Drupal - The Cloudflare Blog

March 05, 2019 10:55PM

Stopping Drupal’s SA-CORE-2019-003 Vulnerability

Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....

Richard Sommerville

April 20, 2018 5:14PM

Keeping Drupal sites safe with Cloudflare's WAF

WAF Drupal Vulnerabilities WAF rule

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....

Maitane Zotes

March 29, 2018 5:10AM

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

WAF rule Drupal Attacks Vulnerabilities WAF

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....

Pasha Kravtsov

May 21, 2015 11:10PM

Welcome Acquia!

Partners SXSW DDoS Drupal Reliability

We’ve had the good fortune to share many great experiences with the Acquia team over the last few years. From breaking bread with founder and CTO Dries Buytaert at SXSW, to staying up late with their incredible team onboarding a joint customer under a DDoS attack....

Maria Karaivanova

October 16, 2014 10:05AM

Drupal 7 SA-CORE-2014-005 SQL Injection Protection

Vulnerabilities Drupal SQL WAF

Yesterday the Drupal Security Team released a critical security patch for Drupal 7 that fixes a very serious SQL injection vulnerability....

John Graham-Cumming