Subscribe to receive notifications of new posts:

CloudFlare sites protected from httpoxy

2016-07-18

1 min read

CC BY 2.0 image by Joe Seggiola

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy.

This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to.

By default httpoxy requests are modified to be harmless and then request is allowed through, however customers who want to outright block those requests can also use the Web Application Firewall rule 100050 in CloudFlare Specials to block requests that could lead to the httpoxy vulnerability.

AttacksBugsVulnerabilitiesSecurityAPI

Follow on X

Cloudflare|@cloudflare

Related posts

July 13, 2026

Introducing Precursor: detecting agentic behavior with continuous client-side signals

Precursor, our new continuous behavioral validation engine for bot management, offers visibility into how humans and bots actually interact across the full user journey. By turning session-level behavior into bot detection signals, it identifies advanced automation with higher precision — while reducing friction for legitimate users....