The Cloudflare Blog

Subscribe to receive notifications of new posts:

CloudFlare sites protected from httpoxy

2016-07-18

Ben Cartwright-Cox

1 min read

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy.

This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to.

By default httpoxy requests are modified to be harmless and then request is allowed through, however customers who want to outright block those requests can also use the Web Application Firewall rule 100050 in CloudFlare Specials to block requests that could lead to the httpoxy vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Attacks Bugs Vulnerabilities Security API

Follow on X

Cloudflare|@cloudflare

July 29, 2024 1:00 PM

Avoiding downtime: modern alternatives to outdated certificate pinning practices

The number of outages caused by certificate pinning is increasing. We’ll explore why certificate pinning hasn’t kept up with modern standards and recommend alternatives to improve security while reducing management overhead...

Dina Kozlov

Security, Network Services, Certificate Pinning, TLS, SSL, Certificate Transparency

July 11, 2024 5:00 PM

Application Security report: 2024 update

Cloudflare’s updated 2024 view on Internet cyber security trends spanning global traffic insights, bot traffic insights, API traffic insights, and client-side risks...

Application Security, WAF, Bot Management, API

July 09, 2024 1:00 PM

DDoS threat report for 2024 Q2

Welcome to the 18th edition of the Cloudflare DDoS Threat Report. Released quarterly, these reports provide an in-depth analysis of the DDoS threat landscape as observed across the Cloudflare network. This edition focuses on the second quarter of 2024...

Omer Yoachimik,
Jorge Pacheco

DDoS Reports, Cloudflare Radar, Attacks, DNS Flood, Trends, SYN Flood, Ransom Attacks

July 09, 2024 12:00 PM

RADIUS/UDP vulnerable to improved MD5 collision attack

The RADIUS protocol is commonly used to control administrative access to networking gear. Despite its importance, RADIUS hasn’t changed much in decades. We discuss an attack on RADIUS as a case study for why it’s important for legacy protocols to keep up with advancements in cryptography...

Vulnerabilities