diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
index ecf8c3cceeb562c..08f0a52ad860311 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/index.mdx
@@ -284,7 +284,7 @@ Gateway matches DNS queries against the following selectors, or criteria:
### Application
-
+
### Authoritative Nameserver IP
diff --git a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
index 8ba05e86baf793b..19de0a07450d1b8 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/egress-policies/index.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 5
---
-import { Render } from "~/components";
+import { Render, Badge } from "~/components";
:::note
Only available on Enterprise plans.
@@ -55,6 +55,24 @@ Choose one of the following options for your egress policy:
Gateway matches egress traffic against the following selectors, or criteria:
+### Application
+
+
+
+
+
+### Content Categories
+
+
+
+
+
### Destination Continent
+### Domain
+
+
+
+
+
+### Host
+
+
+
+
+
### Protocol
@@ -139,3 +169,22 @@ Gateway uses Rust to evaluate regular expressions. The Rust implementation is sl
file="gateway/logical-operators"
params={{ one: "**Identity** or **Device Posture**" }}
/>
+
+## Limitations
+
+The [Application](#application), [Content Categories](#content-categories), [Domain](#domain), and [Host](#host) selectors are only available for traffic onboarded to Gateway with [WARP](/cloudflare-one/connections/connect-devices/warp/), [PAC files](/cloudflare-one/connections/connect-devices/agentless/pac-files/), or [Browser Isolation](/cloudflare-one/policies/browser-isolation/). To use these selectors to filter traffic onboarded with WARP, you need to:
+
+1. In your WARP Connector device profile, ensure Split Tunnel is set to [**Exclude IPs and domains**](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#change-split-tunnels-mode).
+2. [Remove the route](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#remove-a-route) to the IP address `100.64.0.0/10` from your Split Tunnel list.
+3. [Add routes](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/#add-a-route) to exclude the following IP addresses:
+ - `100.64.0.0/12`
+ - `100.81.0.0/16`
+ - `100.82.0.0/15`
+ - `100.84.0.0/14`
+ - `100.88.0.0/13`
+ - `100.96.0.0/11`
+4. Add and deploy the following key-value pair to your devices' [WARP configuration file](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/) (`mdm.xml` on Windows and Linux or `com.cloudflare.warp.plist` on macOS):
+ ```xml
+ doh_in_tunnel
+
+ ```
diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
index 5e30a831aa3b644..efcd34b4a6982bc 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/index.mdx
@@ -395,7 +395,7 @@ Gateway matches HTTP traffic against the following selectors, or criteria:
### Application
-
+
:::caution[Multiple API selectors required for Terraform]
When using Terraform to create a policy with the [Do Not Inspect](#do-not-inspect) action, you must use the `app.hosts_ids` and `app.supports_ids` selectors. For example, to create a Do Not Inspect policy for Google Cloud Platform traffic, create a policy with both `any(app.hosts_ids[*] in {1245})` and `any(app.supports_ids[*] in {1245})`.
diff --git a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
index 69d927a71542b1e..18b74eaff08d083 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/network-policies/index.mdx
@@ -248,7 +248,10 @@ Gateway matches network traffic against the following selectors, or criteria.
### Application
-
+
### Content Categories
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/application.mdx b/src/content/partials/cloudflare-one/gateway/selectors/application.mdx
index cecfa4e63acee19..062901c43f3eda2 100644
--- a/src/content/partials/cloudflare-one/gateway/selectors/application.mdx
+++ b/src/content/partials/cloudflare-one/gateway/selectors/application.mdx
@@ -1,11 +1,9 @@
---
-inputParameters: param1
-
+params:
+ - policyType
---
-import { Markdown } from "~/components"
-
-You can apply {props.one} policies to a growing list of popular web applications. Refer to [Application and app types](/cloudflare-one/policies/gateway/application-app-types/) for more information.
+You can apply {props.policyType} policies to a growing list of popular web applications. Refer to [Application and app types](/cloudflare-one/policies/gateway/application-app-types/) for more information.
| UI name | API example | Evaluation phase |
| ----------- | -------------------------- | --------------------- |
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/domain.mdx b/src/content/partials/cloudflare-one/gateway/selectors/domain.mdx
index b5ced6587d812c0..8c6120987d580b7 100644
--- a/src/content/partials/cloudflare-one/gateway/selectors/domain.mdx
+++ b/src/content/partials/cloudflare-one/gateway/selectors/domain.mdx
@@ -1,6 +1,5 @@
---
{}
-
---
Use this selector to match against a domain and all subdomains. For example, you can match `example.com` and its subdomains, such as `www.example.com`.
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/egress-selector-limitation.mdx b/src/content/partials/cloudflare-one/gateway/selectors/egress-selector-limitation.mdx
new file mode 100644
index 000000000000000..ccb0863185c0d50
--- /dev/null
+++ b/src/content/partials/cloudflare-one/gateway/selectors/egress-selector-limitation.mdx
@@ -0,0 +1,5 @@
+---
+{}
+---
+
+This selector is only available for traffic onboarded to Gateway with WARP, PAC files, or Browser Isolation. For more information, refer to [Limitations](#limitations).
diff --git a/src/content/partials/cloudflare-one/gateway/selectors/host.mdx b/src/content/partials/cloudflare-one/gateway/selectors/host.mdx
index 861f616dc91db46..202698975f677bd 100644
--- a/src/content/partials/cloudflare-one/gateway/selectors/host.mdx
+++ b/src/content/partials/cloudflare-one/gateway/selectors/host.mdx
@@ -1,6 +1,5 @@
---
{}
-
---
Use this selector to match against only the hostname specified. For example, you can match `test.example.com` but not `example.com` or `www.test.example.com`.