diff --git a/src/content/docs/ddos-protection/about/attack-coverage.mdx b/src/content/docs/ddos-protection/about/attack-coverage.mdx
index eedb96b15856fb..b6abf930e3bfdd 100644
--- a/src/content/docs/ddos-protection/about/attack-coverage.mdx
+++ b/src/content/docs/ddos-protection/about/attack-coverage.mdx
@@ -20,7 +20,7 @@ As a general guideline, various Cloudflare products operate on different open sy
:::note
-For Magic Transit customers, Cloudflare provides some L7 protection with a L3 service (like the Advanced DNS Protection system that is available for Magic Transit customers. DNS is considered a L7 protocol).
+For Magic Transit customers, Cloudflare provides some L7 protection with a L3 service (like the Advanced DNS Protection system that is available for Magic Transit customers. DNS is considered a L7 protocol).
:::
The following table includes a sample of covered attack vectors:
diff --git a/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx b/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx
index a35c50d80d7fbb..4383b24bbf38c7 100644
--- a/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx
+++ b/src/content/docs/ddos-protection/about/how-ddos-protection-works.mdx
@@ -31,7 +31,7 @@ Once attack traffic matches a rule, Cloudflare's systems will track that traffic
| Interactive Challenge | The client that made the request must pass an interactive Challenge. |
| Managed Challenge | Depending on the characteristics of a request, Cloudflare will choose an appropriate type of challenge. |
| Log | Records matching requests in the Cloudflare Logs. |
-| Use rule defaults | Uses the default action that is pre-defined for each rule. |
+| Use rule defaults | Uses the default action that is pre-defined for each rule. |
## Thresholds
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/api/tcp-protection/json-objects.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/api/tcp-protection/json-objects.mdx
index ed617590ffb775..9b7ec48a5d843a 100644
--- a/src/content/docs/ddos-protection/advanced-ddos-systems/api/tcp-protection/json-objects.mdx
+++ b/src/content/docs/ddos-protection/advanced-ddos-systems/api/tcp-protection/json-objects.mdx
@@ -78,7 +78,7 @@ The `expression` field is a [Rules language expression](/ruleset-engine/rules-la
:::note
-Expressions of SYN flood protection and out-of-state TCP protection filters do not currently support functions.
+Expressions of SYN flood protection and out-of-state TCP protection filters do not currently support functions.
:::
The `mode` value must be one of `enabled`, `disabled`, or `monitoring`.
\ No newline at end of file
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/concepts.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/concepts.mdx
index 64a73c5fdb9277..b048fa1db0178e 100644
--- a/src/content/docs/ddos-protection/advanced-ddos-systems/concepts.mdx
+++ b/src/content/docs/ddos-protection/advanced-ddos-systems/concepts.mdx
@@ -100,7 +100,7 @@ The default rate sensitivity and recommended setting is _Low_. You should only i
## Filter
-
+
The filter expression can reference source and destination IP addresses and ports. Each system component (SYN flood protection and out-of-state TCP protection) should have one or more [rules](#rule), but filters are optional.
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/create-rule.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/create-rule.mdx
index 91a905eda4752e..b9ee4798b54603 100644
--- a/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/create-rule.mdx
+++ b/src/content/docs/ddos-protection/advanced-ddos-systems/how-to/create-rule.mdx
@@ -31,16 +31,16 @@ To create a [SYN flood rule](/ddos-protection/advanced-ddos-systems/overview/adv
## Create an Advanced DNS Protection rule
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
2. Go to **L3/4 DDoS** > **Advanced Protection** > **General settings**.
3. Add the prefixes you wish to onboard. Advanced DNS Protection will only be applied to the prefixes you onboard. If you already onboarded the desired prefixes when you configured Advanced TCP Protection, you do not need to take any other action.
:::note
Currently, the list of onboarded prefixes is shared with Advanced TCP Protection. Any onboarded prefixes will be subject to both Advanced TCP Protection and Advanced DNS Protection, assuming that your account team has done the initial configuration of both systems. However, you can leave Advanced TCP Protection in monitoring mode.
:::
-4. Go to **Advanced DNS Protection**.
-5. Select **Create Advanced DNS Protection rule**.
+4. Go to **Advanced DNS Protection**.
+5. Select **Create Advanced DNS Protection rule**.
6. In **Mode**, select a mode for the rule.
-7. Under **Set scope**, select a [scope](/ddos-protection/advanced-ddos-systems/concepts/#scope) to determine the range of packets that will be affected by the rule.
-8. Under **Sensitivity**, define the [burst sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#burst-sensitivity), [rate sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#rate-sensitivity), and [profile sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#profile-sensitivity) to determine when to initiate mitigation.
+7. Under **Set scope**, select a [scope](/ddos-protection/advanced-ddos-systems/concepts/#scope) to determine the range of packets that will be affected by the rule.
+8. Under **Sensitivity**, define the [burst sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#burst-sensitivity), [rate sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#rate-sensitivity), and [profile sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#profile-sensitivity) to determine when to initiate mitigation.
9. Select **Deploy**.
\ No newline at end of file
diff --git a/src/content/docs/ddos-protection/advanced-ddos-systems/overview/index.mdx b/src/content/docs/ddos-protection/advanced-ddos-systems/overview/index.mdx
index a135e7fb791c30..e88392c22047df 100644
--- a/src/content/docs/ddos-protection/advanced-ddos-systems/overview/index.mdx
+++ b/src/content/docs/ddos-protection/advanced-ddos-systems/overview/index.mdx
@@ -26,11 +26,11 @@ General settings enable and control the use of the Advanced TCP Protection and t
Thresholds are based on your network's unique traffic and are configured by Cloudflare. The sensitivity levels manipulate the thresholds.
-When you get access to Advanced DDoS Protection systems, you are automatically provisioned with default settings in monitoring mode.
+When you get access to Advanced DDoS Protection systems, you are automatically provisioned with default settings in monitoring mode.
Thresholds are based on your network's individual behavior, derived from your traffic profile as monitored by Cloudflare. Defining the thresholds will effectively determine what the _High_, _Medium_, and _Low_ [sensitivities](/ddos-protection/advanced-ddos-systems/concepts/#burst-sensitivity) will be for your specific case.
-If needed, you can change the sensitivity levels that will manipulate the thresholds for Advanced TCP Protection and Advanced DNS Protection from the default settings.
+If needed, you can change the sensitivity levels that will manipulate the thresholds for Advanced TCP Protection and Advanced DNS Protection from the default settings.
Once thresholds are configured, the Advanced DDoS Protection systems have been initialized and enabled in monitoring mode.
@@ -44,7 +44,7 @@ You cannot add unapproved prefixes to Advanced DDoS Protection systems. Contact
### Rules
-[Create a rule](/ddos-protection/advanced-ddos-systems/how-to/create-rule/) for Advanced TCP and Advanced DNS Protection (as needed) to enable mitigation.
+[Create a rule](/ddos-protection/advanced-ddos-systems/how-to/create-rule/) for Advanced TCP and Advanced DNS Protection (as needed) to enable mitigation.
You can create a rule for SYN Flood Protection and another rule for Out-of-state TCP Protection, both with global scope and in monitoring mode. These rules will apply to all received packets.
diff --git a/src/content/docs/ddos-protection/best-practices/respond-to-ddos-attacks.mdx b/src/content/docs/ddos-protection/best-practices/respond-to-ddos-attacks.mdx
index 5ac3d27240c60a..90c78b831fa21e 100644
--- a/src/content/docs/ddos-protection/best-practices/respond-to-ddos-attacks.mdx
+++ b/src/content/docs/ddos-protection/best-practices/respond-to-ddos-attacks.mdx
@@ -18,7 +18,7 @@ All customers should perform the following steps to better secure their applicat
3. Make sure your origin is not exposed to the public Internet, meaning that access is only possible from [Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/). As an extra security precaution, we recommend contacting your hosting provider and requesting new origin server IPs if they have been targeted directly in the past.
4. If you have [Managed IP Lists](/waf/tools/lists/managed-lists/#managed-ip-lists) or [Bot Management](/bots/plans/bm-subscription/), consider using these in WAF custom rules.
5. Enable [caching](/cache/) as much as possible to reduce the strain on your origin servers, and when using [Workers](/workers/), avoid overwhelming your origin server with more subrequests than necessary.
-
+
To help counter attack randomization, Cloudflare recommends to update your cache settings to exclude the query string as a cache key. When the query string is excluded as a cache key, Cloudflare's cache will take in unmitigated attack requests instead of forwarding them to the origin. The cache can be a useful mechanism as part of a multilayered security posture.
## Enterprise customers
diff --git a/src/content/docs/ddos-protection/botnet-threat-feed.mdx b/src/content/docs/ddos-protection/botnet-threat-feed.mdx
index 41bc8de888ae1d..2aaf852ec2d4b2 100644
--- a/src/content/docs/ddos-protection/botnet-threat-feed.mdx
+++ b/src/content/docs/ddos-protection/botnet-threat-feed.mdx
@@ -11,11 +11,11 @@ head:
The Cloudflare DDoS Botnet Threat Feed is a threat intelligence feed for service providers (SPs) such as hosting providers and Internet service providers (ISPs) that provides information about their own IP addresses that have participated in HTTP DDoS attacks as observed from Cloudflare's global network. The feed aims to help service providers stop the abuse and reduce DDoS attacks originating from within their networks.
-Each offense is a mitigated HTTP request from the specific IP address. For example, if an IP has 3,000 offenses, it means that Cloudflare has mitigated 3,000 HTTP requests from that IP.
+Each offense is a mitigated HTTP request from the specific IP address. For example, if an IP has 3,000 offenses, it means that Cloudflare has mitigated 3,000 HTTP requests from that IP.
A service provider can only get information about IP addresses associated with their autonomous system numbers (ASNs). The affiliation of a service provider with their ASNs will be checked against [PeeringDB](https://www.peeringdb.com/), a reliable and globally recognized interconnection database.
-To ensure the feed's accuracy, Cloudflare will only include IP addresses that have participated in multiple HTTP DDoS attacks and have triggered high-confidence rules.
+To ensure the feed's accuracy, Cloudflare will only include IP addresses that have participated in multiple HTTP DDoS attacks and have triggered high-confidence rules.
## Context
diff --git a/src/content/docs/ddos-protection/change-log/network/index.mdx b/src/content/docs/ddos-protection/change-log/network/index.mdx
index cb5caba8767ad0..f0c2885b4c7fd1 100644
--- a/src/content/docs/ddos-protection/change-log/network/index.mdx
+++ b/src/content/docs/ddos-protection/change-log/network/index.mdx
@@ -18,7 +18,7 @@ This section contains past and upcoming changes to the [Network-layer DDoS Attac
:::note
-The Network-layer DDoS Attack Protection managed ruleset protects Cloudflare customers on all plans. However, only [Magic transit](/magic-transit/) and [Spectrum](/spectrum/) customers on an Enterprise plan can customize the managed ruleset.
+The Network-layer DDoS Attack Protection managed ruleset protects Cloudflare customers on all plans. However, only [Magic transit](/magic-transit/) and [Spectrum](/spectrum/) customers on an Enterprise plan can customize the managed ruleset.
:::
View scheduled changes
diff --git a/src/content/docs/ddos-protection/get-started.mdx b/src/content/docs/ddos-protection/get-started.mdx
index 0a26a55cb31a48..47598a11908f73 100644
--- a/src/content/docs/ddos-protection/get-started.mdx
+++ b/src/content/docs/ddos-protection/get-started.mdx
@@ -43,7 +43,7 @@ You must have one of the following:
:::note
-The _Log_ action is only available to Enterprise customers.
+The _Log_ action is only available to Enterprise customers.
:::
1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account.
diff --git a/src/content/docs/ddos-protection/index.mdx b/src/content/docs/ddos-protection/index.mdx
index d1ddf3ef302e06..72dcd27bc1448d 100644
--- a/src/content/docs/ddos-protection/index.mdx
+++ b/src/content/docs/ddos-protection/index.mdx
@@ -13,7 +13,7 @@ import { Description, Feature, FeatureTable, GlossaryTooltip, Plan, RelatedProdu
-Detect and mitigate distributed denial-of-service (DDoS) attacks automatically.
+Detect and mitigate distributed denial-of-service (DDoS) attacks automatically.
@@ -27,11 +27,11 @@ These systems include multiple dynamic mitigation rules exposed as [DDoS attack
## Features
-Protect against a variety of DDoS attacks across layers 3/4 (network layer) and layer 7 (application layer) of the OSI model.
+Protect against a variety of DDoS attacks across layers 3/4 (network layer) and layer 7 (application layer) of the OSI model.
-Get increased protection against sophisticated DDoS attacks on layer 7 and layers 3/4.
+Get increased protection against sophisticated DDoS attacks on layer 7 and layers 3/4.
@@ -57,13 +57,13 @@ Protect against DNS-based DDoS attacks, specifically sophisticated and fully ran
## Related products
-Provides security and acceleration for any TCP or UDP based application.
+Provides security and acceleration for any TCP or UDP based application.
-A network security and performance solution that offers DDoS protection, traffic acceleration, and more for on-premise, cloud-hosted, and hybrid networks.
+A network security and performance solution that offers DDoS protection, traffic acceleration, and more for on-premise, cloud-hosted, and hybrid networks.
-Get automatic protection from vulnerabilities and the flexibility to create custom rules.
+Get automatic protection from vulnerabilities and the flexibility to create custom rules.
diff --git a/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx b/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx
index 88cc3fc4a5cb5c..3129f01fc99a54 100644
--- a/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx
+++ b/src/content/docs/ddos-protection/managed-rulesets/adaptive-protection.mdx
@@ -33,7 +33,7 @@ Cloudflare Adaptive DDoS Protection is available to Enterprise customers accordi
-1 _WAF/CDN customers on the Enterprise plan with the Advanced DDoS Protection subscription._
+1 _WAF/CDN customers on the Enterprise plan with the Advanced DDoS Protection subscription._
2 _Magic Transit and Spectrum BYOIP customers on an Enterprise plan._
## How it works
diff --git a/src/content/docs/ddos-protection/managed-rulesets/http/configure-dashboard.mdx b/src/content/docs/ddos-protection/managed-rulesets/http/configure-dashboard.mdx
index 14c48360810ef0..73fb9528e99b45 100644
--- a/src/content/docs/ddos-protection/managed-rulesets/http/configure-dashboard.mdx
+++ b/src/content/docs/ddos-protection/managed-rulesets/http/configure-dashboard.mdx
@@ -19,7 +19,7 @@ For more information on the available parameters and allowed values, refer to [R
If you are an Enterprise customer with the Advanced DDoS Protection subscription, you can define up to 10 overrides. These overrides can have a custom expression so that the override only applies to a subset of incoming requests. If you do not have the Advanced DDoS Protection subscription, you can only deploy one override which will always apply to all incoming requests.
-If you cannot deploy any additional overrides, consider editing an existing override to adjust rule configuration.
+If you cannot deploy any additional overrides, consider editing an existing override to adjust rule configuration.
:::
diff --git a/src/content/docs/ddos-protection/managed-rulesets/index.mdx b/src/content/docs/ddos-protection/managed-rulesets/index.mdx
index e9debbd5124f14..21df9ae8703342 100644
--- a/src/content/docs/ddos-protection/managed-rulesets/index.mdx
+++ b/src/content/docs/ddos-protection/managed-rulesets/index.mdx
@@ -22,7 +22,7 @@ The available managed rulesets are:
:::note
-Only available on Business and Enterprise plans.
+Only available on Business and Enterprise plans.
:::
When Cloudflare creates a new managed rule, we check the rule impact against the traffic of Business and Enterprise zones while the rule is not blocking traffic yet.
diff --git a/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx b/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx
index 40cc986eeae116..6224bcdc891016 100644
--- a/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx
+++ b/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx
@@ -25,7 +25,7 @@ When configuring the Network-layer DDoS Attack Protection managed ruleset, use o
- The Network-layer DDoS Attack Protection managed ruleset is always enabled. You cannot disable its rules using an override with `"enabled": false`.
-
-- You can only define overrides for the Network-layer DDoS Attack Protection managed ruleset at the account level.
+- You can only define overrides for the Network-layer DDoS Attack Protection managed ruleset at the account level.
:::
## Example
diff --git a/src/content/docs/ddos-protection/managed-rulesets/network/configure-dashboard.mdx b/src/content/docs/ddos-protection/managed-rulesets/network/configure-dashboard.mdx
index a99ba276b236b7..62f679e42a8b37 100644
--- a/src/content/docs/ddos-protection/managed-rulesets/network/configure-dashboard.mdx
+++ b/src/content/docs/ddos-protection/managed-rulesets/network/configure-dashboard.mdx
@@ -36,7 +36,7 @@ For more information on the available parameters and allowed values, refer to [R
12. Search for the rules you wish to override using the available filters. You can search for tags.
13. To override a single rule, select the desired value for a field in the displayed dropdowns next to the rule.
-
+
To configure more than one rule, select the rules using the row checkboxes and update the fields for the selected rules using the dropdowns displayed before the table. You can also configure all the rules with a given tag. For more information, refer to [Configure rules in bulk in a managed ruleset](/waf/managed-rules/deploy-zone-dashboard/#configure-rules-in-bulk-in-a-managed-ruleset).
14. Select **Next**.
15. Enter a name for your override in **Execution name**.
diff --git a/src/content/docs/ddos-protection/reference/alerts.mdx b/src/content/docs/ddos-protection/reference/alerts.mdx
index 788c5c8bfe78bb..7bf0c8dd73f837 100644
--- a/src/content/docs/ddos-protection/reference/alerts.mdx
+++ b/src/content/docs/ddos-protection/reference/alerts.mdx
@@ -27,7 +27,7 @@ Cloudflare automatically sends weekly summaries of detected and mitigated DDoS a
:::note
-
+
:::
## Set up a notification for DDoS alerts
@@ -54,7 +54,7 @@ Cloudflare can issue notifications for different types of DDoS attack alerts.
:::note
-The availability of advanced DDoS attack alerts depends on your Cloudflare plan and subscribed services. Refer to [Availability](#availability) for details.
+The availability of advanced DDoS attack alerts depends on your Cloudflare plan and subscribed services. Refer to [Availability](#availability) for details.
:::
Advanced DDoS attack alerts support additional configuration, allowing you to filter the notifications you wish to receive.
@@ -74,8 +74,8 @@ The available alerts depend on your Cloudflare plan and subscribed services:
| Layer 3/4 DDoS Attack Alert | – | Yes2, 3 | Yes | Yes3 |
| Advanced Layer 3/4 DDoS Attack Alert | – | – | Yes2 | Yes2 |
-1 _Only available to Enterprise customers with the Advanced DDoS Protection subscription._
-2 _Only available on an Enterprise plan._
+1 _Only available to Enterprise customers with the Advanced DDoS Protection subscription._
+2 _Only available on an Enterprise plan._
3 _Refer to [Final remarks](#final-remarks) for additional notes._
## Example notification
diff --git a/src/content/docs/ddos-protection/reference/reports.mdx b/src/content/docs/ddos-protection/reference/reports.mdx
index 150c26238862f7..2f8c22bd73e138 100644
--- a/src/content/docs/ddos-protection/reference/reports.mdx
+++ b/src/content/docs/ddos-protection/reference/reports.mdx
@@ -19,7 +19,7 @@ Additionally, if you are a Magic Transit or Spectrum BYOIP customer, you will re
:::note[Note]
-To receive DDoS reports by email you must have opted in to the **Analytics** category in the [communication preferences](/fundamentals/setup/account/customize-account/communication-preference/) for your profile.
+To receive DDoS reports by email you must have opted in to the **Analytics** category in the [communication preferences](/fundamentals/setup/account/customize-account/communication-preference/) for your profile.
:::
## Weekly DDoS reports
diff --git a/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx b/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx
index 1094cd3763c986..1dc4920c9134cf 100644
--- a/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx
+++ b/src/content/docs/ddos-protection/reference/simulate-ddos-attack.mdx
@@ -19,6 +19,6 @@ You can only launch DDoS attacks against your own Internet properties — your z
You do not have to obtain permission from Cloudflare to launch a DDoS attack simulation against your own Internet properties. However, before launching the simulated attack, you must [open a Support ticket](/support/contacting-cloudflare-support/) and provide the information below. All fields are mandatory.
-It is recommended that you choose the right service and enable the correct features to test against the corresponding DDoS attacks. For example, if you want to test Cloudflare against an HTTP DDoS attack and you are only using Magic Transit, the test is going to fail because you need to onboard your HTTP application to Cloudflare's reverse proxy service to test our HTTP DDoS Protection.
+It is recommended that you choose the right service and enable the correct features to test against the corresponding DDoS attacks. For example, if you want to test Cloudflare against an HTTP DDoS attack and you are only using Magic Transit, the test is going to fail because you need to onboard your HTTP application to Cloudflare's reverse proxy service to test our HTTP DDoS Protection.