May 11, 2021 1:00 PM
The Cloudflare Web Application Firewall (WAF) protects websites and applications from malicious traffic attempting to exploit vulnerabilities in server software. It’s a critical piece of the broader security posture of your application....
March 30, 2021 3:30 PM
Cloudflare has been recognised as Gartner Peer Insights Customers’ Choice for WAF vendor in 2021 by Gartner....
March 29, 2021 1:00 PM
Today we are announcing a new Cloudflare Web Application Firewall for all Cloudflare paid zone customers....
March 07, 2021 12:47 AM
Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. ...
February 19, 2021 12:00 PM
Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....
December 11, 2020 3:00 PM
Allowing logging for payloads that trigger the Web Application Firewall has always led to end-user privacy concerns. We built encrypted matched payload logging to solve this!...
September 24, 2020 11:00 AM
Firewall Rules lets customers filter the traffic hitting their site, powered by our Wirefilter engine. We’re excited to share some in-depth optimizations we have recently made to improve the performance of our edge....
July 01, 2020 11:00 AM
As with all Cloudflare security products, the WAF is designed to not sacrifice performance for security, but there is always room for improvement. This blog post provides a brief overview of the latest performance improvements that were rolled out to our customers....
September 28, 2019 10:54 PM
Cloudflare has released a new rule as part of its Cloudflare Specials Rulesets, to protect our customers against a high-severity vulnerability in vBulletin. A new zero-day vulnerability was discovered for vBulletin, a proprietary Internet forum software. ...
August 22, 2019 1:00 PM
Today, I’m very pleased to announce the release of a completely overhauled version of our Firewall Event log to our Free, Pro and Business customers. This new Firewall Events log is now available in your Dashboard, and you are not required to do anything to receive this new capab...
May 28, 2019 6:45 PM
On Saturday, 11th May 2019, we got the news of a critical web vulnerability being actively exploited in the wild by advanced persistent threats (APTs), affecting Microsoft’s SharePoint server (versions 2010 through 2019)....
March 20, 2019 1:00 PM
HTTP requests originate with a client and end at a web server that processes the request and returns a response. Such requests pass through multiple proxies before arriving at the requested resource. ...
March 05, 2019 10:55 PM
Drupal discovered a severe vulnerability and said they would release a patch. When the patch was released we analysed and created rules to mitigate these. By analysing the patch we created WAF rules to protect Cloudflare customers running Drupal....
March 04, 2019 1:00 PM
Recently we launched Firewall Rules, a new feature that allows you to construct expressions that perform complex matching against HTTP requests and then choose how that traffic is handled....
March 01, 2019 10:00 AM
At Cloudflare, we focus on intuitive products to aid customers in accelerating and protecting their web properties. We’re excited to share two updates to make our Firewall simpler and more accessible....
April 20, 2018 4:14 PM
Cloudflare’s team of security analysts monitor for upcoming threats and vulnerabilities and where possible put protection in place for upcoming threats before they compromise our customers....
March 29, 2018 4:10 AM
Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). This patch is to disallow forms and form fields from starting with the “#” character....
April 25, 2017 7:45 AM
Cloudflare provides numerous benefits to ecommerce sites, including advanced DDOS protection and an industry-leading Web Application Firewall (WAF) that helps secure your transactions and protect customers’ private data....
February 01, 2017 4:53 PM
Today a severe vulnerability was announced by the WordPress Security Team that allows unauthenticated users to change content on a site using unpatched (below version 4.7.2) WordPress....
