From 6fad41523903b9920951aff2f14417e1a93fd720 Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Fri, 21 Feb 2025 16:36:35 -0600
Subject: [PATCH 1/3] Add WAF custom header procedure

---
 .../gateway/http-policies/tenant-control.mdx     | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
index 7c8292aeb7458fb..6ec248e5624ef9e 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
@@ -87,6 +87,22 @@ For more information, refer to the [Slack documentation](https://slack.com/help/
 
 For more information, refer to the [Dropbox documentation](https://help.dropbox.com/security/network-control).
 
+## Exempt WARP traffic in Cloudflare WAF
+
+Admins can add a custom header to an HTTP policy and the same custom header to a WAF firewall rule to exempt their certain users from their WAF.
+
+1. Create an Allow policy for an internal domain behind your WAF with a custom header.
+
+   | Selector | Operator | Value             | Action |
+   | -------- | -------- | ----------------- | ------ |
+   | Domain   | in       | `internalapp.com` | Allow  |
+
+   | Custom header name | Custom header value |
+   | ------------------ | ------------------- |
+   | `Example-Header`   | `example-value`     |
+
+2. In Cloudflare WAF, [create a custom rule](/waf/custom-rules/) with the same [custom header value](/waf/custom-rules/use-cases/require-specific-headers/).
+
 ## Use tenant control with Browser Isolation
 
 You can configure [Browser Isolation](/cloudflare-one/policies/browser-isolation/) to send custom headers. This is useful for implementing tenant control for isolated SaaS applications or sending arbitrary custom request headers to isolated websites.

From aea8b1adba746269d4cdce6f1f0fb17c1ac8caf4 Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Fri, 21 Feb 2025 16:55:01 -0600
Subject: [PATCH 2/3] Add better explanation

---
 .../policies/gateway/http-policies/tenant-control.mdx       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
index 6ec248e5624ef9e..999d5071e227de7 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
@@ -87,9 +87,9 @@ For more information, refer to the [Slack documentation](https://slack.com/help/
 
 For more information, refer to the [Dropbox documentation](https://help.dropbox.com/security/network-control).
 
-## Exempt WARP traffic in Cloudflare WAF
+## Exempt users in Cloudflare WAF
 
-Admins can add a custom header to an HTTP policy and the same custom header to a WAF firewall rule to exempt their certain users from their WAF.
+You can include custom headers in an HTTP policy to allow your users through [Cloudflare WAF](/waf/). This is useful for allowing only WARP users through your WAF.
 
 1. Create an Allow policy for an internal domain behind your WAF with a custom header.
 
@@ -101,7 +101,7 @@ Admins can add a custom header to an HTTP policy and the same custom header to a
    | ------------------ | ------------------- |
    | `Example-Header`   | `example-value`     |
 
-2. In Cloudflare WAF, [create a custom rule](/waf/custom-rules/) with the same [custom header value](/waf/custom-rules/use-cases/require-specific-headers/).
+2. In Cloudflare WAF, [create a custom rule](/waf/custom-rules/) to require the same [HTTP headers](/waf/custom-rules/use-cases/require-specific-headers/).
 
 ## Use tenant control with Browser Isolation
 

From 48f965b4d09b56ffc80425c87adc740266ec5127 Mon Sep 17 00:00:00 2001
From: Max Phillips <mphillips@cloudflare.com>
Date: Wed, 26 Feb 2025 16:04:53 -0500
Subject: [PATCH 3/3] Apply suggestions from code review

Co-authored-by: Pedro Sousa <680496+pedrosousa@users.noreply.github.com>
---
 .../policies/gateway/http-policies/tenant-control.mdx         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
index 999d5071e227de7..7f564d15eb9f7e8 100644
--- a/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
+++ b/src/content/docs/cloudflare-one/policies/gateway/http-policies/tenant-control.mdx
@@ -99,9 +99,9 @@ You can include custom headers in an HTTP policy to allow your users through [Cl
 
    | Custom header name | Custom header value |
    | ------------------ | ------------------- |
-   | `Example-Header`   | `example-value`     |
+   | `X-Example-Header` | `example-value`     |
 
-2. In Cloudflare WAF, [create a custom rule](/waf/custom-rules/) to require the same [HTTP headers](/waf/custom-rules/use-cases/require-specific-headers/).
+2. In Cloudflare WAF, [create a custom rule](/waf/custom-rules/) to [require the same HTTP header](/waf/custom-rules/use-cases/require-specific-headers/#example-2-require-http-header-with-a-specific-value).
 
 ## Use tenant control with Browser Isolation