March 05, 2019 10:55PM
Stopping Drupal’s SA-CORE-2019-003 Vulnerability
Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....
Continue reading »
October 03, 2018 8:20PM
Announcing Firewall Rules
Security
Reliability
Firewall
WAF rule
Product News
Threat landscapes change every second. As attackers evolve, vulnerabilities materialise faster than engineers can patch systems becoming more dynamic and devious. Part of Cloudflare’s mission is to keep you and your applications safe....
April 20, 2018 4:14PM
Keeping Drupal sites safe with Cloudflare's WAF
WAF
Drupal
Vulnerabilities
WAF rule
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....
March 29, 2018 4:10AM
Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit
WAF rule
Drupal
Attacks
Vulnerabilities
WAF
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....
May 17, 2016 1:07PM
The Sleepy User Agent
WAF rule
WAF
SQL
Security
From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand why it appeared that some simple GET requests for their homepage were listed as blocked in WAF analytics....