cloudflare · dcpena · Jul 18, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025
@@ -5,9 +5,13 @@ sidebar:
   order: 2
 ---
 
-import { Render } from "~/components"
+The challenge solve rate (CSR) is the percentage of issued challenges — Interactive Challenge, JS Challenge, or Managed Challenge actions — that were solved.
 
-<Render file="challenge-solve-rate" product="fundamentals"/>
+```sql
+CSR = number of challenges solved / number of challenges issued
+```
+
+This metric helps you evaluate your rule's effectiveness, as well as whether you need to make any adjustments to the rule's criteria or action. Rules in Challenge mode will start generating Challenge Solve Rate data (CSR) which indicates the false positive percentage.
 
 You can find the CSR of a rule by going to its corresponding dashboard page:
 

@@ -21,4 +21,24 @@ You do not have to obtain permission from Cloudflare to launch a DDoS attack sim
 
 It is recommended that you choose the right service and enable the correct features to test against the corresponding DDoS attacks. For example, if you want to test Cloudflare against an HTTP DDoS attack and you are only using Magic Transit, the test is going to fail because you need to onboard your HTTP application to Cloudflare's reverse proxy service to test our HTTP DDoS Protection.
 
-<Render file="support-ticket-information" product="fundamentals" params={{ one: "Attack" }} />
+### **For WAF/CDN customers:**
+
+* Attack origin region
+* Attack duration
+* Attack window (UTC)
+* Attack method
+* Traffic estimate in both requests per second (rps) and bandwidth (Gbps/Mbps/MBps)
+* Target IPs, ports, ranges, zones, hostnames, full URLs
+* Contact in case of emergency
+
+### For Magic Transit and Spectrum customers:
+
+* Attack origin region
+* Attack duration
+* Attack date & timeframe
+* Attack method
+* Target IPs, ports, ranges, zones, hostnames, full URLs
+* Protocol
+* Traffic estimate in both requests per second (rps) and bandwidth (Gbps/Mbps/MBps)
+* Max packet/bit rate
+* Contact in case of emergency
@@ -10,7 +10,10 @@ import { Render } from "~/components"
 
 ## View active sessions
 
-<Render file="account-view-active-sessions" />
+To view the active sessions associated with your email address:
+
+1. Log in to the [Cloudflare dashboard](https://dash.cloudflare.com).
+2. Go to **My Profile** > **Sessions**.
 
 ## Revoke active sessions
 

@@ -10,7 +10,13 @@ description: Learn how to create a new Cloudflare account.
 
 import { Render } from "~/components"
 
-<Render file="create-account" product="fundamentals" />
+To create a Cloudflare account:
+
+1. Go to the [Sign up page](https://dash.cloudflare.com/sign-up).
+2. Enter your **Email** and **Password**.
+3. Select **Create Account**.
+
+Once you create your account, Cloudflare will automatically send an email to your address to [verify that email address](/fundamentals/user-profiles/verify-email-address/).
 
 ## Account name
 

@@ -8,6 +8,88 @@ description: Learn what account owned tokens are, when to use them, and what the
 
 ---
 
-import { Render } from "~/components"
+While user tokens act on behalf of a particular user and inherit a subset of that user's permissions, account owned tokens allow you to set up durable integrations that can act as service principals with their own specific set of permissions. This approach is ideal for scenarios like CI/CD, or building integrations with external services like SEIMs where it is important that the integration continues working, even long after the user who configured the integration may have left your organization altogether. User tokens are better for ad hoc tasks like scripting, where acting as the user is ideal and durability is less of a concern.
 
-<Render file="account-owned-tokens" product="fundamentals" />
+## Create an account owned token
+
+:::note
+Creating an account owned token requires Super Administrator permission on the account
+:::
+
+1. Log into the [Cloudflare dashboard](https://dash.cloudflare.com).
+2. Go to **Manage Account** > **Account API Tokens**.
+3. Select **Create Token** and fill in the token name, permissions, and the optional expiration date for the token.
+4. Select **Continue to summary** and review the details.
+5. Select **Create Token**.
+
+Alternatively, you can create a token using the [account owned token creation API](/api/resources/accounts/subresources/tokens/methods/create/).
+
+Refer to the [blog post](https://blog.cloudflare.com/account-owned-tokens-automated-actions-zaraz/) for more information.
+
+## Compatibility matrix
+
+Account owned tokens are generally available for all accounts. Some services may not support account owned tokens yet. Refer to the compatibility matrix below for the latest status.
+
+| Product                         | Compatibility |
+| ------------------------------- | ------------- |
+| Access                          | ✅            |
+| Account Analytics               | ✅            |
+| Account Management              | ✅            |
+| AI Gateway                      | ✅            |
+| AMP                             | ✅            |
+| API Shield                      | ✅            |
+| Argo                            | ✅            |
+| Billing                         | ✅            |
+| Cache                           | ✅            |
+| Tiered Cache                    | ✅            |
+| Cloud Connector                 | ✅            |
+| Configuration Rules             | ✅            |
+| Custom Lists                    | ❌            |
+| Custom Pages                    | ✅            |
+| D1                              | ✅            |
+| Data Loss Prevention            | ✅            |
+| Digital Experience Monitoring   | ✅            |
+| Distributed Web                 | ✅            |
+| DNS                             | ✅            |
+| Durable Objects                 | ✅            |
+| Email Relay                     | ✅            |
+| Secure Web Gateway              | ✅            |
+| Healthchecks                    | ✅            |
+| Hyperdrive                      | ✅            |
+| Images                          | ✅            |
+| Intel Data Platform             | ❌            |
+| Load Balancing                  | ✅            |
+| Log Explorer                    | ✅            |
+| Magic Network Monitoring        | ✅            |
+| Magic Transit                   | ✅            |
+| Magic WAN                       | ✅            |
+| Managed Rules                   | ✅            |
+| Network Error Logging           | ✅            |
+| Page Rules                      | ❌            |
+| Page Shield                     | ✅            |
+| Pages                           | ✅            |
+| Pub/Sub                         | ❌            |
+| R2                              | ✅            |
+| Radar                           | ✅            |
+| Registrar                       | ❌            |
+| Rulesets                        | ✅            |
+| Spectrum                        | ❌            |
+| Speed                           | ✅            |
+| SSL/TLS                         | ✅            |
+| Stream                          | ✅            |
+| Super Bot Fight Mode            | ❌            |
+| Trace                           | ✅            |
+| Tunnels                         | ✅            |
+| Turnstile                       | ❌            |
+| Vectorize                       | ✅            |
+| Waiting Room                    | ✅            |
+| Workers                         | ✅            |
+| Workers AI                      | ✅            |
+| Workers KV                      | ✅            |
+| Workers Observability           | ❌            |
+| Workers Queues                  | ✅            |
+| Workflows                       | ✅            |
+| Zaraz                           | ✅            |
+| Zero Trust Client Platform      | ❌            |
+| Zero Trust Devices and Services | ✅            |
+| Zone/Domain Management          | ✅            |
@@ -10,4 +10,61 @@ description: Learn how to create a token to perform actions using the Cloudflare
 
 import { Render } from "~/components"
 
-<Render file="create-token" product="fundamentals" />
+:::note[Prerequisite]
+
+Before you begin, [find your zone and account IDs](/fundamentals/account/find-account-and-zone-ids/).
+
+:::
+
+1. Determine if you want a user token or an [Account owned token](/fundamentals/api/get-started/account-owned-tokens/). Use Account owned tokens if you prefer service tokens that are not associated with users and your [desired API endpoints are compatible](/fundamentals/api/get-started/account-owned-tokens/#compatibility-matrix).
+2. From the [Cloudflare dashboard](https://dash.cloudflare.com/profile/api-tokens/), go to **My Profile** > **API Tokens** for user tokens. For Account Tokens, go to **Manage Account** > **API Tokens**.
+3. Select **Create Token**.
+4. Select a template from the available [API token templates](/fundamentals/api/reference/template/) or create a custom token. The following example uses the **Edit zone DNS** template.
+5. Add or edit the token name to describe why or how the token is used. Templates are prefilled with a token name and permissions.
+
+   ![Token template overview screen](~/assets/images/fundamentals/api/template-customize.png)
+
+6. Modify the token's permissions. After selecting a permissions group (*Account*, *User*, or *Zone*), choose what level of access to grant the token. Most groups offer `Edit` or `Read` options. `Edit` is full CRUDL (create, read, update, delete, list) access, while `Read` is the read permission and list where appropriate. Refer to the [available token permissions](/fundamentals/api/reference/permissions/) for more information.
+7. Select which resources the token is authorized to access. For example, granting `Zone DNS Read` access to a zone `example.com` will allow the token to read DNS records only for that specific zone. Any other zone will return an error for DNS record reads operations. Any other operation on that zone will also return an error.
+8. (Optional) Restrict how a token is used in the **Client IP Address Filtering** and **TTL (time to live)** fields.
+9. Select **Continue to summary**.
+10. Review the token summary. Select **Edit token** to make adjustments. You can also edit a token after creation.
+
+   ![Token summary screen displaying the resources and permissions selected](~/assets/images/fundamentals/api/token-summary.png)
+
+11. Select **Create Token** to generate the token's secret.
+12. Copy the secret to a secure place.
+
+<Render file="new-token-warning" product="fundamentals" />
+
+![Token creation completion screen displaying your API token and the curl command to test your token](~/assets/images/fundamentals/api/token-complete.png)
+
+The token secret page also includes an example command to test the token. Use the `/user/tokens/verify` endpoint to fetch the current status of the given token.
+
+```bash
+curl "https://api.cloudflare.com/client/v4/user/tokens/verify" \
+--header "Authorization: Bearer <API_TOKEN>"
+```
+
+The result:
+
+```json
+{
+  "result": {
+    "id": "100bf38cc8393103870917dd535e0628",
+    "status": "active"
+  },
+  "success": true,
+  "errors": [],
+  "messages": [
+    {
+      "code": 10000,
+      "message": "This API Token is valid and active",
+      "type": null
+    }
+  ]
+}
+```
+
+With this you have successfully created an API token and can start working with the Cloudflare API. After creating your first API token, you can create additional API tokens [via the API](/fundamentals/api/how-to/create-via-api/).
+
@@ -6,23 +6,62 @@ sidebar:
 
 ---
 
-import { Render } from "~/components"
+import { GlossaryTooltip, Render } from "~/components"
 
-<Render file="cloudflare-ips" product="fundamentals" />
+Cloudflare has several [IP address ranges](https://www.cloudflare.com/ips/) which are shared by all proxied hostnames.
+
+Together, these IP addresses form the backbone of our [anycast network](https://www.cloudflare.com/learning/cdn/glossary/anycast-network/), helping distribute traffic amongst various edge network servers.
+
+:::note
+
+Cloudflare uses other IP ranges for various products and services, but these addresses will not make connections to your origin.
+
+:::
 
 ## Allow Cloudflare IP addresses
 
-<Render file="allow-cloudflare-ips" product="fundamentals" />
+All traffic to [proxied DNS records](/dns/proxy-status/) passes through Cloudflare before reaching your origin server. This means that your origin server will stop receiving traffic from individual visitor IP addresses and instead receive traffic from [Cloudflare IP addresses](https://www.cloudflare.com/ips), which are shared by all proxied hostnames.
+
+This setup can cause issues if your origin server blocks or rate limits connections from Cloudflare IP addresses. Because all visitor traffic will appear to come from Cloudflare IP addresses, blocking these IPs — even accidentally — will prevent visitor traffic from reaching your application.
+
+In addition, allowing Cloudflare IPs might be needed to avoid <GlossaryTooltip term="rate limiting">rate limiting</GlossaryTooltip> or blocking these requests at your origin server.
+
+For [Magic Transit](/magic-transit/) customers, Cloudflare routes the traffic instead of proxying it. Once Cloudflare starts advertising your IP prefixes, it will accept IP packets destined for your network, process them, and then output these packets to your origin infrastructure.
 
 ## Configure origin server
 
 ### Allowlist Cloudflare IP addresses
 
-<Render file="allow-cloudflare-ips-tactical" product="fundamentals" />
+To avoid blocking Cloudflare IP addresses unintentionally, you also want to allow Cloudflare IP addresses at your origin web server.
+
+You can explicitly allow these IP addresses with a [.htaccess file](https://httpd.apache.org/docs/trunk/mod/mod_authz_core.html#require) or by using [iptables](https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall).
+
+The following example demonstrates how you could use an iptables rule to allow a Cloudflare IP address range. Replace `$ip` below with one of the [Cloudflare IP address ranges](https://www.cloudflare.com/ips).
+
+```bash
+# For IPv4 addresses
+$ iptables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
+
+# For IPv6 addresses
+$ ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $ip -j ACCEPT
+```
+
+For more specific guidance, contact your hosting provider or website administrator.
 
 ### Block other IP addresses (recommended)
 
-<Render file="block-cloudflare-ips-tactical" product="fundamentals" />
+As a best practice, we also recommend that you explicitly block all traffic that does not come from Cloudflare IP addresses or the IP addresses of your trusted partners, vendors, or applications.
+
+For example, you might [update your iptables](https://www.linode.com/docs/guides/control-network-traffic-with-iptables/#block-or-allow-traffic-by-port-number-to-create-an-iptables-firewall) with the following commands:
+
+```sh
+# For IPv4 addresses
+iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
+# For IPv6 addresses
+ip6tables -A INPUT -p tcp -m multiport --dports http,https -j DROP
+```
+
+For more specific guidance, contact your hosting provider or website administrator.
 
 ## Review external tools
 
@@ -39,7 +78,12 @@ For further recommendations on securing your origin server, refer to our guide o
 
 ### Customize Cloudflare IP addresses
 
-<Render file="customize-cloudflare-ips" product="fundamentals" />
+If they do not want to use Cloudflare IP addresses — which are shared by all proxied hostnames — Enterprise customers have two potential alternatives:
+
+* [**Bring Your Own IP (BYOIP)**](/byoip/): Cloudflare announces your IPs (an IP address range you lease/own) in all of our [locations](https://www.cloudflare.com/network/).
+* **Static IP addresses**: Cloudflare sets static IP addresses for your domain. For more details, contact your account team.
+
+Business and Enterprise customers can also reduce the number of Cloudflare IPs that their domain shares with other Cloudflare customer domains by [uploading a Custom SSL certificate](/ssl/edge-certificates/custom-certificates/).
 
 ### IP range updates