[WAF, Terraform] Improve Terraform info and links from/to the WAF (#1…

…9681)

Also adds some Terraform links to Rules features

src/content/docs/rules/transform/index.mdx

@@ -37,6 +37,8 @@ Alternatively, create a transform rule from scratch in the dashboard or via Clou
 - [HTTP response header modification rules](/rules/transform/response-header-modification/create-dashboard/)
 - [Managed Transforms](/rules/transform/managed-transforms/)
 
+For Terraform examples, refer to [Transform Rules configuration using Terraform](/terraform/additional-configurations/transform-rules/).
+
 Refer to [Rules language](/ruleset-engine/rules-language/) for more information on building expressions for Transform Rules.
 
 ## Availability

src/content/docs/rules/transform/managed-transforms/configure.mdx

@@ -7,9 +7,9 @@ head: []
 description: Learn how to configure Managed Transforms.
 ---
 
-import { Details, TabItem, Tabs } from "~/components";
+import { Details, TabItem, Tabs, Render } from "~/components";
 
-<Tabs syncKey="dashPlusAPI"> <TabItem label="Dashboard">
+<Tabs syncKey="dashPlusAPIPlusTerraform"> <TabItem label="Dashboard">
 
 1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com/), and select your account and website.
 
@@ -182,4 +182,28 @@ The response will include all the available Managed Transforms and their new sta
 
 </Details>
 
+</TabItem> <TabItem label="Terraform">
+
+<Render file="v4-code-snippets" product="terraform" />
+
+Use the `cloudflare_managed_headers` Terraform resource to configure Managed Transforms. For example:
+
+```tf
+resource "cloudflare_managed_headers" "tf_example" {
+  zone_id = "<ZONE_ID>"
+
+  managed_request_headers {
+    id      = "add_visitor_location_headers"
+    enabled = true
+  }
+
+  managed_response_headers {
+    id      = "remove_x-powered-by_header"
+    enabled = true
+  }
+}
+```
+
+Make sure you include the Managed Transforms you are updating in the correct object (`managed_request_headers` or `managed_response_headers`).
+
 </TabItem> </Tabs>

src/content/docs/rules/transform/managed-transforms/index.mdx

@@ -15,7 +15,7 @@ Managed Transforms allow you to perform common adjustments to HTTP request and r
 
 For a complete list, refer to [Available Managed Transforms](/rules/transform/managed-transforms/reference/).
 
-When you enable a Managed Transform, Cloudflare internally deploys one or more Transform Rules to handle the common configuration you selected. These generated rules will not count against the maximum number of Transform Rules available in your Cloudflare plan.
+When you enable a Managed Transform, Cloudflare internally deploys one or more Transform Rules to handle the common configuration you selected. These generated rules will not count against the [maximum number of Transform Rules](/rules/transform/#availability) available in your Cloudflare plan.
 
 Enabled Managed Transforms will apply to all inbound requests for the zone.
 
@@ -25,4 +25,4 @@ The generated internal Transform Rules will not appear in the Transform Rules li
 
 ## Next steps
 
-For dashboard and API instructions, refer to [Configure Managed Transforms](/rules/transform/managed-transforms/configure/).
+For dashboard, API, and Terraform instructions, refer to [Configure Managed Transforms](/rules/transform/managed-transforms/configure/).

src/content/docs/rules/transform/request-header-modification/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Create a rule using Terraform
+external_link: /terraform/additional-configurations/transform-rules/#create-an-http-request-header-modification-rule
+sidebar:
+  order: 4
+---

src/content/docs/rules/transform/response-header-modification/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Create a rule using Terraform
+external_link: /terraform/additional-configurations/transform-rules/#create-an-http-response-header-modification-rule
+sidebar:
+  order: 4
+---

src/content/docs/rules/transform/url-rewrite/index.mdx

@@ -33,7 +33,7 @@ Rewrite URL rules can perform static or dynamic rewrites:
 - **Static rewrite**: Replaces a given part of a request URL (path or query string) with a static string.
 - **Dynamic rewrite**: Supports more advanced scenarios where you use a rewrite expression to define the resulting path or query string.
 
-Create rewrite URL rules [in the dashboard](/rules/transform/url-rewrite/create-dashboard/) or [via API](/rules/transform/url-rewrite/create-api/).
+Create rewrite URL rules [in the dashboard](/rules/transform/url-rewrite/create-dashboard/), [via Cloudflare API](/rules/transform/url-rewrite/create-api/), or [using Terraform](/terraform/additional-configurations/transform-rules/#create-a-rewrite-url-rule).
 
 ## Serve images from custom paths
 

src/content/docs/rules/transform/url-rewrite/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Create a rule using Terraform
+external_link: /terraform/additional-configurations/transform-rules/#create-a-rewrite-url-rule
+sidebar:
+  order: 4
+---

src/content/docs/terraform/additional-configurations/ddos-managed-rulesets.mdx

@@ -1,24 +1,25 @@
 ---
-title: DDoS managed rulesets
+title: DDoS managed rulesets configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 3
+  label: DDoS managed rulesets
 head:
   - tag: title
-    content: Configure DDoS managed rulesets with Terraform
+    content: DDoS managed rulesets configuration using Terraform
 ---
 
-import { Render } from "~/components";
+import { Render, RuleID } from "~/components";
 
-This page provides examples of configuring DDoS managed rulesets in your zone or account using Terraform. It covers the following configurations:
+This page provides examples of configuring [DDoS managed rulesets](/ddos-protection/managed-rulesets/) in your zone or account using Terraform. It covers the following configurations:
 
 - [Example: Configure HTTP DDoS Attack Protection](#example-configure-http-ddos-attack-protection)
 - [Example: Configure Network-layer DDoS Attack Protection](#example-configure-network-layer-ddos-attack-protection)
 - [Use case: Mitigate large HTTP DDoS attacks and monitor flagged traffic](#use-case-mitigate-large-http-ddos-attacks-and-monitor-flagged-traffic)
 
 DDoS managed rulesets are always enabled. Depending on your Cloudflare services, you may be able to adjust their behavior.
 
-For more information on DDoS managed rulesets, refer to [Managed rulesets](/ddos-protection/managed-rulesets/) in the Cloudflare DDoS Protection documentation. For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation.
+For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation.
 
 ## Before you start
 
@@ -34,7 +35,7 @@ For more information on DDoS managed rulesets, refer to [Managed rulesets](/ddos
 
 ## Example: Configure HTTP DDoS Attack Protection
 
-This example configures the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) managed ruleset for a zone using Terraform, changing the sensitivity level of rule with ID fdfdac75430c4c47a959592f0aa5e68a to `low`.
+This example configures the [HTTP DDoS Attack Protection](/ddos-protection/managed-rulesets/http/) managed ruleset for a zone using Terraform, changing the sensitivity level of rule with ID <RuleID id="fdfdac75430c4c47a959592f0aa5e68a" /> to `low`.
 
 <Render file="v4-code-snippets" />
 
@@ -70,7 +71,7 @@ For more information about HTTP DDoS Attack Protection, refer to [HTTP DDoS Atta
 
 ## Example: Configure Network-layer DDoS Attack Protection
 
-This example configures the [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/) managed ruleset for an account using Terraform, changing the sensitivity level of rule with ID 599dab0942ff4898ac1b7797e954e98b to `low` using an override.
+This example configures the [Network-layer DDoS Attack Protection](/ddos-protection/managed-rulesets/network/) managed ruleset for an account using Terraform, changing the sensitivity level of rule with ID <RuleID id="599dab0942ff4898ac1b7797e954e98b" /> to `low` using an override.
 
 :::caution[Important]
 

src/content/docs/terraform/additional-configurations/rate-limiting-rules.mdx

@@ -1,18 +1,17 @@
 ---
-title: Rate limiting rules
+title: Rate limiting rules configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 4
+  label: Rate limiting rules
 head:
   - tag: title
-    content: Configure rate limiting rules with Terraform
+    content: Rate limiting rules configuration using Terraform
 ---
 
 import { Details, Render } from "~/components";
 
-This page provides an example of creating a rate limiting rule in a zone using Terraform.
-
-For more information on rate limiting rules, refer to [Rate limiting rules](/waf/rate-limiting-rules/) in the Cloudflare WAF documentation.
+This page provides examples of creating [rate limiting rules](/waf/rate-limiting-rules/) in a zone or account using Terraform.
 
 :::note
 
@@ -31,7 +30,7 @@ For more information on configuring the previous version of rate limiting rules
 
 ---
 
-## Create a rate limiting rule
+## Create a rate limiting rule at the zone level
 
 This example creates a rate limiting rule in zone with ID `<ZONE_ID>` blocking traffic that exceeds the configured rate:
 
@@ -62,14 +61,15 @@ resource "cloudflare_ruleset" "zone_rl" {
 
 <Render file="add-new-rule" params={{ one: "rate limiting rule" }} /> <br />
 
-<Details header="Account-level example configuration">
+## Create a rate limiting rule at the account level
 
-:::note[Before you start]
+:::note[Notes]
 
-- Account-level rate limiting configuration requires an Enterprise plan with a paid add-on.
+- [Account-level rate limiting configuration](/waf/account/) requires an Enterprise plan with a paid add-on.
 
 - Custom rulesets deployed at the account level will only apply to incoming traffic of zones on an Enterprise plan. The expression of your `execute` rule must end with `and cf.zone.plan eq "ENT"`.
-  :::
+
+:::
 
 This example defines a [custom ruleset](/ruleset-engine/custom-rulesets/) with a single rate limiting rule in account with ID `<ACCOUNT_ID>` that blocks traffic for the `/api/` path exceeding the configured rate. The second `cloudflare_ruleset` resource defines an `execute` rule that deploys the custom ruleset for traffic addressed at `example.com`.
 
@@ -120,7 +120,7 @@ resource "cloudflare_ruleset" "account_rl_entrypoint" {
 }
 ```
 
-</Details>
+<Render file="add-new-rule" params={{ one: "rate limiting rule" }} /> <br />
 
 ## Create an advanced rate limiting rule
 

src/content/docs/terraform/additional-configurations/transform-rules.mdx

@@ -1,21 +1,21 @@
 ---
-title: Transform Rules
+title: Transform Rules configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 6
+  label: Transform Rules
 head:
   - tag: title
-    content: Configure Transform Rules with Terraform
+    content: Transform Rules configuration using Terraform
 ---
 
 import { Render } from "~/components";
 
-This page provides examples of creating Transform Rules in a zone using Terraform. The examples cover the following scenarios:
+This page provides examples of creating [Transform Rules](/rules/transform/) in a zone using Terraform. The examples cover the following scenarios:
 
 - [Create a Rewrite URL Rule](#create-a-rewrite-url-rule)
 - [Create an HTTP Request Header Modification Rule](#create-an-http-request-header-modification-rule)
-
-For more information on Transform Rules, refer to [Transform Rules](/rules/transform/).
+- [Create an HTTP Response Header Modification Rule](#create-an-http-response-header-modification-rule)
 
 ## Before you start
 

src/content/docs/terraform/additional-configurations/waf-custom-rules.mdx

@@ -1,16 +1,17 @@
 ---
-title: WAF custom rules
+title: WAF custom rules configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 5
+  label: WAF custom rules
 head:
   - tag: title
-    content: Configure WAF custom rules with Terraform
+    content: WAF custom rules configuration using Terraform
 ---
 
 import { Render, GlossaryTooltip } from "~/components";
 
-This page provides examples of creating WAF custom rules in a zone or account using Terraform. The examples cover the following scenarios:
+This page provides examples of creating [WAF custom rules](/waf/custom-rules/) in a zone or account using Terraform. The examples cover the following scenarios:
 
 - Zone-level configurations:
   - [Add a custom rule to a zone](#add-a-custom-rule-to-a-zone)
@@ -20,8 +21,6 @@ This page provides examples of creating WAF custom rules in a zone or account us
   - [Create and deploy a custom ruleset](#create-and-deploy-a-custom-ruleset)
   - [Add a custom rule checking for exposed credentials](#add-a-custom-rule-checking-for-exposed-credentials)
 
-For more information on custom rules, refer to [Custom rules](/waf/custom-rules/) in the Cloudflare WAF documentation.
-
 ## Before you start
 
 ### Obtain the necessary account or zone IDs

src/content/docs/terraform/additional-configurations/waf-managed-rulesets.mdx

@@ -1,38 +1,42 @@
 ---
-title: WAF Managed Rules
+title: WAF Managed Rules configuration using Terraform
 pcx_content_type: how-to
 sidebar:
   order: 2
+  label: WAF Managed Rules
 head:
   - tag: title
-    content: Configure WAF Managed Rules with Terraform
+    content: WAF Managed Rules configuration using Terraform
 ---
 
 import { Details, Render, RuleID } from "~/components";
 
-This page provides examples of deploying and configuring WAF Managed Rules in your zone or account using Terraform. It covers the following configurations:
+This page provides examples of deploying and configuring [WAF Managed Rules](/waf/managed-rules/) in your zone or account using Terraform. It covers the following configurations:
 
-- [Deploy managed rulesets](#deploy-managed-rulesets)
+- [Deploy managed rulesets at the zone level](#deploy-managed-rulesets-at-the-zone-level)
+- [Deploy managed rulesets at the account level](#deploy-managed-rulesets-at-the-account-level)
 - [Configure skip rules](#configure-skip-rules)
 - [Configure payload logging](#configure-payload-logging)
 - [Configure overrides](#configure-overrides)
 - [Configure the OWASP paranoia level, score threshold, and action](#configure-the-owasp-paranoia-level-score-threshold-and-action)
 
-For more information on WAF Managed Rules, refer to [WAF Managed Rules](/waf/managed-rules/) in the Cloudflare WAF documentation. For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation.
+For more information on deploying and configuring rulesets using the Rulesets API, refer to [Work with managed rulesets](/ruleset-engine/managed-rulesets/) in the Ruleset Engine documentation.
 
 ## Before you start
 
 ### Obtain the necessary account, zone, and managed ruleset IDs
 
 <Render file="find-ids-managed-rulesets" />
 
+The IDs of WAF managed rulesets are also available in the [WAF Managed Rules](/waf/managed-rules/#managed-rulesets) page.
+
 ### Import or delete existing rulesets
 
 <Render file="import-delete-existing-rulesets" />
 
 ---
 
-## Deploy managed rulesets
+## Deploy managed rulesets at the zone level
 
 The following example deploys two managed rulesets to the zone with ID `<ZONE_ID>` using Terraform, using a `cloudflare_ruleset` resource with two rules that execute the managed rulesets.
 
@@ -71,14 +75,15 @@ resource "cloudflare_ruleset" "zone_level_managed_waf" {
 }
 ```
 
-<Details header="Account-level example configuration">
+## Deploy managed rulesets at the account level
 
-:::note[Before you start]
+:::note[Notes]
 
-- Account-level WAF configuration requires an Enterprise plan with a paid add-on.
+- [Account-level WAF configuration](/waf/account/) requires an Enterprise plan with a paid add-on.
 
 - Managed rulesets deployed at the account level will only apply to incoming traffic of zones on an Enterprise plan. The expression of your `execute` rule must end with `and cf.zone.plan eq "ENT"`.
-  :::
+
+:::
 
 The following example deploys two managed rulesets to the account with ID `<ACCOUNT_ID>` using Terraform, using a `cloudflare_ruleset` resource with two rules that execute the managed rulesets for two hostnames belonging to Enterprise zones.
 
@@ -116,8 +121,6 @@ resource "cloudflare_ruleset" "account_level_managed_waf" {
 }
 ```
 
-</Details>
-
 ## Configure skip rules
 
 The following example adds two [skip rules](/waf/managed-rules/waf-exceptions/) (or exceptions) for the Cloudflare Managed Ruleset:
@@ -192,7 +195,7 @@ The following configuration includes the three overrides in the rule that execut
 
 <Render file="v4-code-snippets" />
 
-```tf null {9-24}
+```tf null {11-26}
   # (...)
 
   # Execute Cloudflare Managed Ruleset
@@ -233,7 +236,7 @@ Building upon the rule that deploys the Cloudflare Managed Ruleset, the followin
 
 <Render file="v4-code-snippets" />
 
-```tf null {9-11}
+```tf null {11-13}
   # (...)
 
   # Execute Cloudflare Managed Ruleset
@@ -274,7 +277,7 @@ The following example rule of a `cloudflare_ruleset` Terraform resource performs
 
 <Render file="v4-code-snippets" />
 
-```tf null {8-25}
+```tf null {11-28}
   # (...)
 
   # Execute Cloudflare OWASP Core Ruleset

src/content/docs/waf/account/custom-rulesets/index.mdx

@@ -17,3 +17,5 @@ Refer to the following pages for more information on working with custom ruleset
 
 - [Work with custom rulesets in the dashboard](/waf/account/custom-rulesets/create-dashboard/)
 - [Work with custom rulesets using the API](/waf/account/custom-rulesets/create-api/)
+
+For Terraform examples, refer to [WAF custom rules configuration using Terraform](/terraform/additional-configurations/waf-custom-rules/#create-and-deploy-a-custom-ruleset).

src/content/docs/waf/account/custom-rulesets/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Use Terraform
+external_link: /terraform/additional-configurations/waf-custom-rules/#create-and-deploy-a-custom-ruleset
+sidebar:
+  order: 4
+---

src/content/docs/waf/account/managed-rulesets/link-create-exceptions.mdx

@@ -3,5 +3,5 @@ pcx_content_type: navigation
 title: Create exceptions
 external_link: /waf/managed-rules/waf-exceptions/
 sidebar:
-  order: 4
+  order: 5
 ---

src/content/docs/waf/account/managed-rulesets/link-create-terraform.mdx

@@ -0,0 +1,7 @@
+---
+pcx_content_type: navigation
+title: Deploy using Terraform
+external_link: /terraform/additional-configurations/waf-managed-rulesets/#deploy-managed-rulesets-at-the-account-level
+sidebar:
+  order: 4
+---