Get Started Free | Contact Sales: +1 (888) 274-3482

The Cloudflare Blog

Subscribe to receive notifications of new posts:

Subscription confirmed. Thank you for subscribing!

New Magento WAF Rule – RCE Vulnerability Protection

Peter Dumanian

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately.

CloudFlare Magento Rule

Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are compromised by this vulnerability. CloudFlare WAF protection can help mitigate vulnerabilities like this, but it is vital that Magento users patch Magento immediately. Select and download the patch for SUPEE-5344.

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Vulnerabilities WAF Rules Reliability WAF

Follow on Twitter

Cloudflare |Cloudflare

December 10, 2021 11:39AM

CVE-2021-44228 - Log4j RCE 0-day mitigation

A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible....

Gabriel Gabor
, Andre Bluehs

Vulnerabilities , Zero Day Threats , WAF Rules , Security , Log4J

May 09, 2016 11:47PM

python-cloudflare

Very early on in the company’s history we decided that everything that CloudFlare does on behalf of its customer-base should be controllable via an API. In fact, when you login to the CloudFlare control panel, you’re really just making API calls to our backend services....

Martin J Levy

API , WAF Rules , WAF , DNSSEC , DNS

December 15, 2021 1:56PM

Protection against CVE-2021-45046, the additional Log4j RCE vulnerability

This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page....

Gabriel Gabor
, Andre Bluehs

Log4J , Log4Shell , WAF Rules , Security , Vulnerabilities

December 10, 2021 6:36PM

Inside the Log4j2 vulnerability (CVE-2021-44228)

In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....

John Graham-Cumming

Vulnerabilities , Zero Day Threats , Security , WAF Rules , Log4J