diff --git a/.gitignore b/.gitignore index 1a712949573da76..33301b4013d5966 100644 --- a/.gitignore +++ b/.gitignore @@ -25,4 +25,6 @@ pnpm-debug.log* .wrangler /assets/secrets -/worker/functions/ \ No newline at end of file +/worker/functions/ + +.idea \ No newline at end of file diff --git a/src/content/docs/radar/concepts/aggregation-intervals.mdx b/src/content/docs/radar/concepts/aggregation-intervals.mdx index 9db3bf849e99f9a..57703887d8e327d 100644 --- a/src/content/docs/radar/concepts/aggregation-intervals.mdx +++ b/src/content/docs/radar/concepts/aggregation-intervals.mdx @@ -17,3 +17,4 @@ For example, when requesting one day of data, the default aggregation interval i | `15m` | 15 minutes frequency. | | `1h` | One hour frequency. | | `1d` | One day frequency. | +| `1w` | One week frequency. | diff --git a/src/content/docs/radar/concepts/bot-classes.mdx b/src/content/docs/radar/concepts/bot-classes.mdx index 2e337cd1c743f5d..baef7abb1c0d9ca 100644 --- a/src/content/docs/radar/concepts/bot-classes.mdx +++ b/src/content/docs/radar/concepts/bot-classes.mdx @@ -8,7 +8,7 @@ sidebar: A bot class in Radar is a grouping of [bot scores](/bots/concepts/bot-score). -Scores between 1 to 29 are classified as bot traffic. Scores equal or above 30 are classified as non-bot/human traffic. +Scores between 1 and 29 are classified as bot traffic. Scores equal or above 30 are classified as non-bot/human traffic. | Class | Description | | -------------------- | ---------------------------- | diff --git a/src/content/docs/radar/concepts/normalization.mdx b/src/content/docs/radar/concepts/normalization.mdx index 39ec58bf97665ff..e94e42db492c684 100644 --- a/src/content/docs/radar/concepts/normalization.mdx +++ b/src/content/docs/radar/concepts/normalization.mdx @@ -12,12 +12,13 @@ Refer to the `result.meta.normalization` property in the response to check which ## Method -| Method | Description | -| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `PERCENTAGE` | Values represent percentages. | -| `PERCENTAGE_CHANGE` | Values represent a [percentage change](https://en.wikipedia.org/wiki/Relative_change_and_difference#Percentage_change) from a baseline period. | -| `MIN_MAX` | Values have been normalized using [min-max](https://en.wikipedia.org/wiki/Feature_scaling#Rescaling_\(min-max_normalization\)). | -| `MIN0_MAX` | Values have been normalized using min-max, but setting the minimum value to `0`. Equivalent to a proportion of the maximum value in the entire response, scaled between 0 and 1. | -| `RAW_VALUES` | Values are raw and have not been changed. | +| Method | Description | +| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `PERCENTAGE` | Values represent percentages. | +| `PERCENTAGE_CHANGE` | Values represent a [percentage change](https://en.wikipedia.org/wiki/Relative_change_and_difference#Percentage_change) from a baseline period. | +| `OVERLAPPED_PERCENTAGE` | Values represent percentages that exceed 100% due to overlap. | +| `MIN_MAX` | Values have been normalized using [min-max](https://en.wikipedia.org/wiki/Feature_scaling#Rescaling_\(min-max_normalization\)). | +| `MIN0_MAX` | Values have been normalized using min-max, but setting the minimum value to `0`. Equivalent to a proportion of the maximum value in the entire response, scaled between 0 and 1. | +| `RAW_VALUES` | Values are raw and have not been changed. | If you want to compare values across locations/time ranges/etc., in endpoints that normalize values using min-max, you must do so in the same request. This is done by asking for multiple series. All values will then be normalized using the same minimum and maximum value and can safely be compared against each other. Refer to [Make comparisons](/radar/get-started/making-comparisons/) for more information. diff --git a/src/content/docs/radar/get-started/error-codes.mdx b/src/content/docs/radar/get-started/error-codes.mdx index f2bf5f0ebb7fee4..7de862ae1935cc1 100644 --- a/src/content/docs/radar/get-started/error-codes.mdx +++ b/src/content/docs/radar/get-started/error-codes.mdx @@ -1,11 +1,11 @@ --- pcx_content_type: reference -title: Radar API Error Codes +title: Radar API error codes sidebar: order: 3 head: - tag: title - content: Radar API Error Codes + content: Radar API error codes --- diff --git a/src/content/docs/radar/get-started/making-comparisons.mdx b/src/content/docs/radar/get-started/making-comparisons.mdx index bcbb318f0e5bdbe..cd1846f4462ba76 100644 --- a/src/content/docs/radar/get-started/making-comparisons.mdx +++ b/src/content/docs/radar/get-started/making-comparisons.mdx @@ -8,7 +8,7 @@ sidebar: When comparing time series, across locations/time ranges/etc., in endpoints that normalize values using [min-max](/radar/concepts/normalization), you must do so in the same request. This is done by asking for multiple series. All values will then be normalized using the same minimum and maximum value and can safely be compared against each other. -[Netflows](/radar/investigate/netflows) values are normalized using [min0-max](/radar/concepts/normalization), so we will use it as an example. Refer to [Get NetFlow time series](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information. +[NetFlows](/radar/investigate/netflows) values are normalized using [min0-max](/radar/concepts/normalization), so we will use it as an example. Refer to [Get NetFlow time series](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information. ## Compare locations @@ -27,7 +27,7 @@ The second series has the following parameters: `name=pt_data&dateRange=7d&location=PT` -All of these parameters are arrays and it is the position in the array that defines the series the filter belongs to. Refer to [NetFlow's endpoint](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information on the available parameters. +All of these parameters are arrays, and it is the position in the array that defines the series the filter belongs to. Refer to [NetFlow's endpoint](/api/resources/radar/subresources/netflows/methods/timeseries/) for more information on the available parameters. The response (shortened below for brevity) uses the provided `name` property to wrap the timestamps and corresponding values. If we chart this data, it becomes obvious that Cloudflare received much less traffic from Portugal than from the United States. @@ -50,6 +50,7 @@ The response (shortened below for brevity) uses the provided `name` property to "endTime": "2022-11-02T17:00:00Z" }, "aggInterval": "ONE_HOUR", + // ... } } } @@ -113,13 +114,15 @@ In the above example, we requested for an [aggregation interval](/radar/concepts The `result` property should return a response like this: ```json -"tonga": { - "timestamps": ["2022-10-15T02:00:00Z", "2022-10-15T03:00:00Z", "2022-10-15T04:00:00Z", "2022-10-15T05:00:00Z"], - "values": ["1.0", "0.832473", "0.820083", "0.79408"] -}, -"tonga_outage": { - "timestamps": ["2022-01-15T02:00:00Z", "2022-01-15T03:00:00Z", "2022-01-15T04:00:00Z", "2022-01-15T05:00:00Z"], - "values": ["0.354105", "0.357287", "0.181811", "0.044198"] +{ + "tonga": { + "timestamps": ["2022-10-15T02:00:00Z", "2022-10-15T03:00:00Z", "2022-10-15T04:00:00Z", "2022-10-15T05:00:00Z"], + "values": ["1.0", "0.832473", "0.820083", "0.79408"] + }, + "tonga_outage": { + "timestamps": ["2022-01-15T02:00:00Z", "2022-01-15T03:00:00Z", "2022-01-15T04:00:00Z", "2022-01-15T05:00:00Z"], + "values": ["0.354105", "0.357287", "0.181811", "0.044198"] + } } ``` diff --git a/src/content/docs/radar/glossary.mdx b/src/content/docs/radar/glossary.mdx index 6d41eed80f76966..364cbd358f3b6bf 100644 --- a/src/content/docs/radar/glossary.mdx +++ b/src/content/docs/radar/glossary.mdx @@ -110,6 +110,10 @@ Internet connectivity can experience outages or disruptions due to a number of f An early warning signal that an Internet outage may be underway on a given network or in a given country is an anomalous drop in traffic as compared to historical traffic patterns and trends. Internet anomalies listed in the Cloudflare Radar Outage Center represent an algorithmically-observed anomalous drop in traffic for the listed entity. If a given entry is marked as verified, it means that we have manually corroborated the observed drop in traffic across multiple Cloudflare data sources and/or third-party sources such as [IODA](https://ioda.inetintel.cc.gatech.edu/), or third-party sources of information, such as those listed above. In the case of the latter, an associated Internet outage event will be opened, with the event listed in the Internet Outages table (and API). +## Internet services ranking + +Internet services ranking is based on our anonymized and aggregated 1.1.1.1 resolver data, complies with our [privacy policy](https://www.cloudflare.com/en-gb/privacypolicy/), and aims to identify the top most popular Internet services that reflect how people use the Internet globally. A service represents one or more domains aggregated together. Ranking popularity metric is best described as the estimated number of unique users that access domains associated with a service, over some period of time. + ## Internet traffic trends Trends observed in Internet traffic originating globally or within a given location or autonomous system within the selected time range, based on aggregated data from our network. @@ -154,6 +158,14 @@ Network-level DDoS attacks graphs are based on traffic measured in bytes. The Post-Quantum Encryption Adoption graph shows the share of HTTPS requests to Cloudflare that are encrypted with post-quantum (PQ) cryptography. Additional details about Cloudflare's support for PQ cryptography can be found at [Cloudflare Research](https://pq.cloudflareresearch.com/). +## Robots.txt + +A [robots.txt](https://www.cloudflare.com/learning/bots/what-is-robots-txt/) file contains instructions for bots that tell them which webpages they can and cannot access. + +The data displayed for robots.txt is based on successfully parsed robots.txt files from the top 10,000 domains. From these files, we count the occurrences of each user agent under the "Allow" and "Disallow" directives. A user agent is classified as "fully allowed" or "fully disallowed" if the directive value is "*". Otherwise, if the user agent is only allowed or disallowed to crawl specific paths, it is classified as "partially allowed" or "partially disallowed." + +Currently, we only include AI-focused user agents listed in the [ai.robots.txt](https://github.com/ai-robots-txt/ai.robots.txt) repository. + ## TCP resets and timeouts In the Transmission Control Protocol (TCP), client-initiated connection resets (via the RST flag, TCP's "panic button") are atypical, and indicate to the server that *something went wrong* requiring the connection to be closed immediately. Similarly, connection timeouts (where the server closes a connection due to an unresponsive client) should not happen in conventional data exchanges. For comparison, a typical TCP connection consists of a 3-way handshake initiated by a client with a SYN packet to the server, then a data exchange moderated with ACK and PSH flags in the data packets, and finally a graceful close initiated from either side with a FIN packet. A FIN close is considered graceful because it ensures both sides complete their data transfer before closing the connection. In contrast, a timeout or RST flag triggers a hard stop, even if data is waiting to be sent or acknowledged. See [RFC 9293](https://datatracker.ietf.org/doc/html/rfc9293) for more details on the TCP protocol. @@ -205,3 +217,7 @@ The data displayed on domain-specific geographic traffic patterns is based solel ## WHOIS WHOIS is a standard for publishing the contact and nameserver information for all registered domains. Each registrar maintains their own WHOIS service. Anyone can query the registrar's WHOIS service to reveal the data behind a given domain. + +## Workers AI + +[Workers AI](/workers-ai/) allows you to run machine learning models, on the Cloudflare network, from your own code -- whether that be from Workers, Pages, or anywhere via the Cloudflare API. The data displayed for Workers AI is based on the number of Cloudflare accounts using a model during a specific time interval. diff --git a/src/content/docs/radar/investigate/application-layer-attacks.mdx b/src/content/docs/radar/investigate/application-layer-attacks.mdx index 448c2031e59debc..f948e7699d5b83f 100644 --- a/src/content/docs/radar/investigate/application-layer-attacks.mdx +++ b/src/content/docs/radar/investigate/application-layer-attacks.mdx @@ -30,7 +30,7 @@ Like in [HTTP requests](/radar/investigate/http-requests), these endpoints can b Let us examine the global distribution of mitigated requests by product. ```bash -curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/timeseries_groups?aggInterval=1h&dateRange=1d&name=attacks&format=json" \ +curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/timeseries_groups/mitigation_product?aggInterval=1h&dateRange=1d&name=attacks&format=json" \ --header "Authorization: Bearer " ``` @@ -56,6 +56,7 @@ From the abbreviated response below, we can conclude that distributed denial-of- "startTime": "2022-11-05T11:00:00Z", "endTime": "2022-11-06T11:00:00Z" }, + // ... } } } @@ -75,14 +76,23 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/summary?location ``` ```json -"attacks_gb": { - "waf": "75.012138", - "ddos": "18.539149", - "ip_reputation": "5.721021", - "access_rules": "0.592515", - "bot_management": "0.131998", - "api_shield": "0.003178", - "data_loss_prevention": "0.0" +{ + "success": true, + "errors": [], + "result": { + "attacks_gb": { + "waf": "75.012138", + "ddos": "18.539149", + "ip_reputation": "5.721021", + "access_rules": "0.592515", + "bot_management": "0.131998", + "api_shield": "0.003178", + "data_loss_prevention": "0.0" + }, + "meta": { + // ... + } + } } ``` @@ -106,37 +116,44 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/top/locations/ta "success": true, "errors": [], "result": { - "attacks_target": [{ - "targetCountryName": "Belgium", - "targetCountryAlpha2": "BE", - "value": "18.536740", - "rank": 1 - }, { - "targetCountryName": "United States", - "targetCountryAlpha2": "US", - "value": "16.116210", - "rank": 2 - }, { - "targetCountryName": "China", - "targetCountryAlpha2": "CN", - "value": "13.864696", - "rank": 3 - }, { - "targetCountryName": "India", - "targetCountryAlpha2": "IN", - "value": "4.344139", - "rank": 4 - }, { - "targetCountryName": "Germany", - "targetCountryAlpha2": "DE", - "value": "4.182777", - "rank": 5 - }], + "attacks_target": [ + { + "targetCountryName": "Belgium", + "targetCountryAlpha2": "BE", + "value": "18.536740", + "rank": 1 + }, + { + "targetCountryName": "United States", + "targetCountryAlpha2": "US", + "value": "16.116210", + "rank": 2 + }, + { + "targetCountryName": "China", + "targetCountryAlpha2": "CN", + "value": "13.864696", + "rank": 3 + }, + { + "targetCountryName": "India", + "targetCountryAlpha2": "IN", + "value": "4.344139", + "rank": 4 + }, + { + "targetCountryName": "Germany", + "targetCountryAlpha2": "DE", + "value": "4.182777", + "rank": 5 + } + ], "meta": { "dateRange": { "startTime": "2022-11-05T12:00:00Z", "endTime": "2022-11-06T12:00:00Z" }, + // ... } } } @@ -159,43 +176,58 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer7/top/attacks?limi A typical response will be similar to the following: -``` -[{ - "originCountryName": "United States", - "originCountryAlpha2": "US", - "targetCountryName": "United States", - "targetCountryAlpha2": "US", - "value": "3.790724", - "rank": 1 -}, { - "originCountryName": "United States", - "originCountryAlpha2": "US", - "targetCountryName": "Belgium", - "targetCountryAlpha2": "BE", - "value": "3.602177", - "rank": 2 -}, { - "originCountryName": "China", - "originCountryAlpha2": "CN", - "targetCountryName": "Netherlands", - "targetCountryAlpha2": "NL", - "value": "3.017341", - "rank": 3 -}, { - "originCountryName": "China", - "originCountryAlpha2": "CN", - "targetCountryName": "China", - "targetCountryAlpha2": "CN", - "value": "2.472068", - "rank": 4 -}, { - "originCountryName": "Indonesia", - "originCountryAlpha2": "ID", - "targetCountryName": "China", - "targetCountryAlpha2": "CN", - "value": "2.056729", - "rank": 5 -}] +```json +{ + "success": true, + "errors": [], + "result": { + "top_0": [ + { + "originCountryName": "United States", + "originCountryAlpha2": "US", + "targetCountryName": "United States", + "targetCountryAlpha2": "US", + "value": "3.790724", + "rank": 1 + }, + { + "originCountryName": "United States", + "originCountryAlpha2": "US", + "targetCountryName": "Belgium", + "targetCountryAlpha2": "BE", + "value": "3.602177", + "rank": 2 + }, + { + "originCountryName": "China", + "originCountryAlpha2": "CN", + "targetCountryName": "Netherlands", + "targetCountryAlpha2": "NL", + "value": "3.017341", + "rank": 3 + }, + { + "originCountryName": "China", + "originCountryAlpha2": "CN", + "targetCountryName": "China", + "targetCountryAlpha2": "CN", + "value": "2.472068", + "rank": 4 + }, + { + "originCountryName": "Indonesia", + "originCountryAlpha2": "ID", + "targetCountryName": "China", + "targetCountryAlpha2": "CN", + "value": "2.056729", + "rank": 5 + } + ], + "meta": { + // ... + } + } +} ``` This means that 3.79% of all mitigated requests are from and to the US, 3.6% of all mitigated requests are from the US to Belgium, etc.. diff --git a/src/content/docs/radar/investigate/dns.mdx b/src/content/docs/radar/investigate/dns.mdx index d6d416038d46c67..be31903bfadd04b 100644 --- a/src/content/docs/radar/investigate/dns.mdx +++ b/src/content/docs/radar/investigate/dns.mdx @@ -25,13 +25,25 @@ The response shows that most queries come from the United States and Brazil: ```json { - "clientCountryAlpha2": "US", - "clientCountryName": "United States", - "value": "43.474518" -}, { - "clientCountryAlpha2": "BR", - "clientCountryName": "Brazil", - "value": "10.772799" + "success": true, + "errors": [], + "result": { + "top_0": [ + { + "clientCountryAlpha2": "US", + "clientCountryName": "United States", + "value": "43.474518" + }, + { + "clientCountryAlpha2": "BR", + "clientCountryName": "Brazil", + "value": "10.772799" + } + ], + "meta": { + // ... + } + } } ``` @@ -46,13 +58,25 @@ Returns the following response: ```json { - "clientCountryAlpha2": "RU", - "clientCountryName": "Russian Federation", - "value": "73.710495" -}, { - "clientCountryAlpha2": "DE", - "clientCountryName": "Germany", - "value": "5.518052" + "success": true, + "errors": [], + "result": { + "top_0": [ + { + "clientCountryAlpha2": "RU", + "clientCountryName": "Russian Federation", + "value": "73.710495" + }, + { + "clientCountryAlpha2": "DE", + "clientCountryName": "Germany", + "value": "5.518052" + } + ], + "meta": { + // ... + } + } } ``` @@ -60,7 +84,7 @@ As expected, most queries come from Russia. :::note -Note that these examples return the total number of DNS queries from a location to a hostname, *out* of the total DNS queries to a given hostname. In this sense, it is expected that locations with higher population numbers — like the United States — frequently appear in the top spots, even if the actual percentage is low. +Note that these examples return the total number of DNS queries from a location to a hostname, *out* of the total DNS queries to a given hostname. In this sense, it is expected that locations with higher population numbers — like the United States — frequently appear in the top spots, even if the actual percentage is low. ::: You can also provide multiple hostnames. Refer to [Get DNS top locations](/api/resources/radar/subresources/dns/subresources/top/methods/locations/) for more information. This is useful when the application you want to explore uses several hostnames to serve its content (like a hostname for the main website, another hostname dedicated to its API, etc.). diff --git a/src/content/docs/radar/investigate/domain-ranking-datasets.mdx b/src/content/docs/radar/investigate/domain-ranking-datasets.mdx index 6bec0edb6d838bf..9221b842f0cc1d1 100644 --- a/src/content/docs/radar/investigate/domain-ranking-datasets.mdx +++ b/src/content/docs/radar/investigate/domain-ranking-datasets.mdx @@ -24,24 +24,35 @@ curl "https://api.cloudflare.com/client/v4/radar/ranking/top?name=top&limit=5" \ ```json { - "rank": 1, - "domain": "google.com" -}, -{ - "rank": 2, - "domain": "googleapis.com" -}, -{ - "rank": 3, - "domain": "facebook.com" -}, -{ - "rank": 4, - "domain": "gstatic.com" -}, -{ - "rank": 5, - "domain": "apple.com" + "success": true, + "errors": [], + "result": { + "top_0": [ + { + "rank": 1, + "domain": "google.com" + }, + { + "rank": 2, + "domain": "googleapis.com" + }, + { + "rank": 3, + "domain": "facebook.com" + }, + { + "rank": 4, + "domain": "gstatic.com" + }, + { + "rank": 5, + "domain": "apple.com" + } + ] + }, + "meta": { + // ... + } } ``` @@ -62,23 +73,27 @@ curl "https://api.cloudflare.com/client/v4/radar/datasets?limit=10&datasetType=R ```json { - "datasets": [ - { - "id": 213, - "title": "Top 1000000 ranking domains", - "description": "Unordered top 1000000 from 2023-01-02 to 2023-01-09", - "type": "RANKING_BUCKET", - "tags": [ - "GLOBAL", - "top_1000000" - ], - "meta": { - "top": 1000000 - }, - "alias": "ranking_top_1000000" - }, - ... - ] + "success": true, + "errors": [], + "result": { + "datasets": [ + { + "id": 213, + "title": "Top 1000000 ranking domains", + "description": "Unordered top 1000000 from 2023-01-02 to 2023-01-09", + "type": "RANKING_BUCKET", + "tags": [ + "GLOBAL", + "top_1000000" + ], + "meta": { + "top": 1000000 + }, + "alias": "ranking_top_1000000" + }, + // ... + ] + } } ``` @@ -97,9 +112,13 @@ curl "https://api.cloudflare.com/client/v4/radar/datasets/download" \ ```json { - "dataset": { - "url": "https://example.com/download" - } + "success": true, + "errors": [], + "result": { + "dataset": { + "url": "https://example.com/download" + } + } } ``` diff --git a/src/content/docs/radar/investigate/http-requests.mdx b/src/content/docs/radar/investigate/http-requests.mdx index eb0728f97b2b2a3..057d98b633eca0b 100644 --- a/src/content/docs/radar/investigate/http-requests.mdx +++ b/src/content/docs/radar/investigate/http-requests.mdx @@ -6,7 +6,7 @@ sidebar: --- -While in [Netflows](/radar/investigate/netflows/) we can inspect bytes and packets reaching Cloudflare's edge routers, in HTTP requests we are a layer above in the [OSI model](https://en.wikipedia.org/wiki/OSI_model). HTTP requests examines complete HTTP requests from end users that reach websites served by Cloudflare's [CDN](https://www.cloudflare.com/en-gb/learning/cdn/what-is-a-cdn/). +While in [NetFlows](/radar/investigate/netflows/) we can inspect bytes and packets reaching Cloudflare's edge routers, in HTTP requests we are a layer above in the [OSI model](https://en.wikipedia.org/wiki/OSI_model). HTTP requests examines complete HTTP requests from end users that reach websites served by Cloudflare's [CDN](https://www.cloudflare.com/en-gb/learning/cdn/what-is-a-cdn/). :::note @@ -87,15 +87,21 @@ curl "https://api.cloudflare.com/client/v4/radar/http/summary/device_type?name=h Here is the abbreviated response: ```json -"human": { - "mobile": "54.967243", - "desktop": "44.974006", - "other": "0.058751" -}, -"bot": { - "desktop": "83.275452", - "mobile": "16.707455", - "other": "0.017093" +{ + "success": true, + "errors": [], + "result": { + "human": { + "mobile": "54.967243", + "desktop": "44.974006", + "other": "0.058751" + }, + "bot": { + "desktop": "83.275452", + "mobile": "16.707455", + "other": "0.017093" + } + } } ``` @@ -113,13 +119,19 @@ curl "https://api.cloudflare.com/client/v4/radar/http/summary/ip_version?name=hu This returns the following: ```json -"human": { - "IPv4": "76.213647", - "IPv6": "23.786353" -}, -"bot": { - "IPv4": "91.492032", - "IPv6": "8.507968" +{ + "success": true, + "errors": [], + "result": { + "human": { + "IPv4": "76.213647", + "IPv6": "23.786353" + }, + "bot": { + "IPv4": "91.492032", + "IPv6": "8.507968" + } + } } ``` @@ -141,29 +153,39 @@ curl "https://api.cloudflare.com/client/v4/radar/http/top/locations/ip_version/I ``` ```json -"ipv6": [ - { - "clientCountryAlpha2": "IN", - "clientCountryName": "India", - "value": "50.612747" - }, { - "clientCountryAlpha2": "MY", - "clientCountryName": "Malaysia", - "value": "46.233654" - }, { - "clientCountryAlpha2": "UY", - "clientCountryName": "Uruguay", - "value": "39.796762" - }, { - "clientCountryAlpha2": "LK", - "clientCountryName": "Sri Lanka", - "value": "39.709355" - }, { - "clientCountryAlpha2": "VN", - "clientCountryName": "Vietnam", - "value": "39.1514" +{ + "success": true, + "errors": [], + "result": { + "ipv6": [ + { + "clientCountryAlpha2": "IN", + "clientCountryName": "India", + "value": "50.612747" + }, + { + "clientCountryAlpha2": "MY", + "clientCountryName": "Malaysia", + "value": "46.233654" + }, + { + "clientCountryAlpha2": "UY", + "clientCountryName": "Uruguay", + "value": "39.796762" + }, + { + "clientCountryAlpha2": "LK", + "clientCountryName": "Sri Lanka", + "value": "39.709355" + }, + { + "clientCountryAlpha2": "VN", + "clientCountryName": "Vietnam", + "value": "39.1514" + } + ] } -] +} ``` According to the returned data, India is leading in IPv6 adoption. diff --git a/src/content/docs/radar/investigate/index.mdx b/src/content/docs/radar/investigate/index.mdx index 5ddbb0e980eb8a9..acd55fcb0fa5107 100644 --- a/src/content/docs/radar/investigate/index.mdx +++ b/src/content/docs/radar/investigate/index.mdx @@ -8,6 +8,6 @@ sidebar: import { DirectoryListing } from "~/components" -Explore the different types of data available in Cloudflare Radar, from Netflows (what feeds the [Internet Traffic Change](https://radar.cloudflare.com/) chart in Radar) to HTTP requests and DNS queries. +Explore the different types of data available in Cloudflare Radar, from NetFlows (what feeds the [Internet Traffic Change](https://radar.cloudflare.com/) chart in Radar) to HTTP requests and DNS queries. diff --git a/src/content/docs/radar/investigate/netflows.mdx b/src/content/docs/radar/investigate/netflows.mdx index 369f4cf2e4dfefb..7af4d6331d1970c 100644 --- a/src/content/docs/radar/investigate/netflows.mdx +++ b/src/content/docs/radar/investigate/netflows.mdx @@ -1,14 +1,14 @@ --- pcx_content_type: reference -title: Netflows +title: NetFlows sidebar: order: 2 --- -[Netflows](https://en.wikipedia.org/wiki/NetFlow) shows network traffic data from end users collected from Cloudflare's edge routers. Netflows' data also feeds the [Internet traffic change](https://radar.cloudflare.com/) chart. +[NetFlows](https://en.wikipedia.org/wiki/NetFlow) shows network traffic data from end users collected from Cloudflare's edge routers. NetFlows' data also feeds the [Internet traffic change](https://radar.cloudflare.com/) chart. -Netflows includes all types of traffic from Cloudflare's routers, not just traffic to websites served by Cloudflare's [CDN](https://www.cloudflare.com/en-gb/learning/cdn/what-is-a-cdn/). +NetFlows includes all types of traffic from Cloudflare's routers, not just traffic to websites served by Cloudflare's [CDN](https://www.cloudflare.com/en-gb/learning/cdn/what-is-a-cdn/). ## List of endpoints @@ -20,7 +20,7 @@ Besides comparing time series across locations or date ranges (discussed in [Mak :::note[NetFlow products] -`HTTP` traffic only includes web traffic to Cloudflare's zones, while `ALL` also includes traffic to all other services, like [Spectrum](/spectrum/), [Magic Transit](/magic-transit/), [1.1.1.1](/1.1.1.1/), and others. +`HTTP` traffic only includes web traffic to Cloudflare's zones, while `ALL` also includes traffic to all other services, like [Spectrum](/spectrum/), [Magic Transit](/magic-transit/), [1.1.1.1](/1.1.1.1/), and others. ::: In the following example, we will examine both `ALL` and `HTTP` traffic in two [autonomous systems](https://www.cloudflare.com/en-gb/learning/network-layer/what-is-an-autonomous-system/). First, we will examine [AS3243](https://radar.cloudflare.com/as3243), a Portuguese local Internet Service Provider (ISP). The parameters for all traffic are `name=AS3243_all&product=ALL&dateRange=1d&asn=3243`, and for just the HTTP traffic are `name=AS3243_http&product=HTTP&dateRange=1d&asn=3243`): @@ -33,14 +33,20 @@ curl "https://api.cloudflare.com/client/v4/radar/netflows/timeseries?name=meo_al This is the abbreviated response: ```json -"AS3243_all": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.565885", "0.586434", "..."] -}, -"AS3243_http": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.548564", "0.568329", "..."] -}, +{ + "success": true, + "errors": [], + "result": { + "AS3243_all": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.565885", "0.586434", "..."] + }, + "AS3243_http": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.548564", "0.568329", "..."] + } + } +} ``` `HTTP` traffic values are similar to `ALL` traffic values. This means that most traffic Cloudflare receives from this AS is traffic to websites served by Cloudflare's [CDN](https://www.cloudflare.com/en-gb/learning/cdn/what-is-a-cdn/) product. @@ -55,13 +61,19 @@ curl "https://api.cloudflare.com/client/v4/radar/netflows/timeseries?name=AS174_ The abbreviated response is: ```json -"AS174_all": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.917348", "1.0", "..."] -}, -"AS174_http": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.381777", "0.408091", "..."] +{ + "success": true, + "errors": [], + "result": { + "AS174_all": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.917348", "1.0", "..."] + }, + "AS174_http": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.381777", "0.408091", "..."] + } + } } ``` @@ -77,21 +89,27 @@ curl "https://api.cloudflare.com/client/v4/radar/netflows/timeseries?name=AS174_ which would lead to a response like this: ```json -"AS174_all": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.917348", "1.0", "..."] -}, -"AS174_http": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.381777", "0.408091", "..."] -}, -"AS3243_all": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.317136", "0.328652", "..."] -}, -"AS3243_http": { - "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], - "values": ["0.307429", "0.318505", "..."] +{ + "success": true, + "errors": [], + "result": { + "AS174_all": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.917348", "1.0", "..."] + }, + "AS174_http": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.381777", "0.408091", "..."] + }, + "AS3243_all": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.317136", "0.328652", "..."] + }, + "AS3243_http": { + "timestamps": ["2022-11-08T14:00:00Z", "2022-11-08T15:00:00Z", "..."], + "values": ["0.307429", "0.318505", "..."] + } + } } ``` diff --git a/src/content/docs/radar/investigate/network-layer-attacks.mdx b/src/content/docs/radar/investigate/network-layer-attacks.mdx index 5a1e6a2528ba902..d08969c13729c3f 100644 --- a/src/content/docs/radar/investigate/network-layer-attacks.mdx +++ b/src/content/docs/radar/investigate/network-layer-attacks.mdx @@ -10,7 +10,7 @@ Network layer attacks show [DDoS](https://www.cloudflare.com/en-gb/learning/ddos :::note -Unlike what happens in [Application Layer Attacks](/radar/investigate/application-layer-attacks/), in network layer attacks location attribution does not use the location associated with the client's IP address. Instead, it uses the location of the data center itself. This is due to [IP spoofing](https://www.cloudflare.com/en-gb/learning/ddos/glossary/ip-spoofing/). +Unlike what happens in [Application Layer Attacks](/radar/investigate/application-layer-attacks/), in network layer attacks location attribution does not use the location associated with the client's IP address. Instead, it uses the location of the data center itself. This is due to [IP spoofing](https://www.cloudflare.com/en-gb/learning/ddos/glossary/ip-spoofing/). ::: When filtering by location or autonomous system (AS), we are filtering by the source location/AS of the attack @@ -56,6 +56,7 @@ If we inspect the abbreviated response below, we can conclude that globally, at "endTime": "2022-11-07T13:00:00Z" }, "normalization": "PERCENTAGE", + // ... } } } @@ -92,7 +93,8 @@ curl "https://api.cloudflare.com/client/v4/radar/attacks/layer3/summary?location "startTime": "2022-11-06T15:00:00Z", "endTime": "2022-11-07T15:00:00Z" }, - "normalization": "PERCENTAGE" + "normalization": "PERCENTAGE", + // ... } } } diff --git a/src/content/docs/radar/investigate/outages.mdx b/src/content/docs/radar/investigate/outages.mdx index 504f0586063617b..cdeca80546ccac2 100644 --- a/src/content/docs/radar/investigate/outages.mdx +++ b/src/content/docs/radar/investigate/outages.mdx @@ -30,39 +30,46 @@ curl "https://api.cloudflare.com/client/v4/radar/annotations/outages?limit=5&off ``` ```json -"result": { - "annotations": [{ - "dataSource": "ALL", - "description": null, - "scope": "Multiple regions/cities", - "startDate": "2022-10-25T00:00:00Z", - "endDate": null, - "locations": ["UA"], - "asns": [], - "eventType": "OUTAGE", - "linkedUrl": "https://www.npr.org/2022/10/22/1130742768/ukraine-power-grid-outages-record-damage", - "outage": { - "outageCause": "POWER_OUTAGE", - "outageType": "REGIONAL" - } - }, { - "dataSource": "ALL", - "description": null, - "scope": "Multiple cities in Florida", - "startDate": "2022-09-28T19:00:00Z", - "endDate": "2022-11-02T00:00:00Z", - "locations": ["US"], - "asns": [], - "eventType": "OUTAGE", - "linkedUrl": "https://x.com/CloudflareRadar/status/1575229448353349632", - "outage": { - "outageCause": "WEATHER", - "outageType": "REGIONAL" - } - }] +{ + "success": true, + "errors": [], + "result": { + "annotations": [ + { + "dataSource": "ALL", + "description": null, + "scope": "Multiple regions/cities", + "startDate": "2022-10-25T00:00:00Z", + "endDate": null, + "locations": ["UA"], + "asns": [], + "eventType": "OUTAGE", + "linkedUrl": "https://www.npr.org/2022/10/22/1130742768/ukraine-power-grid-outages-record-damage", + "outage": { + "outageCause": "POWER_OUTAGE", + "outageType": "REGIONAL" + } + }, + { + "dataSource": "ALL", + "description": null, + "scope": "Multiple cities in Florida", + "startDate": "2022-09-28T19:00:00Z", + "endDate": "2022-11-02T00:00:00Z", + "locations": ["US"], + "asns": [], + "eventType": "OUTAGE", + "linkedUrl": "https://x.com/CloudflareRadar/status/1575229448353349632", + "outage": { + "outageCause": "WEATHER", + "outageType": "REGIONAL" + } + } + ] + } } ``` Refer to the [API reference](/api/resources/radar/subresources/annotations/subresources/outages/methods/get/) for more information regarding this endpoint. -Having data on a given outage allows you to examine its impact through both [Netflows](/radar/investigate/netflows/) (like in the [Tonga outage](/radar/get-started/making-comparisons/#use-specific-timestamps) and [others](https://blog.cloudflare.com/q3-2022-internet-disruption-summary/)) and [HTTP](/radar/investigate/http-requests/) data (for example, did the outage affect more mobile than desktop traffic?). +Having data on a given outage allows you to examine its impact through both [NetFlows](/radar/investigate/netflows/) (like in the [Tonga outage](/radar/get-started/making-comparisons/#use-specific-timestamps) and [others](https://blog.cloudflare.com/q3-2022-internet-disruption-summary/)) and [HTTP](/radar/investigate/http-requests/) data (for example, did the outage affect more mobile than desktop traffic?). diff --git a/src/content/docs/radar/investigate/url-scanner.mdx b/src/content/docs/radar/investigate/url-scanner.mdx index 122fcaff9b8e365..9c59f1007ff6cad 100644 --- a/src/content/docs/radar/investigate/url-scanner.mdx +++ b/src/content/docs/radar/investigate/url-scanner.mdx @@ -6,8 +6,6 @@ sidebar: --- -import { GlossaryTooltip } from "~/components" - To better understand Internet usage around the world, use Cloudflare's URL Scanner. With Cloudflare's URL Scanner, you have the ability to investigate the details of a domain, IP, URL, or ASN. Cloudflare's URL Scanner is available in the Security Center of the Cloudflare dashboard, [Cloudflare Radar](https://radar.cloudflare.com/scan) and the Cloudflare [API](/api/resources/url_scanner/subresources/scans/). ## Use the API @@ -56,9 +54,9 @@ Here's an example request body with some custom configuration options: "desktop", "mobile", "tablet" ], "customagent": "XXX-my-user-agent", - "referer": "example" + "referer": "example", "customHeaders": { - "Authorization": "xxx-token", + "Authorization": "xxx-token" }, "visibility": "Unlisted" }