Shellshock protection enabled for all customers

Published on by John Graham-Cumming.

On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF. This protection was enabled automatically and immediately starting blocking malicious requests. We had a number of requests for protection from Shellshock for all our customers, including those on the Free plan.

Bash vulnerability CVE-2014-6271 patched

Published on by Ryan Lackey.

This morning, Stephane Chazelas disclosed a vulnerability in the program bash, the GNU Bourne-Again-Shell. This software is widely used, especially on Linux servers, such as the servers used to provide CloudFlare’s performance and security cloud services. This vulnerability is a serious risk to Internet infrastructure, as it allows remote