WAF Rules - The Cloudflare Blog

Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)

October 08, 2021 11:29AM

On September 29th 2021, the Apache Security team was alerted of a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. Customers running the affected Apache version, should update to 2.5.51 as soon as possible....

Michael Tremante

How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released

September 08, 2021 10:18AM

WAF Rules Security Vulnerabilities Cloudflare Access

On August 25, 2021, Atlassian released a security advisory affecting their Confluence application. The Cloudflare WAF soon after started mitigating an increase in malicious traffic to vulnerable endpoints ensuring customers remained protected....

Michael Tremante

Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns

July 01, 2021 6:53PM

WAF Rules Security Firewall Exposed Credentials Research

Today, we are making our Account Takeover Protection capabilities available to all paid plans at no additional charge....

Michael Tremante

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

March 07, 2021 12:47AM

Vulnerabilities WAF WAF Rules

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server....

Using HPKE to Encrypt Request Payloads

February 19, 2021 12:00PM

WAF WAF Rules Security Firewall Crypto

Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....