From b02fe8cc4294abbf1521a3ba745ea06f9b3b3556 Mon Sep 17 00:00:00 2001 From: Nikita Cano <48366124+nikitacano@users.noreply.github.com> Date: Wed, 14 Aug 2024 11:41:49 +0100 Subject: [PATCH] Ruleset Engine: fix links to specific fields and functions (#16112) --- src/content/changelogs/rules.yaml | 2 +- src/content/docs/bots/troubleshooting.mdx | 2 +- .../domain-support/custom-metadata.mdx | 2 +- .../basic-tasks/trace-request/how-to.mdx | 4 +- .../reference/http-request-headers.mdx | 2 +- .../load-balancing-rules/reference.mdx | 26 ++++----- .../about/protocol-validation-rules.mdx | 2 +- .../magic-firewall/about/traffic-types.mdx | 2 +- .../reference/magic-firewall-fields.mdx | 2 +- .../docs/rules/compression-rules/index.mdx | 6 +-- .../custom-error-responses/create-api.mdx | 4 +- .../docs/rules/reference/troubleshooting.mdx | 2 +- .../examples/rewrite-moved-section.mdx | 2 +- .../examples/rewrite-path-archived-posts.mdx | 2 +- .../managed-transforms/reference.mdx | 54 +++++++++---------- .../reference/fields-functions.mdx | 2 +- .../examples/remove-locale-url.mdx | 2 +- .../expressions/edit-expressions.mdx | 2 +- .../rules-language/fields/dynamic-fields.mdx | 2 +- .../rules-language/functions.mdx | 2 +- .../rules-language/operators.mdx | 6 +-- .../ruleset-engine/rules-language/values.mdx | 6 +-- .../docs/waf/about/content-scanning/index.mdx | 16 +++--- .../docs/waf/about/waf-attack-score.mdx | 10 ++-- .../allow-traffic-from-specific-countries.mdx | 2 +- .../allow-traffic-from-verified-bots.mdx | 2 +- .../block-traffic-from-specific-countries.mdx | 2 +- .../use-cases/challenge-bad-bots.mdx | 6 +-- .../exempt-partners-hotlink-protection.mdx | 2 +- .../use-cases/require-specific-cookie.mdx | 2 +- .../use-cases/require-specific-headers.mdx | 4 +- .../use-cases/require-specific-http-ports.mdx | 2 +- .../use-cases/site-admin-only-known-ips.mdx | 2 +- .../use-cases/stop-rudy-attacks.mdx | 2 +- .../update-rules-customers-partners.mdx | 10 ++-- .../configure-api.mdx | 2 +- .../rate-limiting-rules/best-practices.mdx | 2 +- .../create-account-dashboard.mdx | 2 +- .../create-zone-dashboard.mdx | 2 +- .../waf/rate-limiting-rules/parameters.mdx | 8 +-- .../waiting-room-rules/bypass-rules.mdx | 10 ++-- .../transform/header-modification-fields.mdx | 2 +- .../transform/transform-phase-fields.mdx | 2 +- .../rate-limiting-availability-by-plan.mdx | 2 +- 44 files changed, 115 insertions(+), 115 deletions(-) diff --git a/src/content/changelogs/rules.yaml b/src/content/changelogs/rules.yaml index 071998a85f2367..d0a5b44a5f2f40 100644 --- a/src/content/changelogs/rules.yaml +++ b/src/content/changelogs/rules.yaml @@ -16,7 +16,7 @@ entries: description: |- Wildcards are now supported across our Ruleset Engine-based products, including Single Redirects, Cache Rules, Transform Rules, WAF, Waiting Room, and more: * You can now use the `wildcard` and `strict wildcard` operators with any string field in the Ruleset Engine, such as full URI, host, headers, cookies, user-agent, and country. For more details, refer to [Operators](/ruleset-engine/rules-language/operators/) and [Wildcard matching](/ruleset-engine/rules-language/operators/#wildcard-matching). - * In [Single Redirects](/rules/url-forwarding/single-redirects/), the `wildcard_replace()` function allows you to use segments matched by the `wildcard` and `strict wildcard` operators in redirect URL targets. For more information, refer to [Functions](/ruleset-engine/rules-language/functions/#function-wildcard_replace). + * In [Single Redirects](/rules/url-forwarding/single-redirects/), the `wildcard_replace()` function allows you to use segments matched by the `wildcard` and `strict wildcard` operators in redirect URL targets. For more information, refer to [Functions](/ruleset-engine/rules-language/functions/#wildcard_replace). - publish_date: '2024-07-01' title: Cloudflare Snippets now available to all paid customers diff --git a/src/content/docs/bots/troubleshooting.mdx b/src/content/docs/bots/troubleshooting.mdx index 7b26cc9252430f..a29f9a73d9cd36 100644 --- a/src/content/docs/bots/troubleshooting.mdx +++ b/src/content/docs/bots/troubleshooting.mdx @@ -90,7 +90,7 @@ Cloudflare has built an allowlist of good, automated bots, e.g. Google Search En This allowlist is large based on reverse DNS verification, meaning that the IPs we allow really match the requesting service. In addition to this, Cloudflare uses multiple validation methods including ASN blocks and public lists. If none of these validation types are available for a customer, we use internal Cloudflare data and machine learning to identify legitimate IP addresses from good bots. -To allow traffic from good bots, use the [Verified Bot](/ruleset-engine/rules-language/fields/#field-cf-bot_management-verified_bot) field in your WAF custom rule. +To allow traffic from good bots, use the [Verified Bot](/ruleset-engine/rules-language/fields/dynamic-fields/#cfbot_managementverified_bot) field in your WAF custom rule. *** diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/custom-metadata.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/custom-metadata.mdx index 3e1c2be3ef73f8..72b908bd27d313 100644 --- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/custom-metadata.mdx +++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/domain-support/custom-metadata.mdx @@ -84,7 +84,7 @@ addEventListener('fetch', event => { ## Accessing custom metadata in a rule expression -Use the [`cf.hostname.metadata`](/ruleset-engine/rules-language/fields/#field-cf-hostname-metadata) field to access the metadata object in rule expressions. To obtain the different values from the JSON object, use the [`lookup_json_string`](/ruleset-engine/rules-language/functions/#function-lookup_json_string) function. +Use the [`cf.hostname.metadata`](/ruleset-engine/rules-language/fields/dynamic-fields/#cfhostnamemetadata) field to access the metadata object in rule expressions. To obtain the different values from the JSON object, use the [`lookup_json_string`](/ruleset-engine/rules-language/functions/#lookup_json_string) function. The following rule expression defines that there will be a rule match if the `security_tag` value in custom metadata contains the value `low`: diff --git a/src/content/docs/fundamentals/basic-tasks/trace-request/how-to.mdx b/src/content/docs/fundamentals/basic-tasks/trace-request/how-to.mdx index bbfeb9b3a92e4c..cf8f8784e9c5d3 100644 --- a/src/content/docs/fundamentals/basic-tasks/trace-request/how-to.mdx +++ b/src/content/docs/fundamentals/basic-tasks/trace-request/how-to.mdx @@ -35,9 +35,9 @@ import { GlossaryTooltip } from "~/components" * **Protocol** (HTTP protocol version) * **Request headers** * **Cookies** - * **Geolocation** (request source [country](/ruleset-engine/rules-language/fields/#field-ip-src-country), [region](/ruleset-engine/rules-language/fields/#field-ip-src-region_code), and [city](/ruleset-engine/rules-language/fields/#field-ip-src-city)) + * **Geolocation** (request source [country](/ruleset-engine/rules-language/fields/standard-fields/#ipsrccountry), [region](/ruleset-engine/rules-language/fields/standard-fields/#ipsrcregion), and [city](/ruleset-engine/rules-language/fields/standard-fields/#ipsrccity)) * [**Bot score**](/bots/concepts/bot-score/) - * **Threat score** + * **Threat score** * **Request body** (for `POST`, `PUT`, and `PATCH` requests) * **Skip challenge** (skips a Cloudflare-issued [challenge](/waf/reference/cloudflare-challenges/), if any, allowing the trace to continue) diff --git a/src/content/docs/fundamentals/reference/http-request-headers.mdx b/src/content/docs/fundamentals/reference/http-request-headers.mdx index d4a0f7499b2c82..486b62cb218649 100644 --- a/src/content/docs/fundamentals/reference/http-request-headers.mdx +++ b/src/content/docs/fundamentals/reference/http-request-headers.mdx @@ -142,7 +142,7 @@ The intended purpose of this header is to provide a means for recipients (for ex :::note -When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/#field-cf-worker-upstream_zone) dynamic field, which contains the same value and exists for the same purpose. +When configuring WAF custom rules, do not match on this header. These rules are applied before Cloudflare adds the `CF-Worker` header. Instead, use the [`cf.worker.upstream_zone`](/ruleset-engine/rules-language/fields/dynamic-fields/#cfworkerupstream_zone) dynamic field, which contains the same value and exists for the same purpose. ::: diff --git a/src/content/docs/load-balancing/additional-options/load-balancing-rules/reference.mdx b/src/content/docs/load-balancing/additional-options/load-balancing-rules/reference.mdx index 8652e49b285621..7e966f8b242a5e 100644 --- a/src/content/docs/load-balancing/additional-options/load-balancing-rules/reference.mdx +++ b/src/content/docs/load-balancing/additional-options/load-balancing-rules/reference.mdx @@ -91,7 +91,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.cookie
`String` + http.cookie
`String` (Manual entry only)

Represents the entire cookie as a string.

@@ -102,7 +102,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.host
`String` + http.host
`String` (Manual entry only)

Represents the hostname used in the full request URI.

@@ -113,7 +113,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.referer
`String` + http.referer
`String` (Manual entry only)

Represents the HTTP Referer request header, which contains the address of the web page that linked to the currently requested page.

@@ -124,7 +124,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.headers
`Map>` + http.request.headers
`Map>` Header

Represents HTTP request headers as a Map (or associative array).

@@ -146,7 +146,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.method
`String` + http.request.method
`String` Request Method

Represents the HTTP method, returned as a string of uppercase characters.

@@ -157,7 +157,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.timestamp.sec
`Integer` + http.request.timestamp.sec
`Integer` Timestamp

Represents the timestamp when Cloudflare received the request, expressed as Unix time in seconds. This value is 10 digits long.

@@ -168,7 +168,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.uri
`String` + http.request.uri
`String` URI

Represents the URI path and query string of the request.

@@ -179,7 +179,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.uri.args
`Map>` + http.request.uri.args
`Map>` (Manual entry only)

Represents the HTTP URI arguments associated with a request as a Map (associative array).

@@ -202,7 +202,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.uri.args.names
`Array` + http.request.uri.args.names
`Array` (Manual entry only)

Represents the names of the arguments in the HTTP URI query string. The names are not pre-processed and retain the original case used in the request.

@@ -222,7 +222,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.uri.args.values
`Array` + http.request.uri.args.values
`Array` (Manual entry only)

Represents the values of arguments in the HTTP URI query string. The values are not pre-processed and retain the original case used in the request. They are in the same order as in the request.

@@ -242,7 +242,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.uri.path
`String` + http.request.uri.path
`String` URI Path

Represents the URI path of the request.

@@ -253,7 +253,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.uri.query
`String` + http.request.uri.query
`String` URI Query

Represents the entire query string, without the ? delimiter.

@@ -264,7 +264,7 @@ Many of these fields are referenced from the [Rules language documentation](/rul - http.request.version
`String` + http.request.version
`String` HTTP Version

Represents the version of the HTTP protocol used. Use this field when you require different checks for different versions.

diff --git a/src/content/docs/magic-firewall/about/protocol-validation-rules.mdx b/src/content/docs/magic-firewall/about/protocol-validation-rules.mdx index 2bbf1bd098e591..e45e4855dd6e29 100644 --- a/src/content/docs/magic-firewall/about/protocol-validation-rules.mdx +++ b/src/content/docs/magic-firewall/about/protocol-validation-rules.mdx @@ -6,6 +6,6 @@ pcx_content_type: concept Magic Firewall supports [Session Initiation Protocol (SIP)](https://datatracker.ietf.org/doc/html/rfc2543) to inspect traffic validity and enforce a positive security model. -You can use the `sip` field when creating a rule to determine if packets are valid SIP Layer 7 (L7) protocol. Refer to [Magic Firewall fields](/ruleset-engine/rules-language/fields/#magic-firewall-fields), specifically the `sip` field, for more information on this topic. +You can use the `sip` field when creating a rule to determine if packets are valid SIP Layer 7 (L7) protocol. Refer to [Magic Firewall fields](/ruleset-engine/rules-language/fields/magic-firewall/), specifically the `sip` field, for more information on this topic. Contact your account manager if you need Magic Firewall to support additional protocols. diff --git a/src/content/docs/magic-firewall/about/traffic-types.mdx b/src/content/docs/magic-firewall/about/traffic-types.mdx index 50d55f11146403..8bb443f03c922a 100644 --- a/src/content/docs/magic-firewall/about/traffic-types.mdx +++ b/src/content/docs/magic-firewall/about/traffic-types.mdx @@ -10,4 +10,4 @@ Magic Firewall enables you to allow or block traffic on a variety of packet char Magic Firewall supports layers three and four — network and transport — protocols such as TCP, UDP, and ICMP. Any type of layer three or four protocols can go through Magic Firewall and then be matched on those protocols. -To view the list of available fields, refer to [Magic Firewall fields](/ruleset-engine/rules-language/fields/#magic-firewall-fields). +To view the list of available fields, refer to [Magic Firewall fields](/ruleset-engine/rules-language/fields/magic-firewall/). diff --git a/src/content/docs/magic-firewall/reference/magic-firewall-fields.mdx b/src/content/docs/magic-firewall/reference/magic-firewall-fields.mdx index e0ee7d8c204384..535624b9922b8e 100644 --- a/src/content/docs/magic-firewall/reference/magic-firewall-fields.mdx +++ b/src/content/docs/magic-firewall/reference/magic-firewall-fields.mdx @@ -1,6 +1,6 @@ --- pcx_content_type: navigation title: Magic Firewall fields -external_link: /ruleset-engine/rules-language/fields/#magic-firewall-fields +external_link: /ruleset-engine/rules-language/fields/magic-firewall/ --- diff --git a/src/content/docs/rules/compression-rules/index.mdx b/src/content/docs/rules/compression-rules/index.mdx index d26eb2de67a0c5..a2e96415e01624 100644 --- a/src/content/docs/rules/compression-rules/index.mdx +++ b/src/content/docs/rules/compression-rules/index.mdx @@ -39,9 +39,9 @@ The following fields are commonly used in expressions of compression rules: | Field in [Expression Builder](/ruleset-engine/rules-language/expressions/edit-expressions/#expression-builder) | Field name | | -------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | -| *Media Type* | [`http.response.content_type.media_type`](/ruleset-engine/rules-language/fields/#field-http-response-content_type-media_type) | -| *File extension* | [`http.request.uri.path.extension`](/ruleset-engine/rules-language/fields/#field-http-request-uri-path-extension) | -| N/A | [`raw.http.request.uri.path.extension`](/ruleset-engine/rules-language/fields/#field-raw-http-request-uri-path-extension) | +| *Media Type* | [`http.response.content_type.media_type`](/ruleset-engine/rules-language/fields/http-request-response/#httpresponsecontent_typemedia_type) | +| *File extension* | [`http.request.uri.path.extension`](/ruleset-engine/rules-language/fields/standard-fields/#httprequesturipathextension) | +| N/A | [`raw.http.request.uri.path.extension`](/ruleset-engine/rules-language/fields/standard-fields/#rawhttprequesturipathextension) | diff --git a/src/content/docs/rules/custom-error-responses/create-api.mdx b/src/content/docs/rules/custom-error-responses/create-api.mdx index ab764d03b2745c..a6fa549a819c75 100644 --- a/src/content/docs/rules/custom-error-responses/create-api.mdx +++ b/src/content/docs/rules/custom-error-responses/create-api.mdx @@ -34,9 +34,9 @@ Follow this workflow to create a custom error response rule for a given zone via The examples in this section use the following fields in their rule expressions: -* [`http.response.code`](/ruleset-engine/rules-language/fields/#field-http-response-code): Represents the HTTP status code returned to the client, either set by a Cloudflare product or returned by the origin server. Use this field to customize the error response for error codes returned by the origin server or by a Cloudflare product such as a Worker. +* [`http.response.code`](/ruleset-engine/rules-language/fields/http-request-response/#httpresponsecode): Represents the HTTP status code returned to the client, either set by a Cloudflare product or returned by the origin server. Use this field to customize the error response for error codes returned by the origin server or by a Cloudflare product such as a Worker. -* [`cf.response.1xxx_code`](/ruleset-engine/rules-language/fields/#field-cf-response-1xxx_code): Contains the specific error code for Cloudflare-generated errors. This field will only work for Cloudflare-generated errors such as [52x](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors/) and [1xxx](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/). +* [`cf.response.1xxx_code`](/ruleset-engine/rules-language/fields/#cf-response-1xxx_code): Contains the specific error code for Cloudflare-generated errors. This field will only work for Cloudflare-generated errors such as [52x](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-5xx-errors/) and [1xxx](/support/troubleshooting/cloudflare-errors/troubleshooting-cloudflare-1xxx-errors/). ### Custom JSON response for all 5xx errors diff --git a/src/content/docs/rules/reference/troubleshooting.mdx b/src/content/docs/rules/reference/troubleshooting.mdx index 40c4c7e9b3ee63..2f1c109dc2d9f9 100644 --- a/src/content/docs/rules/reference/troubleshooting.mdx +++ b/src/content/docs/rules/reference/troubleshooting.mdx @@ -16,7 +16,7 @@ import { Example } from "~/components" If you are issuing a [challenge](/waf/reference/cloudflare-challenges/) for a given URI path that has one or more Rules features enabled, you should exclude URI paths starting with `/cdn-cgi/challenge-platform/` in your rule expressions to avoid challenge loops. -For example, define a compound expression for your rule using the `and` operator and the [`starts_with()`](/ruleset-engine/rules-language/functions/#function-starts_with) function: +For example, define a compound expression for your rule using the `and` operator and the [`starts_with()`](/ruleset-engine/rules-language/functions/#starts_with) function: ```txt and not starts_with(http.request.uri, "/cdn-cgi/challenge-platform/") diff --git a/src/content/docs/rules/transform/examples/rewrite-moved-section.mdx b/src/content/docs/rules/transform/examples/rewrite-moved-section.mdx index a2a13ca8287298..75692902b141c6 100644 --- a/src/content/docs/rules/transform/examples/rewrite-moved-section.mdx +++ b/src/content/docs/rules/transform/examples/rewrite-moved-section.mdx @@ -14,7 +14,7 @@ description: Create a rewrite URL rule (part of Transform Rules) to rewrite import { Example } from "~/components" -To rewrite everything under `/blog/` to `/marketing/` you must modify the first component of the path (`/blog/`). Create a rewrite URL rule and use the [`regex_replace()`](/ruleset-engine/rules-language/functions/#function-regex_replace) function for this purpose: +To rewrite everything under `/blog/` to `/marketing/` you must modify the first component of the path (`/blog/`). Create a rewrite URL rule and use the [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace) function for this purpose: diff --git a/src/content/docs/rules/transform/examples/rewrite-path-archived-posts.mdx b/src/content/docs/rules/transform/examples/rewrite-path-archived-posts.mdx index 962fe3bf06060d..9f7287c5992b00 100644 --- a/src/content/docs/rules/transform/examples/rewrite-path-archived-posts.mdx +++ b/src/content/docs/rules/transform/examples/rewrite-path-archived-posts.mdx @@ -32,4 +32,4 @@ concat("/archive", http.request.uri.path) -The filter uses the [`starts_with()`](/ruleset-engine/rules-language/functions/#function-starts_with) function all paths starting with `/news/2012/`. The dynamic path rewrite uses the [`concat()`](/ruleset-engine/rules-language/functions/#function-concat) function to concatenate a prefix to the original URL path of the HTTP request. +The filter uses the [`starts_with()`](/ruleset-engine/rules-language/functions/#starts_with) function all paths starting with `/news/2012/`. The dynamic path rewrite uses the [`concat()`](/ruleset-engine/rules-language/functions/#concat) function to concatenate a prefix to the original URL path of the HTTP request. diff --git a/src/content/docs/rules/transform/managed-transforms/reference.mdx b/src/content/docs/rules/transform/managed-transforms/reference.mdx index 95fd38e64229ef..044240caea3400 100644 --- a/src/content/docs/rules/transform/managed-transforms/reference.mdx +++ b/src/content/docs/rules/transform/managed-transforms/reference.mdx @@ -38,38 +38,38 @@ Adds HTTP headers with bot-related values to the request sent to the origin serv Adds HTTP headers with [Mutual TLS](/api-shield/security/mtls/) (mTLS) client authentication values to the request sent to the origin server: -* `cf-cert-revoked`: Value from the [`cf.tls_client_auth.cert_revoked`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_revoked) field. -* `cf-cert-verified`: Value from the [`cf.tls_client_auth.cert_verified`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_verified) field. -* `cf-cert-presented`: Value from the [`cf.tls_client_auth.cert_presented`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_presented) field. -* `cf-cert-issuer-dn`: Value from the [`cf.tls_client_auth.cert_issuer_dn`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_issuer_dn) field. -* `cf-cert-subject-dn`: Value from the [`cf.tls_client_auth.cert_subject_dn`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_subject_dn) field. -* `cf-cert-issuer-dn-rfc2253`: Value from the [`cf.tls_client_auth.cert_issuer_dn_rfc2253`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_issuer_dn_rfc2253) field. -* `cf-cert-subject-dn-rfc2253`: Value from the [`cf.tls_client_auth.cert_subject_dn_rfc2253`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_subject_dn_rfc2253) field. -* `cf-cert-issuer-dn-legacy`: Value from the [`cf.tls_client_auth.cert_issuer_dn_legacy`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_issuer_dn_legacy) field. -* `cf-cert-subject-dn-legacy`: Value from the [`cf.tls_client_auth.cert_subject_dn_legacy`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_subject_dn_legacy) field. -* `cf-cert-serial`: Value from the [`cf.tls_client_auth.cert_serial`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_serial) field. -* `cf-cert-issuer-serial`: Value from the [`cf.tls_client_auth.cert_issuer_serial`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_issuer_serial) field. -* `cf-cert-fingerprint-sha256`: Value from the [`cf.tls_client_auth.cert_fingerprint_sha256`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_fingerprint_sha256) field. -* `cf-cert-fingerprint-sha1`: Value from the [`cf.tls_client_auth.cert_fingerprint_sha1`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_fingerprint_sha1) field. -* `cf-cert-not-before`: Value from the [`cf.tls_client_auth.cert_not_before`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_not_before) field. -* `cf-cert-not-after`: Value from the [`cf.tls_client_auth.cert_not_after`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_not_after) field. -* `cf-cert-ski`: Value from the [`cf.tls_client_auth.cert_ski`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_ski) field. -* `cf-cert-issuer-ski`: Value from the [`cf.tls_client_auth.cert_issuer_ski`](/ruleset-engine/rules-language/fields/#field-cf-tls_client_auth-cert_issuer_ski) field. +* `cf-cert-revoked`: Value from the [`cf.tls_client_auth.cert_revoked`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_revoked) field. +* `cf-cert-verified`: Value from the [`cf.tls_client_auth.cert_verified`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_verified) field. +* `cf-cert-presented`: Value from the [`cf.tls_client_auth.cert_presented`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_presented) field. +* `cf-cert-issuer-dn`: Value from the [`cf.tls_client_auth.cert_issuer_dn`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_issuer_dn) field. +* `cf-cert-subject-dn`: Value from the [`cf.tls_client_auth.cert_subject_dn`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_subject_dn) field. +* `cf-cert-issuer-dn-rfc2253`: Value from the [`cf.tls_client_auth.cert_issuer_dn_rfc2253`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_issuer_dn_rfc2253) field. +* `cf-cert-subject-dn-rfc2253`: Value from the [`cf.tls_client_auth.cert_subject_dn_rfc2253`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_subject_dn_rfc2253) field. +* `cf-cert-issuer-dn-legacy`: Value from the [`cf.tls_client_auth.cert_issuer_dn_legacy`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_issuer_dn_legacy) field. +* `cf-cert-subject-dn-legacy`: Value from the [`cf.tls_client_auth.cert_subject_dn_legacy`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_subject_dn_legacy) field. +* `cf-cert-serial`: Value from the [`cf.tls_client_auth.cert_serial`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_serial) field. +* `cf-cert-issuer-serial`: Value from the [`cf.tls_client_auth.cert_issuer_serial`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_issuer_serial) field. +* `cf-cert-fingerprint-sha256`: Value from the [`cf.tls_client_auth.cert_fingerprint_sha256`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_fingerprint_sha256) field. +* `cf-cert-fingerprint-sha1`: Value from the [`cf.tls_client_auth.cert_fingerprint_sha1`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_fingerprint_sha1) field. +* `cf-cert-not-before`: Value from the [`cf.tls_client_auth.cert_not_before`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_not_before) field. +* `cf-cert-not-after`: Value from the [`cf.tls_client_auth.cert_not_after`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_not_after) field. +* `cf-cert-ski`: Value from the [`cf.tls_client_auth.cert_ski`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_ski) field. +* `cf-cert-issuer-ski`: Value from the [`cf.tls_client_auth.cert_issuer_ski`](/ruleset-engine/rules-language/fields/#cf-tls_client_auth-cert_issuer_ski) field. ### Add visitor location headers Adds HTTP headers with location information for the visitor's IP address to the request sent to the origin server: -* `cf-ipcity`: The visitor's city (value from the [`ip.src.city`](/ruleset-engine/rules-language/fields/#field-ip-src-city) field). -* `cf-ipcountry`: The visitor's country (value from the [`ip.src.country`](/ruleset-engine/rules-language/fields/#field-ip-src-country) field). -* `cf-ipcontinent`: The visitor's continent (value from the [`ip.src.continent`](/ruleset-engine/rules-language/fields/#field-ip-src-continent) field). -* `cf-iplongitude`: The visitor's longitude (value from the [`ip.src.lon`](/ruleset-engine/rules-language/fields/#field-ip-src-lon) field). -* `cf-iplatitude`: The visitor's latitude (value from the [`ip.src.lat`](/ruleset-engine/rules-language/fields/#field-ip-src-lat) field). -* `cf-region`: The visitor's region (value from the [`ip.src.region`](/ruleset-engine/rules-language/fields/#field-ip-src-region) field). -* `cf-region-code`: The visitor's region code (value from the [`ip.src.region_code`](/ruleset-engine/rules-language/fields/#field-ip-src-region_code) field). -* `cf-metro-code`: The visitor's metro code (value from the [`ip.src.metro_code`](/ruleset-engine/rules-language/fields/#field-ip-src-metro_code) field). -* `cf-postal-code`: The visitor's postal code (value from the [`ip.src.postal_code`](/ruleset-engine/rules-language/fields/#field-ip-src-postal_code) field). -* `cf-timezone`: The name of the visitor's timezone (value from the [`ip.src.timezone.name`](/ruleset-engine/rules-language/fields/#field-ip-src-timezone-name) field). +* `cf-ipcity`: The visitor's city (value from the [`ip.src.city`](/ruleset-engine/rules-language/fields/#ip-src-city) field). +* `cf-ipcountry`: The visitor's country (value from the [`ip.src.country`](/ruleset-engine/rules-language/fields/#ip-src-country) field). +* `cf-ipcontinent`: The visitor's continent (value from the [`ip.src.continent`](/ruleset-engine/rules-language/fields/#ip-src-continent) field). +* `cf-iplongitude`: The visitor's longitude (value from the [`ip.src.lon`](/ruleset-engine/rules-language/fields/#ip-src-lon) field). +* `cf-iplatitude`: The visitor's latitude (value from the [`ip.src.lat`](/ruleset-engine/rules-language/fields/#ip-src-lat) field). +* `cf-region`: The visitor's region (value from the [`ip.src.region`](/ruleset-engine/rules-language/fields/#ip-src-region) field). +* `cf-region-code`: The visitor's region code (value from the [`ip.src.region_code`](/ruleset-engine/rules-language/fields/#ip-src-region_code) field). +* `cf-metro-code`: The visitor's metro code (value from the [`ip.src.metro_code`](/ruleset-engine/rules-language/fields/#ip-src-metro_code) field). +* `cf-postal-code`: The visitor's postal code (value from the [`ip.src.postal_code`](/ruleset-engine/rules-language/fields/#ip-src-postal_code) field). +* `cf-timezone`: The name of the visitor's timezone (value from the [`ip.src.timezone.name`](/ruleset-engine/rules-language/fields/#ip-src-timezone-name) field). :::caution[Warning] diff --git a/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx b/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx index 1d5e057b254061..aebd26b8fe5019 100644 --- a/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx +++ b/src/content/docs/rules/transform/url-rewrite/reference/fields-functions.mdx @@ -29,4 +29,4 @@ A rewrite expression (that is, the expression that defines the dynamic URL rewri Refer to [Fields](/ruleset-engine/rules-language/fields/) for reference information on these fields. -The [`concat()`](/ruleset-engine/rules-language/functions/#function-concat) and [`regex_replace()`](/ruleset-engine/rules-language/functions/#function-regex_replace) functions can appear only **once** in a rewrite expression. +The [`concat()`](/ruleset-engine/rules-language/functions/#concat) and [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace) functions can appear only **once** in a rewrite expression. diff --git a/src/content/docs/rules/url-forwarding/examples/remove-locale-url.mdx b/src/content/docs/rules/url-forwarding/examples/remove-locale-url.mdx index 7c75d288712d75..99a6300270ccfb 100644 --- a/src/content/docs/rules/url-forwarding/examples/remove-locale-url.mdx +++ b/src/content/docs/rules/url-forwarding/examples/remove-locale-url.mdx @@ -34,7 +34,7 @@ If you are using the Expression Editor, enter the following expression:
-The function [`regex_replace()`](/ruleset-engine/rules-language/functions/#function-regex_replace) allows you to extract parts of the URL using regular expressions' capture groups. Create capture groups by putting part of the regular expression in parentheses. Then, reference a capture group using `${}` in the replacement string, where `` is the number of the capture group. +The function [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace) allows you to extract parts of the URL using regular expressions' capture groups. Create capture groups by putting part of the regular expression in parentheses. Then, reference a capture group using `${}` in the replacement string, where `` is the number of the capture group. For example, the redirect rule would perform the following redirects: diff --git a/src/content/docs/ruleset-engine/rules-language/expressions/edit-expressions.mdx b/src/content/docs/ruleset-engine/rules-language/expressions/edit-expressions.mdx index fa10e4cff311f7..b466d43a9b7a1f 100644 --- a/src/content/docs/ruleset-engine/rules-language/expressions/edit-expressions.mdx +++ b/src/content/docs/ruleset-engine/rules-language/expressions/edit-expressions.mdx @@ -71,7 +71,7 @@ Only the Expression Editor supports nested expressions such as the one above. If :::note[Note] -String comparison in rule expressions is case sensitive. To account for possible variations of string capitalization in an expression, you can use the [`lower()`](/ruleset-engine/rules-language/functions/#function-lower) function and compare the result with a lowercased string, like in the following example: +String comparison in rule expressions is case sensitive. To account for possible variations of string capitalization in an expression, you can use the [`lower()`](/ruleset-engine/rules-language/functions/#lower) function and compare the result with a lowercased string, like in the following example: ```txt lower(http.request.uri.path) contains "/wp-login.php" diff --git a/src/content/docs/ruleset-engine/rules-language/fields/dynamic-fields.mdx b/src/content/docs/ruleset-engine/rules-language/fields/dynamic-fields.mdx index 7f50dff37bf8e3..98f782f704299e 100644 --- a/src/content/docs/ruleset-engine/rules-language/fields/dynamic-fields.mdx +++ b/src/content/docs/ruleset-engine/rules-language/fields/dynamic-fields.mdx @@ -106,7 +106,7 @@ Returns the string representation of the per-hostname [custom metadata](/cloudfl `cf.random_seed` `Bytes` -Returns per-request random bytes that you can use in the [`uuidv4()`](https://example.com/ruleset-engine/rules-language/functions/#function-uuidv4) function. +Returns per-request random bytes that you can use in the [`uuidv4()`](https://example.com/ruleset-engine/rules-language/functions/#uuidv4) function. ## `cf.ray_id` diff --git a/src/content/docs/ruleset-engine/rules-language/functions.mdx b/src/content/docs/ruleset-engine/rules-language/functions.mdx index 92910186126679..9a59e95bad9300 100644 --- a/src/content/docs/ruleset-engine/rules-language/functions.mdx +++ b/src/content/docs/ruleset-engine/rules-language/functions.mdx @@ -338,7 +338,7 @@ any(url_decode(http.request.body.form.values[*])[*] contains "an xss attack") `uuidv4(Bytes)` `String` -Generates a random UUIDv4 (Universally Unique Identifier, version 4) based on the given argument (a source of randomness). To obtain an array of random bytes, use the [`cf.random_seed`](/ruleset-engine/rules-language/fields/#field-cf-random_seed) field. +Generates a random UUIDv4 (Universally Unique Identifier, version 4) based on the given argument (a source of randomness). To obtain an array of random bytes, use the [`cf.random_seed`](/ruleset-engine/rules-language/fields/#cf-random_seed) field. For example, `uuidv4(cf.random_seed)` will return a UUIDv4 similar to `49887398-6bcf-485f-8899-f15dbef4d1d5`. diff --git a/src/content/docs/ruleset-engine/rules-language/operators.mdx b/src/content/docs/ruleset-engine/rules-language/operators.mdx index ef93be2af65baa..167b852ed469f2 100644 --- a/src/content/docs/ruleset-engine/rules-language/operators.mdx +++ b/src/content/docs/ruleset-engine/rules-language/operators.mdx @@ -44,8 +44,8 @@ Comparison operators entered using English notation (such as `eq`, `lt`, and `gt The Cloudflare dashboard shows the following functions as operators: -* *starts with* (corresponding to the [`starts_with()`](/ruleset-engine/rules-language/functions/#function-starts_with) function): Returns `true` when a string starts with a given substring, and `false` otherwise. -* *ends with* (corresponding to the [`ends_with()`](/ruleset-engine/rules-language/functions/#function-ends_with) function): Returns `true` when a string ends with a given substring, and `false` otherwise. +* *starts with* (corresponding to the [`starts_with()`](/ruleset-engine/rules-language/functions/#starts_with) function): Returns `true` when a string starts with a given substring, and `false` otherwise. +* *ends with* (corresponding to the [`ends_with()`](/ruleset-engine/rules-language/functions/#ends_with) function): Returns `true` when a string ends with a given substring, and `false` otherwise. However, when writing your own custom expressions, you must use these functions in function calls, not as operators. For example: @@ -59,7 +59,7 @@ http.request.uri.path ends_with ".html" ### Comparing string values -String comparison in rule expressions is case sensitive. To account for possible variations of string capitalization in an expression, you can use the [`lower()`](/ruleset-engine/rules-language/functions/#function-lower) function and compare the result with a lowercased string, like in the following example: +String comparison in rule expressions is case sensitive. To account for possible variations of string capitalization in an expression, you can use the [`lower()`](/ruleset-engine/rules-language/functions/#lower) function and compare the result with a lowercased string, like in the following example: ```txt lower(http.request.uri.path) contains "/wp-login.php" diff --git a/src/content/docs/ruleset-engine/rules-language/values.mdx b/src/content/docs/ruleset-engine/rules-language/values.mdx index fd86f0f281bd40..e5f97c3dc06dac 100644 --- a/src/content/docs/ruleset-engine/rules-language/values.mdx +++ b/src/content/docs/ruleset-engine/rules-language/values.mdx @@ -52,7 +52,7 @@ regex_replace(http.host, "a", "\\") :::caution[Warning] -In some situations you will need to double-escape a string — for example, when using the [`regex_replace()`](/ruleset-engine/rules-language/functions/#function-regex_replace) function with a regular expression matching a backslash (`\`). +In some situations you will need to double-escape a string — for example, when using the [`regex_replace()`](/ruleset-engine/rules-language/functions/#regex_replace) function with a regular expression matching a backslash (`\`). In this case, you must do the basic escaping required by strings as function parameters (using `\\` for each `\` character) and also the regex escaping (using `\\` for each `\` character), since the backslash has a special meaning in regular expressions. @@ -169,7 +169,7 @@ For maps where the values have an `Array` type, you cannot directly use [operato ### Examples -The following example is based on the [`http.request.headers`](/ruleset-engine/rules-language/fields/#field-http-request-headers) field with a data type of `Map>`, where array elements are of `String` data type. +The following example is based on the [`http.request.headers`](/ruleset-engine/rules-language/fields/http-request-header/) field with a data type of `Map>`, where array elements are of `String` data type. If an incoming HTTP request included a single `Accept: application/json` HTTP header, the following expressions would evaluate to the indicated values: @@ -181,7 +181,7 @@ any(http.request.headers["accept"][*] == "application/json") # ==> true any(http.request.headers["accept"][*] == "text/plain") # ==> false ``` -The following example is based on the [`http.request.uri.args`](/ruleset-engine/rules-language/fields/#field-http-request-uri-args) field with a data type of `Map>`, where array elements are of `String` data type. +The following example is based on the [`http.request.uri.args`](/ruleset-engine/rules-language/fields/uri/#httprequesturiargs) field with a data type of `Map>`, where array elements are of `String` data type. If an HTTP request included three `filter` URI arguments `waf`, `botm`, and `cdn`, the following expressions would evaluate to the indicated values: diff --git a/src/content/docs/waf/about/content-scanning/index.mdx b/src/content/docs/waf/about/content-scanning/index.mdx index 10ae071c717bda..2a057f33a2dae5 100644 --- a/src/content/docs/waf/about/content-scanning/index.mdx +++ b/src/content/docs/waf/about/content-scanning/index.mdx @@ -79,14 +79,14 @@ When content scanning is enabled, you can use the following fields in WAF rules: | Field name in the dashboard | Field name in expressions | | ------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------- | -| Has content object | [`cf.waf.content_scan.has_obj`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-has_obj) | -| Has malicious content object | [`cf.waf.content_scan.has_malicious_obj`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-has_malicious_obj) | -| Number of malicious content objects | [`cf.waf.content_scan.num_malicious_obj`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-num_malicious_obj) | -| Content scan has failed | [`cf.waf.content_scan.has_failed`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-has_failed) | -| Number of content objects | [`cf.waf.content_scan.num_obj`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-num_obj) | -| Content object size (in bytes) | [`cf.waf.content_scan.obj_sizes`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-obj_sizes) | -| Content object type | [`cf.waf.content_scan.obj_types`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-obj_types) | -| Content object result
Values: `clean`, `suspicious`,
`infected`, and `not scanned` | [`cf.waf.content_scan.obj_results`](/ruleset-engine/rules-language/fields/#field-cf-waf-content_scan-obj_results) | +| Has content object | [`cf.waf.content_scan.has_obj`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-has_obj) | +| Has malicious content object | [`cf.waf.content_scan.has_malicious_obj`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-has_malicious_obj) | +| Number of malicious content objects | [`cf.waf.content_scan.num_malicious_obj`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-num_malicious_obj) | +| Content scan has failed | [`cf.waf.content_scan.has_failed`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-has_failed) | +| Number of content objects | [`cf.waf.content_scan.num_obj`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-num_obj) | +| Content object size (in bytes) | [`cf.waf.content_scan.obj_sizes`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-obj_sizes) | +| Content object type | [`cf.waf.content_scan.obj_types`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-obj_types) | +| Content object result
Values: `clean`, `suspicious`,
`infected`, and `not scanned` | [`cf.waf.content_scan.obj_results`](/ruleset-engine/rules-language/fields/#cf-waf-content_scan-obj_results) | diff --git a/src/content/docs/waf/about/waf-attack-score.mdx b/src/content/docs/waf/about/waf-attack-score.mdx index acdfd4fcde1f77..ae732dccaab836 100644 --- a/src/content/docs/waf/about/waf-attack-score.mdx +++ b/src/content/docs/waf/about/waf-attack-score.mdx @@ -29,11 +29,11 @@ The Cloudflare WAF provides the following attack scores: | Score | Minimum plan required | Attack vector | Field | | ---------------------- | --------------------- | --------------------------- | --------------------------------------------------------------------------------------- | -| WAF Attack Score | Enterprise | N/A (global score) | [`cf.waf.score`](/ruleset-engine/rules-language/fields/#field-cf-waf-score) | -| WAF SQLi Attack Score | Enterprise | SQL injection (SQLi) | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/#field-cf-waf-score-sqli) | -| WAF XSS Attack Score | Enterprise | Cross-site scripting (XSS) | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/#field-cf-waf-score-xss) | -| WAF RCE Attack Score | Enterprise | Remote Code Execution (RCE) | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/#field-cf-waf-score-rce) | -| WAF Attack Score Class | Business | N/A (global classification) | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/#field-cf-waf-score-class) | +| WAF Attack Score | Enterprise | N/A (global score) | [`cf.waf.score`](/ruleset-engine/rules-language/fields/#cf-waf-score) | +| WAF SQLi Attack Score | Enterprise | SQL injection (SQLi) | [`cf.waf.score.sqli`](/ruleset-engine/rules-language/fields/#cf-waf-score-sqli) | +| WAF XSS Attack Score | Enterprise | Cross-site scripting (XSS) | [`cf.waf.score.xss`](/ruleset-engine/rules-language/fields/#cf-waf-score-xss) | +| WAF RCE Attack Score | Enterprise | Remote Code Execution (RCE) | [`cf.waf.score.rce`](/ruleset-engine/rules-language/fields/#cf-waf-score-rce) | +| WAF Attack Score Class | Business | N/A (global classification) | [`cf.waf.score.class`](/ruleset-engine/rules-language/fields/#cf-waf-score-class) | diff --git a/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-specific-countries.mdx b/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-specific-countries.mdx index 9ccf6a400b14a5..7720f183d695e3 100644 --- a/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-specific-countries.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-specific-countries.mdx @@ -4,7 +4,7 @@ title: Allow traffic from specific countries only --- -This example blocks requests based on country code using the [`ip.geoip.country`](/ruleset-engine/rules-language/fields/#field-ip-src-country) field, only allowing requests from two countries: United States and Mexico. +This example blocks requests based on country code using the [`ip.geoip.country`](/ruleset-engine/rules-language/fields/#ip-src-country) field, only allowing requests from two countries: United States and Mexico. - **Expression**: `(not ip.geoip.country in {"US" "MX"})` - **Action**: *Block* diff --git a/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx b/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx index 0949e28cd4e4f6..7b4456a919ace0 100644 --- a/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/allow-traffic-from-verified-bots.mdx @@ -9,7 +9,7 @@ head: This example challenges requests from a list of countries, but allows traffic from search engine bots — such as Googlebot and Bingbot — and from other [verified bots](/bots/concepts/bot/#verified-bots). -The rule expression uses the [`cf.client.bot`](/ruleset-engine/rules-language/fields/#field-cf-client-bot) field to determine if the request originated from a known good bot or crawler. +The rule expression uses the [`cf.client.bot`](/ruleset-engine/rules-language/fields/#cf-client-bot) field to determine if the request originated from a known good bot or crawler. - **Expression**: `(ip.geoip.country in {"US" "MX"} and not cf.client.bot)` - **Action**: Managed Challenge diff --git a/src/content/docs/waf/custom-rules/use-cases/block-traffic-from-specific-countries.mdx b/src/content/docs/waf/custom-rules/use-cases/block-traffic-from-specific-countries.mdx index 519e8bf9b77190..c8260af385014e 100644 --- a/src/content/docs/waf/custom-rules/use-cases/block-traffic-from-specific-countries.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/block-traffic-from-specific-countries.mdx @@ -4,7 +4,7 @@ title: Block traffic from specific countries --- -This example blocks requests based on country code using the [`ip.geoip.country`](/ruleset-engine/rules-language/fields/#field-ip-src-country) field. +This example blocks requests based on country code using the [`ip.geoip.country`](/ruleset-engine/rules-language/fields/#ip-src-country) field. - **Expression**: `(ip.geoip.country in {"KN" "SY"})` - **Action**: *Block* diff --git a/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx b/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx index 49dbea67e61b22..952707fe75a81a 100644 --- a/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/challenge-bad-bots.mdx @@ -18,9 +18,9 @@ Bot score ranges from 1 through 99. A low score indicates the request comes from These examples use: -* [`cf.bot_management.score`](/ruleset-engine/rules-language/fields/#field-cf-bot_management-score) to target requests from bots -* [`cf.bot_management.verified_bot`](/ruleset-engine/rules-language/fields/#field-cf-bot_management-verified_bot) to identify requests from [known good bots](https://radar.cloudflare.com/verified-bots) -* [`cf.bot_management.ja3_hash`](/ruleset-engine/rules-language/fields/#field-cf-bot_management-ja3_hash) to target specific [JA3 Fingerprints](/bots/concepts/ja3-ja4-fingerprint/) +* [`cf.bot_management.score`](/ruleset-engine/rules-language/fields/#cf-bot_management-score) to target requests from bots +* [`cf.bot_management.verified_bot`](/ruleset-engine/rules-language/fields/#cf-bot_management-verified_bot) to identify requests from [known good bots](https://radar.cloudflare.com/verified-bots) +* [`cf.bot_management.ja3_hash`](/ruleset-engine/rules-language/fields/#cf-bot_management-ja3_hash) to target specific [JA3 Fingerprints](/bots/concepts/ja3-ja4-fingerprint/) ## Suggested rules diff --git a/src/content/docs/waf/custom-rules/use-cases/exempt-partners-hotlink-protection.mdx b/src/content/docs/waf/custom-rules/use-cases/exempt-partners-hotlink-protection.mdx index d16925bbdaf122..f3534105e43e55 100644 --- a/src/content/docs/waf/custom-rules/use-cases/exempt-partners-hotlink-protection.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/exempt-partners-hotlink-protection.mdx @@ -10,7 +10,7 @@ When enabled, [Cloudflare Hotlink Protection](/waf/tools/scrape-shield/hotlink-p You can use custom rules to protect against hotlinking while allowing inline links from your partners. In this case, you will need to disable [Hotlink Protection](/waf/tools/scrape-shield/hotlink-protection/) within the **Scrape Shield** app so that partner referrals are not blocked by that feature. -This example uses the [`http.referer`](/ruleset-engine/rules-language/fields/#field-http-referer) field to target HTTP referrals from partner sites. +This example uses the [`http.referer`](/ruleset-engine/rules-language/fields/standard-fields/#httpreferer) field to target HTTP referrals from partner sites. The `not` operator matches HTTP referrals that are not from partner sites, and the action blocks them: diff --git a/src/content/docs/waf/custom-rules/use-cases/require-specific-cookie.mdx b/src/content/docs/waf/custom-rules/use-cases/require-specific-cookie.mdx index 59f15e0b1b5a9b..2ac586b4f8c76d 100644 --- a/src/content/docs/waf/custom-rules/use-cases/require-specific-cookie.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/require-specific-cookie.mdx @@ -6,7 +6,7 @@ title: Require a specific cookie To secure a sensitive area such as a development area, you can share a cookie with trusted individuals and then filter requests so that only users with that cookie can access your site. -Use the [`http.cookie`](/ruleset-engine/rules-language/fields/#field-http-cookie) field to target requests based on the presence of a specific cookie. +Use the [`http.cookie`](/ruleset-engine/rules-language/fields/standard-fields/#httpcookie) field to target requests based on the presence of a specific cookie. This example comprises two rules: diff --git a/src/content/docs/waf/custom-rules/use-cases/require-specific-headers.mdx b/src/content/docs/waf/custom-rules/use-cases/require-specific-headers.mdx index 4593a18e05d54f..58982c07aa68e8 100644 --- a/src/content/docs/waf/custom-rules/use-cases/require-specific-headers.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/require-specific-headers.mdx @@ -4,9 +4,9 @@ title: Require specific HTTP headers --- -Many organizations qualify traffic based on the presence of specific HTTP request headers. Use the Rules language [HTTP request header fields](/ruleset-engine/rules-language/fields/#http-request-header-fields) to target requests with specific headers. +Many organizations qualify traffic based on the presence of specific HTTP request headers. Use the Rules language [HTTP request header fields](/ruleset-engine/rules-language/fields/http-request-header/) to target requests with specific headers. -This example uses the `http.headers.names` field to look for the presence of an `X-CSRF-Token` header. The [`lower()`](/ruleset-engine/rules-language/functions/#function-lower) transformation function converts the value to lowercase so that the expression is case insensitive. +This example uses the `http.headers.names` field to look for the presence of an `X-CSRF-Token` header. The [`lower()`](/ruleset-engine/rules-language/functions/#lower) transformation function converts the value to lowercase so that the expression is case insensitive. When the `X-CSRF-Token` header is missing, Cloudflare blocks the request: diff --git a/src/content/docs/waf/custom-rules/use-cases/require-specific-http-ports.mdx b/src/content/docs/waf/custom-rules/use-cases/require-specific-http-ports.mdx index 4a15e0da5008d5..b7f094a96c7703 100644 --- a/src/content/docs/waf/custom-rules/use-cases/require-specific-http-ports.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/require-specific-http-ports.mdx @@ -8,7 +8,7 @@ import { Render } from "~/components" By default, Cloudflare allows requests on a [number of different HTTP ports](/fundamentals/reference/network-ports/). -You can target requests based on their HTTP port with the [`cf.edge.server_port`](/ruleset-engine/rules-language/fields/#field-cf-edge-server_port) field. Use the `in` [comparison operator](/ruleset-engine/rules-language/operators/#comparison-operators) to target a set of ports. +You can target requests based on their HTTP port with the [`cf.edge.server_port`](/ruleset-engine/rules-language/fields/#cf-edge-server_port) field. Use the `in` [comparison operator](/ruleset-engine/rules-language/operators/#comparison-operators) to target a set of ports. This example blocks requests to `www.example.com` that are not on ports `80` or `443`: diff --git a/src/content/docs/waf/custom-rules/use-cases/site-admin-only-known-ips.mdx b/src/content/docs/waf/custom-rules/use-cases/site-admin-only-known-ips.mdx index d81cd7f8927cf2..b0cfa41d209bf3 100644 --- a/src/content/docs/waf/custom-rules/use-cases/site-admin-only-known-ips.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/site-admin-only-known-ips.mdx @@ -8,7 +8,7 @@ If an attack compromises the administrative area of your website, the consequenc The example below limits access to the WordPress admin area, `/wp-admin/`, by blocking requests that do not originate from a specified set of IP addresses. -To prevent attackers from successfully using a permutation of `/wp-admin/` such as `/wP-AdMiN/`, use the [`lower()`](/ruleset-engine/rules-language/functions/#function-lower) transformation function to convert the URI path to lowercase: +To prevent attackers from successfully using a permutation of `/wp-admin/` such as `/wP-AdMiN/`, use the [`lower()`](/ruleset-engine/rules-language/functions/#lower) transformation function to convert the URI path to lowercase: - **Expression**: `(not ip.src in {10.20.30.40 192.168.1.0/24} and starts_with(lower(http.request.uri.path), "/wp-admin"))` diff --git a/src/content/docs/waf/custom-rules/use-cases/stop-rudy-attacks.mdx b/src/content/docs/waf/custom-rules/use-cases/stop-rudy-attacks.mdx index e828377b846b5f..bcc05347ee4c41 100644 --- a/src/content/docs/waf/custom-rules/use-cases/stop-rudy-attacks.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/stop-rudy-attacks.mdx @@ -8,7 +8,7 @@ R-U-Dead-Yet (R.U.D.Y.) attacks accomplish denial of service (DoS) by submitting This example combines three expressions to target HTTP `POST` requests that do not contain a legitimate authenticated session cookie: -* The first expression uses the [`http.request.uri.path`](/ruleset-engine/rules-language/fields/#field-http-request-uri-path) field to target the paths to secure from R.U.D.Y.: +* The first expression uses the [`http.request.uri.path`](/ruleset-engine/rules-language/fields/standard-fields/#httprequesturipath) field to target the paths to secure from R.U.D.Y.: ```txt http.request.uri.path matches "(comment|conversation|event|poll)/create" diff --git a/src/content/docs/waf/custom-rules/use-cases/update-rules-customers-partners.mdx b/src/content/docs/waf/custom-rules/use-cases/update-rules-customers-partners.mdx index ea1d1a5a8544fa..1172d41dc2875b 100644 --- a/src/content/docs/waf/custom-rules/use-cases/update-rules-customers-partners.mdx +++ b/src/content/docs/waf/custom-rules/use-cases/update-rules-customers-partners.mdx @@ -24,8 +24,8 @@ If a customer or partner is large enough, you could set up a custom rule based o This example uses: -* The [`ip.geoip.asnum`](/ruleset-engine/rules-language/fields/#field-ip-src-asnum) field to specify the general region. -* The [`cf.bot_management.score`](/ruleset-engine/rules-language/fields/#field-cf-bot_management-score) field to ensure partner traffic does not come from bots. +* The [`ip.geoip.asnum`](/ruleset-engine/rules-language/fields/#ip-src-asnum) field to specify the general region. +* The [`cf.bot_management.score`](/ruleset-engine/rules-language/fields/#cf-bot_management-score) field to ensure partner traffic does not come from bots. - **Expression**: `(ip.geoip.asnum eq 64496 and cf.bot_management.score gt 30)` - **Action**: Skip: @@ -43,8 +43,8 @@ Access to [Bot Management](/bots/plans/bm-subscription/) requires a Cloudflare E This example uses: -* The [`ip.geoip.asnum`](/ruleset-engine/rules-language/fields/#field-ip-src-asnum) field to specify the general region. -* The [`cf.threat_score`](/ruleset-engine/rules-language/fields/#field-cf-threat_score) dynamic field to ensure requests are not high-risk traffic. +* The [`ip.geoip.asnum`](/ruleset-engine/rules-language/fields/#ip-src-asnum) field to specify the general region. +* The [`cf.threat_score`](/ruleset-engine/rules-language/fields/#cf-threat_score) dynamic field to ensure requests are not high-risk traffic. If a request meets these criteria, your custom rule skips [User Agent Blocking](/waf/tools/user-agent-blocking/) rules. @@ -62,7 +62,7 @@ For smaller organizations, you could set up custom rules based on IP addresses. This example: * Specifies the source IP address and the host. -* Uses the [`cf.bot_management.score`](/ruleset-engine/rules-language/fields/#field-cf-bot_management-score) field to ensure requests are not high-risk traffic. +* Uses the [`cf.bot_management.score`](/ruleset-engine/rules-language/fields/#cf-bot_management-score) field to ensure requests are not high-risk traffic. - **Expression**: `(ip.src eq 203.0.113.1 and http.host eq "example.com" and cf.bot_management.score gt 30)` - **Action**: Skip: diff --git a/src/content/docs/waf/managed-rules/check-for-exposed-credentials/configure-api.mdx b/src/content/docs/waf/managed-rules/check-for-exposed-credentials/configure-api.mdx index b26364fda53c61..97721192da3066 100644 --- a/src/content/docs/waf/managed-rules/check-for-exposed-credentials/configure-api.mdx +++ b/src/content/docs/waf/managed-rules/check-for-exposed-credentials/configure-api.mdx @@ -36,7 +36,7 @@ To check for exposed credentials in a custom rule, include the `exposed_credenti These properties have additional requirements: * Each expression must evaluate to a string. -* You can only use the [`upper()`](/ruleset-engine/rules-language/functions/#function-upper), [`lower()`](/ruleset-engine/rules-language/functions/#function-lower), [`url_decode()`](/ruleset-engine/rules-language/functions/#function-url_decode), and [`lookup_json_string()`](/ruleset-engine/rules-language/functions/#function-lookup_json_string) functions, and you cannot nest these functions. +* You can only use the [`upper()`](/ruleset-engine/rules-language/functions/#upper), [`lower()`](/ruleset-engine/rules-language/functions/#lower), [`url_decode()`](/ruleset-engine/rules-language/functions/#url_decode), and [`lookup_json_string()`](/ruleset-engine/rules-language/functions/#lookup_json_string) functions, and you cannot nest these functions. ::: diff --git a/src/content/docs/waf/rate-limiting-rules/best-practices.mdx b/src/content/docs/waf/rate-limiting-rules/best-practices.mdx index a84cfc28232a9a..e504b07a469926 100644 --- a/src/content/docs/waf/rate-limiting-rules/best-practices.mdx +++ b/src/content/docs/waf/rate-limiting-rules/best-practices.mdx @@ -226,7 +226,7 @@ You could also limit the number of lookups of each `product_id` regardless of th :::note -If the request body is not JSON, you can use the [`http.request.body.raw`](/ruleset-engine/rules-language/fields/#field-http-request-body-raw) field and regular expressions (along with the [`matches` operator](/ruleset-engine/rules-language/operators/#comparison-operators)) to achieve the same goal. +If the request body is not JSON, you can use the [`http.request.body.raw`](/ruleset-engine/rules-language/fields/http-request-body/#httprequestbodyraw) field and regular expressions (along with the [`matches` operator](/ruleset-engine/rules-language/operators/#comparison-operators)) to achieve the same goal. ::: ### Limit requests from bots diff --git a/src/content/docs/waf/rate-limiting-rules/create-account-dashboard.mdx b/src/content/docs/waf/rate-limiting-rules/create-account-dashboard.mdx index a423f81abf4090..37df7ad31712b4 100644 --- a/src/content/docs/waf/rate-limiting-rules/create-account-dashboard.mdx +++ b/src/content/docs/waf/rate-limiting-rules/create-account-dashboard.mdx @@ -47,7 +47,7 @@ To create a new custom rate limiting ruleset: The available characteristics depend on your Cloudflare plan and product subscriptions. -10. (Optional) To define an expression that specifies the conditions for incrementing the rate counter, enable **Use custom counting expression** and set the expression. By default, the counting expression is the same as the rule expression. The counting expression can include [response fields](/ruleset-engine/rules-language/fields/#http-response-fields). +10. (Optional) To define an expression that specifies the conditions for incrementing the rate counter, enable **Use custom counting expression** and set the expression. By default, the counting expression is the same as the rule expression. The counting expression can include [response fields](/ruleset-engine/rules-language/fields/http-request-response/). 11. Under **When rate exceeds**, define the maximum number of requests and the time period to consider when determining the rate. diff --git a/src/content/docs/waf/rate-limiting-rules/create-zone-dashboard.mdx b/src/content/docs/waf/rate-limiting-rules/create-zone-dashboard.mdx index b61c29335e48dd..04768f0d50fea7 100644 --- a/src/content/docs/waf/rate-limiting-rules/create-zone-dashboard.mdx +++ b/src/content/docs/waf/rate-limiting-rules/create-zone-dashboard.mdx @@ -28,7 +28,7 @@ import { Render } from "~/components" 7. Under **With the same characteristics**, add one or more characteristics that will define the request counters for rate limiting purposes. Each value combination will have its own counter to determine the rate. Refer to [How Cloudflare determines the request rate](/waf/rate-limiting-rules/request-rate/) for more information. -8. (Optional) To define an expression that specifies the conditions for incrementing the rate counter, enable **Use custom counting expression** and set the expression. By default, the counting expression is the same as the rule expression. The counting expression can include [response fields](/ruleset-engine/rules-language/fields/#http-response-fields). +8. (Optional) To define an expression that specifies the conditions for incrementing the rate counter, enable **Use custom counting expression** and set the expression. By default, the counting expression is the same as the rule expression. The counting expression can include [response fields](/ruleset-engine/rules-language/fields/http-request-response/). 9. Under **When rate exceeds**, define the maximum number of requests and the time period to consider when determining the rate. diff --git a/src/content/docs/waf/rate-limiting-rules/parameters.mdx b/src/content/docs/waf/rate-limiting-rules/parameters.mdx index 80cf3761b46cb7..f4d1d51f2493c9 100644 --- a/src/content/docs/waf/rate-limiting-rules/parameters.mdx +++ b/src/content/docs/waf/rate-limiting-rules/parameters.mdx @@ -49,8 +49,8 @@ Use one or more of the following characteristics: | **Country** | `ip.geoip.country` | | **JA3 Fingerprint** | `cf.bot_management.ja3_hash` | | **JA4** | `cf.bot_management.ja4` | -| **JSON string value of** (enter key) | `lookup_json_string(http.request.body.raw, "")` | [Missing field versus empty value](#missing-field-versus-empty-value) and [`lookup_json_string()` function reference](/ruleset-engine/rules-language/functions/#function-lookup_json_string) | -| **JSON integer value of** (enter key) | `lookup_json_integer(http.request.body.raw, "")` | [Missing field versus empty value](#missing-field-versus-empty-value) and [`lookup_json_integer()` function reference](/ruleset-engine/rules-language/functions/#function-lookup_json_integer) | +| **JSON string value of** (enter key) | `lookup_json_string(http.request.body.raw, "")` | [Missing field versus empty value](#missing-field-versus-empty-value) and [`lookup_json_string()` function reference](/ruleset-engine/rules-language/functions/#lookup_json_string) | +| **JSON integer value of** (enter key) | `lookup_json_integer(http.request.body.raw, "")` | [Missing field versus empty value](#missing-field-versus-empty-value) and [`lookup_json_integer()` function reference](/ruleset-engine/rules-language/functions/#lookup_json_integer) | | **Form input value of** (enter field name) | `http.request.body.form[""]` | [Missing field versus empty value](#missing-field-versus-empty-value) | | **JWT claim of** (enter token configuration ID, claim name) | `lookup_json_string(http.request.jwt.claims[""][0], "")` | [Missing field versus empty value](#missing-field-versus-empty-value) and [JWT Validation reference](/api-shield/security/jwt-validation/transform-rules/) | | **Body** | `http.request.body.raw` | @@ -75,7 +75,7 @@ Only available in the Cloudflare dashboard when you enable **Use custom counting Defines the criteria used for determining the request rate. By default, the counting expression is the same as the rule matching expression (defined in **If incoming requests match**). This default is also applied when you set this field to an empty string (`""`). -The counting expression can include [HTTP response fields](/ruleset-engine/rules-language/fields/#http-response-fields). When there are response fields in the counting expression, the counting will happen after the response is sent. +The counting expression can include [HTTP response fields](/ruleset-engine/rules-language/fields/http-request-response/). When there are response fields in the counting expression, the counting will happen after the response is sent. In some cases, you cannot include HTTP response fields in the counting expression due to configuration restrictions. Refer to [Configuration restrictions](#configuration-restrictions) for details. @@ -229,4 +229,4 @@ If you use **Cookie value of** as a rate limiting rule characteristic, follow th * If the rule expression [includes IP lists](/waf/tools/lists/use-in-expressions/), you must enable the **Also apply rate limiting to cached assets** parameter. -* The rule counting expression, defined in the **Increment counter when** parameter, cannot include both [HTTP response fields](/ruleset-engine/rules-language/fields/#http-response-fields) and [IP lists](/waf/tools/lists/custom-lists/#ip-lists). If you use IP lists, you must enable the **Also apply rate limiting to cached assets** parameter. +* The rule counting expression, defined in the **Increment counter when** parameter, cannot include both [HTTP response fields](/ruleset-engine/rules-language/fields/http-request-response/) and [IP lists](/waf/tools/lists/custom-lists/#ip-lists). If you use IP lists, you must enable the **Also apply rate limiting to cached assets** parameter. diff --git a/src/content/docs/waiting-room/additional-options/waiting-room-rules/bypass-rules.mdx b/src/content/docs/waiting-room/additional-options/waiting-room-rules/bypass-rules.mdx index 92799247bda261..c0762f9ca2f57e 100644 --- a/src/content/docs/waiting-room/additional-options/waiting-room-rules/bypass-rules.mdx +++ b/src/content/docs/waiting-room/additional-options/waiting-room-rules/bypass-rules.mdx @@ -12,11 +12,11 @@ A Waiting Room Bypass Rule is a type of Waiting Room Rule built on Cloudflare’ To indicate where you want your bypass rules to apply, write [custom logic](/ruleset-engine/rules-language/) using the [fields](/ruleset-engine/rules-language/fields/) available via the Cloudflare Ruleset Engine from the following fields categories: -* [Standard fields](/ruleset-engine/rules-language/fields/#standard-fields) -* [Dynamic fields](/ruleset-engine/rules-language/fields/#dynamic-fields) except `cf.threat_score` and fields starting with `cf.bot_management` -* [URI and argument value fields](/ruleset-engine/rules-language/fields/#uri-argument-and-value-fields) -* [HTTP request header fields](/ruleset-engine/rules-language/fields/#http-request-header-fields) -* [HTTP request body fields](/ruleset-engine/rules-language/fields/#http-request-body-fields) +* [Standard fields](/ruleset-engine/rules-language/fields/standard-fields) +* [Dynamic fields](/ruleset-engine/rules-language/fields/dynamic-fields) except `cf.threat_score` and fields starting with `cf.bot_management` +* [URI and argument value fields](/ruleset-engine/rules-language/fields/uri/) +* [HTTP request header fields](/ruleset-engine/rules-language/fields/http-request-header/) +* [HTTP request body fields](/ruleset-engine/rules-language/fields/http-request-body/) Please be advised that the waiting room will not apply to all the traffic that matches the expressions written for bypass rules and will not be counted as active users. No Waiting Room features, including but not limited to, Event pre-queueing, Reject queueing method, or Queue-all will apply to this traffic. Be mindful of this when creating and enabling Bypass Waiting Room rules. Only use bypass rules for traffic you are confident will not overwhelm your origin or cause significant traffic surges. diff --git a/src/content/partials/rules/transform/header-modification-fields.mdx b/src/content/partials/rules/transform/header-modification-fields.mdx index 427ca9c36d1981..ff7899b773c1ed 100644 --- a/src/content/partials/rules/transform/header-modification-fields.mdx +++ b/src/content/partials/rules/transform/header-modification-fields.mdx @@ -41,7 +41,7 @@ Refer to [Fields](/ruleset-engine/rules-language/fields/) for reference informat :::caution[Important] -* To obtain the value of an HTTP request header using the [`http.request.headers`](/ruleset-engine/rules-language/fields/#field-http-request-headers) field, specify the header name in **lowercase**. For example, to get the first value of the `Accept-Encoding` request header in an expression, use: `http.request.headers["accept-encoding"][0]`. +* To obtain the value of an HTTP request header using the [`http.request.headers`](/ruleset-engine/rules-language/fields/#http-request-headers) field, specify the header name in **lowercase**. For example, to get the first value of the `Accept-Encoding` request header in an expression, use: `http.request.headers["accept-encoding"][0]`. * Use the `to_string()` function to get the string representation of a non-string value like an Integer value. For example, `to_string(cf.bot_management.score)`. diff --git a/src/content/partials/rules/transform/transform-phase-fields.mdx b/src/content/partials/rules/transform/transform-phase-fields.mdx index ed9f0aa72d5763..e6692353d374c6 100644 --- a/src/content/partials/rules/transform/transform-phase-fields.mdx +++ b/src/content/partials/rules/transform/transform-phase-fields.mdx @@ -40,7 +40,7 @@ Refer to [Fields](/ruleset-engine/rules-language/fields/) for reference informat :::caution[Important] -* To obtain the value of an HTTP request header using the [`http.request.headers`](/ruleset-engine/rules-language/fields/#field-http-request-headers) field, specify the header name in **lowercase**. For example, to get the first value of the `Accept-Encoding` request header in an expression, use: `http.request.headers["accept-encoding"][0]`. +* To obtain the value of an HTTP request header using the [`http.request.headers`](/ruleset-engine/rules-language/fields/#http-request-headers) field, specify the header name in **lowercase**. For example, to get the first value of the `Accept-Encoding` request header in an expression, use: `http.request.headers["accept-encoding"][0]`. * Use the `to_string()` function to get the string representation of a non-string value like an Integer value. diff --git a/src/content/partials/waf/rate-limiting-availability-by-plan.mdx b/src/content/partials/waf/rate-limiting-availability-by-plan.mdx index 18ab1c3191a4af..c5c65162578379 100644 --- a/src/content/partials/waf/rate-limiting-availability-by-plan.mdx +++ b/src/content/partials/waf/rate-limiting-availability-by-plan.mdx @@ -7,7 +7,7 @@ | Feature | Free | Pro | Business | Enterprise with app security | Enterprise with Advanced Rate Limiting | | ------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ----------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Available fields
in rule expression | Path, [Verified Bot](/ruleset-engine/rules-language/fields/#field-cf-bot_management-verified_bot) | Host, URI, Path, Full URI, Query, Verified Bot | Host, URI, Path, Full URI, Query, Method, Source IP, User Agent, Verified Bot | [Standard fields](/ruleset-engine/rules-language/fields/#standard-fields), [request header fields](/ruleset-engine/rules-language/fields/#http-request-header-fields), [dynamic fields](/ruleset-engine/rules-language/fields/#dynamic-fields) (including Verified Bot), other Bot Management fields1 | [Standard fields](/ruleset-engine/rules-language/fields/#standard-fields), [request header fields](/ruleset-engine/rules-language/fields/#http-request-header-fields), [dynamic fields](/ruleset-engine/rules-language/fields/#dynamic-fields) (including Verified Bot), other Bot Management fields1, [request body fields](/ruleset-engine/rules-language/fields/#http-request-body-fields)2 | +| Available fields
in rule expression | Path, [Verified Bot](/ruleset-engine/rules-language/fields/#cf-bot_management-verified_bot) | Host, URI, Path, Full URI, Query, Verified Bot | Host, URI, Path, Full URI, Query, Method, Source IP, User Agent, Verified Bot | [Standard fields](/ruleset-engine/rules-language/fields/#standard-fields), [request header fields](/ruleset-engine/rules-language/fields/#http-request-header-fields), [dynamic fields](/ruleset-engine/rules-language/fields/#dynamic-fields) (including Verified Bot), other Bot Management fields1 | [Standard fields](/ruleset-engine/rules-language/fields/#standard-fields), [request header fields](/ruleset-engine/rules-language/fields/#http-request-header-fields), [dynamic fields](/ruleset-engine/rules-language/fields/#dynamic-fields) (including Verified Bot), other Bot Management fields1, [request body fields](/ruleset-engine/rules-language/fields/#http-request-body-fields)2 | | Counting characteristics | IP | IP | IP | IP, IP with NAT support | IP, IP with NAT support, Query, Host, Headers, Cookie, ASN, Country, Path, JA3/JA4 Fingerprint1, JSON field value2, Body2, Form input value2, Custom | | Available fields
in counting expression | N/A | N/A | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers | All rule expression fields, Response code, Response headers | | Counting model | Number of requests | Number of requests | Number of requests | Number of requests | Number of requests,
[complexity score](/waf/rate-limiting-rules/request-rate/#complexity-based-rate-limiting) |