From 4f07b09b229790dd2cd50b224cf18580d16ea313 Mon Sep 17 00:00:00 2001 From: "mintlify[bot]" <109931778+mintlify[bot]@users.noreply.github.com> Date: Mon, 6 Jul 2026 00:10:17 +0000 Subject: [PATCH] docs: apply sentence case to ai-edge headings --- ai-edge/proxy-waf.mdx | 14 +++++++------- ai-edge/waf-configuration.mdx | 24 ++++++++++++------------ 2 files changed, 19 insertions(+), 19 deletions(-) diff --git a/ai-edge/proxy-waf.mdx b/ai-edge/proxy-waf.mdx index b463d42..0a736d7 100644 --- a/ai-edge/proxy-waf.mdx +++ b/ai-edge/proxy-waf.mdx @@ -16,13 +16,13 @@ The proxy determines where traffic goes and how requests are shaped before reach The `HTTPProxy` resource handles Layer 7 routing and request processing. It supports hostname routing, path and header matching, redirects, rewrites, CORS, header manipulation, traffic mirroring, and TLS configuration to origin. -### Inspect the Schema +### Inspect the schema ```bash datumctl explain httpproxy --recursive ``` -### List and Inspect Proxies +### List and inspect proxies ```bash # List all proxies @@ -32,7 +32,7 @@ datumctl get httpproxies --namespace default datumctl get httpproxy --namespace default -o yaml ``` -### Feature Reference +### Feature reference ```text HTTPProxy @@ -84,13 +84,13 @@ Each rule currently supports a single backend. Multiple backends per rule are no The `TrafficProtectionPolicy` resource provides application-layer security using the OWASP Core Rule Set. It attaches to the `gateway.networking.k8s.io/v1 HTTPRoute` that NSO creates from an `HTTPProxy` (using the same name), scoping the WAF to that proxy's traffic. Use `sectionName` to target a specific named rule. -### Inspect the Schema +### Inspect the schema ```bash datumctl explain trafficprotectionpolicy --recursive ``` -### List and Inspect WAF Policies +### List and inspect WAF policies ```bash # List all WAF policies @@ -100,7 +100,7 @@ datumctl get trafficprotectionpolicies --namespace default datumctl get trafficprotectionpolicy --namespace default -o yaml ``` -### Feature Reference +### Feature reference ```text TrafficProtectionPolicy @@ -140,7 +140,7 @@ TrafficProtectionPolicy --- -## Next Steps +## Next steps - [Path-Based Routing](/ai-edge/path-routing) — Route requests to different backends by URL path - [HTTP Basic Authentication](/ai-edge/basic-auth) — Add username/password protection to a route diff --git a/ai-edge/waf-configuration.mdx b/ai-edge/waf-configuration.mdx index 7ebeefd..af6b60b 100644 --- a/ai-edge/waf-configuration.mdx +++ b/ai-edge/waf-configuration.mdx @@ -39,9 +39,9 @@ datumctl get httpproxy --project $PROJECT --namespace $NAMESPACE --- -## Configuration Steps +## Configuration steps -### Step 1: Set Variables +### Step 1: Set variables #### Windows (PowerShell) @@ -63,7 +63,7 @@ WAF_NAME="${PROXY_NAME}-waf" --- -### Step 2: Apply WAF in Observe Mode +### Step 2: Apply WAF in observe mode Start by attaching the WAF in `Observe` mode. Violations are logged but traffic is not blocked. @@ -123,7 +123,7 @@ EOF --- -### Step 3: Verify Policy Attachment +### Step 3: Verify policy attachment ```bash datumctl get trafficprotectionpolicy $WAF_NAME \ @@ -134,7 +134,7 @@ Confirm the policy shows `Accepted=True` and is attached to the correct proxy. --- -### Step 4: Switch to Enforce Mode +### Step 4: Switch to enforce mode After observing traffic and confirming no false positives, switch the mode to `Enforce`. @@ -194,9 +194,9 @@ EOF --- -## Configuration Reference +## Configuration reference -### Paranoia Levels +### Paranoia levels Paranoia level controls how aggressively the CRS applies rules. Higher levels catch more threats but increase false-positive risk. @@ -211,7 +211,7 @@ Paranoia level controls how aggressively the CRS applies rules. Higher levels ca --- -### Score Thresholds +### Score thresholds The OWASP CRS uses anomaly scoring — each rule match adds to a running score. The request is blocked when the score exceeds the threshold. @@ -224,7 +224,7 @@ Lower thresholds block more aggressively. The defaults (5 inbound, 4 outbound) a --- -### Rule Exclusions +### Rule exclusions Use rule exclusions to suppress specific rules causing false positives. Exclusions apply globally to the policy. @@ -243,7 +243,7 @@ Use the minimum exclusion scope needed — prefer specific `ids` over broad `tag --- -### Targeting a Specific Rule (sectionName) +### Targeting a specific rule (sectionName) By default, a `TrafficProtectionPolicy` applies to the entire `HTTPProxy`. To scope it to a single named rule, use `sectionName`: @@ -261,7 +261,7 @@ targetRefs: ## Verification -### Test with a Known Attack Pattern +### Test with a known attack pattern Send a request containing a SQL injection pattern to confirm the WAF detects it: @@ -305,7 +305,7 @@ datumctl delete trafficprotectionpolicy $WAF_NAME \ --- -## Best Practices +## Best practices - Always start in `Observe` mode and run for at least a few days of representative traffic before enforcing - Set `detection` one level higher than `blocking` to preview the impact of stricter rules before applying them