Improving the accuracy of our machine learning WAF using data augmentation and sampling
September 05, 2022 1:00 PM
Data Generation and Augmentation methods to train an effective machine learning WAF...
Introducing thresholds in Security Event Alerting: a z-score love story
August 30, 2022 2:00 PM
Today we are excited to announce thresholds for our Security Event Alerts: a new and improved way of detecting anomalous spikes of security events on your Internet properties. By introducing a threshold, we are able to make alerts more accurate and only notify you when it truly matters...
New WAF intelligence feeds
July 07, 2022 12:57 PM
Cloudflare is expanding our WAF’s threat intelligence capabilities by adding four new managed IP lists that can be used as part of any custom firewall rule...
Cloudflare observations of Confluence zero day (CVE-2022-26134)
June 05, 2022 8:54 PM
On 2022-06-02 at 20:00 UTC Atlassian released a Security Advisory relating to a remote code execution (RCE) vulnerability affecting Confluence Server and Confluence Data Center products. This post covers our current analysis of this vulnerability...
The end of the road for Cloudflare CAPTCHAs
April 01, 2022 1:31 PM
We decided we’re going to stop using CAPTCHAs. Before we talk about how we did it, and how you can help, let's first start with a simple question. Why in the world is CAPTCHA still used anyway?...
MORE POSTS
March 15, 2022 12:59 PM
WAF for everyone: protecting the web from high severity vulnerabilities
We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users...
- By
March 15, 2022 12:59 PM
Improving the WAF with Machine Learning
Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited...
- By
March 15, 2022 12:59 PM
A new WAF experience
The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases...
- By
December 14, 2021 5:48 PM
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
- By
December 10, 2021 9:24 PM
Secure how your servers connect to the Internet today
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
- By
October 20, 2021 7:00 PM
Traffic Sequence: Which Product Runs First?
Understand how Cloudflare product’s interact via the new dashboard addition ‘Traffic Sequence’....
- By
June 15, 2021 2:42 PM
Enable secure access to applications with Cloudflare WAF and Azure Active Directory
Cloudflare and Microsoft Azure Active Directory have partnered to provide an integration specifically for web applications using Azure Active Directory B2C...
- By
May 11, 2021 1:00 PM
Designing the new Cloudflare Web Application Firewall
The Cloudflare Web Application Firewall (WAF) protects websites and applications from malicious traffic attempting to exploit vulnerabilities in server software. It’s a critical piece of the broader security posture of your application....
- By
March 30, 2021 3:30 PM
Cloudflare’s WAF is recognized as customers’ choice for 2021
Cloudflare has been recognised as Gartner Peer Insights Customers’ Choice for WAF vendor in 2021 by Gartner....
- By
March 29, 2021 1:00 PM
A new Cloudflare Web Application Firewall
Today we are announcing a new Cloudflare Web Application Firewall for all Cloudflare paid zone customers....
- By
March 07, 2021 12:47 AM
Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. ...
- By
February 19, 2021 12:00 PM
Using HPKE to Encrypt Request Payloads
Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....
- By
January 14, 2021 5:00 PM
Holistic web protection: industry recognition for a prolific 2020
Today we’re excited to announce that Frost & Sullivan has named Cloudflare the Innovation Leader in their Frost Radar™: Global Holistic Web Protection Market Report....
- By
December 11, 2020 3:00 PM
Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)
Allowing logging for payloads that trigger the Web Application Firewall has always led to end-user privacy concerns. We built encrypted matched payload logging to solve this!...
- By