From 37041cd30ee10ce4730f01d35abfce4e314633e4 Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Fri, 4 Oct 2024 08:27:04 -0700 Subject: [PATCH 1/7] labeling system --- .../api-routing/index.mdx | 2 +- .../developer-portal.mdx | 2 +- .../endpoint-labels.mdx | 58 +++++++++++++++++++ .../session-identifiers.mdx | 2 +- 4 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx diff --git a/src/content/docs/api-shield/management-and-monitoring/api-routing/index.mdx b/src/content/docs/api-shield/management-and-monitoring/api-routing/index.mdx index 13de738fa3a3947..f721bc1953016a5 100644 --- a/src/content/docs/api-shield/management-and-monitoring/api-routing/index.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/api-routing/index.mdx @@ -3,7 +3,7 @@ pcx_content_type: how-to type: overview title: API Routing sidebar: - order: 2 + order: 3 --- diff --git a/src/content/docs/api-shield/management-and-monitoring/developer-portal.mdx b/src/content/docs/api-shield/management-and-monitoring/developer-portal.mdx index c479d0d7d41e924..af791445f9244d6 100644 --- a/src/content/docs/api-shield/management-and-monitoring/developer-portal.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/developer-portal.mdx @@ -3,7 +3,7 @@ pcx_content_type: how-to type: overview title: Build developer portals sidebar: - order: 3 + order: 4 --- diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx new file mode 100644 index 000000000000000..854c3e05ce1bbc4 --- /dev/null +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -0,0 +1,58 @@ +--- +pcx_content_type: how-to +type: overview +title: Endpoint labeling service +sidebar: + order: 1 + label: Labeling service + +--- + +API Shield’s labeling service will help you organize your endpoints and address vulnerabilities in your API. The labeling service comes with managed and user-defined labels. + +Today, managed labels are useful for organizing endpoints by use case. In a future release, managed labels will automatically be added to endpoints with informative or security risks, alerting you on endpoints that need attention. + +User-defined labels can also be added to endpoints in API Shield by creating a label and adding it to an individual endpoint or multiple endpoints. User-defined labels will be useful for organizing your endpoints by owner, version, or type. + +You can sort and filter your endpoints based on the labels. + +## Create a label + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. +2. Go to **Security** > **Settings** > **Labels**. +3. Under **Security labels**, select **Create label**. +4. Name the label and add an optional label description. +5. Apply the label to your selected endpoints. +6. Select **Create label**. + +Alternatively, you can create a user-defined label via Endpoint Management in API Shield. + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. +2. Go to **Security** > **Settings** > **Labels**. +3. Choose the endpoint that you want to label. +4. Select **Edit labels**. +5. Under **User**, select **Create user label**. +6. Enter the label name. +7. Select **Create**. + +## Apply a label to an individual endpoint + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. +2. Go to **Security** > **API Shield** +3. Choose the endpoint that you want to label. +4. Select **Edit labels**. +5. Add the label(s) that you want to use for the endpoint from the list of managed and user-defined labels. +6. Select **Save labels**. + +## Bulk apply labels to multiple endpoints + +1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. +2. Go to **Security** > **Settings** > **Labels**. +3. On the existing label that you want to apply to multiple endpoints, select **Bulk apply**. +4. Choose the endpoints that you want to label by selecting its checkbox. +5. Select **Save label**. + + +## Availability + +Endpoint Management’s labeling service is currently available to Enterprise API Shield subscribers. \ No newline at end of file diff --git a/src/content/docs/api-shield/management-and-monitoring/session-identifiers.mdx b/src/content/docs/api-shield/management-and-monitoring/session-identifiers.mdx index ee1ca0c82dfd78b..46581ad63c21728 100644 --- a/src/content/docs/api-shield/management-and-monitoring/session-identifiers.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/session-identifiers.mdx @@ -3,7 +3,7 @@ pcx_content_type: how-to type: overview title: Session identifiers sidebar: - order: 1 + order: 2 --- From 6f44d31b2d035c42aad6fc91a51b59b18f5ce2bc Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Thu, 10 Oct 2024 18:01:33 -0700 Subject: [PATCH 2/7] api shield labeling service --- .../endpoint-labels.mdx | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx index 854c3e05ce1bbc4..63708399c513167 100644 --- a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -16,6 +16,39 @@ User-defined labels can also be added to endpoints in API Shield by creating a l You can sort and filter your endpoints based on the labels. +## Managed labels + +`cf-log-in`: Add this label to endpoints that accept user credentials. You may have multiple endpoints if you accept username, password, and MFA across multiple endpoints or requests. + +`cf-sign-up`: Add this label to endpoints that are the final step in creating user accounts for your site or application. + +`cf-content`: Add this label to endpoints that provide unique content, such as product details, user reviews, pricing or other unique information. + +`cf-purchase`: Add this label to endpoints that are the final step in purchasing goods or services online. + +`cf-password-reset`: Add this label to endpoints that participate in the user password reset process. This includes initial password reset requests and final password reset submissions. + +`cf-add-cart`: Add this label to endpoints that add items to a user’s shopping cart or verify item availability. + +`cf-add-payment`: Add this label to endpoints that accept credit card or bank account details where fraudsters may iterate through account numbers to guess valid combinations of payment information. + +`cf-check-value`: Add this label to endpoints that check the balance of rewards points, in-game currency, or other stored value products that can be earned, transferred, and redeemed for cash or physical goods. + +`cf-add-post`: Add this label to endpoints that post messages in a communication forum or product/merchant review. + +`cf-account-update`: Add this label to endpoints that participate in user account/profile updates. + +`cf-missing-auth`: Cloudflare will automatically add this label to endpoints where all successful responses are sent back to requests made by unauthenticated users without a session identifier. Refer to the table below for more information. + +`cf-mixed-auth`: Cloudflare will automatically add this label to endpoints that respond successfully to requests sent by users who are not required to be authenticated, both with and without session identifiers. Refer to the table below for more information. + +`cf-sensitive`: Cloudflare will automatically add this label to endpoints when HTTP responses match the WAF’s [Sensitive Data Detection](/api-shield/management-and-monitoring/#sensitive-data-detection) ruleset. + +| Description | 4xx, 5xx responses | 2xx responses | +| --- | --- | --- | +| If _all_ requests are missing authentication, Cloudflare will apply the label: | (no label) | `cf-missing-auth` | +| If only _some_ requests missing authentication, Cloudflare will apply the label: | (no label) | `cf-mixed-auth` | + ## Create a label 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. From 72a629b48b9988f5c610cbc91742a358d79595d2 Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Thu, 10 Oct 2024 19:59:40 -0700 Subject: [PATCH 3/7] fixes --- .../management-and-monitoring/endpoint-labels.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx index 63708399c513167..4c8a6cd3ee28bfe 100644 --- a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -22,7 +22,7 @@ You can sort and filter your endpoints based on the labels. `cf-sign-up`: Add this label to endpoints that are the final step in creating user accounts for your site or application. -`cf-content`: Add this label to endpoints that provide unique content, such as product details, user reviews, pricing or other unique information. +`cf-content`: Add this label to endpoints that provide unique content, such as product details, user reviews, pricing, or other unique information. `cf-purchase`: Add this label to endpoints that are the final step in purchasing goods or services online. @@ -34,9 +34,9 @@ You can sort and filter your endpoints based on the labels. `cf-check-value`: Add this label to endpoints that check the balance of rewards points, in-game currency, or other stored value products that can be earned, transferred, and redeemed for cash or physical goods. -`cf-add-post`: Add this label to endpoints that post messages in a communication forum or product/merchant review. +`cf-add-post`: Add this label to endpoints that post messages in a communication forum, or product or merchant review. -`cf-account-update`: Add this label to endpoints that participate in user account/profile updates. +`cf-account-update`: Add this label to endpoints that participate in user account or profile updates. `cf-missing-auth`: Cloudflare will automatically add this label to endpoints where all successful responses are sent back to requests made by unauthenticated users without a session identifier. Refer to the table below for more information. From 9d8d3a2703a742d60147ef7dc644164e319cc197 Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Thu, 10 Oct 2024 20:01:44 -0700 Subject: [PATCH 4/7] hyperlint updates --- .../api-shield/management-and-monitoring/endpoint-labels.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx index 4c8a6cd3ee28bfe..3856b2e45c6d8bf 100644 --- a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -8,7 +8,7 @@ sidebar: --- -API Shield’s labeling service will help you organize your endpoints and address vulnerabilities in your API. The labeling service comes with managed and user-defined labels. +API Shield's labeling service will help you organize your endpoints and address vulnerabilities in your API. The labeling service comes with managed and user-defined labels. Today, managed labels are useful for organizing endpoints by use case. In a future release, managed labels will automatically be added to endpoints with informative or security risks, alerting you on endpoints that need attention. @@ -88,4 +88,4 @@ Alternatively, you can create a user-defined label via Endpoint Management in AP ## Availability -Endpoint Management’s labeling service is currently available to Enterprise API Shield subscribers. \ No newline at end of file +Endpoint Management's labeling service is currently available to Enterprise API Shield subscribers. \ No newline at end of file From 2841d28f0e3a08a4cdcd017487fe3772e8e52cb8 Mon Sep 17 00:00:00 2001 From: Patricia Loraine Santa Ana Date: Thu, 10 Oct 2024 20:19:48 -0700 Subject: [PATCH 5/7] remove space --- .../api-shield/management-and-monitoring/endpoint-labels.mdx | 1 - 1 file changed, 1 deletion(-) diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx index 3856b2e45c6d8bf..dc14c80b0eb7fda 100644 --- a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -85,7 +85,6 @@ Alternatively, you can create a user-defined label via Endpoint Management in AP 4. Choose the endpoints that you want to label by selecting its checkbox. 5. Select **Save label**. - ## Availability Endpoint Management's labeling service is currently available to Enterprise API Shield subscribers. \ No newline at end of file From cada733fe74bff8f94cf6a8f19a5b48a0dfe8333 Mon Sep 17 00:00:00 2001 From: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com> Date: Fri, 11 Oct 2024 09:49:06 -0700 Subject: [PATCH 6/7] Update src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx Co-authored-by: Jun Lee --- .../api-shield/management-and-monitoring/endpoint-labels.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx index dc14c80b0eb7fda..7800c380a45fd23 100644 --- a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -71,7 +71,7 @@ Alternatively, you can create a user-defined label via Endpoint Management in AP ## Apply a label to an individual endpoint 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain. -2. Go to **Security** > **API Shield** +2. Go to **Security** > **API Shield**. 3. Choose the endpoint that you want to label. 4. Select **Edit labels**. 5. Add the label(s) that you want to use for the endpoint from the list of managed and user-defined labels. From 02fcc06cf37cfe52937f99572e596e33b5293037 Mon Sep 17 00:00:00 2001 From: Patricia Santa Ana <103445940+patriciasantaana@users.noreply.github.com> Date: Fri, 11 Oct 2024 11:03:46 -0700 Subject: [PATCH 7/7] Apply suggestions from code review --- .../management-and-monitoring/endpoint-labels.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx index 7800c380a45fd23..0ec24cb868dc743 100644 --- a/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx +++ b/src/content/docs/api-shield/management-and-monitoring/endpoint-labels.mdx @@ -10,11 +10,11 @@ sidebar: API Shield's labeling service will help you organize your endpoints and address vulnerabilities in your API. The labeling service comes with managed and user-defined labels. -Today, managed labels are useful for organizing endpoints by use case. In a future release, managed labels will automatically be added to endpoints with informative or security risks, alerting you on endpoints that need attention. +Today, managed labels are useful for organizing endpoints by use case. In a future release, managed labels will automatically label endpoints by use case and those with informative or security risks, alerting you on endpoints that need attention. User-defined labels can also be added to endpoints in API Shield by creating a label and adding it to an individual endpoint or multiple endpoints. User-defined labels will be useful for organizing your endpoints by owner, version, or type. -You can sort and filter your endpoints based on the labels. +You can filter your endpoints based on the labels. ## Managed labels @@ -47,7 +47,7 @@ You can sort and filter your endpoints based on the labels. | Description | 4xx, 5xx responses | 2xx responses | | --- | --- | --- | | If _all_ requests are missing authentication, Cloudflare will apply the label: | (no label) | `cf-missing-auth` | -| If only _some_ requests missing authentication, Cloudflare will apply the label: | (no label) | `cf-mixed-auth` | +| If only _some_ requests are missing authentication, Cloudflare will apply the label: | (no label) | `cf-mixed-auth` | ## Create a label