September 08, 2021 9:18 AM
How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released
On August 25, 2021, Atlassian released a security advisory affecting their Confluence application. The Cloudflare WAF soon after started mitigating an increase in malicious traffic to vulnerable endpoints ensuring customers remained protected....
July 01, 2021 5:53 PM
Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns
Today, we are making our Account Takeover Protection capabilities available to all paid plans at no additional charge....
March 07, 2021 12:47 AM
Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. ...
February 19, 2021 12:00 PM
Using HPKE to Encrypt Request Payloads
Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....
December 11, 2020 3:00 PM
Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)
Allowing logging for payloads that trigger the Web Application Firewall has always led to end-user privacy concerns. We built encrypted matched payload logging to solve this!...
July 07, 2020 5:04 PM
CVE-2020-5902: Helping to protect against the F5 TMUI RCE vulnerability
Cloudflare has deployed a new managed rule protecting customers against a remote code execution vulnerability that has been found in F5 BIG-IP’s web-based Traffic Management User Interface (TMUI)....
March 05, 2019 10:55 PM
Stopping Drupal’s SA-CORE-2019-003 Vulnerability
Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....
October 03, 2018 8:20 PM
Announcing Firewall Rules
Threat landscapes change every second. As attackers evolve, vulnerabilities materialise faster than engineers can patch systems becoming more dynamic and devious. Part of Cloudflare’s mission is to keep you and your applications safe....
April 20, 2018 4:14 PM
Keeping Drupal sites safe with Cloudflare's WAF
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....