WAF - The Cloudflare Blog

New WAF intelligence feeds

July 07, 2022 1:57PM

Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule...

Cloudflare observations of Confluence zero day (CVE-2022-26134)

June 05, 2022 9:54PM

Vulnerabilities WAF Zero Day Threats

On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability...

The end of the road for Cloudflare CAPTCHAs

April 01, 2022 2:31PM

Managed Challenge CAPTCHA WAF Security Bots

We decided we’re going to stop using CAPTCHAs. Before we talk about how we did it, and how you can help, let's first start with a simple question. Why in the world is CAPTCHA still used anyway?...

WAF mitigations for Spring4Shell

March 31, 2022 4:13PM

WAF Security CVE Vulnerabilities

Cloudflare Managed Ruleset updates for the recent vulnerabilities affecting the Java Spring framework and related software components...

WAF for everyone: protecting the web from high severity vulnerabilities

March 15, 2022 12:59PM

Security Week WAF Managed Rules Free

We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users...

Michael Tremante

March 15, 2022 12:59PM

Improving the WAF with Machine Learning

Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited...

By

Daniele Molteni

Security Week , WAF , Machine Learning

March 15, 2022 12:59PM

A new WAF experience

The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases...

By

Security Week , WAF , Firewall , Security , User Research

December 14, 2021 5:48PM

Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration

In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....

By

John Graham-Cumming
, Celso Martinho

Log4J , Log4Shell , Vulnerabilities , WAF , Security

December 10, 2021 9:24PM

Secure how your servers connect to the Internet today

The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack....

By

Sam Rhea

Cloudflare Zero Trust , Cloudflare One , Zero Trust , Cloudflare Gateway , Zero Day Threats

October 20, 2021 8:00PM

Traffic Sequence: Which Product Runs First?

Understand how Cloudflare product’s interact via the new dashboard addition ‘Traffic Sequence’....

By

Sam Marsh

WAF , Page Rules , Cloudflare Workers

June 15, 2021 3:42PM

Enable secure access to applications with Cloudflare WAF and Azure Active Directory

Cloudflare and Microsoft Azure Active Directory have partnered to provide an integration specifically for web applications using Azure Active Directory B2C...

By

Abhi Das
, Michael Tremante

Partners , Microsoft , WAF

May 11, 2021 2:00PM

Designing the new Cloudflare Web Application Firewall

The Cloudflare Web Application Firewall (WAF) protects websites and applications from malicious traffic attempting to exploit vulnerabilities in server software. It’s a critical piece of the broader security posture of your application....

By