cloudflare · pedrosousa · Oct 17, 2025 · Oct 16, 2025 · Oct 16, 2025 · Oct 17, 2025
@@ -43,7 +43,10 @@ To use Security Analytics:
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
 
 2. Go to the account or zone/domain dashboard:
-   - For the zone/domain dashboard, select your domain and go to **Security** > **Analytics**.
+   - For the zone/domain dashboard, go to the **Analytics** page.
+
+     <DashButton url="/?to=/:account/:zone/security/analytics" />
+
    - For the account dashboard, go to the **Security Analytics** page.
 
      <DashButton url="/?to=/:account/security-center/analytics" />

@@ -5,7 +5,14 @@ sidebar:
   order: 2
 ---
 
-import { FeatureTable, GlossaryTooltip, Steps, DashButton } from "~/components";
+import {
+	FeatureTable,
+	GlossaryTooltip,
+	Steps,
+	Tabs,
+	TabItem,
+	DashButton,
+} from "~/components";
 
 Security Events allows you to review <GlossaryTooltip term="mitigated request">mitigated requests</GlossaryTooltip> and helps you tailor your security configurations.
 
@@ -28,8 +35,19 @@ Available features vary according to your Cloudflare plan:
 
 To open Security Events for a given zone:
 
-- Old dashboard: Go to **Security** > **Events**.
-- New security dashboard: Go to **Security** > **Analytics** > **Events** tab.
+<Tabs syncKey="dashNewNav"> <TabItem label="Old dashboard">
+
+- In the Cloudflare dashboard, go to **Security** > **Events**.
+
+</TabItem> <TabItem label="New dashboard" icon="rocket">
+
+1. In the Cloudflare dashboard, go to the **Analytics** page.
+
+   <DashButton url="/?to=/:account/:zone/security/analytics" />
+
+2. Select the **Events** tab.
+
+</TabItem> </Tabs>
 
 Additionally, Enterprise customers have access to the account-level dashboard:
 

@@ -5,7 +5,7 @@ sidebar:
   order: 3
 ---
 
-import { GlossaryTooltip, Render } from "~/components";
+import { GlossaryTooltip, Render, DashButton } from "~/components";
 
 <Render file="waf-intro" product="waf" />
 
@@ -37,7 +37,6 @@ The two main roles of the Cloudflare WAF are the following:
 - **Mitigation**: Blocks, challenges, or throttles requests through different mitigation features such as [custom rules](/waf/custom-rules/), [Managed Rules](/waf/managed-rules/), and [rate limiting rules](/waf/rate-limiting-rules/). Rules that mitigate traffic can include scores from traffic scans in their expressions to better address possibly malicious requests.
 
 :::caution[Warning]
-
 Enabling traffic detections will not apply any mitigation measures to incoming traffic; detections only provide signals that you can use to define your attack mitigation strategy.
 :::
 
@@ -51,10 +50,12 @@ The WAF currently provides the following detections for finding security threats
 - [**Firewall for AI**](/waf/detections/firewall-for-ai/): Helps protect your services powered by large language models (LLMs) against abuse.
 - [**Bot score**](/bots/concepts/bot-score/): Scores traffic on a scale from 1 (likely to be a bot) to 99 (likely to be human).
 
-To enable traffic detections in the Cloudflare dashboard, go to your domain > **Security** > **Settings**.
+To enable traffic detections in the Cloudflare dashboard, go to the Security **Settings** page.
+
+<DashButton url="/?to=/:account/:zone/security/settings" />
 
 :::note
-Currently, you cannot manage the [bot score](/bots/concepts/bot-score/) and [attack score](/waf/detections/attack-score/) detections from **Security** > **Settings**. Refer to the documentation of each feature for availability details.
+Currently, you cannot manage the [bot score](/bots/concepts/bot-score/) and [attack score](/waf/detections/attack-score/) detections from the **Settings** page. Refer to the documentation of each feature for availability details.
 :::
 
 ---

@@ -10,7 +10,7 @@ head:
     content: Create a custom rule in the dashboard
 ---
 
-import { Render, Tabs, TabItem, Steps } from "~/components";
+import { Render, Tabs, TabItem, Steps, DashButton } from "~/components";
 
 <Tabs syncKey="dashNewNav"> <TabItem label="Old dashboard">
 
@@ -40,24 +40,24 @@ import { Render, Tabs, TabItem, Steps } from "~/components";
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and domain.
+1. In the Cloudflare dashboard, go to the **Security rules** page.
 
-2. Go to **Security** > **Security rules**.
+   <DashButton url="/?to=/:account/:zone/security/security-rules" />
 
-3. To create a new empty rule, select **Create rule** > **Custom rules**. To duplicate an existing rule, select the three dots next to it > **Duplicate**.
+2. To create a new empty rule, select **Create rule** > **Custom rules**. To duplicate an existing rule, select the three dots next to it > **Duplicate**.
 
-4. <a id="rule-form" />
+3. <a id="rule-form" />
    Enter a descriptive name for the rule in **Rule name**.
 
    ![Custom rule creation page in the Cloudflare dashboard](~/assets/images/waf/custom-rules/firewall-custom-rule-create.png)
 
-5. Under **If incoming requests match**, use the **Field** drop-down list to choose an HTTP property. For each request, the value of the property you choose for **Field** is compared to the value you specify for **Value** using the operator selected in **Operator**.
+4. Under **If incoming requests match**, use the **Field** drop-down list to choose an HTTP property. For each request, the value of the property you choose for **Field** is compared to the value you specify for **Value** using the operator selected in **Operator**.
 
-6. Under **Then take action**, select the rule action in the **Choose action** dropdown. For example, selecting _Block_ tells Cloudflare to refuse requests that match the conditions you specified.
+5. Under **Then take action**, select the rule action in the **Choose action** dropdown. For example, selecting _Block_ tells Cloudflare to refuse requests that match the conditions you specified.
 
-7. (Optional) If you selected the _Block_ action, you can [configure a custom response](#configure-a-custom-response-for-blocked-requests).
+6. (Optional) If you selected the _Block_ action, you can [configure a custom response](#configure-a-custom-response-for-blocked-requests).
 
-8. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
+7. To save and deploy your rule, select **Deploy**. If you are not ready to deploy your rule, select **Save as Draft**.
 
 </Steps>
 

@@ -8,7 +8,7 @@ head:
     content: Configure a custom rule with the Skip action
 ---
 
-import { TabItem, Tabs, Steps } from "~/components";
+import { TabItem, Tabs, Steps, DashButton } from "~/components";
 
 Use the _Skip_ action in a custom rule to skip one or more security features. A rule configured with the _Skip_ action is also known as a skip rule.
 
@@ -40,21 +40,21 @@ For more information on the available options, refer to [Available skip options]
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and domain.
+1. In the Cloudflare dashboard, go to the **Security rules** page.
 
-2. Go to **Security** > **Security rules**.
+   <DashButton url="/?to=/:account/:zone/security/security-rules" />
 
-3. [Create a custom rule](/waf/custom-rules/create-dashboard/) by selecting **Create rule** > **Custom rules**, or edit an existing custom rule.
+2. [Create a custom rule](/waf/custom-rules/create-dashboard/) by selecting **Create rule** > **Custom rules**, or edit an existing custom rule.
 
-4. Define the rule name and the rule expression.
+3. Define the rule name and the rule expression.
 
-5. Under **Choose action**, select _Skip_ from the dropdown.
+4. Under **Choose action**, select _Skip_ from the dropdown.
 
    ![Available Skip action options when configuring a custom rule](~/assets/images/waf/custom-rules/skip-action-options.png)
 
-6. Configure the desired [skip options](/waf/custom-rules/skip/options/).
+5. Configure the desired [skip options](/waf/custom-rules/skip/options/).
 
-7. Save your changes.
+6. Save your changes.
 
 </Steps>
 

@@ -17,6 +17,7 @@ import {
 	Details,
 	Steps,
 	Type,
+	DashButton,
 } from "~/components";
 
 Firewall for AI is a detection that can help protect your services powered by <GlossaryTooltip term="LLM">large language models</GlossaryTooltip> (LLMs) against abuse. This model-agnostic detection currently helps you do the following:
@@ -45,8 +46,11 @@ Firewall for AI is only available in the new [application security dashboard](/s
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Settings** and filter by **Detections**.
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. (Optional) Filter by **Detection tools**.
 3. Turn on **Firewall for AI**.
 
 </Steps>

@@ -14,6 +14,7 @@ import {
 	Tabs,
 	TabItem,
 	Steps,
+	DashButton,
 } from "~/components";
 
 Traffic detections check incoming requests for malicious or potentially malicious activity. Each enabled detection provides one or more scores — available in the [Security Analytics](/waf/analytics/security-analytics/) dashboard — that you can use in rule expressions.
@@ -46,8 +47,11 @@ To turn on a traffic detection:
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Settings** and filter by **Detections**.
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. Filter by **Detection tools**.
 3. Turn on the desired detections.
 
 </Steps>

@@ -16,6 +16,7 @@ import {
 	Steps,
 	GlossaryTooltip,
 	APIRequest,
+	DashButton,
 } from "~/components";
 
 ## 1. Turn on the detection
@@ -132,8 +133,11 @@ To check for leaked credentials in a way that is not covered by the default conf
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Settings** and filter by **Detections**.
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. (Optional) Filter by **Detection tools**.
 3. Under **Leaked credential detection** > **Configurations**, select the edit icon.
 4. Select **Add custom username and password location**.
 5. In **Username location** and **Password location** (optional), enter expressions for obtaining the username and the password from the HTTP request. For example, you could use the following expressions:

@@ -37,8 +37,11 @@ WAF content scanning is available to customers on an Enterprise plan with a paid
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and domain.
-2. Go to **Security** > **Settings** and filter by **Detections**.
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. (Optional) Filter by **Detection tools**.
 3. Turn on **Malicious uploads detection**.
 
 </Steps>
@@ -143,8 +146,11 @@ To check uploaded content in a way that is not covered by the default configurat
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Settings** and filter by **Detections**.
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. (Optional) Filter by **Detection tools**.
 3. Under **Malicious uploads detection** > **Configurations**, select the edit icon.
 4. Select **Add content location**.
 5. In **Content location**, enter your custom scan expression. For example:

@@ -5,7 +5,15 @@ sidebar:
   order: 2
 ---
 
-import { Stream, Details, GlossaryTooltip, Tabs, TabItem, Steps } from "~/components";
+import {
+	Stream,
+	Details,
+	GlossaryTooltip,
+	Tabs,
+	TabItem,
+	Steps,
+	DashButton,
+} from "~/components";
 
 The Cloudflare Web Application Firewall (Cloudflare WAF) checks incoming web and API requests and filters undesired traffic based on sets of rules called rulesets.
 
@@ -18,9 +26,9 @@ This guide focuses on configuring WAF for individual domains, known as <Glossary
 :::
 
 <Stream
-  id="1a426a3ae597ae3935eb97b5f97f106f"
-  title="Application Security: Get started guide"
-  thumbnail="https://pub-d9bf66e086fb4b639107aa52105b49dd.r2.dev/appsec-get-started-guide.png"
+	id="1a426a3ae597ae3935eb97b5f97f106f"
+	title="Application Security: Get started guide"
+	thumbnail="https://pub-d9bf66e086fb4b639107aa52105b49dd.r2.dev/appsec-get-started-guide.png"
 />
 
 ## Before you begin
@@ -47,8 +55,11 @@ The [Cloudflare Managed Ruleset](/waf/managed-rules/reference/cloudflare-managed
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com), and select your account and domain.
-2. Go to **Security** > **Settings** and filter by **Web application exploits**.
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. (Optional) Filter by **Web application exploits**.
 3. Turn on **Cloudflare managed ruleset**.
 
 </Steps>
@@ -144,8 +155,13 @@ The Cloudflare OWASP Core Ruleset is prone to false positives and offers only ma
 
 <Steps>
 
-1. Go to your domain > **Security** > **Settings** and filter by **Web application exploits**.
-2. Turn on **OWASP Core**.<br/>
+1. In the Cloudflare dashboard, go to the Security **Settings** page.
+
+   <DashButton url="/?to=/:account/:zone/security/settings" />
+
+2. (Optional) Filter by **Web application exploits**.
+
+3. Turn on **OWASP Core**.<br/>
    This will deploy the Cloudflare OWASP Core Ruleset with the default configuration: paranoia level = _PL1_ and score threshold = _Medium - 40 and higher_.
 
 </Steps>

@@ -5,7 +5,7 @@ sidebar:
   order: 10
 ---
 
-import { Render, Tabs, TabItem, Steps } from "~/components";
+import { Render, Tabs, TabItem, Steps, DashButton } from "~/components";
 
 This guide describes the general steps to upgrade your [Exposed Credentials Check](/waf/managed-rules/check-for-exposed-credentials/) configuration to the new [leaked credentials detection](/waf/detections/leaked-credentials/).
 
@@ -37,8 +37,11 @@ If you had deployed the Cloudflare Exposed Credentials Check managed ruleset:
 
 <Steps>
 
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and domain.
-2. Go to **Security** > **Security rules** and filter by **Managed rules**.
+1. In the Cloudflare dashboard, go to the **Security rules** page.
+
+   <DashButton url="/?to=/:account/:zone/security/security-rules" />
+
+2. (Optional) Filter by **Managed rules**.
 3. Edit the rule that executes the Cloudflare Exposed Credentials Check Ruleset and take note of the current configuration (namely the performed action). Next, delete (or turn off) that rule.
 
 </Steps>