cloudflare · maxvp · Oct 24, 2025 · Oct 24, 2025 · Oct 24, 2025
@@ -2401,6 +2401,7 @@
 /cloudflare-one/applications/configure-apps/* /cloudflare-one/access-controls/applications/http-apps/:splat 301
 /cloudflare-one/applications/non-http/* /cloudflare-one/access-controls/applications/non-http/:splat 301
 /cloudflare-one/identity/devices/* /cloudflare-one/reusable-components/posture-checks/:splat 301
+/cloudflare-one/traffic-policies/lists/ /cloudflare-one/reusable-components/lists/ 301
 /cloudflare-one/applications/casb/casb-integrations/* /cloudflare-one/integrations/cloud-and-saas/:splat 301
 /cloudflare-one/applications/casb/troubleshooting/* /cloudflare-one/integrations/cloud-and-saas/troubleshooting/:splat 301
 /cloudflare-one/applications/casb/ /cloudflare-one/cloud-and-saas-findings/ 301

@@ -44,7 +44,7 @@ For example, this second configuration lets any user from Portugal with a `@team
 
 ### Block
 
-The Block action prevents users who meet certain critera from reaching an application behind Access. For example, the following policy blocks requests from Russian source IPs that are not on your [list of approved IPs](/cloudflare-one/traffic-policies/lists/).
+The Block action prevents users who meet certain critera from reaching an application behind Access. For example, the following policy blocks requests from Russian source IPs that are not on your [list of approved IPs](/cloudflare-one/reusable-components/lists/).
 
 | Action | Rule type | Selector | Value             |
 | ------ | --------- | -------- | ----------------- |

@@ -56,7 +56,7 @@ Android users can now use the app, but the app traffic will bypass DLP scanning.
 
 In your [DLP logs](/cloudflare-one/data-loss-prevention/dlp-policies/#4-view-dlp-logs), you may find that certain sites are a common source of noise. To exempt these sites from DLP scanning:
 
-1. [Create a list](/cloudflare-one/traffic-policies/lists/) of hostnames or URLs.
+1. [Create a list](/cloudflare-one/reusable-components/lists/) of hostnames or URLs.
 
 2. Exclude the list from your DLP policy as shown in the example below:
 

@@ -2,7 +2,7 @@
 pcx_content_type: how-to
 title: Lists
 sidebar:
-  order: 13
+  order: 1
 ---
 
 import { Render } from "~/components";

@@ -22,7 +22,7 @@ Cloudflare Zero Trust allows you to build Zero Trust rules based on device seria
 
 ## Create a list of serial numbers
 
-To create rules based on device serial numbers, you first need to create a [Gateway List](/cloudflare-one/traffic-policies/lists/) of numbers.
+To create rules based on device serial numbers, you first need to create a [Gateway List](/cloudflare-one/reusable-components/lists/) of numbers.
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My Team** > **Lists**.
 

@@ -30,7 +30,7 @@ You will need to use a [managed deployment tool](/cloudflare-one/team-and-resour
 
 ## 2. Create a list of UUIDs
 
-To create rules based on device UUIDs, you first need to create a [Gateway List](/cloudflare-one/traffic-policies/lists/) of UUIDs.
+To create rules based on device UUIDs, you first need to create a [Gateway List](/cloudflare-one/reusable-components/lists/) of UUIDs.
 
 1. In [Zero Trust](https://one.dash.cloudflare.com), go to **My Team** > **Lists**.
 

@@ -83,7 +83,7 @@ For example, for the DoH hostname `https://65y9p2vm1u.cloudflare-gateway.com/dns
 
 By default, all queries from a configured DNS location will be sent to its DNS resolver IP address to be inspected by Gateway. You can configure Gateway to only filter queries originating from specific networks within a location:
 
-1. [Create an IP list](/cloudflare-one/traffic-policies/lists/) with the IPv4 and/or IPv6 addresses that your organization will source queries from.
+1. [Create an IP list](/cloudflare-one/reusable-components/lists/) with the IPv4 and/or IPv6 addresses that your organization will source queries from.
 2. Add a [Source IP](/cloudflare-one/traffic-policies/dns-policies/#source-ip) condition to your DNS policies.
 
 For example, to block security threats for specific networks, you could create the following policy:

@@ -30,7 +30,7 @@ In a tiered account configuration, a top-level parent account enforces global se
 - Configuring a [custom block page](/cloudflare-one/traffic-policies/block-page/)
 - Generating or uploading [root certificates](/cloudflare-one/team-and-resources/devices/user-side-certificates/)
 - Mapping [DNS locations](/cloudflare-one/team-and-resources/devices/agentless/dns/locations/)
-- Creating [lists](/cloudflare-one/traffic-policies/lists/)
+- Creating [lists](/cloudflare-one/reusable-components/lists/)
 
 Each child account is subject to the default Zero Trust [account limits](/cloudflare-one/account-limits/).
 

@@ -9,7 +9,7 @@ import { Tabs, TabItem, APIRequest } from "~/components";
 
 In the context of DNS filtering, a blocklist is a list of known harmful domains or IP addresses. An allowlist is a list of allowed domains or IP addresses, such as the domains of essential corporate applications.
 
-Gateway supports creating [lists](/cloudflare-one/traffic-policies/lists/) of URLs, hostnames, or other entries to use in your policies.
+Gateway supports creating [lists](/cloudflare-one/reusable-components/lists/) of URLs, hostnames, or other entries to use in your policies.
 
 ## Example list policy
 

@@ -550,7 +550,7 @@ Connecting an IdP to Cloudflare provides the ability to make access decisions ba
 
 Cloudflare's vast intelligent network continually monitors billions of web assets and [categorizes them](/cloudflare-one/traffic-policies/domain-categories/) based on our threat intelligence and general knowledge of Internet content. You can use our free [Cloudflare Radar](https://radar.cloudflare.com/) service to examine what categories might be applied to any specific domain. Policies can then include these categories to block known and potential security risks on the public Internet, as well as specific categories of content.
 
-Additionally, Cloudflare's SWG offers the flexibility to create and maintain customized [lists of data](/cloudflare-one/traffic-policies/lists/). These lists can be uploaded via CSV files, manually maintained, or integrated with other processes and applications using the Cloudflare API. A list can contain the following data:
+Additionally, Cloudflare's SWG offers the flexibility to create and maintain customized [lists of data](/cloudflare-one/reusable-components/lists/). These lists can be uploaded via CSV files, manually maintained, or integrated with other processes and applications using the Cloudflare API. A list can contain the following data:
 
 - URLs
 - Hostnames

@@ -182,7 +182,7 @@ There are many different [types of selectors](/cloudflare-one/access-controls/po
 - **Individual or organizational emails**
   All identity services provide an email address, which in many cases matches the individual's username. Using an email in a policy can be useful when wanting to allow access to an entire domain of users, but they might authenticate via a consumer IdP that allows for any email. For example, you might only allow access for users who have authenticated via GitHub using their @company.com email address.
 
-  Another good use of this selector is if you are managing a [list of emails](/cloudflare-one/traffic-policies/lists/) of users that might be high risk or have been blocked from a specific application. You can use an Exclude rule, with your list to ensure a subset of users cannot access an application.
+  Another good use of this selector is if you are managing a [list of emails](/cloudflare-one/reusable-components/lists/) of users that might be high risk or have been blocked from a specific application. You can use an Exclude rule, with your list to ensure a subset of users cannot access an application.
 
 - **How did the user authenticate?**
   When an identity provider authenticates a user and then redirects them back to Cloudflare, it includes information about what authentication method was used. This is typically sent as [Authentication Method Reference](https://datatracker.ietf.org/doc/html/rfc8176) data. Using this you can check if MFA was used and what type.
@@ -196,7 +196,7 @@ There are many different [types of selectors](/cloudflare-one/access-controls/po
   You can set rules based on the IP range of the incoming request. This could be allowing access only from your corporate network IP ranges.
 
 - **Is it possible to verify device or user information from a list?**
-  Sometimes, you might want to grant or restrict access based on specific device or user characteristics that do not fit neatly into other categories. This is where [lists](/cloudflare-one/traffic-policies/lists/) come in handy: you can define or import a list of contractor emails, or a list of approved device serial numbers and use those as criteria within an Access policy. These lists can be updated manually or via our [API](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/create/), allowing for integration with other device or user management systems.
+  Sometimes, you might want to grant or restrict access based on specific device or user characteristics that do not fit neatly into other categories. This is where [lists](/cloudflare-one/reusable-components/lists/) come in handy: you can define or import a list of contractor emails, or a list of approved device serial numbers and use those as criteria within an Access policy. These lists can be updated manually or via our [API](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/create/), allowing for integration with other device or user management systems.
 
 - **Is the device's security posture adequate?**
   This is where the device client provides telemetry on the native device making the access request. It accomplishes this by performing device-level scans. Is the device's hard drive encrypted? The agent can check if technologies like BitLocker or FileVault are active, in addition to checking for specific volume names. If you are protecting a sensitive application, or something that holds critical information, this is an effective requirement to enforce.

@@ -40,7 +40,7 @@ DNS filtering is then enforced through DNS policies set up by the service provid
 
 To achieve more precise control over which domains are allowed or blocked, the service provider can configure additional Allowed Domain and Blocked Domains policies. By setting these policies with [lower precedence](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence) than the Security Risks policy, the service provider can override the Security Risks policy for specific domains.
 
-To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/traffic-policies/lists/). Lists are easily updated through the dashboard or via [APIs](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/update/), making policy adjustments more efficient.
+To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/reusable-components/lists/). Lists are easily updated through the dashboard or via [APIs](/api/resources/zero_trust/subresources/gateway/subresources/lists/methods/update/), making policy adjustments more efficient.
 
 ![Figure 3: DNS policies are applied according to their order of precedence. In this example, the 'Allow List Policy' and 'Block List Policy' will be considered before the 'Security List' policy.](~/assets/images/reference-architecture/gateway-dns-for-isp/gateway-dns-for-isp-image-03.svg)
 

@@ -54,7 +54,7 @@ The device agent is compatible with the [leading desktop and mobile operating sy
 
 To achieve more precise control over which domains are allowed or blocked, the administrator can configure additional Allowed Domain and Blocked Domain policies. By setting these policies with [lower precedence](/cloudflare-one/traffic-policies/order-of-enforcement/#order-of-precedence) than the Security Risks policy, the agency can override the Security Risks policy for specific domains.
 
-To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/traffic-policies/lists/). Lists are easily updated through the dashboard or via [APIs](/api/operations/zero-trust-lists-update-zero-trust-list), making policy adjustments more efficient.
+To streamline the management of allowed and blocked domains, use [lists](/cloudflare-one/reusable-components/lists/). Lists are easily updated through the dashboard or via [APIs](/api/operations/zero-trust-lists-update-zero-trust-list), making policy adjustments more efficient.
 
 ![Figure 5: Show how lists can be used to provide custom hostname lists in the policy.](~/assets/images/reference-architecture/gateway-for-protective-dns/gateway-for-protective-dns-image-05.svg "Figure 5: Show how lists can be used to provide custom hostname lists in the policy.")
 

@@ -1,21 +1,20 @@
 ---
 {}
-
 ---
 
 Comparison operators are the way Gateway matches traffic to a selector. When you choose a **Selector** in the dashboard policy builder, the **Operator** dropdown menu will display the available options for that selector.
 
-| Operator                 | Meaning                                                                        |
-| ------------------------ | ------------------------------------------------------------------------------ |
-| is                       | equals the defined value                                                       |
-| is not                   | does not equal the defined value                                               |
-| in                       | matches at least one of the defined values                                     |
-| not in                   | does not match any of the defined values                                       |
-| in list                  | in a pre-defined [list](/cloudflare-one/traffic-policies/lists/) of values     |
-| not in list              | not in a pre-defined [list](/cloudflare-one/traffic-policies/lists/) of values |
-| matches regex            | regex evaluates to true                                                        |
-| does not match regex     | regex evaluates to false                                                       |
-| greater than             | exceeds the defined number                                                     |
-| greater than or equal to | exceeds or equals the defined number                                           |
-| less than                | below the defined number                                                       |
-| less than or equal to    | below or equals the defined number                                             |
+| Operator                 | Meaning                                                                           |
+| ------------------------ | --------------------------------------------------------------------------------- |
+| is                       | equals the defined value                                                          |
+| is not                   | does not equal the defined value                                                  |
+| in                       | matches at least one of the defined values                                        |
+| not in                   | does not match any of the defined values                                          |
+| in list                  | in a pre-defined [list](/cloudflare-one/reusable-components/lists/) of values     |
+| not in list              | not in a pre-defined [list](/cloudflare-one/reusable-components/lists/) of values |
+| matches regex            | regex evaluates to true                                                           |
+| does not match regex     | regex evaluates to false                                                          |
+| greater than             | exceeds the defined number                                                        |
+| greater than or equal to | exceeds or equals the defined number                                              |
+| less than                | below the defined number                                                          |
+| less than or equal to    | below or equals the defined number                                                |
@@ -3,4 +3,4 @@ params:
   - inputType
 ---
 
-Gateway policies do not support {props.inputType}s with non-Latin characters directly. To use a {props.inputType} with non-Latin characters, add it to a [list](/cloudflare-one/traffic-policies/lists/).
+Gateway policies do not support {props.inputType}s with non-Latin characters directly. To use a {props.inputType} with non-Latin characters, add it to a [list](/cloudflare-one/reusable-components/lists/).
@@ -29,6 +29,6 @@ Some specific API calls have their own limits and are documented separately, suc
 - [GraphQL APIs](/analytics/graphql-api/limits/)
 - [Rulesets APIs](/ruleset-engine/rulesets-api/#limits)
 - [Lists API](/waf/tools/lists/lists-api/#rate-limiting-for-lists-api-requests)
-- [Gateway Lists API](/cloudflare-one/traffic-policies/lists/#api-rate-limit)
+- [Gateway Lists API](/cloudflare-one/reusable-components/lists/#api-rate-limit)
 
 Enterprise customers can also [contact Cloudflare Support](/support/contacting-cloudflare-support/) to raise the Client API per user, GraphQL, or API token limits to a higher value.
@@ -5,7 +5,7 @@
 
 import { Render } from "~/components"
 
-Gateway supports creating [lists](/cloudflare-one/traffic-policies/lists/) of IPs, hostnames, or other entries to reference in your policies.
+Gateway supports creating [lists](/cloudflare-one/reusable-components/lists/) of IPs, hostnames, or other entries to reference in your policies.
 
 It is likely that you will be onboarding to the Cloudflare platform with some predetermined series of security policies. Maybe you have explicit deny lists based on hostnames, IPs, or another measure that tie to individual users. Maybe some networks can access certain apex records while others cannot.