From 7eeed215376fa50bc3fbfac658a28b16a1725b17 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Tue, 3 Dec 2024 17:03:12 +0000
Subject: [PATCH 1/5] [WAF] Update threat score
---
.../security-level.mdx | 5 ++--
src/content/docs/waf/tools/security-level.mdx | 23 +++++++++----------
.../partials/waf/security-level-scores.mdx | 23 +++++--------------
.../partials/waf/threat-score-definition.mdx | 13 +++++++++++
4 files changed, 33 insertions(+), 31 deletions(-)
create mode 100644 src/content/partials/waf/threat-score-definition.mdx
diff --git a/src/content/docs/learning-paths/application-security/default-traffic-security/security-level.mdx b/src/content/docs/learning-paths/application-security/default-traffic-security/security-level.mdx
index 960b616df4f5008..3e994141c32ece3 100644
--- a/src/content/docs/learning-paths/application-security/default-traffic-security/security-level.mdx
+++ b/src/content/docs/learning-paths/application-security/default-traffic-security/security-level.mdx
@@ -3,11 +3,12 @@ title: Security level
pcx_content_type: learning-unit
sidebar:
order: 2
-
---
-import { Render } from "~/components"
+import { Render } from "~/components";
+
+
diff --git a/src/content/docs/waf/tools/security-level.mdx b/src/content/docs/waf/tools/security-level.mdx
index 99d82b4050c452d..9d1cc6c3d670d5d 100644
--- a/src/content/docs/waf/tools/security-level.mdx
+++ b/src/content/docs/waf/tools/security-level.mdx
@@ -2,22 +2,23 @@
pcx_content_type: reference
source: https://support.cloudflare.com/hc/en-us/articles/200170056-Understanding-the-Cloudflare-Security-Level
title: Security Level
-
---
-import { Render } from "~/components"
+import { Render } from "~/components";
-***
+---
+
+
-***
+---
## Customize security level
-The default security level is *Medium*.
+The default security level is _Medium_.
### Update globally
@@ -31,16 +32,14 @@ To update the security level for your entire zone:
To set the security level more selectively, do one of the following:
-* Configure it via a [configuration rule](/rules/configuration-rules/).
-* Use the **Threat Score** as a **Field** criteria within [custom rules](/waf/custom-rules/). If you are using the Expression Editor, use the `cf.threat_score` field.
+- Configure it via a [configuration rule](/rules/configuration-rules/).
+- Use the **Threat Score** as a **Field** criteria within [custom rules](/waf/custom-rules/). If you are using the Expression Editor, use the `cf.threat_score` field.
-***
+---
## Recommendations
To prevent bot IPs from attacking a website:
-* A new website owner might set a *Medium* or *High* **Security Level** and lower [**Challenge Passage**](/waf/tools/challenge-passage/) to a value below **30 minutes** to ensure that Cloudflare is constantly protecting the site.
-* An experienced website administrator confident in their security settings might set **Security Level** to *Essentially Off* or *Low* while setting a higher [**Challenge Passage**](/waf/tools/challenge-passage/) for a week, month, or even year to provide a less obtrusive visitor experience.
-
-You can also create [WAF custom rules](/waf/custom-rules/) to protect sensitive areas of your website — like comment form pages or login forms — using the [threat score](#threat-score) in your rule expression. The flexibility of custom rules allows you to select the action to take (for example, challenge or block) and exclude specific IP addresses.
+- A new website owner might set a _Medium_ or _High_ **Security Level** and lower [**Challenge Passage**](/waf/tools/challenge-passage/) to a value below **30 minutes** to ensure that Cloudflare is constantly protecting the site.
+- An experienced website administrator confident in their security settings might set **Security Level** to _Essentially Off_ or _Low_ while setting a higher [**Challenge Passage**](/waf/tools/challenge-passage/) for a week, month, or even year to provide a less obtrusive visitor experience.
diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
index 97702e753da79c1..bde585230d1debc 100644
--- a/src/content/partials/waf/security-level-scores.mdx
+++ b/src/content/partials/waf/security-level-scores.mdx
@@ -1,40 +1,29 @@
---
{}
-
---
-## Threat score
-
-The threat score measures IP reputation across Cloudflare services. This score is calculated based on [Project Honeypot](https://www.projecthoneypot.org/), external public IP information, as well as internal threat intelligence from our [WAF managed rules](/waf/reference/legacy/old-waf-managed-rules/) and [DDoS](/ddos-protection/about/).
-
-The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
-
## Security levels
-Security levels are based on the threat score (except *Off* and *I’m Under Attack!*). You can adjust the security level to challenge incoming requests based on the threat they pose.
+Security levels are based on the threat score (except _Off_ and _I’m Under Attack!_). You can adjust the security level to challenge incoming requests based on the threat they pose.
The available security levels are the following:
-
-
| Security Level | Threat score range | Description |
| ----------------------------------- | ------------------ | ------------------------------------------------------------------------------------ |
-| Off (Enterprise
customers only) | *N/A* | Does not challenge IP addresses. |
+| Off (Enterprise
customers only) | _N/A_ | Does not challenge IP addresses. |
| Essentially off | 50–100 | Only challenges IP addresses with the worst reputation. |
| Low | 25–100 | Challenges only threatening visitors. |
| Medium | 15–100 | Challenges both threatening and moderately threatening visitors. |
| High | 0–100 | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
-| I’m Under Attack! | *N/A* | Only for use if your website is currently under a DDoS attack. |
-
-
+| I’m Under Attack! | _N/A_ | Only for use if your website is currently under a DDoS attack. |
Selecting a higher **Security Level** value means that even requests with a lower risk (that is, with a low [threat score](#threat-score)) will be challenged. Selecting a lower **Security Level** value means that only requests posing a higher risk (that is, with a high threat score) will be challenged.
-Security levels from *Essentially off* to *High* will challenge the visitor using a Managed Challenge. When you select *I'm Under Attack!*, which enables [I'm Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
+Security levels from _Essentially off_ to _High_ will challenge the visitor using a Managed Challenge. When you select _I'm Under Attack!_, which enables [I'm Under Attack mode](/fundamentals/reference/under-attack-mode/), Cloudflare will present a JS challenge page.
:::caution
-Only use [I'm Under Attack mode](/fundamentals/reference/under-attack-mode/) when a website is under a DDoS attack. I'm Under Attack mode may affect some actions on your domain, such as your API traffic.
+Only use [I'm Under Attack mode](/fundamentals/reference/under-attack-mode/) when a website is under a DDoS attack. I'm Under Attack mode may affect some actions on your domain, such as your API traffic.
-To set a custom security level for your API or any other part of your domain, create a [configuration rule](/rules/configuration-rules/).
+To set a custom security level for your API or any other part of your domain, create a [configuration rule](/rules/configuration-rules/).
:::
diff --git a/src/content/partials/waf/threat-score-definition.mdx b/src/content/partials/waf/threat-score-definition.mdx
new file mode 100644
index 000000000000000..018260d262ce877
--- /dev/null
+++ b/src/content/partials/waf/threat-score-definition.mdx
@@ -0,0 +1,13 @@
+---
+{}
+---
+
+## Threat score
+
+The threat score measures IP reputation across Cloudflare services. This score is calculated based on [Project Honeypot](https://www.projecthoneypot.org/), external public IP information, as well as internal threat intelligence from our [WAF managed rules](/waf/reference/legacy/old-waf-managed-rules/) and [DDoS](/ddos-protection/about/).
+
+The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
+
+:::note[Recommendation]
+Currently the threat score is not being populated and always has the value `0`. It is not recommended that you create rules based on this score.
+:::
From 5d0d4132c4d9e8c3aa7724ea0f05fab0588f2ec2 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Tue, 3 Dec 2024 17:08:24 +0000
Subject: [PATCH 2/5] Update recommendation
---
src/content/partials/waf/threat-score-definition.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/partials/waf/threat-score-definition.mdx b/src/content/partials/waf/threat-score-definition.mdx
index 018260d262ce877..c1c8ab7d45a3a8c 100644
--- a/src/content/partials/waf/threat-score-definition.mdx
+++ b/src/content/partials/waf/threat-score-definition.mdx
@@ -9,5 +9,5 @@ The threat score measures IP reputation across Cloudflare services. This score i
The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
:::note[Recommendation]
-Currently the threat score is not being populated and always has the value `0`. It is not recommended that you create rules based on this score.
+Currently you should not create rules based on the threat score, since this score is no longer being populated.
:::
From ea54b55952b4ac4d5476914af46aadcfaec36ee3 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Tue, 3 Dec 2024 17:09:23 +0000
Subject: [PATCH 3/5] Apply Hyperlint suggestions
Co-authored-by: hyperlint-ai[bot] <154288675+hyperlint-ai[bot]@users.noreply.github.com>
---
src/content/partials/waf/security-level-scores.mdx | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
index bde585230d1debc..e1bae18906f1505 100644
--- a/src/content/partials/waf/security-level-scores.mdx
+++ b/src/content/partials/waf/security-level-scores.mdx
@@ -4,7 +4,7 @@
## Security levels
-Security levels are based on the threat score (except _Off_ and _I’m Under Attack!_). You can adjust the security level to challenge incoming requests based on the threat they pose.
+Security levels are based on the threat score (except _Off_ and _I'm Under Attack!_). You can adjust the security level to challenge incoming requests based on the threat they pose.
The available security levels are the following:
@@ -15,7 +15,7 @@ The available security levels are the following:
| Low | 25–100 | Challenges only threatening visitors. |
| Medium | 15–100 | Challenges both threatening and moderately threatening visitors. |
| High | 0–100 | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
-| I’m Under Attack! | _N/A_ | Only for use if your website is currently under a DDoS attack. |
+| I'm Under Attack! | _N/A_ | Only for use if your website is currently under a DDoS attack. |
Selecting a higher **Security Level** value means that even requests with a lower risk (that is, with a low [threat score](#threat-score)) will be challenged. Selecting a lower **Security Level** value means that only requests posing a higher risk (that is, with a high threat score) will be challenged.
From 842b18c944a3226119df0840c26f3b0a7c7835a3 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Tue, 3 Dec 2024 18:18:23 +0000
Subject: [PATCH 4/5] Update note
---
src/content/partials/waf/threat-score-definition.mdx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/content/partials/waf/threat-score-definition.mdx b/src/content/partials/waf/threat-score-definition.mdx
index c1c8ab7d45a3a8c..d0a07325129ddc4 100644
--- a/src/content/partials/waf/threat-score-definition.mdx
+++ b/src/content/partials/waf/threat-score-definition.mdx
@@ -9,5 +9,5 @@ The threat score measures IP reputation across Cloudflare services. This score i
The threat score of a request has a value from 0 to 100, where 0 indicates low risk. Values above 10 may represent spammers or bots, and values above 40 identify bad actors on the Internet.
:::note[Recommendation]
-Currently you should not create rules based on the threat score, since this score is no longer being populated.
+Currently we do not recommend creating rules based on the threat score, since this score is no longer being populated.
:::
From 338b0a6384df017d9b9286f53570a42f3709eca5 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Tue, 3 Dec 2024 18:18:45 +0000
Subject: [PATCH 5/5] Remote score range from table
---
.../partials/waf/security-level-scores.mdx | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/content/partials/waf/security-level-scores.mdx b/src/content/partials/waf/security-level-scores.mdx
index e1bae18906f1505..e5a5e57aae68de1 100644
--- a/src/content/partials/waf/security-level-scores.mdx
+++ b/src/content/partials/waf/security-level-scores.mdx
@@ -8,14 +8,14 @@ Security levels are based on the threat score (except _Off_ and _I'm Under Attac
The available security levels are the following:
-| Security Level | Threat score range | Description |
-| ----------------------------------- | ------------------ | ------------------------------------------------------------------------------------ |
-| Off (Enterprise
customers only) | _N/A_ | Does not challenge IP addresses. |
-| Essentially off | 50–100 | Only challenges IP addresses with the worst reputation. |
-| Low | 25–100 | Challenges only threatening visitors. |
-| Medium | 15–100 | Challenges both threatening and moderately threatening visitors. |
-| High | 0–100 | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
-| I'm Under Attack! | _N/A_ | Only for use if your website is currently under a DDoS attack. |
+| Security Level | Description |
+| ----------------------------------- | ------------------------------------------------------------------------------------ |
+| Off (Enterprise
customers only) | Does not challenge IP addresses. |
+| Essentially off | Only challenges IP addresses with the worst reputation. |
+| Low | Challenges only threatening visitors. |
+| Medium | Challenges both threatening and moderately threatening visitors. |
+| High | Challenges all visitors that exhibited threatening behavior within the last 14 days. |
+| I'm Under Attack! | Only for use if your website is currently under a DDoS attack. |
Selecting a higher **Security Level** value means that even requests with a lower risk (that is, with a low [threat score](#threat-score)) will be challenged. Selecting a lower **Security Level** value means that only requests posing a higher risk (that is, with a high threat score) will be challenged.