The Cloudflare Blog

Subscribe to receive notifications of new posts:

CloudFlare sites protected from httpoxy

2016-07-18

Ben Cartwright-Cox

1 min read

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy.

This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to.

By default httpoxy requests are modified to be harmless and then request is allowed through, however customers who want to outright block those requests can also use the Web Application Firewall rule 100050 in CloudFlare Specials to block requests that could lead to the httpoxy vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Attacks Bugs Vulnerabilities Security API

Follow on X

Cloudflare|@cloudflare

October 29, 2024 2:00 PM

Migrating billions of records: moving our active DNS database while it’s in use

DNS records have moved to a new database, bringing improved performance and reliability to all customers....

Alex Fattouche,
Corey Horton

DNS, API, Database, Kafka, Postgres, Tracing, Quicksilver

October 23, 2024 1:05 PM

4.2 Tbps of bad packets and a whole lot more: Cloudflare's Q3 DDoS report

The number of DDoS attacks spiked in the third quarter of 2024. Cloudflare mitigated nearly 6 million DDoS attacks, representing a 49% increase QoQ and 55% increase YoY....

Omer Yoachimik,
Jorge Pacheco

DDoS Reports, DDoS, Advanced DDoS, Cloudflare Radar, Attacks

October 08, 2024 1:00 PM

Cloudflare acquires Kivera to add simple, preventive cloud security to Cloudflare One

The acquisition and integration of Kivera broadens the scope of Cloudflare’s SASE platform beyond just apps, incorporating increased cloud security through proactive configuration management of cloud services. ...

Data Protection, Acquisitions, Email Security, Cloud Email Security, SASE, Zero Trust, Security, Product News, Cloudflare One

October 06, 2024 11:00 PM

Enhance your website's security with Cloudflare’s free security.txt generator

Introducing Cloudflare’s free security.txt generator, empowering all users to easily create and manage their security.txt files. This feature enhances vulnerability disclosure processes, aligns with industry standards, and is integrated into the dashboard for seamless access. Strengthen your website's security today!...

Alexandra Moraru,
Sam Khawasé

Better Internet, Security Posture, Security, Standards, security.txt