cloudflare · pedrosousa · Jul 11, 2025 · Jul 11, 2025
@@ -85,7 +85,7 @@ Block Amazon Web Services (AWS) and Google Cloud Platform (GCP) because of large
 
 Previously, unless you customize your front-end application, any AJAX request that is challenged will fail because AJAX calls are not rendered in the DOM.
 
-Now, you can [opt-in to Turnstile's Pre-clearance cookies](/turnstile/concepts/pre-clearance-support/). This allows you to issue a Challenge early in your web application flow and pre-clear users to interact with sensitive APIs. Clearance cookies issued by a Turnstile widget are automatically applied to the Cloudflare zone that the Turnstile widget is embedded on, with no configuration necessary. The duration of the clearance cookie's validity is controlled by the zone-specific configurable [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage) security setting.
+Now, you can [opt-in to Turnstile's Pre-clearance cookies](/turnstile/concepts/pre-clearance-support/). This allows you to issue a Challenge early in your web application flow and pre-clear users to interact with sensitive APIs. Clearance cookies issued by a Turnstile widget are automatically applied to the Cloudflare zone that the Turnstile widget is embedded on, with no configuration necessary. The duration of the clearance cookie's validity is controlled by the zone-specific configurable [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/) security setting.
 
 ## Why would I not find any failed Challenges?
 

@@ -35,12 +35,12 @@ If you require the CSP headers to be changed or added, you can change them using
 
 To use certain Cloudflare features, however, you may need to update the headers in your CSP:
 
-| Feature(s)                                                                                                | Updated headers                                                                                                                              |
-| --------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
-| [Rocket Loader](/speed/optimization/content/rocket-loader/), [Mirage](/speed/optimization/images/mirage/) | `script-src 'self' ajax.cloudflare.com;`                                                                                                     |
-| [Scrape Shield](/waf/tools/scrape-shield/)                                                                | `script-src 'self' 'unsafe-inline'`                                                                                                          |
-| [Web Analytics](/web-analytics/)                                                                          | `script-src static.cloudflareinsights.com; connect-src cloudflareinsights.com`                                                               |
-| [Bot products](/bots/)                                                                                    | Refer to [JavaScript detections and CSPs](/bots/additional-configurations/javascript-detections/#if-you-have-a-content-security-policy-csp). |
-| [Page Shield](/page-shield/)                                                                              | Refer to [Page Shield CSP Header format](/page-shield/reference/csp-header/).                                                                |
-| [Zaraz](/zaraz/)                                                                                          | No updates required ([details](https://blog.cloudflare.com/cloudflare-zaraz-supports-csp/)).                                                 |
-| [Turnstile](/turnstile/)                                                                                  | Refer to [Turnstile CSP](/turnstile/reference/content-security-policy/).                                                                     |
+| Feature(s)                                                                                                | Updated headers                                                                                                                                     |
+| --------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [Rocket Loader](/speed/optimization/content/rocket-loader/), [Mirage](/speed/optimization/images/mirage/) | `script-src 'self' ajax.cloudflare.com;`                                                                                                            |
+| [Scrape Shield](/waf/tools/scrape-shield/)                                                                | `script-src 'self' 'unsafe-inline'`                                                                                                                 |
+| [Web Analytics](/web-analytics/)                                                                          | `script-src static.cloudflareinsights.com; connect-src cloudflareinsights.com`                                                                      |
+| [Bot products](/bots/)                                                                                    | Refer to [JavaScript detections and CSPs](/cloudflare-challenges/challenge-types/javascript-detections/#if-you-have-a-content-security-policy-csp). |
+| [Page Shield](/page-shield/)                                                                              | Refer to [Page Shield CSP Header format](/page-shield/reference/csp-header/).                                                                       |
+| [Zaraz](/zaraz/)                                                                                          | No updates required ([details](https://blog.cloudflare.com/cloudflare-zaraz-supports-csp/)).                                                        |
+| [Turnstile](/turnstile/)                                                                                  | Refer to [Turnstile CSP](/turnstile/reference/content-security-policy/).                                                                            |
@@ -58,7 +58,7 @@ To preview what Under Attack mode looks like for your visitors:
 4. Go to **Custom Pages**.
 5. For **Managed Challenge / I'm Under Attack Mode™**, select **Custom Pages** > **View default**.
 
-The `Checking your browser before accessing...` challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage).
+The `Checking your browser before accessing...` challenge determines whether to block or allow a visitor within five seconds. After passing the challenge, the visitor does not observe another challenge until the duration configured in [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/).
 
 ---
 

@@ -1,7 +1,7 @@
 ---
 pcx_content_type: navigation
 title: Adjust an L3/4 DDoS rule
-external_link: /ddos-protection/managed-rulesets/network/configure-api/#configure-an-override-for-the-network-layer-ddos-attack-protection-managed-ruleset
+external_link: /ddos-protection/managed-rulesets/network/network-overrides/configure-api/#configure-an-override-for-the-network-layer-ddos-attack-protection-managed-ruleset
 sidebar:
   order: 7
 

@@ -49,7 +49,7 @@ In the **Bot traffic** security module you can perform the following tasks:
 - Enable [Super Bot fight mode](/bots/get-started/super-bot-fight-mode/) (depending on your Cloudflare plan).
 - Review information about [Bot Management](/bots/get-started/bot-management/) (always enabled if included in your Enterprise subscriptions).
 - Turn on [Block AI Bots](/bots/concepts/bot/#ai-bots).
-- Turn on [AI Labyrinth](/bots/get-started/bot-fight-mode/#enable-ai-labyrinth).
+- Turn on [AI Labyrinth](/bots/additional-configurations/ai-labyrinth/).
 
 :::note
 The bot traffic module includes features and settings from [Bots](/bots/) in the previous dashboard navigation structure.
@@ -109,7 +109,7 @@ This section allows you to configure multiple security-related settings. The fol
 | [JavaScript detections](/bots/additional-configurations/javascript-detections/)                                         | **Security** > **Bots** > **Configure Super Bot Fight Mode<br/>Security** > **Bots** > **Configure Bot Management**                                                        |
 | [Auto-update machine learning model](/bots/reference/machine-learning-models/)                                          | **Security** > **Bots** > **Configure Bot Management**                                                                                                                     |
 | [Enable Security.txt](/security-center/infrastructure/security-file/)                                                   | **Security** > **Settings**                                                                                                                                                |
-| [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage)                          | **Security** > **Settings**                                                                                                                                                |
+| [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/)                          | **Security** > **Settings**                                                                                                                                                |
 | [Browser Integrity Check](/waf/tools/browser-integrity-check/)                                                          | **Security** > **Settings**                                                                                                                                                |
 | [Replace insecure JavaScript libraries](/waf/tools/replace-insecure-js-libraries/)                                      | **Security** > **Settings**                                                                                                                                                |
 | [Security Level](/waf/tools/security-level/)                                                                            | **Security** > **Settings**                                                                                                                                                |
@@ -52,7 +52,7 @@ _(For Enterprise Emergency Phone Support)_
 For account security, you must verify your identity and account ownership in the Cloudflare dashboard before discussing account settings and sensitive details with Cloudflare Support. There are two verification options:
 
 - a single-use token that automatically refreshes every thirty (30) seconds, or
-- an [authenticator app token](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication-for-two-factor-cloudflare-login) on your mobile device.
+- an [authenticator app token](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) on your mobile device.
 
 ### Authenticating your account
 
@@ -70,7 +70,7 @@ For account security, you must verify your identity and account ownership in the
 
 ![](~/assets/images/support/Emergency_Phone_Support.png)
 
-5\. To authenticate using an authenticator app, click **Configure authenticator app** and follow the [configuration instructions](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication-for-two-factor-cloudflare-login) on the following screen. After configuration, the token code will appear in your mobile authentication application.
+5\. To authenticate using an authenticator app, click **Configure authenticator app** and follow the [configuration instructions](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) on the following screen. After configuration, the token code will appear in your mobile authentication application.
 
 6\. When calling the emergency phone line, you can authenticate automatically by entering your ID and Code when requested.
 

@@ -151,7 +151,7 @@ Once the rate is reached, the rate limiting rule applies the rule action to furt
 
 In the dashboard, select one of the available values, which [vary according to your Cloudflare plan](/waf/rate-limiting-rules/#availability). The available API values are: `0`, `10`, `60` (one minute), `120` (two minutes), `300` (five minutes), `600` (10 minutes), `3600` (one hour), or `86400` (one day).
 
-Customers on Free, Pro, and Business plans cannot select a duration when using a [challenge action](/cloudflare-challenges/#available-challenges) — their rate limiting rule will always perform request throttling for these actions. With request throttling, you do not define a duration. When visitors pass a challenge, their corresponding [request counter](/waf/rate-limiting-rules/request-rate/) is set to zero. When visitors with the same values for the rule characteristics make enough requests to trigger the rate limiting rule again, they will receive a new challenge.
+Customers on Free, Pro, and Business plans cannot select a duration when using a [challenge action](/cloudflare-challenges/challenge-types/challenge-pages/#actions) — their rate limiting rule will always perform request throttling for these actions. With request throttling, you do not define a duration. When visitors pass a challenge, their corresponding [request counter](/waf/rate-limiting-rules/request-rate/) is set to zero. When visitors with the same values for the rule characteristics make enough requests to trigger the rate limiting rule again, they will receive a new challenge.
 
 Enterprise customers can always configure a duration (or mitigation timeout), even when using one of the challenge actions.
 

@@ -14,7 +14,7 @@ An IP Access rule can perform one of the following actions:
 
 - **Allow**: Excludes visitors from all security checks, including [Browser Integrity Check](/waf/tools/browser-integrity-check/), [Under Attack mode](/fundamentals/reference/under-attack-mode/), and the WAF. Use this option when a trusted visitor is being blocked by Cloudflare's default security features. The _Allow_ action takes precedence over the _Block_ action. Note that allowing a given country code will not bypass WAF managed rules (previous and new versions).
 
-- **Managed Challenge**: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to [Cloudflare challenges](/cloudflare-challenges/#managed-challenge-recommended).
+- **Managed Challenge**: Depending on the characteristics of a request, Cloudflare will dynamically choose the appropriate type of challenge from a list of possible actions. For more information, refer to [Cloudflare Challenges](/cloudflare-challenges/challenge-types/challenge-pages/#managed-challenge-recommended).
 
 - **JavaScript Challenge**: Presents the [Under Attack mode](/fundamentals/reference/under-attack-mode/) interstitial page to visitors. The visitor or client must support JavaScript. Useful for blocking DDoS attacks with minimal impact to legitimate visitors.
 

@@ -58,7 +58,7 @@ If you require a specific `SameSite` configuration in your session affinity cook
 
 ## Known issues with SameSite and `cf_clearance` cookies
 
-When a visitor solves a [challenge](/cloudflare-challenges/) presented due to a [custom rule](/waf/custom-rules/) or an [IP access rule](/waf/tools/ip-access-rules/), a `cf_clearance` cookie is set in the visitor's browser. The `cf_clearance` cookie has a default lifetime of 30 minutes, which you can configure via [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/#challenge-passage).
+When a visitor solves a [challenge](/cloudflare-challenges/) presented due to a [custom rule](/waf/custom-rules/) or an [IP access rule](/waf/tools/ip-access-rules/), a `cf_clearance` cookie is set in the visitor's browser. The `cf_clearance` cookie has a default lifetime of 30 minutes, which you can configure via [Challenge Passage](/cloudflare-challenges/challenge-types/challenge-pages/challenge-passage/).
 
 Cloudflare uses `SameSite=None` in the `cf_clearance` cookie so that visitor requests from different hostnames are not met with later challenges or errors. When `SameSite=None` is used, it must be set in conjunction with the `Secure` flag.
 

@@ -18,4 +18,4 @@ To enable two-factor authentication for your Cloudflare login:
 2. Under the **My Profile** dropdown, select **My Profile**.
 3. Select **Authentication**. 
 4. Select **Manage** in the Two-Factor Authentication card.
-5. Configure either a [TOTP mobile app](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication-for-two-factor-cloudflare-login) or a [security key to enable 2FA on your account](/fundamentals/user-profiles/2fa/#configure-security-key-authentication-for-two-factor-cloudflare-login).
+5. Configure either a [TOTP mobile app](/fundamentals/user-profiles/2fa/#configure-totp-mobile-application-authentication) or a [security key to enable 2FA on your account](/fundamentals/user-profiles/2fa/#configure-security-key-authentication-for-two-factor-cloudflare-login).