From 416257a33dcde959243e531339eb3fc3923d0ee3 Mon Sep 17 00:00:00 2001 From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com> Date: Tue, 22 Apr 2025 11:55:33 +0100 Subject: [PATCH] [DDoS Protection] Improve linking --- .../managed-rulesets/http/configure-api.mdx | 2 ++ .../managed-rulesets/network/configure-api.mdx | 6 ++++-- .../ddos-managed-rulesets.mdx | 13 +++++++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/content/docs/ddos-protection/managed-rulesets/http/configure-api.mdx b/src/content/docs/ddos-protection/managed-rulesets/http/configure-api.mdx index 84a74f8760adb3d..ffc65eb9c563a37 100644 --- a/src/content/docs/ddos-protection/managed-rulesets/http/configure-api.mdx +++ b/src/content/docs/ddos-protection/managed-rulesets/http/configure-api.mdx @@ -14,6 +14,8 @@ Configure the HTTP DDoS Attack Protection managed ruleset by defining overrides Each zone has the HTTP DDoS Attack Protection managed ruleset enabled by default. This means that you do not need to deploy the managed ruleset to the `ddos_l7` phase ruleset explicitly. You only have to create a rule in the phase ruleset to deploy the managed ruleset if you need to configure overrides. +If you are using Terraform, refer to [DDoS managed rulesets configuration using Terraform](/terraform/additional-configurations/ddos-managed-rulesets/#example-configure-http-ddos-attack-protection). + ## Configure an override for the HTTP DDoS Attack Protection managed ruleset Use overrides to configure the HTTP DDoS Attack Protection managed ruleset. Overrides allow you to define a different action or sensitivity level from the default values. For more information on the available action and sensitivity level values, refer to [Ruleset parameters](/ddos-protection/managed-rulesets/http/override-parameters/). diff --git a/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx b/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx index 6224bcdc891016c..d996d432a457b0c 100644 --- a/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx +++ b/src/content/docs/ddos-protection/managed-rulesets/network/configure-api.mdx @@ -6,15 +6,16 @@ sidebar: head: - tag: title content: Configure Network-layer DDoS Attack Protection via API - --- -import { Details, Render } from "~/components" +import { Details, Render } from "~/components"; Configure the Cloudflare Network-layer DDoS Attack Protection managed ruleset by defining overrides at the account level using the [Rulesets API](/ruleset-engine/rulesets-api/). Each account has the Network-layer DDoS Attack Protection managed ruleset enabled by default. This means that you do not need to deploy the managed ruleset to the `ddos_l4` phase entry point ruleset explicitly. You only have to create a rule in the phase entry point to deploy the managed ruleset if you need to configure overrides. +If you are using Terraform, refer to [DDoS managed rulesets configuration using Terraform](/terraform/additional-configurations/ddos-managed-rulesets/#example-configure-network-layer-ddos-attack-protection). + ## Configure an override for the Network-layer DDoS Attack Protection managed ruleset You can define overrides at the ruleset, tag, and rule level for all managed rulesets. @@ -26,6 +27,7 @@ When configuring the Network-layer DDoS Attack Protection managed ruleset, use o - The Network-layer DDoS Attack Protection managed ruleset is always enabled. You cannot disable its rules using an override with `"enabled": false`. - - You can only define overrides for the Network-layer DDoS Attack Protection managed ruleset at the account level. + ::: ## Example diff --git a/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx b/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx index 49d78683398a3a8..b6947fc333bad46 100644 --- a/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx +++ b/src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx @@ -19,6 +19,11 @@ This page provides examples of configuring [DDoS managed rulesets](/ddos-protect DDoS managed rulesets are always enabled. Depending on your Cloudflare services, you may be able to adjust their behavior. +If you are using the Cloudflare API, refer to the following resources: + +- [Configure HTTP DDoS Attack Protection via API](/ddos-protection/managed-rulesets/http/configure-api/) +- [Configure Network-layer DDoS Attack Protection via API](/ddos-protection/managed-rulesets/network/configure-api/) + For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation. ## Before you start @@ -58,14 +63,14 @@ resource "cloudflare_ruleset" "zone_level_http_ddos_config" { rules { # Adaptive DDoS Protection based on Locations (Available only to Enterprise zones with Advanced DDoS service) id = "a8c6333711ff4b0a81371d1c444be2c3" - sensitivity_level = "default" - action = "managed_challenge" + sensitivity_level = "default" + action = "managed_challenge" } rules { # Adaptive DDoS Protection based on User-Agents (Available only to Enterprise zones with Advanced DDoS service) id = "7709d496081e458899c1e3a6e4fe8e55" - sensitivity_level = "default" - action = "managed_challenge" + sensitivity_level = "default" + action = "managed_challenge" } rules { # HTTP requests causing a high number of origin errors.