diff --git a/public/__redirects b/public/__redirects index 560e5bb9b8a7a1e..8e6429f83b0ce12 100644 --- a/public/__redirects +++ b/public/__redirects @@ -2401,6 +2401,7 @@ /cloudflare-one/applications/configure-apps/* /cloudflare-one/access-controls/applications/http-apps/:splat 301 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301 /cloudflare-one/identity/devices/* /cloudflare-one/reusable-components/posture-checks/:splat 301 +/cloudflare-one/traffic-policies/lists/ /cloudflare-one/reusable-components/lists/ 301 /cloudflare-one/applications/casb/casb-integrations/* /cloudflare-one/integrations/cloud-and-saas/:splat 301 /cloudflare-one/applications/casb/troubleshooting/* /cloudflare-one/integrations/cloud-and-saas/troubleshooting/:splat 301 /cloudflare-one/applications/casb/ /cloudflare-one/cloud-and-saas-findings/ 301 diff --git a/src/content/docs/cloudflare-one/access-controls/policies/index.mdx b/src/content/docs/cloudflare-one/access-controls/policies/index.mdx index aa9b75a135331f5..897af80ae2bc72a 100644 --- a/src/content/docs/cloudflare-one/access-controls/policies/index.mdx +++ b/src/content/docs/cloudflare-one/access-controls/policies/index.mdx @@ -44,7 +44,7 @@ For example, this second configuration lets any user from Portugal with a `@team ### Block -The Block action prevents users who meet certain critera from reaching an application behind Access. For example, the following policy blocks requests from Russian source IPs that are not on your [list of approved IPs](/cloudflare-one/traffic-policies/lists/). +The Block action prevents users who meet certain critera from reaching an application behind Access. For example, the following policy blocks requests from Russian source IPs that are not on your [list of approved IPs](/cloudflare-one/reusable-components/lists/). | Action | Rule type | Selector | Value | | ------ | --------- | -------- | ----------------- | diff --git a/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx b/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx index 6bf0a59db0953a3..d86a3da3c41fddf 100644 --- a/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx +++ b/src/content/docs/cloudflare-one/data-loss-prevention/dlp-policies/common-policies.mdx @@ -56,7 +56,7 @@ Android users can now use the app, but the app traffic will bypass DLP scanning. In your [DLP logs](/cloudflare-one/data-loss-prevention/dlp-policies/#4-view-dlp-logs), you may find that certain sites are a common source of noise. To exempt these sites from DLP scanning: -1. [Create a list](/cloudflare-one/traffic-policies/lists/) of hostnames or URLs. +1. [Create a list](/cloudflare-one/reusable-components/lists/) of hostnames or URLs. 2. Exclude the list from your DLP policy as shown in the example below: diff --git a/src/content/docs/cloudflare-one/traffic-policies/lists.mdx b/src/content/docs/cloudflare-one/reusable-components/lists.mdx similarity index 99% rename from src/content/docs/cloudflare-one/traffic-policies/lists.mdx rename to src/content/docs/cloudflare-one/reusable-components/lists.mdx index 99f9dcd2ecd7ff9..439b6a6c0193e03 100644 --- a/src/content/docs/cloudflare-one/traffic-policies/lists.mdx +++ b/src/content/docs/cloudflare-one/reusable-components/lists.mdx @@ -2,7 +2,7 @@ pcx_content_type: how-to title: Lists sidebar: - order: 13 + order: 1 --- import { Render } from "~/components"; diff --git a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx index 31743a2e6f32735..47ec8a4dbd332ac 100644 --- a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx +++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/corp-device.mdx @@ -22,7 +22,7 @@ Cloudflare Zero Trust allows you to build Zero Trust rules based on device seria ## Create a list of serial numbers -To create rules based on device serial numbers, you first need to create a [Gateway List](/cloudflare-one/traffic-policies/lists/) of numbers. +To create rules based on device serial numbers, you first need to create a [Gateway List](/cloudflare-one/reusable-components/lists/) of numbers. 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My Team** > **Lists**. diff --git a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx index 51182bcbf9604f7..f689dd1144a7902 100644 --- a/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx +++ b/src/content/docs/cloudflare-one/reusable-components/posture-checks/warp-client-checks/device-uuid.mdx @@ -30,7 +30,7 @@ You will need to use a [managed deployment tool](/cloudflare-one/team-and-resour ## 2. Create a list of UUIDs -To create rules based on device UUIDs, you first need to create a [Gateway List](/cloudflare-one/traffic-policies/lists/) of UUIDs. +To create rules based on device UUIDs, you first need to create a [Gateway List](/cloudflare-one/reusable-components/lists/) of UUIDs. 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My Team** > **Lists**. diff --git a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx index 391a497480f4f14..a6073ef9ff721d2 100644 --- a/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx +++ b/src/content/docs/cloudflare-one/team-and-resources/devices/agentless/dns/locations/dns-resolver-ips.mdx @@ -83,7 +83,7 @@ For example, for the DoH hostname `https://65y9p2vm1u.cloudflare-gateway.com/dns By default, all queries from a configured DNS location will be sent to its DNS resolver IP address to be inspected by Gateway. You can configure Gateway to only filter queries originating from specific networks within a location: -1. [Create an IP list](/cloudflare-one/traffic-policies/lists/) with the IPv4 and/or IPv6 addresses that your organization will source queries from. +1. [Create an IP list](/cloudflare-one/reusable-components/lists/) with the IPv4 and/or IPv6 addresses that your organization will source queries from. 2. Add a [Source IP](/cloudflare-one/traffic-policies/dns-policies/#source-ip) condition to your DNS policies. For example, to block security threats for specific networks, you could create the following policy: diff --git a/src/content/docs/cloudflare-one/traffic-policies/managed-service-providers.mdx b/src/content/docs/cloudflare-one/traffic-policies/managed-service-providers.mdx index b49170337270555..9c139e3d78d06fc 100644 --- a/src/content/docs/cloudflare-one/traffic-policies/managed-service-providers.mdx +++ b/src/content/docs/cloudflare-one/traffic-policies/managed-service-providers.mdx @@ -30,7 +30,7 @@ In a tiered account configuration, a top-level parent account enforces global se - Configuring a [custom block page](/cloudflare-one/traffic-policies/block-page/) - Generating or uploading [root certificates](/cloudflare-one/team-and-resources/devices/user-side-certificates/) - Mapping [DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/) -- Creating [lists](/cloudflare-one/traffic-policies/lists/) +- Creating [lists](/cloudflare-one/reusable-components/lists/) Each child account is subject to the default Zero Trust [account limits](/cloudflare-one/account-limits/). diff --git a/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-list.mdx b/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-list.mdx index 552be60d69360c9..554dba79c66c67f 100644 --- a/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-list.mdx +++ b/src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-list.mdx @@ -9,7 +9,7 @@ import { Tabs, TabItem, APIRequest } from "~/components"; In the context of DNS filtering, a blocklist is a list of known harmful domains or IP addresses. An allowlist is a list of allowed domains or IP addresses, such as the domains of essential corporate applications. -Gateway supports creating [lists](/cloudflare-one/traffic-policies/lists/) of URLs, hostnames, or other entries to use in your policies. +Gateway supports creating [lists](/cloudflare-one/reusable-components/lists/) of URLs, hostnames, or other entries to use in your policies. ## Example list policy diff --git a/src/content/docs/reference-architecture/architectures/sase.mdx b/src/content/docs/reference-architecture/architectures/sase.mdx index 966273a6b10dcf1..68afb3bde22ecb0 100644 --- a/src/content/docs/reference-architecture/architectures/sase.mdx +++ b/src/content/docs/reference-architecture/architectures/sase.mdx @@ -550,7 +550,7 @@ Connecting an IdP to Cloudflare provides the ability to make access decisions ba Cloudflare's vast intelligent network continually monitors billions of web assets and [categorizes them](/cloudflare-one/traffic-policies/domain-categories/) based on our threat intelligence and general knowledge of Internet content. You can use our free [Cloudflare Radar](https://radar.cloudflare.com/) service to examine what categories might be applied to any specific domain. Policies can then include these categories to block known and potential security risks on the public Internet, as well as specific categories of content. -Additionally, Cloudflare's SWG offers the flexibility to create and maintain customized [lists of data](/cloudflare-one/traffic-policies/lists/). These lists can be uploaded via CSV files, manually maintained, or integrated with other processes and applications using the Cloudflare API. A list can contain the following data: +Additionally, Cloudflare's SWG offers the flexibility to create and maintain customized [lists of data](/cloudflare-one/reusable-components/lists/). These lists can be uploaded via CSV files, manually maintained, or integrated with other processes and applications using the Cloudflare API. A list can contain the following data: - URLs - Hostnames diff --git a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx index accb1f95758f154..76cbb77b9ceaafa 100644 --- a/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx +++ b/src/content/docs/reference-architecture/design-guides/designing-ztna-access-policies.mdx @@ -182,7 +182,7 @@ There are many different [types of selectors](/cloudflare-one/access-controls/po - **Individual or organizational emails** All identity services provide an email address, which in many cases matches the individual's username. Using an email in a policy can be useful when wanting to allow access to an entire domain of users, but they might authenticate via a consumer IdP that allows for any email. For example, you might only allow access for users who have authenticated via GitHub using their @company.com email address. - Another good use of this selector is if you are managing a [list of emails](/cloudflare-one/traffic-policies/lists/) of users that might be high risk or have been blocked from a specific application. You can use an Exclude rule, with your list to ensure a subset of users cannot access an application. + Another good use of this selector is if you are managing a [list of emails](/cloudflare-one/reusable-components/lists/) of users that might be high risk or have been blocked from a specific application. You can use an Exclude rule, with your list to ensure a subset of users cannot access an application. - **How did the user authenticate?** When an identity provider authenticates a user and then redirects them back to Cloudflare, it includes information about what authentication method was used. This is typically sent as [Authentication Method Reference](https://datatracker.ietf.org/doc/html/rfc8176) data. Using this you can check if MFA was used and what type. @@ -196,7 +196,7 @@ There are many different [types of selectors](/cloudflare-one/access-controls/po You can set rules based on the IP range of the incoming request. This could be allowing access only from your corporate network IP ranges. - **Is it possible to verify device or user information from a list?** - Sometimes, you might want to grant or restrict access based on specific device or user characteristics that do not fit neatly into other categories. This is where [lists](/cloudflare-one/traffic-policies/lists/) come in handy: you can define or import a list of contractor emails, or a list of approved device serial numbers and use those as criteria within an Access policy. These lists can be updated manually or via our [API](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/create/), allowing for integration with other device or user management systems. + Sometimes, you might want to grant or restrict access based on specific device or user characteristics that do not fit neatly into other categories. This is where [lists](/cloudflare-one/reusable-components/lists/) come in handy: you can define or import a list of contractor emails, or a list of approved device serial numbers and use those as criteria within an Access policy. These lists can be updated manually or via our [API](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/create/), allowing for integration with other device or user management systems. - **Is the device's security posture adequate?** This is where the device client provides telemetry on the native device making the access request. It accomplishes this by performing device-level scans. Is the device's hard drive encrypted? The agent can check if technologies like BitLocker or FileVault are active, in addition to checking for specific volume names. If you are protecting a sensitive application, or something that holds critical information, this is an effective requirement to enforce. diff --git a/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx b/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx index 241a5c79edaa3bc..5ea337268b54298 100644 --- a/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx +++ b/src/content/docs/reference-architecture/diagrams/sase/gateway-dns-for-isp.mdx @@ -40,7 +40,7 @@ DNS filtering is then enforced through DNS policies set up by the service provid To achieve more precise control over which domains are allowed or blocked, the service provider can configure additional Allowed Domain and Blocked Domains policies. By setting these policies with [lower precedence](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence) than the Security Risks policy, the service provider can override the Security Risks policy for specific domains. -To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/traffic-policies/lists/). Lists are easily updated through the dashboard or via [APIs](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/update/), making policy adjustments more efficient. +To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/reusable-components/lists/). Lists are easily updated through the dashboard or via [APIs](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/update/), making policy adjustments more efficient. ![Figure 3: DNS policies are applied according to their order of precedence. In this example, the 'Allow List Policy' and 'Block List Policy' will be considered before the 'Security List' policy.](~/assets/images/reference-architecture/gateway-dns-for-isp/gateway-dns-for-isp-image-03.svg) diff --git a/src/content/docs/reference-architecture/diagrams/sase/gateway-for-protective-dns.mdx b/src/content/docs/reference-architecture/diagrams/sase/gateway-for-protective-dns.mdx index 46c6131c557d66e..a1c6f192e6e9d12 100644 --- a/src/content/docs/reference-architecture/diagrams/sase/gateway-for-protective-dns.mdx +++ b/src/content/docs/reference-architecture/diagrams/sase/gateway-for-protective-dns.mdx @@ -54,7 +54,7 @@ The device agent is compatible with the [leading desktop and mobile operating sy To achieve more precise control over which domains are allowed or blocked, the administrator can configure additional Allowed Domain and Blocked Domain policies. By setting these policies with [lower precedence](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence) than the Security Risks policy, the agency can override the Security Risks policy for specific domains. -To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/traffic-policies/lists/). Lists are easily updated through the dashboard or via [APIs](/api/operations/zero-trust-lists-update-zero-trust-list), making policy adjustments more efficient. +To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/reusable-components/lists/). Lists are easily updated through the dashboard or via [APIs](/api/operations/zero-trust-lists-update-zero-trust-list), making policy adjustments more efficient. ![Figure 5: Show how lists can be used to provide custom hostname lists in the policy.](~/assets/images/reference-architecture/gateway-for-protective-dns/gateway-for-protective-dns-image-05.svg "Figure 5: Show how lists can be used to provide custom hostname lists in the policy.") diff --git a/src/content/partials/cloudflare-one/gateway/comparison-operators.mdx b/src/content/partials/cloudflare-one/gateway/comparison-operators.mdx index 873631dc549b216..12ea5b5b94930ec 100644 --- a/src/content/partials/cloudflare-one/gateway/comparison-operators.mdx +++ b/src/content/partials/cloudflare-one/gateway/comparison-operators.mdx @@ -1,21 +1,20 @@ --- {} - --- Comparison operators are the way Gateway matches traffic to a selector. When you choose a **Selector** in the dashboard policy builder, the **Operator** dropdown menu will display the available options for that selector. -| Operator | Meaning | -| ------------------------ | ------------------------------------------------------------------------------ | -| is | equals the defined value | -| is not | does not equal the defined value | -| in | matches at least one of the defined values | -| not in | does not match any of the defined values | -| in list | in a pre-defined [list](/cloudflare-one/traffic-policies/lists/) of values | -| not in list | not in a pre-defined [list](/cloudflare-one/traffic-policies/lists/) of values | -| matches regex | regex evaluates to true | -| does not match regex | regex evaluates to false | -| greater than | exceeds the defined number | -| greater than or equal to | exceeds or equals the defined number | -| less than | below the defined number | -| less than or equal to | below or equals the defined number | +| Operator | Meaning | +| ------------------------ | --------------------------------------------------------------------------------- | +| is | equals the defined value | +| is not | does not equal the defined value | +| in | matches at least one of the defined values | +| not in | does not match any of the defined values | +| in list | in a pre-defined [list](/cloudflare-one/reusable-components/lists/) of values | +| not in list | not in a pre-defined [list](/cloudflare-one/reusable-components/lists/) of values | +| matches regex | regex evaluates to true | +| does not match regex | regex evaluates to false | +| greater than | exceeds the defined number | +| greater than or equal to | exceeds or equals the defined number | +| less than | below the defined number | +| less than or equal to | below or equals the defined number | diff --git a/src/content/partials/cloudflare-one/gateway/selectors/non-latin-characters.mdx b/src/content/partials/cloudflare-one/gateway/selectors/non-latin-characters.mdx index aedeeab6a189e90..641fa55e8c217c5 100644 --- a/src/content/partials/cloudflare-one/gateway/selectors/non-latin-characters.mdx +++ b/src/content/partials/cloudflare-one/gateway/selectors/non-latin-characters.mdx @@ -3,4 +3,4 @@ params: - inputType --- -Gateway policies do not support {props.inputType}s with non-Latin characters directly. To use a {props.inputType} with non-Latin characters, add it to a [list](/cloudflare-one/traffic-policies/lists/). +Gateway policies do not support {props.inputType}s with non-Latin characters directly. To use a {props.inputType} with non-Latin characters, add it to a [list](/cloudflare-one/reusable-components/lists/). diff --git a/src/content/partials/fundamentals/api-rate-limits.mdx b/src/content/partials/fundamentals/api-rate-limits.mdx index bbf86d33cea5e80..09202c8b7845f04 100644 --- a/src/content/partials/fundamentals/api-rate-limits.mdx +++ b/src/content/partials/fundamentals/api-rate-limits.mdx @@ -29,6 +29,6 @@ Some specific API calls have their own limits and are documented separately, suc - [GraphQL APIs](/analytics/graphql-api/limits/) - [Rulesets APIs](/ruleset-engine/rulesets-api/#limits) - [Lists API](/waf/tools/lists/lists-api/#rate-limiting-for-lists-api-requests) -- [Gateway Lists API](/cloudflare-one/traffic-policies/lists/#api-rate-limit) +- [Gateway Lists API](/cloudflare-one/reusable-components/lists/#api-rate-limit) Enterprise customers can also [contact Cloudflare Support](/support/contacting-cloudflare-support/) to raise the Client API per user, GraphQL, or API token limits to a higher value. diff --git a/src/content/partials/learning-paths/zero-trust/create-list.mdx b/src/content/partials/learning-paths/zero-trust/create-list.mdx index fed2769b47d9c79..f5cc8a1e77768f5 100644 --- a/src/content/partials/learning-paths/zero-trust/create-list.mdx +++ b/src/content/partials/learning-paths/zero-trust/create-list.mdx @@ -5,7 +5,7 @@ import { Render } from "~/components" -Gateway supports creating [lists](/cloudflare-one/traffic-policies/lists/) of IPs, hostnames, or other entries to reference in your policies. +Gateway supports creating [lists](/cloudflare-one/reusable-components/lists/) of IPs, hostnames, or other entries to reference in your policies. It is likely that you will be onboarding to the Cloudflare platform with some predetermined series of security policies. Maybe you have explicit deny lists based on hostnames, IPs, or another measure that tie to individual users. Maybe some networks can access certain apex records while others cannot.