diff --git a/src/content/docs/cloudflare-challenges/frequently-asked-questions.mdx b/src/content/docs/cloudflare-challenges/frequently-asked-questions.mdx index e52d636556b4d1..2fa3c16d5f51e7 100644 --- a/src/content/docs/cloudflare-challenges/frequently-asked-questions.mdx +++ b/src/content/docs/cloudflare-challenges/frequently-asked-questions.mdx @@ -85,7 +85,7 @@ Block Amazon Web Services (AWS) and Google Cloud Platform (GCP) because of large Previously, unless you customize your front-end application, any AJAX request that is challenged will fail because AJAX calls are not rendered in the DOM. -Now, you can [opt-in to Turnstile's Pre-clearance cookies](/turnstile/concepts/pre-clearance-support/). This allows you to issue a Challenge early in your web application flow and pre-clear users to interact with sensitive APIs. Clearance cookies issued by a Turnstile widget are automatically applied to the Cloudflare zone that the Turnstile widget is embedded on, with no configuration necessary. The duration of the clearance cookie's validity is controlled by the zone-specific configurable [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage) security setting. +Now, you can [opt-in to Turnstile's Pre-clearance cookies](/turnstile/concepts/pre-clearance-support/). This allows you to issue a Challenge early in your web application flow and pre-clear users to interact with sensitive APIs. Clearance cookies issued by a Turnstile widget are automatically applied to the Cloudflare zone that the Turnstile widget is embedded on, with no configuration necessary. The duration of the clearance cookie's validity is controlled by the zone-specific configurable [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/) security setting. ## Why would I not find any failed Challenges? diff --git a/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx b/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx index 2040345efdb13f..3682261eef6809 100644 --- a/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx +++ b/src/content/docs/fundamentals/reference/policies-compliances/content-security-policies.mdx @@ -35,12 +35,12 @@ If you require the CSP headers to be changed or added, you can change them using To use certain Cloudflare features, however, you may need to update the headers in your CSP: -| Feature(s) | Updated headers | -| --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | -| [Rocket Loader](/speed/optimization/content/rocket-loader/), [Mirage](/speed/optimization/images/mirage/) | `script-src 'self' ajax.cloudflare.com;` | -| [Scrape Shield](/waf/tools/scrape-shield/) | `script-src 'self' 'unsafe-inline'` | -| [Web Analytics](/web-analytics/) | `script-src static.cloudflareinsights.com; connect-src cloudflareinsights.com` | -| [Bot products](/bots/) | Refer to [JavaScript detections and CSPs](/bots/additional-configurations/javascript-detections/#if-you-have-a-content-security-policy-csp). | -| [Page Shield](/page-shield/) | Refer to [Page Shield CSP Header format](/page-shield/reference/csp-header/). | -| [Zaraz](/zaraz/) | No updates required ([details](https://blog.cloudflare.com/cloudflare-zaraz-supports-csp/)). | -| [Turnstile](/turnstile/) | Refer to [Turnstile CSP](/turnstile/reference/content-security-policy/). | +| Feature(s) | Updated headers | +| --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | +| [Rocket Loader](/speed/optimization/content/rocket-loader/), [Mirage](/speed/optimization/images/mirage/) | `script-src 'self' ajax.cloudflare.com;` | +| [Scrape Shield](/waf/tools/scrape-shield/) | `script-src 'self' 'unsafe-inline'` | +| [Web Analytics](/web-analytics/) | `script-src static.cloudflareinsights.com; connect-src cloudflareinsights.com` | +| [Bot products](/bots/) | Refer to [JavaScript detections and CSPs](/cloudflare-challenges/challenge-types/javascript-detections/#if-you-have-a-content-security-policy-csp). | +| [Page Shield](/page-shield/) | Refer to [Page Shield CSP Header format](/page-shield/reference/csp-header/). | +| [Zaraz](/zaraz/) | No updates required ([details](https://blog.cloudflare.com/cloudflare-zaraz-supports-csp/)). | +| [Turnstile](/turnstile/) | Refer to [Turnstile CSP](/turnstile/reference/content-security-policy/). | diff --git a/src/content/docs/fundamentals/reference/under-attack-mode.mdx b/src/content/docs/fundamentals/reference/under-attack-mode.mdx index 21ebd2eecfc8ba..afd29c2315be63 100644 --- a/src/content/docs/fundamentals/reference/under-attack-mode.mdx +++ b/src/content/docs/fundamentals/reference/under-attack-mode.mdx @@ -58,7 +58,7 @@ To preview what Under Attack mode looks like for your visitors: 4. Go to **Custom Pages**. 5. For **Managed Challenge / I'm Under Attack Mode™**, select **Custom Pages** > **View default**. -The `Checking your browser before accessing...` challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage). +The `Checking your browser before accessing...` challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/). --- diff --git a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/link-override-ddos-l34-rule-sensitivity.mdx b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/link-override-ddos-l34-rule-sensitivity.mdx index 6db465b2844948..c2f9829f821ebc 100644 --- a/src/content/docs/ruleset-engine/managed-rulesets/override-examples/link-override-ddos-l34-rule-sensitivity.mdx +++ b/src/content/docs/ruleset-engine/managed-rulesets/override-examples/link-override-ddos-l34-rule-sensitivity.mdx @@ -1,7 +1,7 @@ --- pcx_content_type: navigation title: Adjust an L3/4 DDoS rule -external_link: /ddos-protection/managed-rulesets/network/configure-api/#configure-an-override-for-the-network-layer-ddos-attack-protection-managed-ruleset +external_link: /ddos-protection/managed-rulesets/network/network-overrides/configure-api/#configure-an-override-for-the-network-layer-ddos-attack-protection-managed-ruleset sidebar: order: 7 diff --git a/src/content/docs/security/settings.mdx b/src/content/docs/security/settings.mdx index 04cf842d40b4aa..9b938f09a7101c 100644 --- a/src/content/docs/security/settings.mdx +++ b/src/content/docs/security/settings.mdx @@ -49,7 +49,7 @@ In the **Bot traffic** security module you can perform the following tasks: - Enable [Super Bot fight mode](/bots/get-started/super-bot-fight-mode/) (depending on your Cloudflare plan). - Review information about [Bot Management](/bots/get-started/bot-management/) (always enabled if included in your Enterprise subscriptions). - Turn on [Block AI Bots](/bots/concepts/bot/#ai-bots). -- Turn on [AI Labyrinth](/bots/get-started/bot-fight-mode/#enable-ai-labyrinth). +- Turn on [AI Labyrinth](/bots/additional-configurations/ai-labyrinth/). :::note The bot traffic module includes features and settings from [Bots](/bots/) in the previous dashboard navigation structure. @@ -109,7 +109,7 @@ This section allows you to configure multiple security-related settings. The fol | [JavaScript detections](/bots/additional-configurations/javascript-detections/) | **Security** > **Bots** > **Configure Super Bot Fight Mode
Security** > **Bots** > **Configure Bot Management** | | [Auto-update machine learning model](/bots/reference/machine-learning-models/) | **Security** > **Bots** > **Configure Bot Management** | | [Enable Security.txt](/security-center/infrastructure/security-file/) | **Security** > **Settings** | -| [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage) | **Security** > **Settings** | +| [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/) | **Security** > **Settings** | | [Browser Integrity Check](/waf/tools/browser-integrity-check/) | **Security** > **Settings** | | [Replace insecure JavaScript libraries](/waf/tools/replace-insecure-js-libraries/) | **Security** > **Settings** | | [Security Level](/waf/tools/security-level/) | **Security** > **Settings** | diff --git a/src/content/docs/support/contacting-cloudflare-support.mdx b/src/content/docs/support/contacting-cloudflare-support.mdx index b2113118f8af48..37400dd2ad88fd 100644 --- a/src/content/docs/support/contacting-cloudflare-support.mdx +++ b/src/content/docs/support/contacting-cloudflare-support.mdx @@ -52,7 +52,7 @@ _(For Enterprise Emergency Phone Support)_ For account security, you must verify your identity and account ownership in the Cloudflare dashboard before discussing account settings and sensitive details with Cloudflare Support. There are two verification options: - a single-use token that automatically refreshes every thirty (30) seconds, or -- an [authenticator app token](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication-for-two-factor-cloudflare-login) on your mobile device. +- an [authenticator app token](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) on your mobile device. ### Authenticating your account @@ -70,7 +70,7 @@ For account security, you must verify your identity and account ownership in the ![](~/assets/images/support/Emergency_Phone_Support.png) -5\. To authenticate using an authenticator app, click **Configure authenticator app** and follow the [configuration instructions](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication-for-two-factor-cloudflare-login) on the following screen. After configuration, the token code will appear in your mobile authentication application. +5\. To authenticate using an authenticator app, click **Configure authenticator app** and follow the [configuration instructions](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) on the following screen. After configuration, the token code will appear in your mobile authentication application. 6\. When calling the emergency phone line, you can authenticate automatically by entering your ID and Code when requested. diff --git a/src/content/docs/waf/rate-limiting-rules/parameters.mdx b/src/content/docs/waf/rate-limiting-rules/parameters.mdx index 230edcab4046ce..051e8c5e2a9fdd 100644 --- a/src/content/docs/waf/rate-limiting-rules/parameters.mdx +++ b/src/content/docs/waf/rate-limiting-rules/parameters.mdx @@ -151,7 +151,7 @@ Once the rate is reached, the rate limiting rule applies the rule action to furt In the dashboard, select one of the available values, which [vary according to your Cloudflare plan](/waf/rate-limiting-rules/#availability). The available API values are: `0`, `10`, `60` (one minute), `120` (two minutes), `300` (five minutes), `600` (10 minutes), `3600` (one hour), or `86400` (one day). -Customers on Free, Pro, and Business plans cannot select a duration when using a [challenge action](/cloudflare-challenges/#available-challenges) — their rate limiting rule will always perform request throttling for these actions. With request throttling, you do not define a duration. When visitors pass a challenge, their corresponding [request counter](/waf/rate-limiting-rules/request-rate/) is set to zero. When visitors with the same values for the rule characteristics make enough requests to trigger the rate limiting rule again, they will receive a new challenge. +Customers on Free, Pro, and Business plans cannot select a duration when using a [challenge action](/cloudflare-challenges/challenge-types/challenge-pages/#actions) — their rate limiting rule will always perform request throttling for these actions. With request throttling, you do not define a duration. When visitors pass a challenge, their corresponding [request counter](/waf/rate-limiting-rules/request-rate/) is set to zero. When visitors with the same values for the rule characteristics make enough requests to trigger the rate limiting rule again, they will receive a new challenge. Enterprise customers can always configure a duration (or mitigation timeout), even when using one of the challenge actions. diff --git a/src/content/docs/waf/tools/ip-access-rules/actions.mdx b/src/content/docs/waf/tools/ip-access-rules/actions.mdx index 93c6d0b22db1d4..0967cae034dce4 100644 --- a/src/content/docs/waf/tools/ip-access-rules/actions.mdx +++ b/src/content/docs/waf/tools/ip-access-rules/actions.mdx @@ -14,7 +14,7 @@ An IP Access rule can perform one of the following actions: - **Allow**: Excludes visitors from all security checks, including [Browser Integrity Check](/waf/tools/browser-integrity-check/), [Under Attack mode](/fundamentals/reference/under-attack-mode/), and the WAF. Use this option when a trusted visitor is being blocked by Cloudflare's default security features. The _Allow_ action takes precedence over the _Block_ action. Note that allowing a given country code will not bypass WAF managed rules (previous and new versions). -- **Managed Challenge**: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to [Cloudflare challenges](/cloudflare-challenges/#managed-challenge-recommended). +- **Managed Challenge**: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to [Cloudflare Challenges](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended). - **JavaScript Challenge**: Presents the [Under Attack mode](/fundamentals/reference/under-attack-mode/) interstitial page to visitors. The visitor or client must support JavaScript. Useful for blocking DDoS attacks with minimal impact to legitimate visitors. diff --git a/src/content/docs/waf/troubleshooting/samesite-cookie-interaction.mdx b/src/content/docs/waf/troubleshooting/samesite-cookie-interaction.mdx index 80986b899bd9d5..8ab2817f251e91 100644 --- a/src/content/docs/waf/troubleshooting/samesite-cookie-interaction.mdx +++ b/src/content/docs/waf/troubleshooting/samesite-cookie-interaction.mdx @@ -58,7 +58,7 @@ If you require a specific `SameSite` configuration in your session affinity cook ## Known issues with SameSite and `cf_clearance` cookies -When a visitor solves a [challenge](/cloudflare-challenges/) presented due to a [custom rule](/waf/custom-rules/) or an [IP access rule](/waf/tools/ip-access-rules/), a `cf_clearance` cookie is set in the visitor's browser. The `cf_clearance` cookie has a default lifetime of 30 minutes, which you can configure via [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage). +When a visitor solves a [challenge](/cloudflare-challenges/) presented due to a [custom rule](/waf/custom-rules/) or an [IP access rule](/waf/tools/ip-access-rules/), a `cf_clearance` cookie is set in the visitor's browser. The `cf_clearance` cookie has a default lifetime of 30 minutes, which you can configure via [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/). Cloudflare uses `SameSite=None` in the `cf_clearance` cookie so that visitor requests from different hostnames are not met with later challenges or errors. When `SameSite=None` is used, it must be set in conjunction with the `Secure` flag. diff --git a/src/content/partials/support/2fa-enable.mdx b/src/content/partials/support/2fa-enable.mdx index 8208a467989b06..c7ac359732fc93 100644 --- a/src/content/partials/support/2fa-enable.mdx +++ b/src/content/partials/support/2fa-enable.mdx @@ -18,4 +18,4 @@ To enable two-factor authentication for your Cloudflare login: 2. Under the **My Profile** dropdown, select **My Profile**. 3. Select **Authentication**.  4. Select **Manage** in the Two-Factor Authentication card. -5. Configure either a [TOTP mobile app](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication-for-two-factor-cloudflare-login) or a [security key to enable 2FA on your account](/fundamentals/user-profiles/2fa/#configure-security-key-authentication-for-two-factor-cloudflare-login). +5. Configure either a [TOTP mobile app](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) or a [security key to enable 2FA on your account](/fundamentals/user-profiles/2fa/#configure-security-key-authentication-for-two-factor-cloudflare-login).