cloudflare · patriciasantaana · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025 · Jul 2, 2025
@@ -9,15 +9,17 @@ head:
 
 ---
 
-import { Render } from "~/components"
+import { Render, Steps } from "~/components"
 
 To add an IP address or prefix to the Advanced DDoS Protection [allowlist](/ddos-protection/advanced-ddos-systems/concepts/#allowlist):
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection**.
 3. Under **General settings** > **Allowlist**, select **Edit**.
 4. Enter a prefix and (optionally) a description in **Prefix** and **Description**, respectively.
 5. To exclude the current prefix from the allowlist instead of including it, uncheck the **Enabled** checkbox.
 6. Select **Add**.
+</Steps>
 
 <Render file="allowlist-ip-spoofing" />
@@ -8,14 +8,17 @@ head:
     content: Add a prefix to Advanced DDoS Protection
 
 ---
+import { Steps } from "~/components"
 
 To add a [prefix](/ddos-protection/advanced-ddos-systems/concepts/#prefixes) to Advanced DDoS Protection:
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection**.
 3. Under **General settings** > **Prefixes**, select **Edit**.
 4. Expand the **Add existing prefix** section and select **Add** next to the prefix you wish to add.<br/>
    Alternatively, enter a prefix and (optionally) a description in **Prefix** and **Description**, respectively, and select **Add**.
+</Steps>
 
 :::note[Note]
 

@@ -9,7 +9,7 @@ head:
 
 ---
 
-import { GlossaryTooltip, Render } from "~/components"
+import { GlossaryTooltip, Render, Steps } from "~/components"
 
 <Render file="atp-filter-definition" />
 
@@ -23,13 +23,15 @@ Filters only apply to Advanced TCP Protection.
 
 To create a [filter](/ddos-protection/advanced-ddos-systems/concepts/#filter) for one of the system components:
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection** > **Advanced TCP Protection**.
 3. Under the system component for which you are creating the filter (**SYN Flood Protection** or **Out-of-state TCP Protection**), select **Create** next to the type of filter you want to create:
-  - **Mitigation Filter**: The protection system will drop <GlossaryTooltip term="data packet">packets</GlossaryTooltip> matching the filter expression.
-  - **Monitoring Filter**: The protection system will log packets matching the filter expression.
-  - **Off Filter**: The protection system will ignore packets matching the filter expression.
+    - **Mitigation Filter**: The protection system will drop <GlossaryTooltip term="data packet">packets</GlossaryTooltip> matching the filter expression.
+    - **Monitoring Filter**: The protection system will log packets matching the filter expression.
+    - **Off Filter**: The protection system will ignore packets matching the filter expression.
 4. Under **When incoming packets match**, define a filter expression using the Expression Builder (specifying one or more values for **Field**, **Operator**, and **Value**), or manually enter an expression using the Expression Editor. For more information, refer to [Edit rule expressions](/ruleset-engine/rules-language/expressions/edit-expressions/).
 5. Select **Save**.
+</Steps>
 
 <Render file="atp-filters-rules-precedence" />
@@ -9,28 +9,29 @@ head:
 
 ---
 
-import { Render } from "~/components"
+import { Render, Steps } from "~/components"
 
 ## Create an Advanced TCP Protection rule
 
 To create a [SYN flood rule](/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection/#syn-flood-protection) or an [out-of-state TCP](/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection/#out-of-state-tcp-protection) rule:
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection** > **Advanced TCP Protection**.
 3. Depending on the rule you are creating, do one of the following:
-
     - Under **SYN Flood Protection**, select **Create SYN flood rule**.
     - Under **Out-of-state TCP Protection**, select **Create out-of-state TCP rule**.
-
 4. In **Mode**, select a [mode](/ddos-protection/advanced-ddos-systems/concepts/#mode) for the rule.
 5. Under **Set scope**, select a [scope](/ddos-protection/advanced-ddos-systems/concepts/#scope) for the rule. If you choose to apply the rule to a subset of incoming packets, select a region or a data center.
 6. Under **Sensitivity**, define the [burst sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#burst-sensitivity) and [rate sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#rate-sensitivity) of the rule (by default, _Medium_). The sensitivity levels are based on the initially configured thresholds for your specific case.
 7. Select **Deploy**.
+</Steps>
 
 <Render file="atp-filters-rules-precedence" />
 
 ## Create an Advanced DNS Protection rule
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/login) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection** > **General settings**.
 3. Add the prefixes you wish to onboard. Advanced DNS Protection will only be applied to the prefixes you onboard. If you already onboarded the desired prefixes when you configured Advanced TCP Protection, you do not need to take any other action.
@@ -43,4 +44,5 @@ To create a [SYN flood rule](/ddos-protection/advanced-ddos-systems/overview/adv
 6. In **Mode**, select a mode for the rule.
 7. Under **Set scope**, select a [scope](/ddos-protection/advanced-ddos-systems/concepts/#scope) to determine the range of packets that will be affected by the rule.
 8. Under **Sensitivity**, define the [burst sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#burst-sensitivity), [rate sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#rate-sensitivity), and [profile sensitivity](/ddos-protection/advanced-ddos-systems/concepts/#profile-sensitivity) to determine when to initiate mitigation.
-9. Select **Deploy**.
+9. Select **Deploy**.
+</Steps>
@@ -6,13 +6,17 @@ sidebar:
 
 ---
 
+import { Steps } from "~/components"
+
 To exclude a prefix or a prefix subset from Advanced DDoS Protection:
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection**.
 3. [Add the prefix](/ddos-protection/advanced-ddos-systems/how-to/add-prefix/) you previously onboarded to Magic Transit to Advanced TCP Protection.
 4. [Add the prefix](/ddos-protection/advanced-ddos-systems/how-to/add-prefix/) (or subset) you wish to exclude as a new, separate prefix in Advanced TCP Protection.
 5. For the prefix you added in the previous step, select **Exclude Subset** in the **Enrolled Prefixes** list.
+</Steps>
 
 :::note
 

@@ -10,7 +10,7 @@ head:
 
 ---
 
-import { GlossaryTooltip, Render } from "~/components"
+import { GlossaryTooltip, Render, Steps } from "~/components"
 
 The Advanced DDoS Protection system includes [Advanced TCP Protection](/ddos-protection/advanced-ddos-systems/overview/advanced-tcp-protection/) and [Advanced DNS Protection](/ddos-protection/advanced-ddos-systems/overview/advanced-dns-protection/). Both systems are configured using the general settings, but also comprise of their own dedicated settings.
 
@@ -62,6 +62,8 @@ Refer to [Concepts](/ddos-protection/advanced-ddos-systems/concepts/) for more i
 
 Enable the Advanced DDoS system and begin routing traffic through it.
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
 2. Go to **L3/4 DDoS** > **Advanced Protection** > **General settings**.
-3. Under **General settings**, toggle the feature status **On**.
+3. Under **General settings**, toggle the feature status **On**.
+</Steps>
@@ -5,21 +5,23 @@ title: Respond to DDoS attacks
 
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip, Steps } from "~/components"
 
 Cloudflare's network automatically mitigates large <GlossaryTooltip term="distributed denial-of-service (DDoS) attack" link="https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/">DDoS attacks</GlossaryTooltip>, but these attacks can still affect your application.
 
 ## All customers
 
 All customers should perform the following steps to better secure their application:
 
+<Steps>
 1. Make sure all [DDoS managed rulesets](/ddos-protection/managed-rulesets/) are set to default settings (_High_ sensitivity level and mitigation actions) for optimal DDoS activation.
 2. Deploy [WAF custom rules](/waf/custom-rules/) and [rate limiting rules](/waf/rate-limiting-rules/) to enforce a combined positive and negative security model. Reduce the traffic allowed to your website based on your known usage.
 3. Make sure your origin is not exposed to the public Internet, meaning that access is only possible from [Cloudflare IP addresses](/fundamentals/concepts/cloudflare-ip-addresses/). As an extra security precaution, we recommend contacting your hosting provider and requesting new origin server IPs if they have been targeted directly in the past.
 4. If you have [Managed IP Lists](/waf/tools/lists/managed-lists/#managed-ip-lists) or [Bot Management](/bots/plans/bm-subscription/), consider using these in WAF custom rules.
 5. Enable [caching](/cache/) as much as possible to reduce the strain on your origin servers, and when using [Workers](/workers/), avoid overwhelming your origin server with more subrequests than necessary.
 
    To help counter attack randomization, Cloudflare recommends to update your cache settings to exclude the query string as a cache key. When the query string is excluded as a cache key, Cloudflare's cache will take in unmitigated attack requests instead of forwarding them to the origin. The cache can be a useful mechanism as part of a multilayered security posture.
+</Steps>
 
 ## Enterprise customers
 

@@ -11,6 +11,7 @@ learning_center:
   link: https://www.cloudflare.com/learning/ddos/what-is-a-ddos-botnet/
 
 ---
+import { Steps } from "~/components"
 
 The Cloudflare DDoS Botnet Threat Feed is a threat intelligence feed for service providers (SPs) such as hosting providers and Internet service providers (ISPs) that provides information about their own IP addresses that have participated in HTTP DDoS attacks as observed from Cloudflare's global network. The feed aims to help service providers stop the abuse and reduce DDoS attacks originating from within their networks.
 
@@ -44,11 +45,13 @@ Make sure that:
 
 ### 1. Authenticate your ASN via PeeringDB
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
 2. Go to **Manage Account** > **Configurations**.
 3. Select **DDoS Threat Feed ASNs**.
 4. On the list of ASNs configured for your threat feed, select **Add ASN**.
 5. You will be redirected to the PeeringDB authentication page, where you can log in and consent to share the affiliation data with us. You will be redirected back to the configuration page once it is successful.
+</Steps>
 
 :::note
 You can add multiple ASNs to your threat feed.

@@ -6,6 +6,8 @@ sidebar:
 
 ---
 
+import { Steps } from "~/components"
+
 ## Free, Pro, and Business plans
 
 The DDoS Attack Protection managed rulesets provided by Cloudflare are enabled by default on zones onboarded to Cloudflare, IP applications onboarded to Spectrum, and IP Prefixes onboarded to Magic Transit.
@@ -26,10 +28,12 @@ Cloudflare's DDoS protection systems automatically detect and mitigate DDoS atta
 
 To prevent this situation, Cloudflare recommends that you perform these steps to get started:
 
+<Steps>
 1. Set the ruleset actions for all the [DDoS Attack Protection managed rulesets](/ddos-protection/managed-rulesets/) to _Log_.
 2. Analyze the flagged traffic.
 3. Adjust the sensitivity or action of individual managed ruleset rules, if required.
 4. Switch ruleset actions from _Log_ back to the default.
+</Steps>
 
 ### Prerequisites
 
@@ -46,9 +50,11 @@ You must have one of the following:
 The _Log_ action is only available to Enterprise customers.
 :::
 
+<Steps>
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account.
 2. [Configure all the rules in the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/#create-a-ddos-override), setting their action to _Log_.
 3. [Configure all the rules in the Network-layer DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/network/network-overrides/configure-dashboard/#create-a-ddos-override), setting the action to _Log_.
+</Steps>
 
 Alternatively, if you are using the API, define an override at the ruleset level to set the action of all managed ruleset rules to `log` by following these instructions:
 
@@ -57,8 +63,10 @@ Alternatively, if you are using the API, define an override at the ruleset level
 
 ### 2. Review flagged traffic
 
+<Steps>
 1. Go to your [analytics dashboard](/ddos-protection/reference/analytics/) (the exact dashboard depends on your Cloudflare services).
 2. Apply one or more filters, if required, and identify any rules that would have blocked legitimate traffic if _Log_ mode were disabled. Take note of the rule IDs.
+</Steps>
 
 ### 3. Customize managed ruleset rules
 

@@ -7,6 +7,8 @@ sidebar:
 
 ---
 
+import { Tabs, TabItem, Steps } from "~/components"
+
 Adaptive DDoS Protection learns your unique traffic patterns and adapts to them to provide better protection against sophisticated DDoS attacks on layer 7 and layers 3/4, depending on your subscribed Cloudflare services.
 
 Adaptive DDoS Protection provides the following types of protection:
@@ -58,15 +60,41 @@ For more information on the types of DDoS attacks covered by Cloudflare's DDoS p
 
 To view traffic flagged by HTTP Adaptive DDoS Protection rules:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and website.
-2. Go to **Security** > **Events**.
-3. Filter by `Service equals HTTP DDoS` and by rule ID.
+<Tabs syncKey="dashNewNav"> 
+  <TabItem label="Old dashboard">
+    <Steps>
+      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+      2. Go to **Security** > **Events**.
+      3. Filter by `Service equals HTTP DDoS` and by rule ID.
+    </Steps>
+  </TabItem>
+  <TabItem label="New dashboard" icon="rocket">
+    <Steps>
+      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+      2. Go to **Security** > **Analytics** > **Events**.
+      3. Filter by `Service equals HTTP DDoS` and by rule ID.
+    </Steps>
+  </TabItem>
+</Tabs>
 
 To view traffic flagged by L3/4 Adaptive DDoS Protection rules:
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-2. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
-3. Filter by rule ID.
+<Tabs syncKey="dashNewNav"> 
+  <TabItem label="Old dashboard">
+    <Steps>
+      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
+      2. Go to Account Home > **Analytics & Logs** > **Network Analytics**.
+      3. Filter by rule ID.
+    </Steps>
+  </TabItem>
+  <TabItem label="New dashboard" icon="rocket">
+    <Steps>
+      1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
+      2. Go to **Security** > **Analytics** > **Events**.
+      3. Filter by rule ID.
+    </Steps>
+  </TabItem>
+</Tabs>
 
 You may also obtain information about flagged traffic through [Logpush](/logs/about/) or the [GraphQL API](/analytics/graphql-api/).