WAF - The Cloudflare Blog

New! Rate Limiting analytics and throttling

September 19, 2023 2:00PM

Cloudflare Analytics can now suggest rate limiting threshold based on historic traffic patterns. Rate Limiting also supports a throttle behavior...

Application Security Report: Q2 2023

August 21, 2023 3:15PM

Cloudflare Radar Security WAF Bots DDoS

We are back with a quarterly update of our Application Security report. Read on to learn about new attack trends and insights visible from Cloudflare’s global network...

Unmasking the top exploited vulnerabilities of 2022

August 04, 2023 7:29PM

WAF Security CISA Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) just released a report highlighting the most commonly exploited vulnerabilities of 2022....

Announcing WAF Attack Score Lite and Security Analytics for business customers

March 15, 2023 1:00PM

Security Week WAF AI Security Zero Day Threats

We are making the machine learning empowered WAF and Security analytics view available to our Business plan customers, to help detect and stop attacks before they are known...

Radwa Radwan

The state of application security in 2023

March 14, 2023 1:00PM

Security Week Cloudflare Radar Security API WAF

One year ago we published our first Application Security Report. For Security Week 2023, we are providing updated insights and trends around mitigated traffic, bot and API traffic, and account takeover attacks....

January 04, 2023 2:00PM

How Cloudflare can help stop malware before it reaches your app

Today, we’re making the job of application security teams easier, by providing a content scanning engine integrated with our Web Application Firewall (WAF), so that malicious files being uploaded by end users, never reach origin servers in the first place...

By

Michael Tremante

WAF , Security , Malware

December 09, 2022 2:00PM

Stop attacks before they are known: making the Cloudflare WAF smarter

Today we are making the WAF smarter by increasing availability of our new machine learning powered enhancement, the WAF Attack Score!...

By

Radwa Radwan

WAF , WAF Attack Score , AI

September 27, 2022 3:15PM

Cloudflare named a Leader in WAF by Forrester

Forester has recognised Cloudflare as a Leader in The Forrester Wave™: Web Application Firewalls, Q3 2022 report. The report evaluated 12 Web Application Firewall (WAF) providers on 24 criteria across current offering, strategy and market presence....

By

Michael Tremante

WAF , Security , API Security , DDoS , Bot Management

September 19, 2022 2:30PM

Account WAF now available to Enterprise customers

Do you manage more than a single domain? If the answer is yes, now you can manage a single WAF configuration for all your enterprise domains...

By

Daniele Molteni

GA Week , General Availability , WAF , Rulesets , Enterprise

September 06, 2022 5:15PM

Cloudflare named a Leader by Gartner

Gartner has recognised Cloudflare as a Leader in the 2022 "Gartner® Magic Quadrant™ for Web Application and API Protection (WAAP)" report that evaluated 11 vendors for their ‘ability to execute’ and ‘completeness of vision’...

By

Michael Tremante

WAF , Security , API Security , DDoS , Bot Management

September 05, 2022 2:00PM

Improving the accuracy of our machine learning WAF using data augmentation and sampling

Data Generation and Augmentation methods to train an effective machine learning WAF...

By

Vikram Grover

WAF , Edge Inference , Data Science , AI

August 30, 2022 3:00PM

Introducing thresholds in Security Event Alerting: a z-score love story

Today we are excited to announce thresholds for our Security Event Alerts: a new and improved way of detecting anomalous spikes of security events on your Internet properties. By introducing a threshold, we are able to make alerts more accurate and only notify you when it truly matters...

By

Kristina Galicova

Notifications , Alerts , WAF , Product News , Security

July 07, 2022 1:57PM

New WAF intelligence feeds

Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule...

By

Daniele Molteni
, Jesse Kipp

Product News , Firewall Rules , WAF , Custom Rules , Threat Intelligence

June 05, 2022 9:54PM

Cloudflare observations of Confluence zero day (CVE-2022-26134)

On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability...

By

Vulnerabilities , WAF , Zero Day Threats