The Cloudflare Blog

Subscribe to receive notifications of new posts:

CloudFlare sites protected from httpoxy

2016-07-18

Ben Cartwright-Cox

1 min read

We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy.

This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to.

By default httpoxy requests are modified to be harmless and then request is allowed through, however customers who want to outright block those requests can also use the Web Application Firewall rule 100050 in CloudFlare Specials to block requests that could lead to the httpoxy vulnerability.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Attacks Bugs Vulnerabilities Security API

Follow on X

Cloudflare|@cloudflare

October 29, 2025 1:00 PM

Defending QUIC from acknowledgement-based DDoS attacks

We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the "Optimistic ACK" attack vector and our solution, which dynamically skips packet numbers to validate client behavior. ...

Research, QUIC, Protocols, Vulnerabilities, Security

October 29, 2025 1:00 PM

One IP address, many users: detecting CGNAT to reduce collateral effects

IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic. We introduce the method we’ve developed to detect large-scale IP sharing globally and mitigate the issues that result. ...

Vasilis Giotsas,
Marwan Fayed

Research, WAF, Web Application Firewall, Better Internet, Security, Bots, IPv4, Network Services

October 28, 2025 1:00 PM

Keeping the Internet fast and secure: introducing Merkle Tree Certificates

Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships....

Post-Quantum, Research, Cryptography, Security, TLS, Chrome, Google, IETF, Transparency, Rust, Open Source, Cloudflare Workers

October 27, 2025 12:00 PM

Making the Internet observable: the evolution of Cloudflare Radar

Cloudflare Radar has evolved significantly since its 2020 launch, offering deeper insights into Internet security, routing, and traffic with new tools and data that help anyone understand what's happening online....

David Belson

Research, Radar, AI, Routing, API