Merge branch 'production' into max/gw/dns-api

maxvp · web-flow · commit de76272162f1 · 2024-12-17T11:28:39.000-06:00
diff --git a/astro.config.ts b/astro.config.ts
@@ -177,27 +177,27 @@ export default defineConfig({
 			plugins: [
 				...(runLinkCheck
 					? [
-							starlightLinksValidator({
-								errorOnInvalidHashes: false,
-								errorOnLocalLinks: false,
-								exclude: [
-									"/api/",
-									"/api/operations/**",
-									"/changelog/",
-									"/http/resources/**",
-									"{props.*}",
-									"/",
-									"**/glossary/?term=**",
-									"/products/?product-group=*",
-									"/products/",
-									"/rules/snippets/examples/?operation=*",
-									"/rules/transform/examples/?operation=*",
-									"/workers/examples/?languages=*",
-									"/workers/examples/?tags=*",
-									"/workers-ai/models/**",
-								],
-							}),
-						]
+						starlightLinksValidator({
+							errorOnInvalidHashes: false,
+							errorOnLocalLinks: false,
+							exclude: [
+								"/api/",
+								"/api/**",
+								"/changelog/",
+								"/http/resources/**",
+								"{props.*}",
+								"/",
+								"**/glossary/?term=**",
+								"/products/?product-group=*",
+								"/products/",
+								"/rules/snippets/examples/?operation=*",
+								"/rules/transform/examples/?operation=*",
+								"/workers/examples/?languages=*",
+								"/workers/examples/?tags=*",
+								"/workers-ai/models/**",
+							],
+						}),
+					]
 					: []),
 				starlightDocSearch({
 					appId: "D32WIYFTUF",
diff --git a/src/assets/images/turnstile/payment-form.png b/src/assets/images/turnstile/payment-form.png
diff --git a/src/content/docs/ai-gateway/configuration/websockets-api.mdx b/src/content/docs/ai-gateway/configuration/websockets-api.mdx
@@ -1,5 +1,5 @@
 ---
-title: Websockets API
+title: WebSockets API
 pcx_content_type: configuration
 sidebar:
   badge:
@@ -8,7 +8,7 @@ sidebar:
 
 The AI Gateway WebSockets API provides a single persistent connection, enabling continuous communication. By using WebSockets, you can establish a single connection for multiple AI requests, eliminating the need for repeated handshakes and TLS negotiations, which enhances performance and reduces latency. This API supports all AI providers connected to AI Gateway, including those that do not natively support WebSockets.
 
-## When to use webSockets?
+## When to use WebSockets?
 
 WebSockets are long-lived TCP connections that enable bi-directional, real-time communication between client and server. Unlike HTTP connections, which require repeated handshakes for each request, WebSockets maintain the connection, supporting continuous data exchange with reduced overhead. WebSockets are ideal for applications needing low-latency, real-time data, such as voice assistants.
 
diff --git a/src/content/docs/byoip/concepts/loa.mdx b/src/content/docs/byoip/concepts/loa.mdx
@@ -35,7 +35,7 @@ LETTER OF AGENCY ("LOA")
 
 To whom it may concern:
 
-[COMPANY NAME] (the "Company") authorizes Cloudflare, Inc. with AS[CF TO PROVIDE] to advertise the following IP address blocks / originating ASNs:
+[COMPANY NAME] (the "Company") authorizes Cloudflare, Inc. with AS13335 to advertise the following IP address blocks / originating ASNs:
 
 - - - - - - - - - - - - - - - - - - -
 [Subnet & Originating ASN]
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/product-compatibility.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/product-compatibility.mdx
@@ -39,7 +39,7 @@ This is not an exhaustive list of Cloudflare products and features.
 | [Page Rules](/rules/page-rules/)                                                                    | Yes\*         | Yes                | Page Rules that match the subdomain used for O2O may block or interfere with the flow of visitors to your website.                                                                                                                                                                                                                                                |
 | [Mirage](/speed/optimization/images/mirage/)                                                        | Yes           | Yes                |                                                                                                                                                                                                                                                                                                                                                                   |
 | [Origin Rules](/rules/origin-rules/)                                                                | Yes           | Yes                | Enterprise zones can configure Origin Rules, by setting the Host Header and DNS Overrides to direct traffic to a SaaS zone.                                                                                                                                                                                                                                       |
-| [Page Shield](/page-shield/)                                                                        | No            | Yes                | |
+| [Page Shield](/page-shield/)                                                                        | Yes           | Yes                | |
 | [Polish](/images/polish/)                                                                           | Yes\*         | Yes                | Polish only runs on cached assets. If the customer zone is bypassing cache for SaaS zone destined traffic, then images optimized by Polish will not be loaded from origin.                                                                                                                                                                                        |
 | [Rate Limiting](/waf/rate-limiting-rules/)                                                          | Yes\*         | Yes                | Rate Limiting rules that match the subdomain used for O2O may block or interfere with the flow of visitors to your website.                                                                                                                                                                                                                                       |
 | [Rocket Loader](/speed/optimization/content/rocket-loader/)                                         | No            | No                 |                                                                                                                                                                                                                                                                                                                                                                   |
diff --git a/src/content/docs/dns/zone-setups/partial-setup/setup.mdx b/src/content/docs/dns/zone-setups/partial-setup/setup.mdx
@@ -6,7 +6,6 @@ sidebar:
 head:
   - tag: title
     content: Set up a partial (CNAME) zone
-
 ---
 
 import { Details, Render, GlossaryTooltip, Steps } from "~/components";
@@ -17,46 +16,54 @@ import { Details, Render, GlossaryTooltip, Steps } from "~/components";
 A partial setup is only available to customers on a Business or Enterprise plan.
 :::
 
-***
+---
 
 ## Before you begin
 
 <Steps>
+
 1. Create a Cloudflare account and add your domain.
 2. Choose **Business** or **Enterprise** as your plan.
 3. If you are onboarding a new domain to Cloudflare, ignore the instructions to change your nameservers.
 4. (Recommended) Plan for SSL/TLS certificates:
 
-    If you are only using [Universal SSL](/ssl/edge-certificates/universal-ssl/) prior to converting your zone, a certificate will be provisioned for your subdomains only after each of the respective DNS records ([step 3](#3-add-dns-records) below) are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/). Refer to [Enable Universal SSL](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup) for details.
+   If you are only using [Universal SSL](/ssl/edge-certificates/universal-ssl/) prior to converting your zone, a certificate will be provisioned for your subdomains only after each of the respective DNS records ([step 3](#3-add-dns-records) below) are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/). Refer to [Enable Universal SSL](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup) for details.
+
+   If your domain is sensitive to downtime, instead of using Universal SSL, consider using an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/) with [delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/#setup).
 
-    If your domain is sensitive to downtime, instead of using Universal SSL, consider using an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/) with [delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/#setup).
 </Steps>
 
 ## 1. Convert your zone and review DNS records
 
 <Steps>
+
 1. On the **Overview** page, select **Convert to CNAME DNS Setup**.
 2. Select **Convert** to confirm.
 3. Save the information from the **Verification TXT Record**. If you lose the information, you can also access it by going to **DNS** > **Records** > **Verification TXT Record**.
 4. Make sure that you have all the DNS records (A, AAAA, or CNAME) for subdomains that you want to proxy through Cloudflare.
+
 </Steps>
 
 ## 2. Verify ownership for your domain
 
 Add the **Verification TXT Record** at your authoritative DNS provider. Cloudflare will verify the TXT record and send a confirmation email. This can take up to a few hours.
 
 <Details header="Example verification record">
+
 A verification record for `example.com` might be:
 
 | Type | Name                            | Content             |
 | ---- | ------------------------------- | ------------------- |
 | TXT  | `cloudflare-verify.example.com` | 966215192-518620144 |
+
 </Details>
 
 :::note
+
 If your authoritative DNS provider automatically appends DNS record `name` fields with your domain, make sure to only insert `cloudflare-verify` as the record name. Otherwise, it may result in an incorrect record name, such as `cloudflare-verify.example.com.example.com`.
 
-After creating the record, you can use this [Dig Web Interface link](https://digwebinterface.com/?type=TXT\&ns=auth\&nameservers=) to search (`dig`) for `cloudflare-verify.<YOUR DOMAIN>` and validate if it is working.
+After creating the record, you can use this [Dig Web Interface link](https://digwebinterface.com/?type=TXT&ns=auth&nameservers=) to search (`dig`) for `cloudflare-verify.<YOUR DOMAIN>` and validate if it is working.
+
 :::
 
 That record must remain in place for as long as your domain is active on the partial setup on Cloudflare.
@@ -66,25 +73,29 @@ If your organization has multiple Cloudflare accounts, also consider using zone
 ## 3. Add DNS records
 
 <Steps>
+
 1. At your authoritative DNS provider:
+
    1. Create `CNAME` records pointing to `{your-hostname}.cdn.cloudflare.net` for every hostname you wish to proxy through Cloudflare.
 
-    <Details header="Example CNAME record at authoritative DNS provider">
+   <Details header="Example CNAME record at authoritative DNS provider">
+
+   The `CNAME` record for `www.example.com` would be:
 
-    The `CNAME` record for `www.example.com` would be:
+   ```txt
+   www.example.com CNAME www.example.com.cdn.cloudflare.net
+   ```
 
-    ```txt
-    www.example.com CNAME www.example.com.cdn.cloudflare.net
-    ```
-    </Details>
+   </Details>
 
-    2. Remove any previously existing `A`, `AAAA`, or `CNAME` records referencing the hostnames you want to proxy through Cloudflare. For these hostnames, leave only the records pointing to `{your-hostname}.cdn.cloudflare.net`.
+   2. Remove any previously existing `A`, `AAAA`, or `CNAME` records referencing the hostnames you want to proxy through Cloudflare. For these hostnames, leave only the records pointing to `{your-hostname}.cdn.cloudflare.net`.
 
 2. Repeat this process for each subdomain that should be proxied to Cloudflare.
+
 </Steps>
 
 ---
 
 ## Other record types
 
-If you are preparing a conversion from partial to full setup, or if you have a more specific use case, you can use the [Create DNS Record](/api/operations/dns-records-for-a-zone-create-dns-record) API endpoint to create DNS records of any supported type.
+If you are preparing a conversion from partial to full setup, or if you have a more specific use case, you can use the [Create DNS Record](/api/resources/dns/subresources/records/methods/create/) API endpoint to create DNS records of any supported type.
diff --git a/src/content/docs/email-security/account-setup/index.mdx b/src/content/docs/email-security/account-setup/index.mdx
@@ -3,6 +3,8 @@ title: Account setup
 pcx_content_type: navigation
 sidebar:
   order: 3
+  group:
+    hideIndex: true
 
 ---
 
diff --git a/src/content/docs/email-security/deployment/inline/reference/egress-ips.mdx b/src/content/docs/email-security/deployment/inline/reference/egress-ips.mdx
@@ -3,7 +3,6 @@ title: Egress IPs
 pcx_content_type: reference
 sidebar:
   order: 1
-
 ---
 
 When you set up Email Security (formerly Area 1) using an [inline deployment](/email-security/deployment/inline/), you need to tell your existing email providers to accept messages coming from Email Security's egress IP addresses.
diff --git a/src/content/docs/email-security/deployment/inline/reference/index.mdx b/src/content/docs/email-security/deployment/inline/reference/index.mdx
@@ -3,6 +3,8 @@ title: Reference
 pcx_content_type: navigation
 sidebar:
   order: 3
+  group:
+    hideIndex: true
 head:
   - tag: title
     content: Reference - Inline deployment
diff --git a/src/content/docs/email-security/reference/index.mdx b/src/content/docs/email-security/reference/index.mdx
@@ -3,7 +3,8 @@ title: Reference
 pcx_content_type: navigation
 sidebar:
   order: 8
-
+  group:
+    hideIndex: true
 ---
 
 import { DirectoryListing } from "~/components"
diff --git a/src/content/docs/magic-cloud-networking/reference.mdx b/src/content/docs/magic-cloud-networking/reference.mdx
@@ -52,6 +52,9 @@ Magic Cloud Networking discovers the following resource types.
 
 - AWS Customer Gateway
 - AWS EC2 Managed Prefix List
+- AWS EC2 Transit Gateway
+- AWS EC2 Transit Gateway Prefix List
+- AWS EC2 Transit Gateway VPC Attachment
 - AWS Egress Only Internet Gateway
 - AWS Internet Gateway
 - AWS Instance
diff --git a/src/content/docs/magic-transit/reference/magic-tunnels.mdx b/src/content/docs/magic-transit/reference/magic-tunnels.mdx
@@ -6,4 +6,4 @@ title: Magic Tunnels background information
 
 import { Render } from "~/components"
 
-<Render file="magic-tunnel-health-alerts/magic-tunnels-slos" product="magic-wan" />
+<Render file="magic-tunnel-health-alerts/magic-tunnels-slos" product="magic-wan" params={{ tunnelStatePath: "/magic-transit/reference/tunnel-health-checks/#tunnel-state-determination"	}} />
diff --git a/src/content/docs/magic-wan/reference/magic-tunnels.mdx b/src/content/docs/magic-wan/reference/magic-tunnels.mdx
@@ -6,4 +6,4 @@ title: Magic Tunnels background information
 
 import { Render } from "~/components"
 
-<Render file="magic-tunnel-health-alerts/magic-tunnels-slos" />
+<Render file="magic-tunnel-health-alerts/magic-tunnels-slos" params={{ tunnelStatePath: "/magic-wan/reference/tunnel-health-checks/#tunnel-state-determination"	}} />
diff --git a/src/content/docs/radar/investigate/url-scanner.mdx b/src/content/docs/radar/investigate/url-scanner.mdx
@@ -136,4 +136,17 @@ You can also search for the hash in the URL Scanner API.
 
 Go to [Search URL scans](/api/resources/url_scanner/subresources/scans/methods/list/) in the API documentation for the full list of available options.
 
-Alternatively, you can search for the hash on the [Cloudflare dashboard](https://dash.cloudflare.com/) by selecting your account > **Security Center** > **Investigate** > Enter the hash > Select **Search**.
+Alternatively, you can search for the hash on the [Cloudflare dashboard](https://dash.cloudflare.com/) by selecting your account > **Security Center** > **Investigate** > Enter the hash > Select **Search**.
+
+### Search filters
+
+You can search through the URL Scanner [reports](/radar/investigate/url-scanner/#search-filters) and retrieve information filtered by:
+
+- Similar screenshot
+- Identical favicon
+- Similar favicon
+- Similar HTML structure
+- Identical ASN
+- Identical IP
+- Identical domain
+- Identical final URL (after all redirections)
diff --git a/src/content/docs/rules/snippets/examples/route-and-rewrite.mdx b/src/content/docs/rules/snippets/examples/route-and-rewrite.mdx
@@ -0,0 +1,54 @@
+---
+type: example
+summary: Reroute a request to a different origin and modify the URL path.
+goal:
+  - Routing
+operation:
+  - Modify URL
+products:
+  - Snippets
+pcx_content_type: example
+title: Change origin and modify paths
+description: Route requests to a different origin, prepend a directory to the URL path, and remove specific segments.
+---
+
+This example demonstrates how to use Cloudflare Snippets to:
+
+- Reroute incoming requests to a different origin.
+- Prepend a directory to the URL path.
+- Remove specific segments from the URL path.
+
+```js
+export default {
+	async fetch(request) {
+		// Clone the original request to create a new request object
+		const newRequest = new Request(request);
+
+		// Add a header to identify a rerouted request at the new origin
+		newRequest.headers.set("X-Rerouted", "1");
+
+		// Clone and parse the original URL
+		const url = new URL(request.url);
+
+		// Step 1: Reroute to a different origin
+		url.hostname = "example.com"; // Change the hostname to the new origin
+
+		// Step 2: Append a directory to the path
+		url.pathname = `/new-path${url.pathname}`; // Prepend "/new-path" to the current path
+
+		// Step 3: Remove a specific segment from the path
+		url.pathname = url.pathname.replace("/remove-me", ""); // Rewrite `/remove-me/something` to `/something`
+
+		// Fetch the modified request from the updated URL
+		return await fetch(url, newRequest);
+	},
+};
+```
+
+This configuration will perform the following rewrites:
+
+| Request URL                         | URL after rewrite                  |
+| ----------------------------------- | ---------------------------------- |
+| `https://subdomain.example.com/foo` | `https://example.com/new-path/foo` |
+| `https://example.com/remove-me/bar` | `https://example.com/new-path/bar` |
+| `https://example.net/remove-me`     | `https://example.com/new-path`     |
diff --git a/src/content/docs/security-center/security-insights/index.mdx b/src/content/docs/security-center/security-insights/index.mdx
@@ -42,6 +42,8 @@ Listed below are the specific insights currently available:
 | [Unproxied `AAAA` Records](/dns/manage-dns-records/reference/dns-record-types/#a-and-aaaa)                                          | This DNS record is not proxied by Cloudflare. Cloudflare can not protect this origin because it is exposed to the public Internet.                                                                                                                     |
 | [Unproxied `CNAME` Records](/dns/manage-dns-records/reference/proxied-dns-records/#dns-only-records)                                | This DNS record is not proxied by Cloudflare. Cloudflare can not protect this origin because it is exposed to the public Internet.                                                                                                                     |
 | [Users without MFA](/fundamentals/setup/account/account-security/2fa/)                                                              | We detect that a Cloudflare administrative user has not enabled multifactor authentication.                                                                                                                                                            |
-| [Zones without WAF Managed Rules](/waf/managed-rules/)                                                                              | We detect that this domain does not have the WAF's Managed Rules enabled. You are at risk from zero-day and other common vulnerabilities.                                                                                                              |
+| [Zones without WAF Managed Rules](/waf/managed-rules/)                                                                              | We detect that this domain does not have the WAF's Managed Rules enabled. You are at risk from zero-day and other common vulnerabilities.
+| [No Turnstile enabled](/turnstile/)                                                                                        | We detect that there is no Turnstile widget configured on the account.
+
 
 For more information on available operations for Security Insights, refer to [Review Security Insights](/security-center/security-insights/review-insights/).
diff --git a/src/content/docs/turnstile/tutorials/protecting-your-payment-form-from-attackers-bots-using-turnstile.mdx b/src/content/docs/turnstile/tutorials/protecting-your-payment-form-from-attackers-bots-using-turnstile.mdx
diff --git a/src/content/docs/version-management/how-to/enable.mdx b/src/content/docs/version-management/how-to/enable.mdx
diff --git a/src/content/docs/workflows/build/rules-of-workflows.mdx b/src/content/docs/workflows/build/rules-of-workflows.mdx
diff --git a/src/content/docs/workflows/reference/pricing.mdx b/src/content/docs/workflows/reference/pricing.mdx
diff --git a/src/content/notifications/index.yaml b/src/content/notifications/index.yaml
diff --git a/src/content/partials/magic-wan/magic-tunnel-health-alerts/magic-tunnels-slos.mdx b/src/content/partials/magic-wan/magic-tunnel-health-alerts/magic-tunnels-slos.mdx
