The Cloudflare Blog

Subscribe to receive notifications of new posts:

CloudFlare sites protected from httpoxy

2016-07-18

Ben Cartwright-Cox

1 min read

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy.

This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to.

By default httpoxy requests are modified to be harmless and then request is allowed through, however customers who want to outright block those requests can also use the Web Application Firewall rule 100050 in CloudFlare Specials to block requests that could lead to the httpoxy vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Attacks Bugs Vulnerabilities Security API

Follow on X

Cloudflare|@cloudflare

March 04, 2026 3:00 PM

Always-on detections: eliminating the WAF “log versus block” trade-off

Cloudflare is introducing Attack Signature Detection and Full-Transaction Detection to provide continuous, high-fidelity security insights without the manual tuning of traditional WAFs. By correlating request payloads with server responses, we can now identify successful exploits and data exfiltration while minimizing false positives....

Daniele Molteni

WAF, WAF Rules, Managed Rules, Vulnerabilities, Security Analytics

March 03, 2026 6:00 AM

How Cloudy translates complex security into human action

Cloudy is our LLM-powered explanation layer built directly into Cloudflare One. Its explanations, now part of Phishnet and API CASB, can improve user decisions and SOC efficiency....

Ayush Kumar,
Alex Dunbrack

Email Security, Security, Cloudflare One, CASB

March 03, 2026 6:00 AM

From reactive to proactive: closing the phishing gap with LLMs

Email security is a constant arms race. Like WWII engineers reinforcing only the planes that returned, survivorship bias hides real gaps. But LLMs can help us find the invisible weaknesses....

Sebastian Alovisi,
Ayush Kumar

Email Security, Security, Cloudflare One, Zero Trust

February 27, 2026 6:00 AM

Bringing more transparency to post-quantum usage, encrypted messaging, and routing security

Cloudflare Radar has added new tools for monitoring PQ adoption, KT logs for messaging, and ASPA routing records to track the Internet's migration toward more secure encryption and routing standards. ...

Radar, Security, Privacy, Post-Quantum, Routing, Research