The Cloudflare Blog

Subscribe to receive notifications of new posts:

Shellshock protection enabled for all customers

2014-09-29

John Graham-Cumming

1 min read

On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF. This protection was enabled automatically and immediately starting blocking malicious requests.

We had a number of requests for protection from Shellshock for all our customers, including those on the Free plan.

After observing the actual Shellshock traffic across our network and after seeing the true severity of the vulnerability become clear, we've built and tested a special Basic ShellShock Protection for all customers.

That protection is now operating and enabled for every CloudFlare customer (Free, Pro, Business and Enterprise). Paying customers have the additional protection of more complex Shellshock rules in the CloudFlare WAF.

Every CloudFlare customer is now being protected from the most common attack vectors based on the Shellshock problem and paying customers continue to have the more advanced protection that was rolled out yesterday.

Cloudflare's connectivity cloud protects entire corporate networks, helps customers build Internet-scale applications efficiently, accelerates any website or Internet application, wards off DDoS attacks, keeps hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

WAF

Follow on X

Cloudflare|@cloudflare

March 20, 2025 2:00 PM

Cloudflare named a leader in Web Application Firewall Solutions in 2025 Forrester report

Forrester Research has recognized Cloudflare as a Leader in its The Forrester Wave™: Web Application Firewall Solutions, Q1 2025 report....

Daniele Molteni

Security Week, Application Security, WAF, Web Application Firewall, API Security, Forrester

March 20, 2025 1:10 PM

Introducing Cloudy, Cloudflare’s AI agent for simplifying complex configurations

Cloudflare’s first AI agent, Cloudy, helps make complicated configurations easy to understand for Cloudflare administrators....

Alex Dunbrack,
Harsh Saxena

Workers AI, Cloudflare Workers, Developer Platform, Developers, LLM, WAF, Cloudflare One, Zero Trust, Cloudflare Zero Trust, SASE, Secure Web Gateway, Beta, Network Services

March 20, 2025 1:00 PM

Making Application Security simple with a new unified dashboard experience

We’re introducing a new Application Security experience in the Cloudflare dashboard, with a reworked UI organized by use cases, making it easier for customers to navigate and secure their accounts....

Security Week, Application Security, Dashboard, WAF, Bot Management

February 07, 2025 8:13 PM

Resolving a Mutual TLS session resumption vulnerability

Cloudflare patched a Mutual TLS (mTLS) vulnerability (CVE-2025-23419) reported via its Bug Bounty Program. The flaw in session resumption allowed client certificates to authenticate across different...

Vulnerabilities, WAF, Zero Trust, SASE, TLS, Network Services