-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding DNS API calls to secure-internet-traffic learning path #18388
Draft
tcerqueira-cf
wants to merge
23
commits into
production
Choose a base branch
from
origin/tcerqueira/defense-in-depth-api-calls
base: production
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+452
−30
Draft
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit
Hold shift + click to select a range
9279651
Initial code commit
tcerqueira-cf 3c7697a
Fixed typos
tcerqueira-cf 09414ca
Added terraform code
tcerqueira-cf e3975b6
Fixed typo
tcerqueira-cf 0a78d47
Added API and Terraform code to create the allow list policy
tcerqueira-cf 19c71bf
Added terraform and API code for the All-DNS-Domain-Allowlist rule
tcerqueira-cf 566551a
Fixed JSON capitalization
tcerqueira-cf 2a360ce
Fixed missing import
tcerqueira-cf 5c42de6
Fixed styling issue
tcerqueira-cf df6ab87
Added API and terraform code for Quarantined users restricted access …
tcerqueira-cf 141c95a
Fixed typo
tcerqueira-cf f0dc556
Added terraform and API code for the country geolocation block rule
tcerqueira-cf 4ac36e6
Added Terraform and API code for the misuesed TLD block rule
tcerqueira-cf 16c8ba0
Fixed small typo
tcerqueira-cf f8199f5
Added terraform and API code for the Domain Phishing block rule
tcerqueira-cf dbf54f2
Added tf and API code for the DNS Resolved IP Blocklist rule
tcerqueira-cf a061c44
Modified enforce-device-posture partial to add terraform and API code
tcerqueira-cf 1ab4823
Fixed typo
tcerqueira-cf a15df8f
Fixed typo
tcerqueira-cf a977605
Fixed small typo
tcerqueira-cf 0adca5b
Fixed typo
tcerqueira-cf 7f40cc7
Merge branch 'production' into origin/tcerqueira/defense-in-depth-api…
maxvp 95be41f
Fix formatting
maxvp File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I investigated if it was possible to add this to the partial referenced for the dashboard (gateway/policies/block-security-categories), however, this partial is being re-used for HTTP and DNS policies. Considering that in the API/Terraform you need different wirefilter expressions for HTTP and DNS, I would love to know if there's a way to modify the partial so that it also contains the API and Terraform code when it's inserted.
Following up on this note, on the DNS policies, the selector is in fact "Security Categories", while in the HTTP tab, the selector is "Security Risks". I'm not sure if this alone warrants for splitting this partial into one that is applied to DNS and another that is applied to HTTP, to which it would then make sense to add the API and TF code for the respective traffic type
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Files that reference the mentioned partial:
src/content/docs/cloudflare-one/policies/gateway/initial-setup/http.mdx
src/content/docs/cloudflare-one/policies/gateway/initial-setup/dns.mdx
src/content/docs/learning-paths/cybersafe/gateway-onboarding/gateway-create-test-policy.mdx
src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/create-policy.mdx
src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/test-policy.mdx
src/content/docs/learning-paths/secure-internet-traffic/build-dns-policies/recommended-dns-policies.mdx
src/content/partials/cloudflare-one/gateway/policies/recommended-dns-policies.mdx
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can create flexible partials that accept parameters for different use cases (e.g. if a selector is used in both DNS and HTTP policies, you can use either
dnsorhttp.connin the API value depending on the page). Since the API sections are much longer than a string, it may be easier to break them out into their own partials.