIDR notation as `/16` or `/24`
+* IPv6 address or range: Specified in CIDR notation as `/32`, `/48`, `/64`
+* ASN
+* Country or the Tor network
+
+
+:::note
+
+We recommend locking down your origin with an Access Control List (ACL) which only allows [Cloudflare IPs](http://www.cloudflare.com/ips).
+
+:::
+
+Actions:
+
+- Block: Ensures that an IP address will never be allowed to access your site.
+- CAPTCHA Challenge: Rules will be shown a CAPTCHA before allowed access.
+- Javascript Challenge: Rules will be shown a five second javascript confirmation.
+- Allowlist: Ensures that an IP address will never be blocked from accessing your site. This supersedes any Cloudflare security profile.
+
+:::note
+
+Challenge Passage timeout applies to IP reputation, IUAM mode and user IP Firewall (CAPTCHA or JS Challenge): [cf_clearance cookie](/fundamentals/reference/policies-compliances/cloudflare-cookies/#additional-cookies-used-by-the-challenge-platform) is set with `Max-age=Challenge Passage`.
+:::
+
+## Enable "I'm Under Attack" mode (IAUM)
+
+If you are under attack and have this feature enabled during the attack, visitors will receive an interstitial page for about five seconds while the traffic is analyzed to make sure it is a legitimate human visitor. The vast majority of Layer 7 attack scripts are defeated by IUAM and can be honed via Page Rules.
+
+Refer to [I'm Under Attack Mode](https://developers.cloudflare.com/fundamentals/reference/under-attack-mode/) for more information.
+
+
+## Change Access Control List (ACL)
+
+An ACL refers to rules that are applied to port numbers or IP addresses that are available on a host permitting use of the service. When you only allow Cloudflare IPs, you eliminate threats attempting to attack your origin IP range.
+
+Refer to [Cloudflare IP Ranges](https://www.cloudflare.com/ips) for more information.
+
+
+## Change Origin IPs and update Cloudflare DNS records
+
+If your origin is still being attacked, consider moving your Origin IPs and updating your Cloudflare DNS records.
+
+Refer to [Prevent DDoS attacks](/learning-paths/prevent-ddos-attacks/concepts/) for detailed guidance.
+
+:::note
+
+To learn about best practices for DDoS protection, review [Respond to DDoS attacks](/ddos-protection/best-practices/respond-to-ddos-attacks/).
+
+:::

src/content/docs/learning-paths/surge-readiness/security/control-incoming-requests.mdx

@@ -0,0 +1,31 @@
+---
+title: Control incoming requests
+pcx_content_type: overview
+sidebar:
+  order: 3
+---
+
+Use [Custom rules](/waf/custom-rules/) to allow you to control incoming traffic by filtering requests to a zone. They work as customized web application firewall (WAF) rules that you can use to perform actions like Block or Managed Challenge on incoming requests.
+
+UseWAF [Managed Rules](/waf/managed-rules/) to apply custom criteria for all incoming HTTP requests.
+
+## Understand hosting plan limits
+
+Cloudflare offsets most of the load to your website via caching and request filtering, but some traffic will still pass through to your origin. Knowing the limits of your hosting plan can help prevent a bottleneck from your host.
+
+Once you are aware of your plan limits, you can use [Rate Limiting](/waf/rate-limiting-rules/) to restrict how many times a requesting entity can make a request to your website.
+
+To help you define the best rate limiting setting for your use case, refer to [How Cloudflare determines the request rate article](/waf/rate-limiting-rules/request-rate/).
+
+## Security Models
+
+- Positive Security policy: Allow specific requests and deny everything else.
+- Negative Security policy: Block specific requests and allow everything else.
+
+## Actions
+
+- Log: Test rule effectiveness before committing to a more severe action.
+- Allow: Allow matching requests to access the site.
+- Block: Block matching requests from accessing the site.
+- CAPTCHA Challenge: Rules will be shown a CAPTCHA before proceeding.
+- Javascript Challenge: Rules will be shown a five second Javascript confirmation before proceeding.