From ad01af8002575a3781529404b6d84e0a63e62606 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 11 Dec 2024 14:48:56 -0600 Subject: [PATCH 1/4] Add test site procedure --- .../gateway/http-policies/file-sandboxing.mdx | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx index d5e257970d70f05..004b2e13434adea 100644 --- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx +++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx @@ -55,6 +55,24 @@ To begin quarantining downloaded files, turn on file sandboxing: You can now create [Quarantine HTTP policies](/cloudflare-one/policies/gateway/http-policies/#quarantine) to determine what files to scan in the sandbox. +## Test file sandboxing + +To test file sandboxing, you can create a Quarantine policy that matches the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/): + +1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**, then select **HTTP**. +2. Select **Add a policy**. +3. Add the following expression: + + | Selector | Operator | Value | Action | + | -------- | -------- | ----------------------------- | ---------- | + | Host | is | `sandbox.cloudflaredemos.com` | Quarantine | + +4. In **Sandbox file types**, select _ZIP Archive (zip)_. +5. From a device [connected to your Zero Trust organization](/cloudflare-one/connections/connect-devices/), open a browser and go to the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/). +6. Select **Download Test File**. + +Before downloading the test file to the device, Gateway will quarantine and scan the file while displaying an interstitial status page. + ## Compatibility ### Supported file types From 2ffc1cd7b45e0e8dfcce091c9b4cb3f758b8a3cb Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 11 Dec 2024 14:50:45 -0600 Subject: [PATCH 2/4] Rename section --- .../policies/gateway/http-policies/file-sandboxing.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx index 004b2e13434adea..3da8470233d8c7c 100644 --- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx +++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx @@ -55,9 +55,9 @@ To begin quarantining downloaded files, turn on file sandboxing: You can now create [Quarantine HTTP policies](/cloudflare-one/policies/gateway/http-policies/#quarantine) to determine what files to scan in the sandbox. -## Test file sandboxing +## Create test policy -To test file sandboxing, you can create a Quarantine policy that matches the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/): +To test file sandboxing is working, you can create a Quarantine policy that matches the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/): 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**, then select **HTTP**. 2. Select **Add a policy**. From bcf78dcd44d65e959fc7fcf1b11ecc244affb101 Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Wed, 11 Dec 2024 14:53:42 -0600 Subject: [PATCH 3/4] Fix changelog typo --- src/content/changelogs/casb.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/content/changelogs/casb.yaml b/src/content/changelogs/casb.yaml index 7e60371c1fc9e8e..1df51d932df2c7f 100644 --- a/src/content/changelogs/casb.yaml +++ b/src/content/changelogs/casb.yaml @@ -8,7 +8,7 @@ entries: - publish_date: "2024-06-03" title: Atlassian Bitbucket integration description: |- - Customers can now scan their Bitbucket Cloud workspaces for a variety of contextualized security issues such as source code exposure, admin misconfigurations, and more. + You can now scan your Bitbucket Cloud workspaces for a variety of contextualized security issues such as source code exposure, admin misconfigurations, and more. - publish_date: "2024-05-23" title: Data-at-rest DLP for Box and Dropbox description: |- From 7ea335c4038e8c49d6ba914b0af1d2a006eee9fd Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Thu, 12 Dec 2024 17:28:04 -0500 Subject: [PATCH 4/4] Update file-sandboxing.mdx --- .../policies/gateway/http-policies/file-sandboxing.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx index 3da8470233d8c7c..53d62923820cb2d 100644 --- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx +++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/file-sandboxing.mdx @@ -57,7 +57,7 @@ You can now create [Quarantine HTTP policies](/cloudflare-one/policies/gateway/h ## Create test policy -To test file sandboxing is working, you can create a Quarantine policy that matches the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/): +To test if file sandboxing is working, you can create a Quarantine policy that matches the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/): 1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **Gateway** > **Firewall policies**, then select **HTTP**. 2. Select **Add a policy**. @@ -71,7 +71,7 @@ To test file sandboxing is working, you can create a Quarantine policy that matc 5. From a device [connected to your Zero Trust organization](/cloudflare-one/connections/connect-devices/), open a browser and go to the [Cloudflare Sandbox Test](https://sandbox.cloudflaredemos.com/). 6. Select **Download Test File**. -Before downloading the test file to the device, Gateway will quarantine and scan the file while displaying an interstitial status page. +Gateway will quarantine and scan the file, display an interstitial status page in the browser, then release the file for download. ## Compatibility