WAF rule - The Cloudflare Blog

March 05, 2019 10:55PM

Stopping Drupal’s SA-CORE-2019-003 Vulnerability

Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....

Richard Sommerville

October 03, 2018 8:20PM

Announcing Firewall Rules

Security Reliability Firewall WAF rule Product News

Threat landscapes change every second. As attackers evolve, vulnerabilities materialise faster than engineers can patch systems becoming more dynamic and devious. Part of Cloudflare’s mission is to keep you and your applications safe....

Alex Cruz Farmer

April 20, 2018 4:14PM

Keeping Drupal sites safe with Cloudflare's WAF

WAF Drupal Vulnerabilities WAF rule

Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....

Maitane Zotes

March 29, 2018 4:10AM

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

WAF rule Drupal Attacks Vulnerabilities WAF

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....

Pasha Kravtsov

May 17, 2016 1:07PM

The Sleepy User Agent

WAF rule WAF SQL Security

From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand why it appeared that some simple GET requests for their homepage were listed as blocked in WAF analytics....

John Graham-Cumming

May 09, 2016 10:47PM

python-cloudflare

API WAF rule WAF DNSSEC DNS Python Programming

Very early on in the company’s history we decided that everything that CloudFlare does on behalf of its customer-base should be controllable via an API. In fact, when you login to the CloudFlare control panel, you’re really just making API calls to our backend services....

Martin J Levy

May 09, 2016 1:34PM

Inside ImageTragick: The Real Payloads Being Used to Hack Websites

WAF rule WAF Vulnerabilities Reliability Security

Last week multiple vulnerabilities were made public in the popular image manipulation software, ImageMagick. These were quickly named ImageTragick....

John Graham-Cumming

April 25, 2015 3:57AM

New Magento WAF Rule – RCE Vulnerability Protection

Vulnerabilities WAF rule Reliability WAF

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform....

Peter Dumanian

April 15, 2015 1:48PM

Protection against critical Windows vulnerability (CVE-2015-1635)

Vulnerabilities WAF rule WAF

A few hours ago, more details surfaced about the MS15-034 vulnerability. Simple PoC code has been widely published that will hang a Windows web server if sent a request with an HTTP Range header containing large byte offsets....

Ben Cartwright-Cox

September 24, 2014 5:12PM

Bash vulnerability CVE-2014-6271 patched

WAF rule Vulnerabilities

This morning, Stephane Chazelas [disclosed](http://seclists.org/oss-sec/2014/q3/649) a vulnerability in the program bash, the GNU Bourne-Again-Shell....