[API Shield] Fallthrough Action + SV2 for all (#17034)

* plans page

* plans table

* fallthrough action

* availabilities

* Apply suggestions from code review

Co-authored-by: Jun Lee <junlee@cloudflare.com>

---------

Co-authored-by: Jun Lee <junlee@cloudflare.com>

src/content/docs/api-shield/api-gateway.mdx

@@ -3,7 +3,7 @@ pcx_content_type: concept
 type: overview
 title: API Gateway
 sidebar:
-  order: 4
+  order: 5
 
 ---
 

src/content/docs/api-shield/changelog.mdx

@@ -4,7 +4,7 @@ title: Changelog
 changelog_file_name:
   - api-shield
 sidebar:
-  order: 9
+  order: 10
 
 ---
 

src/content/docs/api-shield/frequently-asked-questions.mdx

@@ -3,7 +3,7 @@ pcx_content_type: faq
 title: FAQ
 structured_data: true
 sidebar:
-  order: 7
+  order: 8
 
 ---
 

src/content/docs/api-shield/glossary.mdx

@@ -2,7 +2,7 @@
 title: Glossary
 pcx_content_type: glossary
 sidebar:
-  order: 8
+  order: 9
 
 ---
 

src/content/docs/api-shield/management-and-monitoring/index.mdx

@@ -3,12 +3,14 @@ pcx_content_type: concept
 type: overview
 title: Management and Monitoring
 sidebar:
-  order: 5
+  order: 6
   label: Endpoint Management
 
 ---
 
-import { GlossaryTooltip } from "~/components"
+import { GlossaryTooltip, Plan } from "~/components"
+
+<Plan type="all" />
 
 Monitor the health of your <GlossaryTooltip term="API endpoint">API endpoints</GlossaryTooltip> by saving, updating, and monitoring performance metrics using API Shield’s Endpoint Management.
 

src/content/docs/api-shield/plans.mdx

@@ -0,0 +1,22 @@
+---
+title: Plans
+pcx_content_type: overview
+type: overview
+sidebar:
+  order: 3
+
+---
+
+Free, Pro, Business, and Enterprise customers without an API Gateway subcription can access [Endpoint Management](/api-shield/management-and-monitoring/) and [Schema Validation](/api-shield/security/schema-validation/), but no other [API Gateway](/api-shield/api-gateway/) features.
+
+To subscribe to API Gateway, upgrade to an Enterprise plan and contact your account team.
+
+Limits to endpoints apply to Endpoint Management and Schema Validation. Refer to the table below for limits based on your zone plan. 
+
+| Plan type | Saved endpoints | Uploaded schemas | Total uploaded schema size (MB) | Rule action |
+| --- | --- | --- | --- | --- |
+| **Free** | 100 | 3 | 1 | `Block` only |
+| **Pro** | 200 | 4 | 2 | `Block` only |
+| **Business** | 500 | 5 | 5 | `Block` only |
+| **Enterprise without API Gateway** | 500 | 5 | 5 | `Log` or `Block` |
+| **Enterprise with API Gateway** | 10,000 | 10+ | 10+ | `Log` or `Block` |

src/content/docs/api-shield/reference/index.mdx

@@ -2,7 +2,7 @@
 pcx_content_type: reference
 title: Reference
 sidebar:
-  order: 6
+  order: 7
   group: 
     hideIndex: true
 

src/content/docs/api-shield/security/index.mdx

@@ -3,7 +3,7 @@ pcx_content_type: navigation
 type: overview
 title: Security
 sidebar:
-  order: 3
+  order: 4
 
 ---
 

src/content/docs/api-shield/security/schema-validation/index.mdx

@@ -6,7 +6,9 @@ sidebar:
 
 ---
 
-import { GlossaryDefinition, GlossaryTooltip } from "~/components"
+import { GlossaryDefinition, GlossaryTooltip, Plan } from "~/components"
+
+<Plan type="all" />
 
 <GlossaryDefinition term="API schema" />
 
@@ -69,6 +71,30 @@ At this time, learned schemas will not overwrite customer-uploaded schemas. If a
 If an endpoint is currently protected by a learned schema, the date of the last applied learned schema will be shown in the current schema field. 
 :::
 
+### Add validation by adding a fallthrough rule
+
+A fallthrough rule acts as a catch-all for requests that do not match endpoints in [Endpoint Management](/api-shield/management-and-monitoring/). 
+
+By ensuring that all your endpoints in a schema are added to Endpoint Management, the fallthrough action can protect you against legacy or zombie endpoints that your team may be unaware of.
+
+To set up a fallthrough action:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain.
+2. Go to **Security** > **API Shield**.
+3. Under **Settings**, go to **Fallthrough settings**.
+4. Select **Use Template**.
+5. Choose one or more hostnames from the drop down menu. The fallthrough rule will act on all traffic that does not match an existing endpoint in Endpoint Management to the selected hostnames.
+6. Select **Continue to custom rule**.
+7. Name your rule and select your action.
+8. Select **Save as draft** to deploy later, or **Deploy** to deploy now.
+
+Your current fallthrough rules can be viewed in the custom rules list or in API Shield's settings under **Fallthrough settings**.
+
+:::note
+
+You can use the `cf.api_gateway.fallthrough_triggered` syntax in your own custom rule for a more customized logic check. This detection will evaluate as `true` when a request does not match an endpoint in Endpoint Management, so it is important to check against your API's hostname or root path to ensure that you are not blocking any non-API traffic on your zone.
+:::
+
 ### Change the action of an entire schema
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account and domain.
@@ -159,7 +185,9 @@ Schema Validation supports [OpenAPI Version 3.0.x schemas](https://spec.openapis
 
 Currently, API Shield does not support some features of API schemas, including the following: all responses, external references, non-basic path templating, or unique items.
 
-There is a limit of 10,000 total operations for enabled schemas.
+There is a limit of 10,000 total operations for enabled schemas for Enterprise customers subscribed to [API Gateway](/api-shield/api-gateway/). To raise this limit, contact your account team. 
+
+For limits on Free, Pro, Business, or Enterprise customers not subscribed to API Gateway, refer to [Plans](/api-shield/plans/).
 
 ### Required fields