From df037574b5e3b659774c84daf0186fe59f3c2cfa Mon Sep 17 00:00:00 2001 From: Max Phillips Date: Fri, 20 Dec 2024 16:05:50 -0600 Subject: [PATCH] Remove device posture for DNS policies --- .../gateway/dns-policies/common-policies.mdx | 37 +++++++++++++------ .../gateway/get-started/create-dns-policy.mdx | 1 - 2 files changed, 26 insertions(+), 12 deletions(-) diff --git a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx index e3bb9ed9faff7c..4210c1e073241d 100644 --- a/src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx +++ b/src/content/docs/cloudflare-one/policies/gateway/dns-policies/common-policies.mdx @@ -43,7 +43,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.domains[*] in $)", "identity": "", - "device_posture": "" }' ``` @@ -78,7 +77,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.security_category[*] in {68 178 80 83 176 175 117 131 134 151 153})", "identity": "", - "device_posture": "" }' ``` @@ -112,7 +110,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.content_category[*] in {17 85 87 102 157 135 138 180 162 32 169 177 128 15 115 119 124 141 161})", "identity": "", - "device_posture": "" }' ``` @@ -146,7 +143,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(app.type.ids[*] in {25})", "identity": "", - "device_posture": "" }' ``` @@ -180,7 +176,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.dst.geo.country[*] in {\"AF\" \"BY\" \"CD\" \"CU\" \"IR\" \"IQ\" \"KP\" \"MM\" \"RU\" \"SD\" \"SY\" \"UA\" \"ZW\"})", "identity": "", - "device_posture": "" }' ``` @@ -216,7 +211,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.domains[*] matches \"[.](cn|ru)$\") or any(dns.domains[*] matches \"[.](rest|hair|top|live|cfd|boats|beauty|mom|skin|okinawa)$\") or any(dns.domains[*] matches \"[.](zip|mobi)$\")", "identity": "", - "device_posture": "" }' ``` @@ -251,7 +245,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "not(any(dns.domains[*] in $)) and any(dns.domains[*] matches \".*okta.*\\|.*cloudflare.*\\|.*mfa.*\\|.sso.*\")", "identity": "", - "device_posture": "" }' ``` @@ -285,7 +278,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.domains[*] in $)", "identity": "", - "device_posture": "" }' ``` @@ -319,7 +311,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.resolved_ips[*] in $)", "identity": "", - "device_posture": "" }' ``` @@ -327,7 +318,7 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ## Turn on CIPA filter -The CIPA (Children's Internet Protection Act) Filter is a collection of subcategories that encompass a wide range of topics that could be harmful or inappropriate for minors. It is used as a part of [Project Cybersafe Schools](/fundamentals/reference/policies-compliances/cybersafe/) to block access to unwanted or harmful online content. Upon creating this policy, your organization will have minimum CIPA compliance. +The CIPA (Children's Internet Protection Act) Filter is a collection of subcategories that encompass a wide range of topics that could be harmful or inappropriate for minors. It is used as a part of [Project Cybersafe Schools](/fundamentals/reference/policies-compliances/cybersafe/) to block access to unwanted or harmful online content. Upon creating this policy, your organization will have minimum [CIPA compliance](https://www.fcc.gov/consumers/guides/childrens-internet-protection-act). @@ -353,7 +344,6 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ ], "traffic": "any(dns.content_category[*] in {182})", "identity": "", - "device_posture": "" }' ``` @@ -363,10 +353,35 @@ curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ SafeSearch is a feature of search engines that helps you filter explicit or offensive content. You can force SafeSearch on search engines like Google, Bing, Yandex, YouTube, and DuckDuckGo: + + | Selector | Operator | Value | Action | | ------------------ | -------- | ---------------- | ----------- | | Content Categories | in | _Search Engines_ | Safe Search | + + + + +```sh +curl https://api.cloudflare.com/client/v4/accounts/{account_id}/gateway/rule\ +--header "Content-Type: application/json" \ +--header "Authorization: Bearer " \ +--data '{ + "name": "Hide explicit search results", + "description": "Force SafeSearch on search engines to filter explicit or offensive content", + "enabled": true, + "action": "safesearch", + "filters": [ + "dns" + ], + "traffic": "any(dns.content_category[*] in {145})", + "identity": "", +}' +``` + + + ## Restrict access to specific groups diff --git a/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx b/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx index b47d472b06789d..892578f2c0188f 100644 --- a/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx +++ b/src/content/partials/cloudflare-one/gateway/get-started/create-dns-policy.mdx @@ -47,7 +47,6 @@ To create a new DNS policy: ], "traffic": "any(dns.security_category[*] in {68 178 80 83 176 175 117 131 134 151 153})", "identity": "", - "device_posture": "" }' ```