WAF - The Cloudflare Blog

Cloudflare named a Leader in WAF by Forrester

September 27, 2022 3:15PM

Forester has recognised Cloudflare as a Leader in The Forrester Wave™: Web Application Firewalls, Q3 2022 report. The report evaluated 12 Web Application Firewall (WAF) providers on 24 criteria across current offering, strategy and market presence....

Michael Tremante

Account WAF now available to Enterprise customers

September 19, 2022 2:30PM

GA Week General Availability WAF Rulesets Enterprise

Do you manage more than a single domain? If the answer is yes, now you can manage a single WAF configuration for all your enterprise domains...

Daniele Molteni

Cloudflare named a Leader by Gartner

September 06, 2022 5:15PM

WAF Security API Security DDoS Bot Management

Gartner has recognised Cloudflare as a Leader in the 2022 "Gartner® Magic Quadrant™ for Web Application and API Protection (WAAP)" report that evaluated 11 vendors for their ‘ability to execute’ and ‘completeness of vision’...

Michael Tremante

Improving the accuracy of our machine learning WAF using data augmentation and sampling

September 05, 2022 2:00PM

WAF Machine Learning Edge Inference Data Science

Data Generation and Augmentation methods to train an effective machine learning WAF...

Vikram Grover

Introducing thresholds in Security Event Alerting: a z-score love story

August 30, 2022 3:00PM

Notifications Alerts WAF Product News Security

Today we are excited to announce thresholds for our Security Event Alerts: a new and improved way of detecting anomalous spikes of security events on your Internet properties. By introducing a threshold, we are able to make alerts more accurate and only notify you when it truly matters...

Kristina Galicova

July 07, 2022 1:57PM

New WAF intelligence feeds

Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule...

By

Daniele Molteni
, Jesse Kipp

Product News , Firewall Rules , WAF , Custom Rules , Threat Intelligence

June 05, 2022 9:54PM

Cloudflare observations of Confluence zero day (CVE-2022-26134)

On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability...

By

Vulnerabilities , WAF , Zero Day Threats

April 01, 2022 2:31PM

The end of the road for Cloudflare CAPTCHAs

We decided we’re going to stop using CAPTCHAs. Before we talk about how we did it, and how you can help, let's first start with a simple question. Why in the world is CAPTCHA still used anyway?...

By

Reid Tatoris
, Benedikt Wolters

Managed Challenge , CAPTCHA , WAF , Security , Bots

March 31, 2022 4:13PM

WAF mitigations for Spring4Shell

Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...

By

Michael Tremante
, Himanshu Anand

WAF , Security , CVE , Vulnerabilities

March 15, 2022 12:59PM

WAF for everyone: protecting the web from high severity vulnerabilities

We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users...

By

Michael Tremante

Security Week , WAF , Managed Rules , Free

March 15, 2022 12:59PM

Improving the WAF with Machine Learning

Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited...

By

Daniele Molteni

Security Week , WAF , Machine Learning

March 15, 2022 12:59PM

A new WAF experience

The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases...

By

Security Week , WAF , Firewall , Security , User Research

December 14, 2021 5:48PM

Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration

In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....

By

John Graham-Cumming
, Celso Martinho

Log4J , Log4Shell , Vulnerabilities , WAF , Security

December 10, 2021 9:24PM

Secure how your servers connect to the Internet today

The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack....

By

Sam Rhea

Cloudflare Zero Trust , Cloudflare One , Zero Trust , Cloudflare Gateway , Zero Day Threats