cloudflare · pedrosousa · Jun 12, 2025 · Apr 8, 2025 · Apr 8, 2025 · Apr 8, 2025
@@ -1281,7 +1281,7 @@
 /support/account-management-billing/billing-cloudflare-add-on-services/ /billing/usage-based-billing/ 301
 /support/cloudflare-client-api/ /fundamentals/api/ 301
 /support/firewall/learn-more/understanding-cloudflare-tor-support-and-onion-routing/ /network/onion-routing/ 301
-/support/firewall/managed-rules-web-application-firewall-waf/migrating-from-waf-managed-rules-to-waf-managed-rulesets/ /waf/reference/migration-guides/waf-managed-rules-migration/ 301
+/support/firewall/managed-rules-web-application-firewall-waf/migrating-from-waf-managed-rules-to-waf-managed-rulesets/ /waf/reference/legacy/old-waf-managed-rules/upgrade/ 301
 /support/firewall/tools/understanding-cloudflare-zone-lockdown/ /waf/tools/zone-lockdown/ 301
 /support/firewall/tools/understanding-cloudflare-user-agent-blocking/ /waf/tools/user-agent-blocking/ 301
 /support/more-dashboard-apps/cloudflare-apps/installing-cloudflare-apps/ /workers/ 301
@@ -1492,6 +1492,10 @@
 /waf/analytics/security-events/additional-information/ /waf/tools/validation-checks/ 301
 /waf/reference/cloudflare-challenges/ /cloudflare-challenges/ 301
 /waf/tools/challenge-passage/ /cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage 301
+/waf/reference/migration-guides/ /waf/reference/legacy/ 301
+/waf/reference/migration-guides/old-rate-limiting-deprecation/ /waf/reference/legacy/old-rate-limiting/upgrade/ 301
+/waf/reference/migration-guides/waf-managed-rules-migration/ /waf/reference/legacy/old-waf-managed-rules/upgrade/ 301
+/waf/reference/migration-guides/firewall-rules-to-custom-rules/ /waf/reference/legacy/firewall-rules-upgrade/ 301
 
 # waiting-room
 /waiting-room/how-to/mobile-traffic/ /waiting-room/how-to/json-response/ 301

@@ -37,7 +37,7 @@ Yandex updates their bots very frequently, you may see more false positives whil
 - Create an [exception](/waf/managed-rules/waf-exceptions/) to temporarily skip the managed rule with ID <RuleID id="2854e3f18ad946049e6d90ccf6cbb163" /> when a request is coming from the **Yandex IP** and the user-agent contains **Yandex.**
 - Create a [WAF custom rule with the _Skip_ action](/waf/custom-rules/skip/) to temporarily bypass WAF Managed Rules when a request is coming from the **Yandex IP** and the user-agent contains **Yandex.**
 
-If you are using the legacy WAF managed rules ([now deprecated](/waf/reference/migration-guides/waf-managed-rules-migration/)), disable the WAF managed rule with ID `100203` temporarily.
+If you are using the [legacy WAF managed rules](/waf/reference/legacy/old-waf-managed-rules/), disable the WAF managed rule with ID `100203` temporarily.
 
 **Solution:**
 

@@ -729,7 +729,7 @@ This setting turned off a subset of Cloudflare security features: Email Obfuscat
 4. If your tests succeed, delete the existing Page Rule.
 
 :::caution
-If you are still using WAF managed rules (previous version) or Rate Limiting (previous version), consider migrating to the new versions of these products. It is not possible to turn off these older products using modern Rules features. Refer to the [WAF's migration guides](/waf/reference/migration-guides/) for more information.
+If you are still using [WAF managed rules (previous version)](/waf/reference/legacy/old-waf-managed-rules/) or [Rate Limiting (previous version)](/waf/reference/legacy/old-rate-limiting/), consider upgrading to the new versions of these products. It is not possible to turn off these older products using modern Rules features.
 :::
 
 </TabItem> </Tabs>

@@ -32,7 +32,7 @@ Listed below are the specific insights currently available:
 | [Increased errors detected on API endpoints](/api-shield/management-and-monitoring/endpoint-labels/)                                | Investigate changes, abuse, or successful attacks that may have led to this increase in errors. |
 | [Increased latency detected on API endpoints](/api-shield/management-and-monitoring/endpoint-labels/)                               | Investigate changes, abuse, or successful attacks that may have led to this increase in response latency. |
 | [Managed Rules not deployed](/waf/managed-rules/reference/cloudflare-managed-ruleset/)                                              | No managed rules deployed on a WAF protected domain.                                                                                                                                                                                                   |
-| [Migrate to new Managed Rules](/waf/reference/migration-guides/waf-managed-rules-migration/)                                        | Migration to new Managed Rules system required for optimal protection.                                                                                                                                                                                 |
+| [Upgrade to new Managed Rules](/waf/reference/legacy/old-waf-managed-rules/upgrade/)                                                | Upgrade to new Managed Rules system required for optimal protection.                                                                                                                                                                                   |
 | [Mixed-authentication API endpoints detected](/api-shield/management-and-monitoring/endpoint-labels/#managed-labels)                | Not all of the successful requests against API endpoints carried session identifiers.                                                                                                                                                                  |
 | [New API endpoints detected](/api-shield/security/api-discovery/)                                                                   | API Discovery detects new API endpoints in your zone's traffic.                                                                                                                                                                                        |
 | [New CASB integrations found](/cloudflare-one/applications/casb/casb-integrations/)                                                 | New CASB integrations have been found.                                                                                                                                                                                                                 |

@@ -43,7 +43,7 @@ To use Version Management, the following must all be true:
 * Your zone is on an Enterprise plan.
 * Your zone is in an [active](/dns/zone-setups/reference/domain-status/) state.
 * Your zone uses [WAF managed rules](/waf/managed-rules/).
-* Your zone has migrated to use [Custom Rules](/waf/reference/migration-guides/firewall-rules-to-custom-rules/) instead of Firewall Rules (deprecated).
+* Your zone has migrated to use [custom rules](/waf/custom-rules/) instead of Firewall Rules (deprecated).
 * Your account uses the [new WAF](https://blog.cloudflare.com/new-cloudflare-waf/) (if not, contact your account team).
 * Your user account must have a Super Administrator or Administrator [role](/fundamentals/manage-members/roles/). **Zone Versioning** roles cannot create new versions.
 * Your user account must have an API Key provisioned (if not, [view your API Key](/fundamentals/api/get-started/keys/#view-your-global-api-key)).

@@ -11,9 +11,9 @@ import { Render, FeatureTable } from "~/components";
 
 Custom rules are evaluated in order, and some actions like _Block_ will stop the evaluation of other rules. For more details on actions and their behavior, refer to the [actions reference](/ruleset-engine/rules-language/actions/).
 
-:::note[Did you migrate from Cloudflare Firewall Rules?]
+:::note[Did you upgrade from Cloudflare Firewall Rules?]
 
-Refer to the [migration guide](/waf/reference/migration-guides/firewall-rules-to-custom-rules/#main-differences) to learn more about the differences between firewall rules and custom rules.
+Refer to the [upgrade guide](/waf/reference/legacy/firewall-rules-upgrade/#main-differences) to learn more about the differences between firewall rules and custom rules.
 :::
 
 To define sets of custom rules that apply to more than one zone, use [custom rulesets](/waf/account/custom-rulesets/), which require an Enterprise plan with a paid add-on.

@@ -1,11 +1,9 @@
 ---
-title: Best practices
+title: Rate limiting practices
 pcx_content_type: configuration
 sidebar:
   order: 21
-head:
-  - tag: title
-    content: Rate limiting best practices
+  label: Best practices
 ---
 
 import { Render } from "~/components";

@@ -1,19 +1,20 @@
 ---
-title: Firewall Rules to WAF custom rules migration
+title: Firewall rules upgrade
 pcx_content_type: reference
 sidebar:
-  order: 2
+  order: 5
+  label: Firewall rules upgrade
 ---
 
-Cloudflare converted existing [firewall rules](/firewall/) into [WAF custom rules](/waf/custom-rules/). With custom rules, you get the same level of protection and a few additional features. Custom rules are available in the Cloudflare dashboard at **Security** > **WAF** > **Custom rules**.
+Cloudflare upgraded existing [firewall rules](/firewall/) into [WAF custom rules](/waf/custom-rules/). With custom rules, you get the same level of protection and a few additional features. Custom rules are available in the Cloudflare dashboard at **Security** > **WAF** > **Custom rules**.
 
 :::caution[Deprecation notice]
 
 **Cloudflare Firewall Rules is now deprecated.** The Firewall Rules API and Filters API, as well as the `cloudflare_firewall_rule` and `cloudflare_filter` Terraform resources, will only be available until 2025-06-15. If you have any automation based on these APIs and resources, you must migrate to the new APIs and resources before 2025-06-15 to avoid any issues.
 
 On 2025-06-15, the APIs and resources mentioned above will stop working. Any remaining active firewall rules will be disabled, and the **Firewall rules** tab in the dashboard will be removed.
 
-If you have not migrated to WAF custom rules yet, you may have some invalid configuration that prevents the migration from happening. In this case, contact your account team to get help with the migration to WAF custom rules.
+If you have not upgraded to WAF custom rules yet, you may have some invalid configuration that prevents the upgrade from happening. In this case, contact your account team to get help with the upgrade to WAF custom rules.
 
 :::
 
@@ -76,7 +77,6 @@ With the _Skip_ action you can do the following:
 You can also select whether you want to log events matching the custom rule with the _Skip_ action or not. This is especially useful when creating a positive security model to avoid logging large amounts of legitimate traffic.
 
 :::note
-
 The Firewall Rules API does not support the _Skip_ action. When you create a custom rule with _Skip_ action, it is translated to _Allow_ and _Bypass_ in the Firewall Rules API. You must use the [Rulesets API](/waf/custom-rules/skip/api-examples/) to fully use the new _Skip_ action functionality.
 :::
 
@@ -99,7 +99,6 @@ In contrast, if you create two custom rules where both rules match an incoming r
 The request would be blocked, since custom rules are evaluated in order and the _Block_ action will stop the evaluation of other rules.
 
 :::note
-
 For the custom rules converted from your existing firewall rules, Cloudflare will preserve your current order of execution.
 :::
 
@@ -127,7 +126,7 @@ For users that still have access to both products, the **Firewall rules** tab wi
 
 ## Relevant changes for API users
 
-**The [Firewall Rules API](/firewall/api/cf-firewall-rules/) and the associated [Cloudflare Filters API](/firewall/api/cf-filters/) are now deprecated.** These APIs will stop working on 2025-06-15. You must migrate any automation based on the Firewall Rules API or Cloudflare Filters API to the [Rulesets API](/waf/custom-rules/create-api/) before this date to prevent any issues. Rule IDs are different between firewall rules and custom rules, which may affect automated processes dealing with specific rule IDs.
+**The [Firewall Rules API](/firewall/api/cf-firewall-rules/) and the associated [Cloudflare Filters API](/firewall/api/cf-filters/) are now deprecated.** These APIs will stop working on 2025-06-15. You must manually update any automation based on the Firewall Rules API or Cloudflare Filters API to the [Rulesets API](/waf/custom-rules/create-api/) before this date to prevent any issues. Rule IDs are different between firewall rules and custom rules, which may affect automated processes dealing with specific rule IDs.
 
 For the time being, all three APIs will be available (Firewall Rules API, Filters API, and Rulesets API). Cloudflare will internally convert your [Firewall Rules API](/firewall/api/cf-firewall-rules/) and [Filters API](/firewall/api/cf-filters/) calls into the corresponding [Rulesets API](/waf/custom-rules/create-api/) calls. The converted API calls between the Firewall Rules API/Filters API and the Rulesets API appear in audit logs as generated by Cloudflare and not by the actual user making the requests. There will be a single list of rules for both firewall rules and WAF custom rules.
 
@@ -142,7 +141,7 @@ Refer to the WAF documentation for [examples of managing WAF custom rules using
 - [`cloudflare_firewall_rule`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/firewall_rule)
 - [`cloudflare_filter`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/filter)
 
-These resources will stop working on 2025-06-15. If you are currently using these resources to manage your Firewall Rules configuration, you must manually migrate any Terraform configuration to [`cloudflare_ruleset`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset) resources before this date to prevent any issues.
+These resources will stop working on 2025-06-15. If you are currently using these resources to manage your Firewall Rules configuration, you must manually update any Terraform configuration to [`cloudflare_ruleset`](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs/resources/ruleset) resources before this date to prevent any issues.
 
 For the time being, all three Terraform resources will be available (`cloudflare_firewall_rule`, `cloudflare_filter`, and `cloudflare_ruleset`). There will be a single list of rules for both firewall rules and WAF custom rules.
 

@@ -5,12 +5,12 @@ sidebar:
   order: 5
   group:
     hideIndex: true
-description: Documentation for deprecated WAF features.
+description: Documentation for legacy WAF features.
 noindex: true
 ---
 
 import { DirectoryListing } from "~/components";
 
-Refer to the following pages for more information on legacy features that have been deprecated:
+Refer to the following pages for more information on legacy WAF features:
 
 <DirectoryListing />
@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Firewall rules
+external_link: /firewall/
+sidebar:
+  order: 4
+---
@@ -4,19 +4,16 @@ source: https://support.cloudflare.com/hc/en-us/articles/115001635128-Configurin
 title: Rate Limiting (previous version)
 sidebar:
   order: 3
-  group:
-    badge:
-      text: Deprecated
 noindex: true
 ---
 
 Cloudflare Rate Limiting automatically identifies and mitigates excessive request rates for specific URLs or for an entire domain.
 
 :::caution
 
-The information in this page refers to the previous version of rate limiting rules (now deprecated), which are billed based on usage.
+The information in this page refers to the previous version of rate limiting rules, which are billed based on usage.
 
-To benefit from unmetered rate limiting, rewrite your current rules in the [new version of rate limiting rules](/waf/rate-limiting-rules/). For more information, refer to the [migration guide](/waf/reference/migration-guides/old-rate-limiting-deprecation/).
+Cloudflare is upgrading all rate limiting rules to the [new version of rate limiting rules](/waf/rate-limiting-rules/). For more information on what changed in the new version, refer to the [upgrade guide](/waf/reference/legacy/old-rate-limiting/upgrade/).
 
 :::