Inside ImageTragick: The Real Payloads Being Used to Hack Websites
May 09, 2016 1:34 PM
Last week multiple vulnerabilities were made public in the popular image manipulation software, ImageMagick. These were quickly named ImageTragick. ...
Preventing Malicious Request Loops
January 21, 2016 2:05 PM
The web is an collaborative ecosystem. Web standards exist to ensure that participants of the network behave in a predictable way....
Simple Helix chooses CloudFlare to ignite white-hot Magento performance
September 01, 2015 5:04 PM
Some months ago, we made a big bet on partnering with CloudFlare for performance improvements and website security for our Magento hosting customers. Customer experience is core to our business and relying on another company is a major deal. ...
Blue Light Special: Ensuring fast global configuration changes
July 03, 2015 1:41 PM
CloudFlare operates a huge global network of servers that proxy our customers' web sites, operate as caches, inspect requests to ensure they are not malicious, deflect DDoS attacks and handle one of the largest authoritative DNS systems in the world. ...
New Magento WAF Rule – RCE Vulnerability Protection
April 25, 2015 3:57 AM
Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform....
MORE POSTS
October 16, 2014 9:05 AM
Drupal 7 SA-CORE-2014-005 SQL Injection Protection
Yesterday the Drupal Security Team released a critical security patch for Drupal 7 that fixes a very serious SQL injection vulnerability....
- By
October 14, 2014 12:16 PM
Automatic protection for common web platforms
If you are a CloudFlare Pro or above customer you enjoy the protection of the CloudFlare WAF. If you use one of the common web platforms, such as WordPress, Drupal, Plone, WHMCS, or Joomla, then it's worth checking if the relevant CloudFlare WAF ruleset is enabled....
- By
September 29, 2014 3:47 AM
Shellshock protection enabled for all customers
On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF....
- By
June 04, 2014 8:00 AM
CloudFlare is PCI Certified
Great news for everyone using CloudFlare on an e-commerce site, or a site accepting or processing credit card transactions. After undergoing a Payment Card Industry (PCI) Data Security Standard (DSS) 2.0 security control assessment, we’ve been certified as a Level 1 service provi...
- By
March 11, 2014 4:00 PM
WordPress Pingback Attacks and our WAF
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall....
- By
January 21, 2014 4:00 PM
Protect Your Sites With Rapidly Deployed WAF Rules
An attack on your site could be catastrophic. Even a small attack can have major implications. Responding quickly to an attack is imperative. ...
- By
October 03, 2013 11:00 AM
Patching a WHMCS zero day on day zero
A critical zero-day vulnerability was published today affecting any hosting provider using WHMCS. As part of building a safer web, CloudFlare has added a ruleset to our Web Application Firewall (WAF) to block the published attack vector....
- By
August 23, 2013 5:31 AM
CloudFlare's new WAF: compiling to Lua
We use nginx throughout our network for front-line web serving, proxying and traffic filtering. In some cases, we've augmented the core C code of nginx with our own modules, but recently we've made a major move to using Lua in conjunction with nginx. One project that's now almo...
- By
August 19, 2013 6:00 AM
Heuristics and Rules: Why We Built a New Old WAF
We just rolled out an update to CloudFlare's Web Application Firewall (WAF). Previously, CloudFlare's WAF has received criticism from people who have tested it and found that it didn't behave as traditional WAFs are expected to. ...
- By