[Docs Site] Update pinned api-schemas commit#12
Open
github-actions[bot] wants to merge 1 commit into
Open
Conversation
…338a170501201238d36
ack-cf
pushed a commit
that referenced
this pull request
Jun 27, 2026
* Add Rules documentation updates
Document undocumented behaviors and configuration guidance across
Rules, ruleset engine, custom errors, and bulk redirects:
1. http.host always raw, even with Origin Rules host override
3. Custom Error Rules vs default WAF block page distinction
4. Custom error asset size limit (1.5 MB after base64 inlining)
5. Bulk Redirects execution order relative to WAF
6. X-Real-IP and other protected headers via Snippets/Workers subrequest
7. x-forwarded-for re-added by Cloudflare backend proxy after rule phases
11. Maximum 64 regular expressions per rule expression
12. Preserve query string overwrites target URL query string
Resolves DEE-3644
* Address ask-bonk review feedback
- http.host: drop misleading request.cf reference (it holds metadata
like colo/country, not the host header)
- custom-errors: nest 'Size limits' as H3 under 'Custom Error Assets'
(the limit is asset-specific, not page-wide)
- custom-errors: align casing ('custom error rule' lowercase to match
the rest of the page)
* Address Maurizio Abba (Engineering) review feedback
mabba verified all 8 claims against fl2, rulesets-control-plane,
custom-pages, nginx-ssl, pingora-origin, and pingora-backend-router.
Items 1, 5, 6b, 7, and 11 are verified accurate. Three items needed
rewording:
- #4 base64 inlining: only images and binary resources (including
those referenced from CSS via url()) are base64-encoded. CSS and
JavaScript files are inlined as plain text inside <style>/<script>
tags. Verified at custom-pages/collapsify/src/flattener.rs.
- #6 x-real-ip workaround: the protected-header restriction is enforced
by an unconditional rewrite in fl2/lib/module-header-upstreaming.
Workers and Snippets can influence the value via a fetch() subrequest,
but the value must be a syntactically valid IP address, and cross-zone
subrequests are hard-overridden to an internal Cloudflare address to
prevent IP spoofing. Verified at fl2/bin/fl2/src/visitor.rs:140-145.
- #12 Preserve query string: the target's query string is *always*
dropped when Preserve query string is enabled — unconditionally,
even when the request has no query string. Verified at
fl2/bin/fl2/src/rulesets/actions/redirect.rs:263-271.
* Add smarsh-cf and maurizioabba as Rules code owners
Add Sam Marsh and Maurizio Abba as code owners for /src/content/docs/rules/.
Add Maurizio Abba as code owner for /src/content/docs/ruleset-engine/.
Author
|
Hey there, we've marked this pull request as stale because there's no recent activity on it. This label helps us identify PRs that might need updates (or to be closed out by our team if no longer relevant). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR updates the api-schemas commit reference to the latest version (f6cdff229f0cd95a4f2d5338a170501201238d36).