WAF - The Cloudflare Blog (Page 2)

March 29, 2021 2:00PM

A new Cloudflare Web Application Firewall

Today we are announcing a new Cloudflare Web Application Firewall for all Cloudflare paid zone customers....

Michael Tremante

March 07, 2021 12:47AM

Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server....

February 19, 2021 12:00PM

Using HPKE to Encrypt Request Payloads

WAF WAF Rules Security Firewall Crypto

Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....

January 14, 2021 5:00PM

Holistic web protection: industry recognition for a prolific 2020

Bot Management Speed & Reliability Security WAF DDoS Firewall

Today we’re excited to announce that Frost & Sullivan has named Cloudflare the Innovation Leader in their Frost Radar™: Global Holistic Web Protection Market Report....

Patrick R. Donahue

December 11, 2020 3:00PM

Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)

Privacy Week WAF WAF Rules Security Firewall

Allowing logging for payloads that trigger the Web Application Firewall has always led to end-user privacy concerns. We built encrypted matched payload logging to solve this!...

Michael Tremante

September 24, 2020 12:00PM

Building even faster interpreters in Rust

Firewall Rules lets customers filter the traffic hitting their site, powered by our Wirefilter engine. We’re excited to share some in-depth optimizations we have recently made to improve the performance of our edge....

By

Zak Cutner

Firewall , Performance , Rust , SIMD , WAF

July 01, 2020 12:00PM

Making the WAF 40% faster

As with all Cloudflare security products, the WAF is designed to not sacrifice performance for security, but there is always room for improvement. This blog post provides a brief overview of the latest performance improvements that were rolled out to our customers....

By

Miguel de Moura

WAF , Performance

September 28, 2019 11:54PM

Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin

Cloudflare has released a new rule as part of its Cloudflare Specials Rulesets, to protect our customers against a high-severity vulnerability in vBulletin. A new zero-day vulnerability was discovered for vBulletin, a proprietary Internet forum software....

By

Alex Cruz Farmer
, Arun Singh

Vulnerabilities , vBulletin , WAF , Security

August 22, 2019 2:00PM

Supercharging Firewall Events for Self-Serve

Today, I’m very pleased to announce the release of a completely overhauled version of our Firewall Event log to our Free, Pro and Business customers. This new Firewall Events log is now available in your Dashboard, and you are not required to do anything to receive this new capability....

By

Alex Cruz Farmer

Product News , Firewall , Security , WAF , Dashboard

May 28, 2019 7:45PM

Stopping SharePoint’s CVE-2019-0604

On Saturday, 11th May 2019, we got the news of a critical web vulnerability being actively exploited in the wild by advanced persistent threats (APTs), affecting Microsoft’s SharePoint server (versions 2010 through 2019)....

By

Georgie Yoxall

WAF , Vulnerabilities , Security

March 20, 2019 1:00PM

Preventing Request Loops Using CDN-Loop

HTTP requests typically originate with a client, and end at a web server that processes the request and returns some response. Such requests may pass through multiple proxies before they arrive at the requested resource....

By

Alex Davidson

Request Loops , Attacks , WAF , Security , Speed & Reliability

March 05, 2019 10:55PM

Stopping Drupal’s SA-CORE-2019-003 Vulnerability

Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....

By

Richard Sommerville

Drupal , WAF , WAF Rules , Security , Vulnerabilities

March 04, 2019 1:00PM

How we made Firewall Rules

Recently we launched Firewall Rules, a new feature that allows you to construct expressions that perform complex matching against HTTP requests and then choose how that traffic is handled....

By

David Kitchen

Firewall , Page Rules , Rust , Security , WAF

March 01, 2019 10:00AM

New Firewall Tab and Analytics

At Cloudflare, one of our top priorities is to make our products and services intuitive so that we can enable customers to accelerate and protect their Internet properties. We're excited to launch two improvements designed to make our Firewall easier to use and more accessible....

By

Alex Cruz Farmer

WAF , Analytics , Firewall