Get notified when your site is under attack
2021-12-03
Cloudflare can now send proactive notifications about any application security event spike, so you are warned whenever an attack might be targeting your application....
Helping Apache Servers stay safe from zero-day path traversal attacks (CVE-2021-41773)
2021-10-08
On September 29th 2021, the Apache Security team was alerted of a path traversal vulnerability being actively exploited (zero-day) against Apache HTTP Server version 2.4.49. Customers running the affected Apache version, should update to 2.5.51 as soon as possible....
How Cloudflare helped mitigate the Atlassian Confluence OGNL vulnerability before the PoC was released
2021-09-08
On August 25, 2021, Atlassian released a security advisory affecting their Confluence application. The Cloudflare WAF soon after started mitigating an increase in malicious traffic to vulnerable endpoints ensuring customers remained protected....
Account Takeover Protection and WAF mitigations to help stop Global Brute Force Campaigns
2021-07-01
Today, we are making our Account Takeover Protection capabilities available to all paid plans at no additional charge....
Enable secure access to applications with Cloudflare WAF and Azure Active Directory
2021-06-15
Cloudflare and Microsoft Azure Active Directory have partnered to provide an integration specifically for web applications using Azure Active Directory B2C...
Cloudflare’s WAF is recognized as customers’ choice for 2021
2021-03-30
Cloudflare has been recognised as Gartner Peer Insights Customers’ Choice for WAF vendor in 2021 by Gartner....
End User Security: Account Takeover Protections with Cloudflare
2021-03-30
End-user account security is always a top priority, but a hard problem to solve. In this post, we provide a summary of all the Cloudflare features that can help....
A new Cloudflare Web Application Firewall
2021-03-29
Today we are announcing a new Cloudflare Web Application Firewall for all Cloudflare paid zone customers....
Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)
2020-12-11
Allowing logging for payloads that trigger the Web Application Firewall has always led to end-user privacy concerns. We built encrypted matched payload logging to solve this!...
CVE-2020-5902: Helping to protect against the F5 TMUI RCE vulnerability
2020-07-07
Cloudflare has deployed a new managed rule protecting customers against a remote code execution vulnerability that has been found in F5 BIG-IP’s web-based Traffic Management User Interface (TMUI)....
Logs from the Edge
2018-11-29
With Cloudflare Workers, it is possible to send traffic logs to arbitrary locations. In this post we are going to discuss an example Worker implementation on how to achieve this. So if you are building or maintaining your own traffic logging/analytics environment, read on....
Token Authentication for Cached Private Content and APIs
2017-01-10
While working to make the Internet a better place, we also want to make it easier for our customers to have control of their content and APIs, and who has access to them. Using Cloudflare’s Token Authentication features, customers can implement access control via URL tokens or HTTP request headers....