WAF for everyone: protecting the web from high severity vulnerabilities
March 15, 2022
We are excited to provide our new Cloudflare Web Application Firewall, with a Free Managed Ruleset to all Cloudflare users...
Improving the WAF with Machine Learning
March 15, 2022
Today we are excited to complement managed rulesets (such as OWASP and Cloudflare Managed) with a new tool aimed at identifying bypasses and malicious payloads without human involvement, and before they are exploited...
A new WAF experience
March 15, 2022
The security landscape is moving fast. We invited users to help us shape a new WAF experience that enables us to evolve WAF to meet their demands and use cases...
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
December 14, 2021
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
Secure how your servers connect to the Internet today
December 10, 2021
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
MORE POSTS
June 15, 2021
Enable secure access to applications with Cloudflare WAF and Azure Active Directory
Cloudflare and Microsoft Azure Active Directory have partnered to provide an integration specifically for web applications using Azure Active Directory B2C...
- By
May 11, 2021
Designing the new Cloudflare Web Application Firewall
The Cloudflare Web Application Firewall (WAF) protects websites and applications from malicious traffic attempting to exploit vulnerabilities in server software. It’s a critical piece of the broader security posture of your application....
- By
March 30, 2021
Cloudflare’s WAF is recognized as customers’ choice for 2021
Cloudflare has been recognised as Gartner Peer Insights Customers’ Choice for WAF vendor in 2021 by Gartner....
- By
March 29, 2021
A new Cloudflare Web Application Firewall
Today we are announcing a new Cloudflare Web Application Firewall for all Cloudflare paid zone customers....
- By
March 07, 2021
Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Cloudflare has deployed managed rules protecting customers against a series of remotely exploitable vulnerabilities that were recently found in Microsoft Exchange Server. ...
- By
February 19, 2021
Using HPKE to Encrypt Request Payloads
Allowing users to securely log parts of the request that match firewall rules while making it impossible for anyone else to decrypt....
- By
January 14, 2021
Holistic web protection: industry recognition for a prolific 2020
Today we’re excited to announce that Frost & Sullivan has named Cloudflare the Innovation Leader in their Frost Radar™: Global Holistic Web Protection Market Report....
- By
December 11, 2020
Encrypting your WAF Payloads with Hybrid Public Key Encryption (HPKE)
Allowing logging for payloads that trigger the Web Application Firewall has always led to end-user privacy concerns. We built encrypted matched payload logging to solve this!...
- By
September 24, 2020
Building even faster interpreters in Rust
Firewall Rules lets customers filter the traffic hitting their site, powered by our Wirefilter engine. We’re excited to share some in-depth optimizations we have recently made to improve the performance of our edge....
- By
July 01, 2020
Making the WAF 40% faster
As with all Cloudflare security products, the WAF is designed to not sacrifice performance for security, but there is always room for improvement. This blog post provides a brief overview of the latest performance improvements that were rolled out to our customers....
- By
September 28, 2019
Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin
Cloudflare has released a new rule as part of its Cloudflare Specials Rulesets, to protect our customers against a high-severity vulnerability in vBulletin. A new zero-day vulnerability was discovered for vBulletin, a proprietary Internet forum software. ...
- By
August 22, 2019
Supercharging Firewall Events for Self-Serve
Today, I’m very pleased to announce the release of a completely overhauled version of our Firewall Event log to our Free, Pro and Business customers. This new Firewall Events log is now available in your Dashboard, and you are not required to do anything to receive this new capab...
- By
May 28, 2019
Stopping SharePoint’s CVE-2019-0604
On Saturday, 11th May 2019, we got the news of a critical web vulnerability being actively exploited in the wild by advanced persistent threats (APTs), affecting Microsoft’s SharePoint server (versions 2010 through 2019)....
- By
March 20, 2019
Preventing Request Loops Using CDN-Loop
HTTP requests originate with a client and end at a web server that processes the request and returns a response. Such requests pass through multiple proxies before arriving at the requested resource. ...
- By