[WAF] Several updates to rate limiting rules

src/content/docs/waf/account/rate-limiting-rulesets/create-api.mdx

@@ -13,6 +13,8 @@ import { Render, APIRequest } from "~/components";
 
 To deploy rate limiting rules at the account level, you must create a rate limiting ruleset with one or more rules. Use the [Rulesets API](/ruleset-engine/rulesets-api/) to create and deploy rate limiting rulesets via API.
 
+For more information on rule parameters, refer to [Rate limiting parameters](/waf/rate-limiting-rules/parameters/).
+
 :::note
 At the API level, a rate limiting ruleset is a regular [custom ruleset](/waf/account/custom-rulesets/) with one or more rate limiting rules that you create in the `http_ratelimit` phase. The concept of custom rate limiting ruleset exists in the Cloudflare dashboard to make it clear that you are configuring and deploying rate limiting rules at the account level. This page with API instructions uses the same terminology.
 :::

src/content/docs/waf/account/rate-limiting-rulesets/create-dashboard.mdx

@@ -17,6 +17,8 @@ This feature requires an Enterprise plan with a paid add-on.
 
 At the account level, rate limiting rules are grouped into rate limiting rulesets. You must first create a custom ruleset with one or more rate limiting rules, and then deploy it to one or more zones on an Enterprise plan.
 
+For more information on rule parameters, refer to [Rate limiting parameters](/waf/rate-limiting-rules/parameters/).
+
 ## 1. Create a custom rate limiting ruleset
 
 <Steps>

src/content/docs/waf/account/rate-limiting-rulesets/index.mdx

@@ -13,7 +13,9 @@ A rate limiting rule defines a <GlossaryTooltip term="rate limiting">rate limit<
 This feature requires an Enterprise plan with a paid add-on.
 :::
 
-To apply a rate limiting ruleset at the account level, create a custom rate limiting ruleset with one or more rate limiting rules and then deploy it to one or more zones on an Enterprise plan.
+To apply a rate limiting ruleset at the account level, create a custom rate limiting ruleset with one or more [rate limiting rules](/waf/rate-limiting-rules/), and then deploy it to one or more zones on an Enterprise plan.
+
+For more information on how Cloudflare calculates request rates, refer to [Request rate calculation](/waf/rate-limiting-rules/request-rate/).
 
 ## Next steps
 

src/content/docs/waf/rate-limiting-rules/index.mdx

@@ -12,6 +12,8 @@ Rate limiting rules allow you to define rate limits for requests matching an exp
 
 In the [new security dashboard](/security/), rate limiting rules are one of the available types of [security rules](/security/rules/). Security rules perform security-related actions on incoming requests that match specified filters.
 
+Some Enterprise customers can create [rate limiting rulesets](/waf/account/rate-limiting-rulesets/) at the account level that they can deploy to multiple Enterprise zones.
+
 ## Rule parameters
 
 Like other rules evaluated by Cloudflare's [Ruleset Engine](/ruleset-engine/), rate limiting rules have the following basic parameters:
@@ -51,8 +53,6 @@ For Terraform examples, refer to [Rate limiting rules configuration using Terraf
 
 ## Related resources
 
-- [Rate limiting rulesets](/waf/account/rate-limiting-rulesets/): Some Enterprise customers can create rate limiting rulesets at the account level that they can deploy to multiple Enterprise zones.
+- [Learning Center: What is rate limiting?](https://www.cloudflare.com/learning/bots/what-is-rate-limiting/)
 
 - [Cloudflare Rate Limiting (previous version, now deprecated)](/waf/reference/legacy/old-rate-limiting/): Documentation for the previous version of rate limiting rules (billed based on usage).
-
-- [Learning Center: What is rate limiting?](https://www.cloudflare.com/learning/bots/what-is-rate-limiting/)

src/content/docs/waf/rate-limiting-rules/parameters.mdx

@@ -9,6 +9,8 @@ import { Type } from "~/components";
 
 The available rate limiting rule parameters are described in the following sections.
 
+For more information on the current rule configuration restrictions, refer to [Configuration restrictions](#configuration-restrictions).
+
 ## Parameter reference
 
 ### If incoming requests match
@@ -38,7 +40,7 @@ Use one or more of the following characteristics:
 
 | Dashboard value                                             | API value                                                                                                                 | Notes                                                                                                                                                                                                                                                    |
 | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| N/A(implicitly included)                                    | `cf.colo.id`(mandatory)                                                                                                   | [Do not use in expressions](#do-not-use-cfcoloid-as-a-field-in-expressions)                                                                                                                                                                              |
+| N/A (implicitly included)                                   | `cf.colo.id`(mandatory)                                                                                                   | [Do not use in expressions](#do-not-use-cfcoloid-as-a-field-in-expressions)                                                                                                                                                                              |
 | IP                                                          | `ip.src`                                                                                                                  | [Incompatible with **IP with NAT support**](#incompatible-characteristics)                                                                                                                                                                               |
 | IP with NAT support                                         | `cf.unique_visitor_id`                                                                                                    | [Incompatible with **IP**](#incompatible-characteristics)                                                                                                                                                                                                |
 | **Header value of** (enter header name)                     | `http.request.headers["<header_name>"]`                                                                                   | [Use lowercased header name in API](#use-a-lowercased-header-name-for-api-users) and [Missing field versus empty value](#missing-field-versus-empty-value)                                                                                               |
@@ -255,3 +257,5 @@ To use claims inside a JSON Web Token (JWT), you must first set up a [token vali
 - If the rule expression includes [custom lists](/waf/tools/lists/custom-lists/), you must enable the **Also apply rate limiting to cached assets** parameter.
 
 - The rule counting expression, defined in the **Increment counter when** parameter, cannot include both [HTTP response fields](/ruleset-engine/rules-language/fields/reference/?field-category=Response) and [custom lists](/waf/tools/lists/custom-lists/). If you use custom lists, you must enable the **Also apply rate limiting to cached assets** parameter.
+
+- When creating a rate limiting rule [at the account level](/waf/account/rate-limiting-rulesets/) as part of a rate limiting ruleset, the rule expression cannot contain [HTTP response fields](/ruleset-engine/rules-language/fields/reference/?field-category=Response) or [custom lists](/waf/tools/lists/custom-lists/).

src/content/docs/waf/rate-limiting-rules/request-rate.mdx

@@ -9,16 +9,16 @@ head:
     content: How Cloudflare determines the request rate
 ---
 
-import { Example } from "~/components";
+import { Example, GlossaryTooltip } from "~/components";
 
-Cloudflare keeps separate rate counters for rate limiting rules for each value combination of the rule characteristics.
+Cloudflare keeps separate rate counters for rate limiting rules for each value combination of the <GlossaryTooltip term="rule characteristics">rule characteristics</GlossaryTooltip>.
 
 Consider a rule configured with the following characteristics:
 
 - IP address
 - HTTP header `x-api-key`
 
-In this case, two incoming requests with the **same** value for the HTTP header `X-API-Key` with **different** IP addresses are counted separately, since the value combination is different. Additionally, counters are not shared across data centers.
+In this case, two incoming requests with the same value for the HTTP header `X-API-Key` but with different IP addresses are counted separately, since the value combination is different. Additionally, counters are not shared across data centers.
 
 The counting model of this rate limiting rule is based on the number of incoming requests. Enterprise customers with Advanced Rate Limiting can also configure rules whose counting model is based on the complexity of serving incoming requests. Refer to [Complexity-based rate limiting](#complexity-based-rate-limiting) for more information.
 

src/content/glossary/waf.yaml

@@ -35,6 +35,10 @@ entries:
     associated_products:
       - Magic Firewall
 
+  - term: LLM
+    general_definition: |-
+      a machine learning model that can comprehend and generate human language text. It works by analyzing massive data sets of language.
+
   - term: mitigated request
     general_definition: |-
       a request to which Cloudflare applied a terminating action such as block or challenge.
@@ -43,10 +47,18 @@ entries:
     general_definition: |-
       classifies rules of the OWASP managed ruleset according to their aggressiveness.
 
+  - term: prompt injection
+    general_definition: |-
+      the process of overwriting the system prompt for a large language model (LLM), which instructs the LLM on how to respond to user input.
+
   - term: rate limiting
     general_definition: |-
       rate limiting is a technique used in computer systems to control the rate at which requests are processed. It can be used as a security measure to prevent attacks, or to limit resource usage in your origin servers.
 
+  - term: rule characteristics
+    general_definition: |-
+      The set of parameters of a rate limiting rule that define how Cloudflare tracks the rate for the rule.
+
   - term: SIEM
     general_definition: |-
       a Security Information and Event Management (SIEM) solution collects, analyzes, and correlates data to help manage security incidents, detect anomalies, and meet compliance requirements.
@@ -57,11 +69,3 @@ entries:
   - term: threat score
     general_definition: |-
       the threat score was a score from `0` (zero risk) to `100` (high risk) classifying the IP reputation of a visitor. Currently, the threat score is always `0` (zero).
-
-  - term: LLM
-    general_definition: |-
-      a machine learning model that can comprehend and generate human language text. It works by analyzing massive data sets of language.
-
-  - term: prompt injection
-    general_definition: |-
-      the process of overwriting the system prompt for a large language model (LLM), which instructs the LLM on how to respond to user input.