cloudflare · patriciasantaana · Jun 30, 2025 · Jun 26, 2025 · Jun 27, 2025 · Jun 27, 2025
@@ -417,8 +417,16 @@
 /ddos-protection/tcp-protection/rule-settings/ /ddos-protection/advanced-ddos-systems/rule-settings/ 301
 /ddos-protection/dns-protection/ /ddos-protection/advanced-ddos-systems/overview/advanced-dns-protection/ 301
 /ddos-protection/tcp-protection/api/ /ddos-protection/advanced-ddos-systems/api/ 301
-
-# dns
+/ddos-protection/managed-rulesets/http/configure-api/ /ddos-protection/managed-rulesets/http/http-overrides/configure-api/ 301
+/ddos-protection/managed-rulesets/http/configure-dashboard/  /ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/ 301
+/ddos-protection/managed-rulesets/http/link-configure-terraform/  /ddos-protection/managed-rulesets/http/http-overrides/link-configure-terraform/ 301
+/ddos-protection/managed-rulesets/http/override-expressions/  /ddos-protection/managed-rulesets/http/http-overrides/override-expressions/ 301
+/ddos-protection/managed-rulesets/network/configure-api/  /ddos-protection/managed-rulesets/network/network-overrides/configure-api/ 301
+/ddos-protection/managed-rulesets/network/configure-dashboard/  /ddos-protection/managed-rulesets/network/network-overrides/configure-dashboard/ 301
+/ddos-protection/managed-rulesets/network/link-configure-terraform/  /ddos-protection/managed-rulesets/network/network-overrides/link-configure-terraform/ 301
+/ddos-protection/managed-rulesets/network/override-expressions/  /ddos-protection/managed-rulesets/network/network-overrides/override-expressions/ 301
+
+ # dns
 /dns/additional-options/cname-flattening/ /dns/cname-flattening/ 301
 /dns/additional-options/dnssec/ /dns/dnssec/ 301
 /dns/foundation-dns/graphql-analytics/ /dns/additional-options/analytics/ 301

@@ -23,7 +23,7 @@ Cloudflare uses a set of dynamic rules that scan for attack patterns, known atta
 
 :::note
 
-You can set an override expression for the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/override-expressions/) or [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/override-expressions/) managed ruleset to define a specific scope for sensitivity level or action adjustments.
+You can set an override expression for the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/http-overrides/override-expressions/) or [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/network-overrides/override-expressions/) managed ruleset to define a specific scope for sensitivity level or action adjustments.
 :::
 
 Once attack traffic matches a rule, Cloudflare's systems will track that traffic and generate a real-time signature to surgically match against the attack pattern and mitigate the attack without impacting legitimate traffic. The rules are able to generate different signatures based on various properties of the attacks and the signal strength of each attribute. For example, if the attack is distributed — that is, originating from many source IPs — then the source IP field will not serve as a strong indicator, and the rule will not choose the source IP field as part of the attack signature. Once generated, the fingerprint is propagated as a mitigation rule to the most optimal location on the Cloudflare global network for cost-efficient mitigation. These mitigation rules are ephemeral and will expire shortly after the attack has ended, which happens when no additional traffic has been matched to the rule.

@@ -49,6 +49,6 @@ Additionally, since this traffic may also be targeting a limited set of destinat
 If your organization uses VPNs, NATs, or third-party services at high rates of over 100 Mbps, it is recommended that you one of the following:
 
 - Change the **Sensitivity Level** of the relevant rules to a lower level. Changing the level to _Essentially Off_ will prevent the rules from being triggered. Refer to [HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/) and [Network-layer DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/network/) for more information on the available adjustments per ruleset and how to perform them.
-- Exclude the desired traffic from the Managed DDoS rule using expression filters. You can exclude a combination of source ports, source IP addresses, destination ports, destination IP addresses, and protocol. For more information, refer to [Configure Network-layer DDoS Attack Protection via API](/ddos-protection/managed-rulesets/network/configure-api/).
+- Exclude the desired traffic from the Managed DDoS rule using expression filters. You can exclude a combination of source ports, source IP addresses, destination ports, destination IP addresses, and protocol. For more information, refer to [Configure Network-layer DDoS Attack Protection via API](/ddos-protection/managed-rulesets/network/network-overrides/configure-api/).
 
 If you are on an Enterprise plan, you can change a rule’s action to _Log_ to view the flagged traffic in the [analytics dashboard](/ddos-protection/reference/analytics/). After gathering this information, you can later define rule adjustments as previously described.
@@ -21,7 +21,7 @@ Cloudflare has a regular cadence of releasing updates and new rules to the DDoS
 The release cycle for a new rule within the regular cadence follows this process:
 
 - Cloudflare adds a new rule configured with the _Log_ action, and announces the rule in the "Scheduled changes" section of each managed ruleset.
-- From that point on, if this rule matches any traffic, the matched traffic will be visible in one of the [analytics dashboards](/ddos-protection/reference/analytics/). If you suspect this might be a false positive, you can lower the sensitivity for that rule. Refer to [Handle a false positive](/ddos-protection/managed-rulesets/adjust-rules/false-positive/) for details.
+- From that point on, if this rule matches any traffic, the matched traffic will be visible in one of the [analytics dashboards](/ddos-protection/reference/analytics/). If you suspect this might be a false positive, you can lower the sensitivity for that rule. Refer to [override examples](/ddos-protection/managed-rulesets/http/http-overrides/override-examples/#legitimate-traffic-is-incorrectly-identified-as-an-attack-and-causes-a-false-positive) for details.
 - Cloudflare updates the rule action to mitigate traffic (for example, using the _Block_ action) after a period of at least seven days, usually on a Monday. The exact date is shown in the scheduled changes list.
 
 Changes to existing rules follow the same process, except that Cloudflare will create a temporary updated rule (denoted as `BETA` in rule description) before updating the original rule on the next release cycle.

@@ -112,11 +112,11 @@ These tools and attacks exploit different aspects of network protocols and behav
 
 ## Can I exclude specific user agents from HTTP DDoS protection?
 
-Yes, you can create an [override](/ddos-protection/managed-rulesets/http/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/ddos-protection/managed-rulesets/http/override-expressions/#available-expression-fields) that you can use.
+Yes, you can create an [override](/ddos-protection/managed-rulesets/http/http-overrides/override-expressions/) and use the expression fields to match against HTTP requests with the user agent. There are a variety of [fields](/ddos-protection/managed-rulesets/http/http-overrides/override-expressions/#available-expression-fields) that you can use.
 
 You can then adjust the [sensitivity level](/ddos-protection/managed-rulesets/http/override-parameters/#sensitivity-level) or [mitigation action](/ddos-protection/managed-rulesets/http/override-parameters/#action).
 
-Refer to the guide on how to [create an override](/ddos-protection/managed-rulesets/http/configure-dashboard/#create-a-ddos-override).
+Refer to the guide on how to [create an override](/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/#create-a-ddos-override).
 
 The use of expression fields is subject to [availability](/ddos-protection/#availability). 
 

@@ -14,7 +14,7 @@ In some situations, the default protection offered by DDoS rules may need to be
 
 ### Adjust the provided DDoS rules
 
-If one or more DDoS rules provided by Cloudflare affects legitimate traffic, you can adjust them so that they do not perform any mitigation action against this kind of traffic. Follow the steps in [Handle a false positive](/ddos-protection/managed-rulesets/adjust-rules/false-positive/) to reduce the sensitivity level of one or more DDoS rules and allow incoming legitimate traffic.
+If one or more DDoS rules provided by Cloudflare affects legitimate traffic, you can adjust them so that they do not perform any mitigation action against this kind of traffic. Follow the steps in [handling a false positive](/ddos-protection/managed-rulesets/http/http-overrides/override-examples/#legitimate-traffic-is-incorrectly-identified-as-an-attack-and-causes-a-false-positive) to reduce the sensitivity level of one or more DDoS rules and allow incoming legitimate traffic.
 
 ### Configure additional protection
 
@@ -47,13 +47,13 @@ The _Log_ action is only available to Enterprise customers.
 :::
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account.
-2. [Configure all the rules in the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/configure-dashboard/#create-a-ddos-override), setting their action to _Log_.
-3. [Configure all the rules in the Network-layer DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/network/configure-dashboard/#create-a-ddos-override), setting the action to _Log_.
+2. [Configure all the rules in the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/#create-a-ddos-override), setting their action to _Log_.
+3. [Configure all the rules in the Network-layer DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/network/network-overrides/configure-dashboard/#create-a-ddos-override), setting the action to _Log_.
 
 Alternatively, if you are using the API, define an override at the ruleset level to set the action of all managed ruleset rules to `log` by following these instructions:
 
-- [Configure an override for the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/configure-api/#configure-an-override-for-the-http-ddos-attack-protection-managed-ruleset)
-- [Configure an override for the Network-layer DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/network/configure-api/#configure-an-override-for-the-network-layer-ddos-attack-protection-managed-ruleset)
+- [Configure an override for the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/http-overrides/configure-api/#configure-an-override-for-the-http-ddos-attack-protection-managed-ruleset)
+- [Configure an override for the Network-layer DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/network/network-overrides/configure-api/#configure-an-override-for-the-network-layer-ddos-attack-protection-managed-ruleset)
 
 ### 2. Review flagged traffic
 
@@ -66,18 +66,18 @@ Customize the specific managed ruleset rules you identified, changing their sens
 
 If you are using the Cloudflare dashboard, refer to:
 
-- [Configure HTTP DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/http/configure-dashboard/)
-- [Configure Network-layer DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/network/configure-dashboard/)
+- [Configure HTTP DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/)
+- [Configure Network-layer DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/network/network-overrides/configure-dashboard/)
 
 If you are using the API, refer to:
 
-- [Configure HTTP DDoS Attack Protection via API](/ddos-protection/managed-rulesets/http/configure-api/)
-- [Configure Network-layer DDoS Attack Protection via API](/ddos-protection/managed-rulesets/network/configure-api/)
+- [Configure HTTP DDoS Attack Protection via API](/ddos-protection/managed-rulesets/http/http-overrides/configure-api/)
+- [Configure Network-layer DDoS Attack Protection via API](/ddos-protection/managed-rulesets/network/network-overrides/configure-api/)
 
 When using the API, ensure that you add any required rule overrides without removing the ruleset override you configured in [Step 1](#1-configure-ruleset-actions-to-log).
 
 ### 4. Switch ruleset actions back to the default
 
 Revert the change you did in [Step 1](#1-configure-ruleset-actions-to-log), changing the action of each managed ruleset rule back to _Default_ in **Ruleset action**.
 
-Alternatively, if you are using the API, [remove the override](/ddos-protection/managed-rulesets/http/configure-api/#configure-an-override-for-the-http-ddos-attack-protection-managed-ruleset) you previously configured at the ruleset level for each managed ruleset. Ensure that you only remove the ruleset override and not any of the rule overrides you may have configured in [Step 3](#3-customize-managed-ruleset-rules).
+Alternatively, if you are using the API, [remove the override](/ddos-protection/managed-rulesets/http/http-overrides/configure-api/#configure-an-override-for-the-http-ddos-attack-protection-managed-ruleset) you previously configured at the ruleset level for each managed ruleset. Ensure that you only remove the ruleset override and not any of the rule overrides you may have configured in [Step 3](#3-customize-managed-ruleset-rules).
@@ -45,7 +45,7 @@ Cloudflare may change the logic of these protection rules from time to time to i
 
 Cloudflare’s network is built to automatically monitor and mitigate large DDoS attacks. Cloudflare also helps mitigate smaller DDoS attacks, based on the following general rules:
 
-- For zones on any plan, Cloudflare will apply mitigations when the HTTP error rate is above the _High_ (default) sensitivity level of 1,000 errors-per-second rate threshold. You can decrease the sensitivity level by [configuring the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/configure-dashboard/).
+- For zones on any plan, Cloudflare will apply mitigations when the HTTP error rate is above the _High_ (default) sensitivity level of 1,000 errors-per-second rate threshold. You can decrease the sensitivity level by [configuring the HTTP DDoS Attack Protection managed ruleset](/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/).
 - For zones on Pro, Business, and Enterprise plans, Cloudflare performs an additional check for better detection accuracy: the errors-per-second rate must also be at least five times the normal origin traffic levels before applying DDoS mitigations.
 
 Cloudflare determines the error rate based on all HTTP errors in the 52X range (Internal Server Error) and in the 53X range, except for [error 530](/support/troubleshooting/http-status-codes/cloudflare-5xx-errors/error-530). Currently, for DDoS mitigations based on HTTP error rate, you cannot exclude specific HTTP error codes.
@@ -90,8 +90,8 @@ You can adjust the action and sensitivity of the Adaptive DDoS Protection rules.
 
 To configure a rule, refer to the instructions in the following pages:
 
-- [Configure HTTP DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/http/configure-dashboard/) (for L7 rules)
-- [Configure Network-layer DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/network/configure-dashboard/) (for L3/4 rules)
+- [Configure HTTP DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/http/http-overrides/configure-dashboard/) (for L7 rules)
+- [Configure Network-layer DDoS Attack Protection in the dashboard](/ddos-protection/managed-rulesets/network/network-overrides/configure-dashboard/) (for L3/4 rules)
 
 For more information on the available configuration parameters, refer to the following pages:
-Original file line number
+Diff line change
@@ Expand Up @@
     :::note
-    You can set an override expression for the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/override-expressions/) or [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/override-expressions/) managed ruleset to define a specific scope for sensitivity level or action adjustments.
+    You can set an override expression for the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/http-overrides/override-expressions/) or [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/network-overrides/override-expressions/) managed ruleset to define a specific scope for sensitivity level or action adjustments.
     :::
     Once attack traffic matches a rule, Cloudflare's systems will track that traffic and generate a real-time signature to surgically match against the attack pattern and mitigate the attack without impacting legitimate traffic. The rules are able to generate different signatures based on various properties of the attacks and the signal strength of each attribute. For example, if the attack is distributed — that is, originating from many source IPs — then the source IP field will not serve as a strong indicator, and the rule will not choose the source IP field as part of the attack signature. Once generated, the fingerprint is propagated as a mitigation rule to the most optimal location on the Cloudflare global network for cost-efficient mitigation. These mitigation rules are ephemeral and will expire shortly after the attack has ended, which happens when no additional traffic has been matched to the rule.
@@ Expand Down @@