From a3fbc0fb34dad709170799c005f7342b60ec1770 Mon Sep 17 00:00:00 2001
From: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
Date: Wed, 16 Oct 2024 11:34:20 +0100
Subject: [PATCH] Move location of OWASP example
---
.../waf/account/managed-rulesets/index.mdx | 105 ++++++++++++++++-
.../managed-rulesets/owasp-example.mdx | 108 ------------------
2 files changed, 103 insertions(+), 110 deletions(-)
delete mode 100644 src/content/docs/waf/account/managed-rulesets/owasp-example.mdx
diff --git a/src/content/docs/waf/account/managed-rulesets/index.mdx b/src/content/docs/waf/account/managed-rulesets/index.mdx
index 46c0c11a61efd3..8401e9cf4c758f 100644
--- a/src/content/docs/waf/account/managed-rulesets/index.mdx
+++ b/src/content/docs/waf/account/managed-rulesets/index.mdx
@@ -5,7 +5,7 @@ sidebar:
order: 4
---
-import { Render } from "~/components";
+import { Render, Tabs, TabItem, Details } from "~/components";
:::note
This feature requires an Enterprise plan with a paid add-on.
@@ -17,7 +17,108 @@ This feature requires an Enterprise plan with a paid add-on.
At the account level, you can deploy each [WAF managed ruleset](/waf/managed-rules/#managed-rulesets) more than once. This means that you can apply the same managed ruleset with different configurations to different subsets of incoming traffic for the Enterprise zones in your account.
-For example, you could deploy the [Cloudflare OWASP Core Ruleset](/waf/managed-rules/reference/owasp-core-ruleset/) multiple times with different paranoia levels and a different action (_Log_ action for PL4 and _Managed Challenge_ action for PL3). Refer to [Example OWASP configuration](/waf/account/managed-rulesets/owasp-example/) for details on how to set up this configuration.
+For example, you could deploy the [Cloudflare OWASP Core Ruleset](/waf/managed-rules/reference/owasp-core-ruleset/) multiple times with different paranoia levels and a different action (_Managed Challenge_ action for PL3 and _Log_ action for PL4).
+
+
+
+The following example deploys the [Cloudflare OWASP Core Ruleset](/waf/managed-rules/reference/owasp-core-ruleset/) multiple times at the account level through the following execute rules:
+
+- First execute rule: Enable OWASP rules up to paranoia level 3 (PL3) and set the action to _Managed Challenge_.
+- Second execute rule: Enable OWASP rules up to PL4 and set the action to _Log_.
+
+This configuration gives you additional protection by enabling PL3 rules, but without blocking the requests, since higher paranoia levels are more prone to false positives.
+
+The second rule logs any matches for PL4 rules, the most strict set of rules in the ruleset, so that it does not affect live traffic. You could use this configure to understand which traffic would be affected by PL4 rules.
+
+
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
+
+2. Go to Account Home > **WAF** > **Managed rulesets**.
+
+3. Select **Deploy** > **Deploy managed ruleset**.
+
+4. Next to the **Cloudflare OWASP Core Ruleset**, select **Select ruleset**.
+
+5. Give a name to the rule deploying the ruleset in **Execution name**.
+
+6. (Optional) To execute the managed ruleset for a subset of incoming requests, select **Edit scope** and [configure the expression](/ruleset-engine/rules-language/expressions/edit-expressions/) that will determine the scope of the current rule deploying the managed ruleset.
+
+7. Customize the behavior of the managed ruleset in the following ways:
+
+ - **OWASP Anomaly Score Threshold**: _Medium - 40 and higher_
+ - **OWASP Paranoia Level**: _PL3_
+ - **OWASP Action**: _Managed Challenge_
+
+8. Select **Deploy**.
+
+9. Repeat the procedure with the following ruleset configuration:
+
+ - **OWASP Anomaly Score Threshold**: _Medium - 40 and higher_
+ - **OWASP Paranoia Level**: _PL4_
+ - **OWASP Action**: _Log_
+
+Once you finish your configuration, the **Deployed managed rulesets** list will show two _Execute_ rules for the Cloudflare OWASP Core Ruleset.
+
+
+
+The following `POST` request creates an [entry point ruleset](/ruleset-engine/about/rulesets/#entry-point-ruleset) for the `http_request_firewall_managed` phase at the account level. The ruleset includes two rules deploying the Cloudflare OWASP Core Ruleset twice with different configurations.
+
+```bash
+curl "https://api.cloudflare.com/client/v4/accounts/{account_id}/rulesets" \
+--header "Authorization: Bearer " \
+--header "Content-Type: application/json" \
+--data '{
+ "name": "My ruleset",
+ "description": "Entry point ruleset for WAF managed rulesets (account)",
+ "kind": "root",
+ "phase": "http_request_firewall_managed",
+ "rules": [
+ {
+ "action": "execute",
+ "action_parameters": {
+ "id": "4814384a9e5d4991b9815dcfc25d2f1f",
+ "overrides": {
+ "categories": [
+ {
+ "category": "paranoia-level-4",
+ "enabled": false
+ }
+ ],
+ "rules": [
+ {
+ "id": "6179ae15870a4bb7b2d480d4843b323c",
+ "action": "managed_challenge"
+ }
+ ]
+ }
+ },
+ "expression": "cf.zone.plan eq \"ENT\"",
+ "description": "Execute OWASP ruleset at PL3 with Managed Challenge action"
+ },
+ {
+ "action": "execute",
+ "action_parameters": {
+ "id": "4814384a9e5d4991b9815dcfc25d2f1f",
+ "overrides": {
+ "rules": [
+ {
+ "id": "6179ae15870a4bb7b2d480d4843b323c",
+ "action": "log"
+ }
+ ]
+ }
+ },
+ "expression": "cf.zone.plan eq \"ENT\"",
+ "description": "Execute OWASP ruleset at PL4 with Log action"
+ }
+ ]
+}'
+```
+
+
+
+
-
-1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/) and select your account.
-
-2. Go to Account Home > **WAF** > **Managed rulesets**.
-
-3. Select **Deploy** > **Deploy managed ruleset**.
-
-4. Next to the **Cloudflare OWASP Core Ruleset**, select **Select ruleset**.
-
-5. Give a name to the rule deploying the ruleset in **Execution name**.
-
-6. (Optional) To execute the managed ruleset for a subset of incoming requests, select **Edit scope** and [configure the expression](/ruleset-engine/rules-language/expressions/edit-expressions/) that will determine the scope of the current rule deploying the managed ruleset.
-
-7. Customize the behavior of the managed ruleset in the following ways:
-
- - **OWASP Anomaly Score Threshold**: _Medium - 40 and higher_
- - **OWASP Paranoia Level**: _PL3_
- - **OWASP Action**: _Managed Challenge_
-
-8. Select **Deploy**.
-
-9. Repeat the procedure with the following ruleset configuration:
-
- - **OWASP Anomaly Score Threshold**: _Medium - 40 and higher_
- - **OWASP Paranoia Level**: _PL4_
- - **OWASP Action**: _Log_
-
-Once you finish your configuration, the **Deployed managed rulesets** list will show two _Execute_ rules for the Cloudflare OWASP Core Ruleset.
-
-
-
-The following `POST` request creates an [entry point ruleset](/ruleset-engine/about/rulesets/#entry-point-ruleset) for the `http_request_firewall_managed` phase at the account level. The ruleset includes two rules deploying the Cloudflare OWASP Core Ruleset twice with different configurations.
-
-```bash
-curl "https://api.cloudflare.com/client/v4/accounts/{account_id}/rulesets" \
---header "Authorization: Bearer " \
---header "Content-Type: application/json" \
---data '{
- "name": "My ruleset",
- "description": "Entry point ruleset for WAF managed rulesets (account)",
- "kind": "root",
- "phase": "http_request_firewall_managed",
- "rules": [
- {
- "action": "execute",
- "action_parameters": {
- "id": "4814384a9e5d4991b9815dcfc25d2f1f",
- "overrides": {
- "categories": [
- {
- "category": "paranoia-level-4",
- "enabled": false
- }
- ],
- "rules": [
- {
- "id": "6179ae15870a4bb7b2d480d4843b323c",
- "action": "managed_challenge"
- }
- ]
- }
- },
- "expression": "cf.zone.plan eq \"ENT\"",
- "description": "Execute OWASP ruleset at PL3 with Managed Challenge action"
- },
- {
- "action": "execute",
- "action_parameters": {
- "id": "4814384a9e5d4991b9815dcfc25d2f1f",
- "overrides": {
- "rules": [
- {
- "id": "6179ae15870a4bb7b2d480d4843b323c",
- "action": "log"
- }
- ]
- }
- },
- "expression": "cf.zone.plan eq \"ENT\"",
- "description": "Execute OWASP ruleset at PL4 with Log action"
- }
- ]
-}'
-```
-
-