The Cloudflare Blog

Subscribe to receive notifications of new posts:

CloudFlare sites protected from httpoxy

2016-07-18

Ben Cartwright-Cox

1 min read

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy.

This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to.

By default httpoxy requests are modified to be harmless and then request is allowed through, however customers who want to outright block those requests can also use the Web Application Firewall rule 100050 in CloudFlare Specials to block requests that could lead to the httpoxy vulnerability.

Attacks Bugs Vulnerabilities Security API

Follow on X

Cloudflare|@cloudflare

May 07, 2026

How Cloudflare responded to the “Copy Fail” Linux vulnerability

When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation....

Linux, Security, Incident Response, Kernel, Vulnerabilities, Mitigation, eBPF

April 30, 2026

Post-quantum encryption for Cloudflare IPsec is generally available

Cloudflare IPsec now has generally available support for post-quantum encryption via hybrid ML-KEM. We’ve confirmed interoperability with Cisco and Fortinet....

Sharon Goldberg,
Amos Paul

Post-Quantum, IPsec, Cryptography, Security, Magic WAN, Networking

April 20, 2026

Building the agentic cloud: everything we launched during Agents Week 2026

Agents Week 2026 is a wrap. Let’s take a look at everything we announced, from compute and security to the agent toolbox, platform tools, and the emerging agentic web. Everything we shipped for the agentic cloud. ...

Ming Lu,
Anni Wang

Agents Week, Agents, AI, Durable Objects, Cloudflare Workers, SDK, Browser Run, Cloudflare Access, Browser Rendering, MCP, Developer Platform, Developers, Sandbox, LLM, Cloudflare Gateway, Workers AI, Product News, API

April 15, 2026

Register domains wherever you build: Cloudflare Registrar API now in beta

The Cloudflare Registrar API is now in beta. Developers and AI agents can search, check availability, and register domains at cost directly from their editor, their terminal, or their agent — without leaving their workflow....

Ankit Shah,
Carlos Armada

Registrar, Developers, AI, API, Developer Platform, Agents, Agents Week