Stopping Drupal’s SA-CORE-2019-003 Vulnerability
March 05, 2019 10:55PM
Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....
Continue reading »
Keeping Drupal sites safe with Cloudflare's WAF
April 20, 2018 5:14PM
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....
Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit
March 29, 2018 5:10AM
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....
May 21, 2015 11:10PM
We’ve had the good fortune to share many great experiences with the Acquia team over the last few years. From breaking bread with founder and CTO Dries Buytaert at SXSW, to staying up late with their incredible team onboarding a joint customer under a DDoS attack....
Drupal 7 SA-CORE-2014-005 SQL Injection Protection
October 16, 2014 10:05AM
Yesterday the Drupal Security Team released a critical security patch for Drupal 7 that fixes a very serious SQL injection vulnerability....
October 14, 2014 1:16PM
Automatic protection for common web platforms
If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it's worth checking if the relevant CloudFlare WAF ruleset is enabled....