---
title: Network security Changelog
image: https://developers.cloudflare.com/cf-twitter-card.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt  
> Use this file to discover all available pages before exploring further.

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

Network security

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Sep 11, 2025
1. ### [DNS filtering for private network onramps](https://developers.cloudflare.com/changelog/post/2025-09-11-dns-filtering-for-private-network-onramps/)  
[ Gateway ](https://developers.cloudflare.com/cloudflare-one/traffic-policies/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)  
[Magic WAN](https://developers.cloudflare.com/cloudflare-wan/zero-trust/cloudflare-gateway/#dns-filtering) and [WARP Connector](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-mesh/routes/#dns-filtering) users can now securely route their DNS traffic to the Gateway resolver without exposing traffic to the public Internet.  
Routing DNS traffic to the Gateway resolver allows DNS resolution and filtering for traffic coming from private networks while preserving source internal IP visibility. This ensures Magic WAN users have full integration with our Cloudflare One features, including [Internal DNS](https://developers.cloudflare.com/cloudflare-one/traffic-policies/resolver-policies/#internal-dns) and [hostname-based policies](https://developers.cloudflare.com/cloudflare-one/traffic-policies/egress-policies/#selector-prerequisites).  
To configure DNS filtering, change your Magic WAN or WARP Connector DNS settings to use Cloudflare's shared resolver IPs, `172.64.36.1` and `172.64.36.2`. Once you configure DNS resolution and filtering, you can use _Source Internal IP_ as a traffic selector in your [resolver policies](https://developers.cloudflare.com/cloudflare-one/traffic-policies/resolver-policies/) for routing private DNS traffic to your [Internal DNS](https://developers.cloudflare.com/dns/internal-dns/).

Sep 08, 2025
1. ### [Custom IKE ID for IPsec Tunnels](https://developers.cloudflare.com/changelog/post/2025-09-08-custom-ike-id-ipsec-tunnels/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
Now, Magic WAN customers can configure a custom IKE ID for their IPsec tunnels. Customers that are using Magic WAN and a VeloCloud SD-WAN device together can utilize this new feature to create a high availability configuration.  
This feature is available via API only. Customers can read the Magic WAN documentation to learn more about the [Custom IKE ID feature and the API call to configure it](https://developers.cloudflare.com/cloudflare-wan/configuration/common-settings/custom-ike-id-ipsec/).

Sep 05, 2025
1. ### [Bidirectional tunnel health checks are compatible with all Magic on-ramps](https://developers.cloudflare.com/changelog/post/2025-09-05-bidirectional-health-check-any-on-ramp/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
All bidirectional tunnel health check return packets are accepted by any Magic on-ramp.  
Previously, when a Magic tunnel had a bidirectional health check configured, the bidirectional health check would pass when the return packets came back to Cloudflare over the same tunnel that was traversed by the forward packets.  
There are SD-WAN devices, like VeloCloud, that do not offer controls to steer traffic over one tunnel versus another in a high availability tunnel configuration.  
Now, when a Magic tunnel has a bidirectional health check configured, the bidirectional health check will pass when the return packet traverses over any tunnel in a high availability configuration.

Sep 02, 2025
1. ### [Cloudflare Tunnel and Networks API will no longer return deleted resources by default starting December 1, 2025](https://developers.cloudflare.com/changelog/post/2025-09-02-tunnel-networks-list-endpoints-new-default/)  
[ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)  
Starting **December 1, 2025**, list endpoints for the [Cloudflare Tunnel API](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/tunnels/) and [Zero Trust Networks API](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/networks/) will no longer return deleted tunnels, routes, subnets and virtual networks by default. This change makes the API behavior more intuitive by only returning active resources unless otherwise specified.  
No action is required if you already explicitly set `is_deleted=false` or if you only need to list active resources.  
This change affects the following API endpoints:  
   * List all tunnels: [GET /accounts/{account\_id}/tunnels](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/tunnels/methods/list/)  
   * List [Cloudflare Tunnels](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/): [GET /accounts/{account\_id}/cfd\_tunnel](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/tunnels/subresources/cloudflared/methods/list/)  
   * List [WARP Connector](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-mesh/) tunnels: [GET /accounts/{account\_id}/warp\_connector](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/tunnels/subresources/warp%5Fconnector/methods/list/)  
   * List tunnel routes: [GET /accounts/{account\_id}/teamnet/routes](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/networks/subresources/routes/methods/list/)  
   * List subnets: [GET /accounts/{account\_id}/zerotrust/subnets](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/networks/subresources/subnets/methods/list/)  
   * List virtual networks: [GET /accounts/{account\_id}/teamnet/virtual\_networks](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/networks/subresources/virtual%5Fnetworks/methods/list/)  
#### What is changing?  
The default behavior of the `is_deleted` query parameter will be updated.  
| Scenario                         | Previous behavior (before December 1, 2025)                                | New behavior (from December 1, 2025)                                  |  
| -------------------------------- | -------------------------------------------------------------------------- | --------------------------------------------------------------------- |  
| is\_deleted parameter is omitted | Returns **active & deleted** tunnels, routes, subnets and virtual networks | Returns **only active** tunnels, routes, subnets and virtual networks |  
#### Action required  
If you need to retrieve deleted (or all) resources, please update your API calls to explicitly include the `is_deleted` parameter before **December 1, 2025**.  
To get a list of only deleted resources, you must now explicitly add the `is_deleted=true` query parameter to your request:  
Terminal window  
```  
# Example: Get ONLY deleted Tunnels  
curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/tunnels?is_deleted=true" \  
     -H "Authorization: Bearer $API_TOKEN"  
# Example: Get ONLY deleted Virtual Networks  
curl "https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/teamnet/virtual_networks?is_deleted=true" \  
     -H "Authorization: Bearer $API_TOKEN"  
```  
Following this change, retrieving a complete list of both active and deleted resources will require two separate API calls: one to get active items (by omitting the parameter or using `is_deleted=false`) and one to get deleted items (`is_deleted=true`).  
#### Why we’re making this change  
This update is based on user feedback and aims to:  
   * **Create a more intuitive default:** Aligning with common API design principles where list operations return only active resources by default.  
   * **Reduce unexpected results:** Prevents users from accidentally operating on deleted resources that were returned unexpectedly.  
   * **Improve performance:** For most users, the default query result will now be smaller and more relevant.  
To learn more, please visit the [Cloudflare Tunnel API](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/tunnels/) and [Zero Trust Networks API](https://developers.cloudflare.com/api/resources/zero%5Ftrust/subresources/networks/) documentation.

Jul 31, 2025
1. ### [Terraform V5 support for tunnels and routes](https://developers.cloudflare.com/changelog/post/2025-07-31-terraform-v5-tunnels-routes/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
The Cloudflare Terraform provider resources for Cloudflare WAN tunnels and routes now support Terraform provider version 5\. Customers using infrastructure-as-code workflows can manage their tunnel and route configuration with the latest provider version.  
For more information, refer to the [Cloudflare Terraform provider documentation ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs).

Jul 30, 2025
1. ### [Magic Transit and Magic WAN health check data is fully compatible with the CMB EU setting.](https://developers.cloudflare.com/changelog/post/2025-07-30-mt-mwan-health-check-cmb-eu/)  
[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
Today, we are excited to announce that all Magic Transit and Magic WAN customers with CMB EU ([Customer Metadata Boundary - Europe](https://developers.cloudflare.com/data-localization/metadata-boundary/)) enabled in their account will be able to access GRE, IPsec, and CNI health check and traffic volume data in the Cloudflare dashboard and via API.  
This ensures that all Magic Transit and Magic WAN customers with CMB EU enabled will be able to access all Magic Transit and Magic WAN features.  
Specifically, these two GraphQL endpoints are now compatible with CMB EU:  
   * `magicTransitTunnelHealthChecksAdaptiveGroups`  
   * `magicTransitTunnelTrafficAdaptiveGroups`

Jul 21, 2025
1. ### [Virtual Cloudflare One Appliance with KVM support (open beta)](https://developers.cloudflare.com/changelog/post/2025-07-21-virtual-appliance-kvm-proxmox/)  
[ Cloudflare One ](https://developers.cloudflare.com/cloudflare-one/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
The KVM-based virtual Cloudflare One Appliance is now in open beta with official support for Proxmox VE.  
Customers can deploy the virtual appliance on KVM hypervisors to connect branch or data center networks to Cloudflare WAN without dedicated hardware.  
For setup instructions, refer to [Configure a virtual Cloudflare One Appliance](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/configure-virtual-appliance/).

Jul 15, 2025
1. ### [Faster, more reliable UDP traffic for Cloudflare Tunnel](https://developers.cloudflare.com/changelog/post/2025-07-15-udp-improvements/)  
[ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)  
Your real-time applications running over [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/) are now faster and more reliable. We've completely re-architected the way `cloudflared` proxies UDP traffic in order to isolate it from other traffic, ensuring latency-sensitive applications like private DNS are no longer slowed down by heavy TCP traffic (like file transfers) on the same Tunnel.  
This is a foundational improvement to Cloudflare Tunnel, delivered automatically to all customers. There are no settings to configure — your UDP traffic is already flowing faster and more reliably.  
**What’s new:**  
   * **Faster UDP performance**: We've significantly reduced the latency for establishing new UDP sessions, making applications like private DNS much more responsive.  
   * **Greater reliability for mixed traffic**: UDP packets are no longer affected by heavy TCP traffic, preventing timeouts and connection drops for your real-time services.  
Learn more about running [TCP or UDP applications](https://developers.cloudflare.com/reference-architecture/architectures/sase/#connecting-applications) and [private networks](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/private-net/) through [Cloudflare Tunnel](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/).

Jun 30, 2025
1. ### [Graceful withdrawal of BYOIP prefixes](https://developers.cloudflare.com/changelog/post/2025-06-30-graceful-byoip-withdrawal/)  
[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)  
Magic Transit customers can now configure AS prepending on their BYOIP prefixes advertised at the Cloudflare edge. This allows for smoother traffic migration and minimizes packet loss when changing providers.  
AS prepending makes the Cloudflare route less preferred by increasing the AS path length. You can use this to gradually shift traffic away from Cloudflare before withdrawing a prefix, avoiding abrupt routing changes.  
Prepending can be configured via the API or through BGP community values when peering with the Magic Transit routing table. For more information, refer to [Advertise prefixes](https://developers.cloudflare.com/magic-transit/how-to/advertise-prefixes/).

Jun 20, 2025
1. ### [CNI maintenance alerts](https://developers.cloudflare.com/changelog/post/2025-06-20-cni-maintenance-alerts/)  
[ Network Interconnect ](https://developers.cloudflare.com/network-interconnect/)  
Customers using Cloudflare Network Interconnect with the v1 dataplane can now subscribe to maintenance alert emails. These alerts notify you of planned maintenance windows that may affect your CNI circuits.  
For more information, refer to [Monitoring and alerts](https://developers.cloudflare.com/network-interconnect/monitoring-and-alerts/).

Jun 09, 2025
1. ### [More flexible fallback handling — Custom Errors now support fetching assets returned with 4xx or 5xx status codes](https://developers.cloudflare.com/changelog/post/2025-06-09-custom-errors-fetch-4xx-5xx-assets/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
[Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) can now fetch and store [assets](https://developers.cloudflare.com/rules/custom-errors/create-rules/#create-a-custom-error-asset-dashboard) and [error pages](https://developers.cloudflare.com/rules/custom-errors/#error-pages) from your origin even if they are served with a 4xx or 5xx HTTP status code — previously, only 200 OK responses were allowed.  
**What’s new:**  
   * You can now upload error pages and error assets that return error status codes (for example, 403, 500, 502, 503, 504) when fetched.  
   * These assets are stored and minified at the edge, so they can be reused across multiple Custom Error rules without triggering requests to the origin.  
This is especially useful for retrieving error content or downtime banners from your backend when you can’t override the origin status code.  
Learn more in the [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) documentation.

Jun 09, 2025
1. ### [Match Workers subrequests by upstream zone — cf.worker.upstream\_zone now supported in Transform Rules](https://developers.cloudflare.com/changelog/post/2025-06-09-transform-rule-subrequest-matching/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
You can now use the [cf.worker.upstream\_zone](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.worker.upstream%5Fzone/) field in [Transform Rules](https://developers.cloudflare.com/rules/transform/) to control rule execution based on whether a request originates from [Workers](https://developers.cloudflare.com/workers/), including subrequests issued by Workers in other zones.  
![Match Workers subrequests by upstream zone in Transform Rules](https://developers.cloudflare.com/_astro/transform-rule-subrequest-matching.BeUBEN67_wWefn.webp)  
**What's new:**  
   * `cf.worker.upstream_zone` is now supported in Transform Rules expressions.  
   * Skip or apply logic conditionally when handling [Workers subrequests](https://developers.cloudflare.com/workers/platform/limits/#subrequests).  
For example, to add a header when the subrequest comes from another zone:  
Text in **Expression Editor** (replace `myappexample.com` with your domain):  
```  
(cf.worker.upstream_zone != "" and cf.worker.upstream_zone != "myappexample.com")  
```  
Selected operation under **Modify request header**: _Set static_  
**Header name**: `X-External-Workers-Subrequest`  
**Value**: `1`  
This gives you more granular control in how you handle incoming requests for your zone.  
Learn more in the [Transform Rules](https://developers.cloudflare.com/rules/transform/) documentation and [Rules language fields](https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/) reference.

May 30, 2025
1. ### [Fine-tune image optimization — WebP now supported in Configuration Rules](https://developers.cloudflare.com/changelog/post/2025-05-30-configuration-rules-webp/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
You can now enable [Polish](https://developers.cloudflare.com/images/polish/activate-polish/) with the `webp` format directly in [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/), allowing you to optimize image delivery for specific routes, user agents, or A/B tests — without applying changes zone-wide.  
**What’s new:**  
   * [WebP](https://developers.cloudflare.com/images/polish/compression/#webp) is now a supported [value](https://developers.cloudflare.com/rules/configuration-rules/settings/#polish) in the **Polish** setting for Configuration Rules.  
This gives you more precise control over how images are compressed and delivered, whether you're targeting modern browsers, running experiments, or tailoring performance by geography or device type.  
Learn more in the [Polish](https://developers.cloudflare.com/images/polish/) and [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/) documentation.

May 09, 2025
1. ### [More ways to match — Snippets now support Custom Lists, Bot Score, and WAF Attack Score](https://developers.cloudflare.com/changelog/post/2025-05-09-snippets-cloud-connector-lists-waf-bot-scores/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
You can now use IP, Autonomous System (AS), and Hostname [custom lists](https://developers.cloudflare.com/waf/tools/lists/custom-lists/) to route traffic to [Snippets](https://developers.cloudflare.com/rules/snippets/) and [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/), giving you greater precision and control over how you match and process requests at the edge.  
In Snippets, you can now also match on [Bot Score](https://developers.cloudflare.com/bots/concepts/bot-score/) and [WAF Attack Score](https://developers.cloudflare.com/waf/detections/attack-score/), unlocking smarter edge logic for everything from request filtering and mitigation to [tarpitting](https://developers.cloudflare.com/rules/snippets/examples/slow-suspicious-requests/) and logging.  
**What’s new:**  
   * [Custom lists](https://developers.cloudflare.com/waf/tools/lists/custom-lists/) matching – Snippets and Cloud Connector now support user-created IP, AS, and Hostname lists via dashboard or [Lists API](https://developers.cloudflare.com/api/resources/rules/subresources/lists/methods/list/). Great for shared logic across zones.  
   * [Bot Score](https://developers.cloudflare.com/bots/concepts/bot-score/) and [WAF Attack Score](https://developers.cloudflare.com/waf/detections/attack-score/) – Use Cloudflare’s intelligent traffic signals to detect bots or attacks and take advanced, tailored actions with just a few lines of code.  
![New fields in Snippets](https://developers.cloudflare.com/_astro/snippets-lists-scores.D05l6zgc_ZG4Rof.webp)  
These enhancements unlock new possibilities for building smarter traffic workflows with minimal code and maximum efficiency.  
Learn more in the [Snippets](https://developers.cloudflare.com/rules/snippets/) and [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/) documentation.

Apr 30, 2025
1. ### [Cloudflare One Appliance supports multiple DNS server IPs](https://developers.cloudflare.com/changelog/post/2025-04-30-appliance-multiple-dns-servers/)  
[ Cloudflare One ](https://developers.cloudflare.com/cloudflare-one/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
Cloudflare One Appliance DHCP server settings now support specifying multiple DNS server IP addresses in the DHCP pool.  
Previously, customers could only configure a single DNS server per DHCP pool. With this update, you can specify multiple DNS servers to provide redundancy for clients at branch locations.  
For configuration details, refer to [DHCP server](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/network-options/dhcp/dhcp-server/).

Apr 24, 2025
1. ### [Custom Errors are now Generally Available](https://developers.cloudflare.com/changelog/post/2025-04-24-custom-errors-ga/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
[Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) are now generally available for all paid plans — bringing a unified and powerful experience for customizing error responses at both the zone and account levels.  
You can now manage **Custom Error Rules**, **Custom Error Assets**, and redesigned **Error Pages** directly from the Cloudflare dashboard. These features let you deliver tailored messaging when errors occur, helping you maintain brand consistency and improve user experience — whether it’s a 404 from your origin or a security challenge from Cloudflare.  
What's new:  
   * **Custom Errors are now GA** – Available on all paid plans and ready for production traffic.  
   * **UI for Custom Error Rules and Assets** – Manage your zone-level rules from the Rules > Overview and your zone-level assets from the Rules > Settings tabs.  
   * **Define inline content or upload assets** – Create custom responses directly in the rule builder, upload new or reuse previously stored assets.  
   * **Refreshed UI and new name for Error Pages** – Formerly known as “Custom Pages,” Error Pages now offer a cleaner, more intuitive experience for both zone and account-level configurations.  
   * **Powered by Ruleset Engine** – Custom Error Rules support [conditional logic](https://developers.cloudflare.com/ruleset-engine/rules-language/) and override Error Pages for 500 and 1000 class errors, as well as errors originating from your origin or [other Cloudflare products](https://developers.cloudflare.com/ruleset-engine/reference/phases-list/). You can also configure [Response Header Transform Rules](https://developers.cloudflare.com/rules/transform/response-header-modification/) to add, change, or remove HTTP headers from responses returned by Custom Error Rules.  
Learn more in the [Custom Errors documentation](https://developers.cloudflare.com/rules/custom-errors/).

Apr 09, 2025
1. ### [Cloudflare Snippets are now Generally Available](https://developers.cloudflare.com/changelog/post/2025-04-09-snippets-ga/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
![Cloudflare Snippets are now GA](https://developers.cloudflare.com/_astro/snippets-ga.BJr3csvv_Z2q49jT.webp)  
[Cloudflare Snippets](https://developers.cloudflare.com/rules/snippets/) are now generally available at no extra cost across all paid plans — giving you a fast, flexible way to programmatically control HTTP traffic using lightweight JavaScript.  
You can now use Snippets to modify HTTP requests and responses with confidence, reliability, and scale. Snippets are production-ready and deeply integrated with Cloudflare Rules, making them ideal for everything from quick dynamic header rewrites to advanced routing logic.  
What's new:  
   * **Snippets are now GA** – Available at no extra cost on all Pro, Business, and Enterprise plans.  
   * **Ready for production** – Snippets deliver a production-grade experience built for scale.  
   * **Part of the Cloudflare Rules platform** – Snippets inherit request modifications from other Cloudflare products and support sequential execution, allowing you to run multiple Snippets on the same request and apply custom modifications step by step.  
   * **Trace integration** – Use [Cloudflare Trace](https://developers.cloudflare.com/rules/trace-request/) to see which Snippets were triggered on a request — helping you understand traffic flow and debug more effectively.  
   ![Snippets shown in Cloudflare Trace results](https://developers.cloudflare.com/_astro/snippets-ga-trace.WlCshaFo_1WNo07.webp)  
Learn more in the [launch blog post ↗](https://blog.cloudflare.com/snippets/).

Mar 13, 2025
1. ### [Cloudflare IP Ranges List](https://developers.cloudflare.com/changelog/post/2025-03-13-new-managed-iplist/)  
[ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/)  
Magic Firewall now supports a new managed list of Cloudflare IP ranges. This list is available as an option when creating a Magic Firewall policy based on IP source/destination addresses. When selecting "is in list" or "is not in list", the option "**Cloudflare IP Ranges**" will appear in the dropdown menu.  
This list is based on the IPs listed in the Cloudflare [IP ranges ↗](https://www.cloudflare.com/en-gb/ips/). Updates to this managed list are applied automatically.  
![Cloudflare IPs Managed List](https://developers.cloudflare.com/_astro/cloudflare-ips.DetyOndL_10JG5B.webp)  
Note: IP Lists require a Cloudflare Advanced Network Firewall subscription. For more details about Cloudflare Network Firewall plans, refer to [Plans](https://developers.cloudflare.com/cloudflare-network-firewall/plans).

Feb 14, 2025
1. ### [Configure your Magic WAN Connector to connect via static IP assignment](https://developers.cloudflare.com/changelog/post/2025-02-14-local-console-access/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
You can now locally configure your [Magic WAN Connector](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/) to work in a static IP configuration.  
This local method does not require having access to a DHCP Internet connection. However, it does require being comfortable with using tools to access the serial port on Magic WAN Connector as well as using a serial terminal client to access the Connector's environment.  
For more details, refer to [WAN with a static IP address](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/configure-hardware-appliance/#bootstrap-via-serial-console).

Feb 12, 2025
1. ### [Increased Cloudflare Rules limits](https://developers.cloudflare.com/changelog/post/2025-02-12-rules-upgraded-limits/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
We have upgraded and streamlined [Cloudflare Rules](https://developers.cloudflare.com/rules/) limits across all plans, simplifying rule management and improving scalability for everyone.  
**New limits by product:**  
   * [Bulk Redirects](https://developers.cloudflare.com/rules/url-forwarding/bulk-redirects/)  
         * Free: **20** → **10,000** URL redirects across lists  
         * Pro: **500** → **25,000** URL redirects across lists  
         * Business: **500** → **50,000** URL redirects across lists  
         * Enterprise: **10,000** → **1,000,000** URL redirects across lists  
   * [Cloud Connector](https://developers.cloudflare.com/rules/cloud-connector/)  
         * Free: **5** → **10** connectors  
         * Enterprise: **125** → **300** connectors  
   * [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/)  
         * Pro: **5** → **25** error assets and rules  
         * Business: **20** → **50** error assets and rules  
         * Enterprise: **50** → **300** error assets and rules  
   * [Snippets](https://developers.cloudflare.com/rules/snippets/)  
         * Pro: **10** → **25** code snippets and rules  
         * Business: **25** → **50** code snippets and rules  
         * Enterprise: **50** → **300** code snippets and rules  
   * [Cache Rules](https://developers.cloudflare.com/cache/how-to/cache-rules/), [Configuration Rules](https://developers.cloudflare.com/rules/configuration-rules/), [Compression Rules](https://developers.cloudflare.com/rules/compression-rules/), [Origin Rules](https://developers.cloudflare.com/rules/origin-rules/), [Single Redirects](https://developers.cloudflare.com/rules/url-forwarding/single-redirects/), and [Transform Rules](https://developers.cloudflare.com/rules/transform/)  
         * Enterprise: **125** → **300** rules  
Gradual rollout  
Limits are updated gradually. Some customers may still see previous limits until the rollout is fully completed in the first half of 2025.

Feb 11, 2025
1. ### [Custom Errors (beta): Stored Assets & Account-level Rules](https://developers.cloudflare.com/changelog/post/2025-02-11-custom-errors-beta/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
We're introducing [Custom Errors](https://developers.cloudflare.com/rules/custom-errors/) (beta), which builds on our existing Custom Error Responses feature with new asset storage capabilities.  
This update allows you to store externally hosted error pages on Cloudflare and reference them in custom error rules, eliminating the need to supply inline content.  
This brings the following new capabilities:  
   * **Custom error assets** – Fetch and store external error pages at the edge for use in error responses.  
   * **Account-Level custom errors** – Define error handling rules and assets at the account level for consistency across multiple zones. Zone-level rules take precedence over account-level ones, and assets are not shared between levels.  
You can use Cloudflare API to upload your existing assets for use with Custom Errors:  
Terminal window  
```  
curl "https://api.cloudflare.com/client/v4/zones/{zone_id}/custom_pages/assets" \  
--header "Authorization: Bearer <API_TOKEN>" \  
--header 'Content-Type: application/json' \  
--data '{  
  "name": "maintenance",  
  "description": "Maintenance template page",  
  "url": "https://example.com/"  
}'  
```  
You can then reference the stored asset in a Custom Error rule:  
Terminal window  
```  
curl --request PUT \  
"https://api.cloudflare.com/client/v4/zones/{zone_id}/rulesets/phases/http_custom_errors/entrypoint" \  
--header "Authorization: Bearer <API_TOKEN>" \  
--header 'Content-Type: application/json' \  
--data '{  
  "rules": [  
    {  
      "action": "serve_error",  
      "action_parameters": {  
        "asset_name": "maintenance",  
        "content_type": "text/html",  
        "status_code": 503  
      },  
      "enabled": true,  
      "expression": "http.request.uri.path contains \"error\""  
    }  
  ]  
}'  
```

Jan 29, 2025
1. ### [New Snippets Code Editor](https://developers.cloudflare.com/changelog/post/2025-01-29-snippets-code-editor/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
The new [Snippets](https://developers.cloudflare.com/rules/snippets/) code editor lets you edit Snippet code and rule in one place, making it easier to test and deploy changes without switching between pages.  
![New Snippets code editor](https://developers.cloudflare.com/_astro/snippets-new-editor.CaoIu2_-_Z2rsmyM.webp)  
What’s new:  
   * **Single-page editing for code and rule** – No need to jump between screens.  
   * **Auto-complete & syntax highlighting** – Get suggestions and avoid mistakes.  
   * **Code formatting & refactoring** – Write cleaner, more readable code.  
Try it now in [Rules > Snippets ↗](https://dash.cloudflare.com/?to=/:account/:zone/rules/snippets).

Jan 09, 2025
1. ### [New Rules Overview Interface](https://developers.cloudflare.com/changelog/post/2025-01-09-rules-overview/)  
[ Rules ](https://developers.cloudflare.com/rules/)  
**Rules Overview** gives you a single page to manage all your [Cloudflare Rules](https://developers.cloudflare.com/rules/).  
What you can do:  
   * **See all your rules in one place** – No more clicking around.  
   * **Find rules faster** – Search by name.  
   * **Understand execution order** – See how rules run in sequence.  
   * **Debug easily** – Use [Trace](https://developers.cloudflare.com/rules/trace-request/) without switching tabs.  
Check it out in [Rules > Overview ↗](https://dash.cloudflare.com/?to=/:account/:zone/rules/overview).

Dec 19, 2024
1. ### [Troubleshoot tunnels with diagnostic logs](https://developers.cloudflare.com/changelog/post/2024-12-19-diagnostic-logs/)  
[ Cloudflare Tunnel ](https://developers.cloudflare.com/tunnel/)[ Cloudflare Tunnel for SASE ](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/)  
The latest `cloudflared` build [2024.12.2 ↗](https://github.com/cloudflare/cloudflared/releases/tag/2024.12.2) introduces the ability to collect all the diagnostic logs needed to troubleshoot a `cloudflared` instance.  
A diagnostic report collects data from a single instance of `cloudflared` running on the local machine and outputs it to a `cloudflared-diag` file.  
For more information, refer to [Diagnostic logs](https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/troubleshoot-tunnels/diag-logs/).

Dec 17, 2024
1. ### [Establish BGP peering over Direct CNI circuits](https://developers.cloudflare.com/changelog/post/2024-12-17-bgp-support-cni/)  
[ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Network Interconnect ](https://developers.cloudflare.com/network-interconnect/)  
Magic WAN and Magic Transit customers can use the Cloudflare dashboard to configure and manage BGP peering between their networks and their Magic routing table when using a Direct CNI on-ramp.  
Using BGP peering allows customers to:  
   * Automate the process of adding or removing networks and subnets.  
   * Take advantage of failure detection and session recovery features.  
With this functionality, customers can:  
   * Establish an eBGP session between their devices and the Magic WAN / Magic Transit service when connected via CNI.  
   * Secure the session by MD5 authentication to prevent misconfigurations.  
   * Exchange routes dynamically between their devices and their Magic routing table.  
Refer to [Magic WAN BGP peering](https://developers.cloudflare.com/cloudflare-wan/configuration/how-to/configure-routes/#configure-bgp-routes) or [Magic Transit BGP peering](https://developers.cloudflare.com/magic-transit/how-to/configure-routes/#configure-bgp-routes) to learn more about this feature and how to set it up.

[Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)