Skip to content

Update new security dashboard settings and overview docs #23824

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jul 21, 2025
Merged

Update new security dashboard settings and overview docs #23824

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c6a7694
Update security settings doc
db-cloudflare Jul 21, 2025
3a3d237
Update overview docs
db-cloudflare Jul 21, 2025
9008974
Update settings.mdx
db-cloudflare Jul 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 2 additions & 11 deletions src/content/docs/security/overview.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,14 +10,5 @@ Security overview provides a high-level overview of your domain. It allows you t
The Security overview page displays the following information:

- If you are on a Free plan, the dashboard will display **Traffic last 24 hours**, which allows you to review traffic from the 24 hours that has been mitigated by Cloudflare. If you are on a Business, Pro, or Enterprise plan, the dashboard will display **Traffic last 7 days**, which allows you to review traffic from the last seven days that has been mitigated by Cloudflare.
- **Modules**: The dashboard will display suggestions categorized on your security module.
- **All suggestions**: The dashboard displays a list of suggestions to improve your security posture. Suggestions include:
- Web application exploits
- DDoS attacks
- Bot traffic
- API abuse
- Client-side abuse
- Domain settings
- Web assets and endpoints
- Rule templates
- Detections
- **Security category**: The dashboard will display security suggestions categorized by the different types of threats that Cloudflare detects and mitigates.
- **All suggestions**: The dashboard displays the full list of available suggestions to improve your security posture.
34 changes: 18 additions & 16 deletions src/content/docs/security/settings.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,13 +9,15 @@ description: Configure different Cloudflare security features that protect your

This page describes the settings available in **Security** > **Settings** for a given domain.

## Security modules
## Security setting categories

### Web application exploits module
Security settings and detection tools are categorized by the type of threat that they detect and mitigate.

In the **Web application exploits** security module you can manage the following settings:
### Web application exploits

- Detections:
In the **Web application exploits** security category you can manage the following settings:

- Detection tools:
- [Leaked credentials detection](/waf/detections/leaked-credentials/)
- [Malicious uploads detection](/waf/detections/malicious-uploads/)
- [Sensitive data detection](/waf/managed-rules/reference/sensitive-data-detection/)
Expand All @@ -28,12 +30,12 @@ In the **Web application exploits** security module you can manage the following
Refer to each linked page for details.

:::note
The web application exploits module includes features and settings from the [Cloudflare WAF](/waf/) in the previous dashboard navigation structure.
The web application exploits security category includes features and settings from the [Cloudflare WAF](/waf/) in the previous dashboard navigation structure.
:::

### DDoS attacks module
### DDoS attacks

The **DDoS protection** security module shows the multiple mitigation services against DDoS attacks provided by Cloudflare.
The **DDoS attacks** security category shows the multiple mitigation services against DDoS attacks provided by Cloudflare.

You can create rules to override DDoS attack protection tools. DDoS attack protection overrides are only available to Enterprise customers with the Advanced DDoS Protection subscription.

Expand All @@ -59,9 +61,9 @@ Additionally, you can manage the following settings:
- [Under Attack mode](/fundamentals/reference/under-attack-mode/) (under Security Level)
- SSL/TLS DDoS attack protection

### Bot traffic module
### Bot traffic

In the **Bot traffic** security module you can manage the following settings:
In the **Bot traffic** security category you can manage the following settings:

- [AI Labyrinth](/bots/additional-configurations/ai-labyrinth/)
- [Block AI Bots](/bots/concepts/bot/#ai-bots)
Expand All @@ -72,32 +74,32 @@ In the **Bot traffic** security module you can manage the following settings:
- API [sequence detection](/api-shield/security/sequence-analytics/) (requires you to configure a session identifier)

:::note
The bot traffic module includes features and settings from [Bots](/bots/) in the previous dashboard navigation structure.
The bot traffic security category includes features and settings from [Bots](/bots/) in the previous dashboard navigation structure.
:::

### API abuse module
### API abuse

In the **API abuse** security module you can manage the following settings:
In the **API abuse** security category you can manage the following settings:

- [Developer portal](/api-shield/management-and-monitoring/developer-portal/) creation
- [Endpoint discovery](/api-shield/security/api-discovery/) (always enabled if included in your Enterprise subscriptions; requires you to configure a [session identifier](/api-shield/management-and-monitoring/session-identifiers/))
- [Endpoint labels](/api-shield/management-and-monitoring/endpoint-labels/)
- [JWT validation](/api-shield/security/jwt-validation/) (requires you to add a [JWT configuration](/api-shield/security/jwt-validation/api/#token-configurations))

:::note
The API abuse module includes features and settings from [API Shield](/api-shield/) in the previous dashboard navigation structure.
The API abuse security category includes features and settings from [API Shield](/api-shield/) in the previous dashboard navigation structure.
:::

### Client-side abuse module
### Client-side abuse

In the **Client-side abuse** security module you can manage the following settings:
In the **Client-side abuse** security category you can manage the following settings:

- [Continuous script monitoring](/page-shield/how-it-works/) (previously [Page Shield](/page-shield/)):
- [Reporting endpoint](/page-shield/reference/settings/#reporting-endpoint) to use your hostname instead of a Cloudflare-owned endpoint (only for Enterprise customers with a paid add-on)
- [Data logged in client-side abuse reports](/page-shield/reference/settings/#connection-target-details) (only the hostname or the full URI)

:::note
The client-side abuse module includes features and settings from [Page Shield](/page-shield/) in the previous dashboard navigation structure.
The client-side abuse security category includes features and settings from [Page Shield](/page-shield/) in the previous dashboard navigation structure.
:::

## All settings
Expand Down
Loading