cloudflare · pedrosousa · Dec 30, 2024 · Dec 11, 2024 · Dec 11, 2024 · Dec 19, 2024
@@ -6,14 +6,12 @@ sidebar:
 head:
   - tag: title
     content: Cache Rules — Terraform example
-
 ---
 
-import { Details } from "~/components"
+import { Details } from "~/components";
 
 The following example defines a single cache rule for a zone using Terraform. The rule configures several cache settings and sets a custom cache key for incoming requests addressed at `example.net`.
 
-
 <Details header="Terraform `cloudflare_ruleset` resource">
 
 ```tf
@@ -26,7 +24,10 @@ resource "cloudflare_ruleset" "cache_rules_example" {
   phase       = "http_request_cache_settings"
 
   rules {
-    action = "set_cache_settings"
+		ref         = "cache_settings_custom_cache_key"
+    description = "Set cache settings and custom cache key for example.net"
+    expression  = "(http.host eq \"example.net\")"
+    action      = "set_cache_settings"
     action_parameters {
       edge_ttl {
         mode    = "override_origin"
@@ -77,14 +78,10 @@ resource "cloudflare_ruleset" "cache_rules_example" {
       }
       origin_error_page_passthru = false
     }
-    expression  = "(http.host eq \"example.net\")"
-    description = "Set cache settings and custom cache key for example.net"
-    enabled     = true
   }
 }
 ```
 
-
 </Details>
 
 For additional guidance on using Terraform with Cloudflare, refer to [Terraform](/terraform/).
@@ -23,14 +23,14 @@ resource "cloudflare_ruleset" "http_config_rules_example" {
   phase       = "http_config_settings"
 
   rules {
-    action = "set_config"
+    ref         = "disable_obfuscation_bic"
+    description = "Disable email obfuscation and BIC for API requests"
+    expression  = "(http.request.uri.path matches \"^/api/\")"
+    action      = "set_config"
     action_parameters {
       email_obfuscation = false
       bic               = false
     }
-    expression  = "(http.request.uri.path matches \"^/api/\")"
-    description = "Disable email obfuscation and BIC for API requests"
-    enabled     = true
   }
 }
 ```

@@ -23,17 +23,17 @@ resource "cloudflare_ruleset" "http_origin_example" {
   phase       = "http_request_origin"
 
   rules {
-    action = "route"
+	  ref         = "change_api_origin"
+    description = "Change origin of API requests"
+    expression  = "(http.request.uri.path matches \"^/api/\")"
+    action      = "route"
     action_parameters {
       host_header = "example.net"
       origin {
         host = "example.net"
         port = 8000
       }
     }
-    expression  = "(http.request.uri.path matches \"^/api/\")"
-    description = "Change origin of API requests"
-    enabled     = true
   }
 }
 ```

@@ -20,7 +20,10 @@ resource "cloudflare_ruleset" "single_redirects_example" {
   phase       = "http_request_dynamic_redirect"
 
   rules {
-    action = "redirect"
+    ref         = "redirect_old_url"
+    description = "Redirect visitors still using old URL"
+    expression  = "(http.request.uri.path matches \"^/contact-us/\")"
+    action      = "redirect"
     action_parameters {
       from_value {
         status_code = 301
@@ -30,9 +33,6 @@ resource "cloudflare_ruleset" "single_redirects_example" {
         preserve_query_string = false
       }
     }
-    expression  = "(http.request.uri.path matches \"^/contact-us/\")"
-    description = "Redirect visitors still using old URL"
-    enabled     = true
   }
 }
 ```

@@ -1,7 +1,7 @@
 ---
 pcx_content_type: how-to
 title: Speed Brain
-sidebar: 
+sidebar:
   order: 9
   badge:
     text: Beta
@@ -22,6 +22,7 @@ Speed Brain is a tool for improving web page performance by prefetching the most
 ## Requirements
 
 Speed Brain works under the following conditions:
+
 - The Speed Brain feature is enabled in Cloudflare.
 - The browser of the web page visitor is using a Chromium-based browser version 121 or later.
 - The web page requested by the prefetch is eligible for cache.
@@ -43,15 +44,15 @@ The configuration looks like this:
 
 ```json
 {
-  "prefetch": [{
-    "source": "document",
-    "where": {
-      "and": [
-        { "href_matches": "/*", "relative_to": "document" },
-      ]
-    },
-    "eagerness": "conservative"
-  }]
+	"prefetch": [
+		{
+			"source": "document",
+			"where": {
+				"and": [{ "href_matches": "/*", "relative_to": "document" }]
+			},
+			"eagerness": "conservative"
+		}
+	]
 }
 ```
 
@@ -99,13 +100,13 @@ To disable Speed Brain, set `value:` to `"off"`.
 
 </TabItem> <TabItem label="Terraform">
 
-You can also configure Speed Brain using Terraform. For more details, refer to the [`cloudflare_zone_settings_override`](https://registry.terraform.io/providers/cloudflare/cloudflare/4.48.0/docs/resources/zone_settings_override) resource in the Terraform documentation.
+You can also configure Speed Brain using Terraform. For more details, refer to the `cloudflare_zone_settings_override` resource in the [Terraform documentation](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs).
 
 </TabItem> </Tabs>
 
 ## Caveats
 
-- Since prefetch responses are not guaranteed to be rendered by the browser, Speed Brain includes two safeguards to minimize the risk of [unsafe prefetching](https://developer.mozilla.org/en-US/docs/Web/API/Speculation_Rules_API#unsafe_prefetching): 
+- Since prefetch responses are not guaranteed to be rendered by the browser, Speed Brain includes two safeguards to minimize the risk of [unsafe prefetching](https://developer.mozilla.org/en-US/docs/Web/API/Speculation_Rules_API#unsafe_prefetching):
 
   - Speed Brain will not prefetch on routes that run Workers. Without this safeguard, prefetch requests could inadvertently run Worker logic that assumes the incoming request is a normal (that is, not a prefetch) request. An example of this could be an incrementing page view counter running in a Worker. A page view counter should not increment if the page is not actually rendered in the browser.
 
@@ -115,4 +116,4 @@ You can also configure Speed Brain using Terraform. For more details, refer to t
 
 - Speed Brain will not work with restrictive [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src) configurations using `strict-dynamic` or `nonce-{hash}` attributes.
 
-- Currently, Speed Brain is not compatible with websites that use or rely on `pages.dev`. 
+- Currently, Speed Brain is not compatible with websites that use or rely on `pages.dev`.
@@ -45,21 +45,21 @@ resource "cloudflare_ruleset" "zone_level_http_ddos_config" {
   phase       = "ddos_l7"
 
   rules {
-    action = "execute"
+    ref         = "override_l7_ddos_ruleset_all"
+    description = "Override the HTTP DDoS Attack Protection managed ruleset"
+    expression  = "true"
+    action      = "execute"
     action_parameters {
       # Cloudflare L7 DDoS Attack Protection Ruleset
       id = "4d21379b4f9f4bb088e0729962c8b3cf"
       overrides {
         rules {
           # Rule: HTTP requests with unusual HTTP headers or URI path (signature #11).
-          id = "fdfdac75430c4c47a959592f0aa5e68a"
+          id                = "fdfdac75430c4c47a959592f0aa5e68a"
           sensitivity_level = "low"
         }
       }
     }
-    expression = "true"
-    description = "Override the HTTP DDoS Attack Protection managed ruleset"
-    enabled = true
   }
 }
 ```
@@ -86,21 +86,21 @@ resource "cloudflare_ruleset" "account_level_network_ddos_config" {
   phase       = "ddos_l4"
 
   rules {
-    action = "execute"
+    ref         = "override_l7_ddos_ruleset_dst_ip"
+    description = "Override the HTTP DDoS Attack Protection managed ruleset"
+    expression  = "ip.dst in { 192.0.2.0/24 }"
+    action      = "execute"
     action_parameters {
       # Cloudflare L3/4 DDoS Attack Protection Ruleset
       id = "3b64149bfa6e4220bbbc2bd6db589552"
       overrides {
         rules {
           # Rule: Generic high-volume UDP traffic flows.
-          id = "599dab0942ff4898ac1b7797e954e98b"
+          id                = "599dab0942ff4898ac1b7797e954e98b"
           sensitivity_level = "low"
         }
       }
     }
-    expression = "ip.dst in { 192.0.2.0/24 }"
-    description = "Override the HTTP DDoS Attack Protection managed ruleset"
-    enabled = true
   }
 }
 ```
@@ -159,53 +159,53 @@ resource "cloudflare_ruleset" "zone_level_http_ddos_config" {
   # level.
 
   rules {
+    ref         = "l7_ddos_block_traffic_low_threshold"
     description = "At the low sensitivity threshold, block the traffic"
-    action = "execute"
+    expression  = "true"
+    action      = "execute"
     action_parameters {
       # Cloudflare L7 DDoS Attack Protection Ruleset
       id = "4d21379b4f9f4bb088e0729962c8b3cf"
       overrides {
         rules {
           # Rule: HTTP requests from known botnet (signature #4).
-          id = "29d170ba2f004cc787b1ac272c9e04e7"
+          id                = "29d170ba2f004cc787b1ac272c9e04e7"
           sensitivity_level = "low"
-          action = "block"
+          action            = "block"
         }
         rules {
           # Rule: HTTP requests with unusual HTTP headers or URI path (signature #16).
-          id = "60a48054bbcf4014ac63c44f1712a123"
+          id                = "60a48054bbcf4014ac63c44f1712a123"
           sensitivity_level = "low"
-          action = "block"
+          action            = "block"
         }
       }
     }
-    expression = "true"
-    enabled = true
   }
 
   rules {
+    ref         = "l7_ddos_log_default_threshold"
     description = "At the default sensitivity threshold, log to see if any legitimate traffic gets caught"
-    action = "execute"
+    expression  = "true"
+    action      = "execute"
     action_parameters {
       # Cloudflare L7 DDoS Attack Protection Ruleset
       id = "4d21379b4f9f4bb088e0729962c8b3cf"
       overrides {
         rules {
           # Rule: HTTP requests from known botnet (signature #4).
-          id = "29d170ba2f004cc787b1ac272c9e04e7"
+          id                = "29d170ba2f004cc787b1ac272c9e04e7"
           sensitivity_level = "default"
-          action = "log"
+          action            = "log"
         }
         rules {
           # Rule: HTTP requests with unusual HTTP headers or URI path (signature #16).
-          id = "60a48054bbcf4014ac63c44f1712a123"
+          id                = "60a48054bbcf4014ac63c44f1712a123"
           sensitivity_level = "default"
-          action = "log"
+          action            = "log"
         }
       }
     }
-    expression = "true"
-    enabled = true
   }
 }
 ```