Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in
A few hours ago, more details surfaced about the MS15-034 vulnerability. Simple PoC code has been widely published that will hang a Windows web server if sent a request with an HTTP Range header containing large byte offsets. We have rolled out a WAF rule that blocks these requests. Customers
On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF. This protection was enabled automatically and immediately starting blocking malicious requests. We had a number of requests for protection from Shellshock for all our customers, including those on the Free plan.
This morning, Stephane Chazelas disclosed a vulnerability in the program bash, the GNU Bourne-Again-Shell. This software is widely used, especially on Linux servers, such as the servers used to provide CloudFlare’s performance and security cloud services. This vulnerability is a serious risk to Internet infrastructure, as it allows remote
This blog post originally appeared as a guest post on the Rackspace blog An attack on your site could be catastrophic. Even a small attack can have major implications. Responding quickly to an attack is imperative. In August 2013, we at CloudFlare rolled out a new global Web Application Firewall