[DDoS Protection] Missing fields + additional caveats #22076
Conversation
|
Howdy and thanks for contributing to our repo. The Cloudflare team reviews new, external PRs within two (2) weeks. If it's been two weeks or longer without any movement, please tag the PR Assignees in a comment. We review internal PRs within 1 week. If it's something urgent or has been sitting without a comment, start a thread in the Developer Docs space internally. PR Change SummaryUpdated DDoS Protection documentation to include missing fields and additional important remarks regarding L7 HTTP override expressions.
Modified Files
How can I customize these reviews?Check out the Hyperlint AI Reviewer docs for more information on how to customize the review. If you just want to ignore it on this PR, you can add the Note specifically for link checks, we only check the first 30 links in a file and we cache the results for several hours (for instance, if you just added a page, you might experience this). Our recommendation is to add |
|
Preview URL: https://397b66cf.preview.developers.cloudflare.com Files with changes (up to 15) |
|
|
||
| ## Important remarks | ||
|
|
||
| - An expression is not an <GlossaryTooltip term="allowlist">allowlist</GlossaryTooltip> and does not become part of the attack fingerprint. The expression applies to the scope of the override and is used right before applying a mitigation action, to determine if the sensitivity level and action need to be adjusted.<br/> |
There was a problem hiding this comment.
It looks like a bullet point accidentally got in here.
There was a problem hiding this comment.
Oops! It totally did. Thanks for the catch!
|
|
||
| ## Important remarks | ||
|
|
||
| - An expression is not an <GlossaryTooltip term="allowlist">allowlist</GlossaryTooltip> and does not become part of the attack fingerprint. The expression applies to the scope of the override and is used right before applying a mitigation action, to determine if the sensitivity level and action need to be adjusted.<br/> |
There was a problem hiding this comment.
In the second sentence, I'd remove the comma or replace "to determine" with "which determines." Up to you!
src/content/docs/ddos-protection/managed-rulesets/http/override-expressions.mdx
Outdated
Show resolved
Hide resolved
…e-expressions.mdx
| - `http.request.uri.query` | ||
| - `http.request.full_uri` | ||
| - `http.request.method` | ||
| - `http.request.version` | ||
| - `http.request.cookies` | ||
| - `http.user_agent` | ||
| - `http.x_forwarded_for` | ||
| - `ip.geoip.asnum` |
There was a problem hiding this comment.
Small nit @patriciasantaana :
Even though ip.geoip.* fields are still supported, we're recommending ip.src.* fields instead, so I think we could omit the first ones from this list. I've removed ip.geoip.* fields from all (most?) of our example expressions.
* missing fields + additional caveats * fixes * Update src/content/docs/ddos-protection/managed-rulesets/http/override-expressions.mdx
Summary
Missing fields and caveats for DDoS Protection's L7 HTTP override expressions
Documentation checklist