Historical (2024)
| Ruleset | Rule ID | Legacy Rule ID | Description | Change Date | Old Action | New Action |
|---|---|---|---|---|---|---|
| Cloudflare Specials | 100675 | Adobe ColdFusion - Auth Bypass - CVE:CVE-2023-38205 | 2024-10-21 | Log | Block | |
| Cloudflare Specials | 100676 | Palo Alto Networks - Auth Bypass - CVE:CVE-2024-5910 | 2024-10-21 | Log | Block | |
| Cloudflare Specials | 100677 | SolarWinds - Auth Bypass - CVE:CVE-2024-28987 | 2024-10-21 | Log | Block | |
| Cloudflare Specials | 100673 | GoAnywhere - Remote Code Execution - CVE:CVE-2023-0669 | 2024-10-14 | Log | Block | |
| Cloudflare Specials | 100669 | Apache HugeGraph-Server - Remote Code Execution - CVE:CVE-2024-27348 | 2024-10-07 | Log | Block | |
| Cloudflare Specials | 100672 | Ivanti Virtual Traffic Manager - Auth Bypass - CVE:CVE-2024-7593 | 2024-10-07 | Log | Block | |
| Cloudflare Specials | 100670 | Junos - Remote Code Execution - CVE:CVE-2023-36844 | 2024-10-07 | Log | Block | |
| Cloudflare Specials | 100671 | Microsoft SQL Server - Remote Code Execution - CVE:CVE-2020-0618 | 2024-10-07 | Log | Block | |
| Cloudflare Specials | 100581 | Joomla - Information Disclosure - CVE:CVE-2023-23752 | 2024-10-07 | Log | Block | |
| Cloudflare Specials | 100668 | Progress Software WhatsUp Gold - Information Disclosure - CVE:CVE-2024-6670 | 2024-10-01 | Log | Block | |
| Cloudflare Specials | N/A | Anomaly:Body - Large 2 | 2024-09-16 | N/A | Disabled | |
| Cloudflare Specials | 100526 | VMware vCenter - CVE:CVE-2022-22954, CVE:CVE-2022-22948 | 2024-09-03 | N/A | Block | |
| Cloudflare Specials | 100667 | Authentik - Auth Bypass - CVE:CVE-2024-42490 | Emergency, 2024-08-20 | N/A | Block | |
| Cloudflare Specials | 100666 | Apache OFBiz - Remote Code Execution - CVE:CVE-2024-32113 | 2024-08-19 | Log | Block | |
| Cloudflare Specials | 100665 | Zoho ManageEngine - Remote Code Execution - CVE:CVE-2023-29084 | 2024-08-19 | Log | Block | |
| Cloudflare Specials | 100664 | Automation Anywhere - SSRF - CVE:CVE-2024-6922 | 2024-08-05 | Log | Block | |
| Cloudflare Specials | 100663 | WSO2 - Dangerous File Upload - CVE:CVE-2022-29464 | 2024-08-05 | Log | Block | |
| Cloudflare Specials | 100662 | ServiceNow - Input Validation - CVE:CVE-2024-4879, CVE:CVE-2024-5178, CVE:CVE-2024-5217 | 2024-08-05 | Log | Block | |
| Cloudflare Specials | 100659 | Common Payloads for Server-side Template Injection - Base64 | 2024-07-29 | N/A | Disabled | |
| Cloudflare Specials | 100559A | Prototype Pollution - Common Payloads - Base64 | 2024-07-29 | N/A | Disabled | |
| Cloudflare Specials | 100660 | Server-side Includes - Common Payloads - Base64 | 2024-07-29 | N/A | Disabled | |
| Cloudflare Specials | 100661 | SQLi - Common Payloads - Base64 | 2024-07-29 | N/A | Disabled | |
| Cloudflare Specials | 100524 | Java - Remote Code Execution | 2024-07-29 | Block | Disabled | |
| Cloudflare Specials | 100524 | Java - Remote Code Execution | 2024-07-24 | Log | Block | |
| Cloudflare Specials | 100659 | Common Payloads for Server-side Template Injection | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100533A | Generic Payloads NoSQL Injection Base64 Beta | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100533A | Generic Payloads NoSQL Injection | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100644 | Generic Payloads XSS Base64 Beta | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100644 | Generic Payloads XSS | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100642 | LDAP Injection Base64 Beta | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100642 | LDAP Injection | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100559A | Prototype Pollution - Common Payloads | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100645 | Remote Code Execution - Generic Payloads | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100660 | Server-Side Includes - Common Payloads | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100661 | SQLi - Common Payloads | 2024-07-24 | N/A | Disabled | |
| Cloudflare Specials | 100658 | Apache OFBiz - SSRF - CVE:CVE-2023-50968 | 2024-07-17 | Log | Block | |
| Cloudflare Specials | 100657 | JEECG - Deserialization - CVE:CVE-2023-49442 | 2024-07-17 | Log | Block | |
| Cloudflare Specials | 100532 | Vulnerability scanner activity | 2024-07-17 | Log | Block | |
| Cloudflare Specials | 100654 | Telerik Report Server - Auth Bypass - CVE:CVE-2024-4358, CVE:CVE-2024-1800 | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100655 | Rejetto HTTP File Server - Remote Code Execution - CVE:CVE-2024-23692 | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100647 | pgAdmin - Remote Code Execution - CVE:CVE-2024-3116 | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100656 | MoveIT - Auth Bypass - CVE:CVE-2024-5806 | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100079A | Java - Deserialization - 2 | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100648 | Groovy - Remote Code Execution | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100700 | Apache SSRF vulnerability CVE-2021-40438 | 2024-07-10 | Log | Block | |
| Cloudflare Specials | 100652 | PHP CGI - Information Disclosure - CVE:CVE-2024-4577 | Emergency, 2024-06-18 | N/A | Block | |
| Cloudflare Specials | 100653 | Veeam Backup Enterprise Manager - Information Disclosure - CVE:CVE-2024-29849 | Emergency, 2024-06-18 | N/A | Block | |
| Cloudflare Specials | 100651 | Atlassian Confluence - Remote Code Execution - CVE:CVE-2024-21683 | Emergency, 2024-06-06 | N/A | Block | |
| Cloudflare Specials | 100650 | Check Point Security - Information Disclosure - CVE:CVE-2024-24919 | Emergency, 2024-05-30 | N/A | Block | |
| Cloudflare Specials | 100649 | FortiSIEM - Remote Code Execution - CVE:CVE-2024-23108, CVE:CVE-2023-34992 | Emergency, 2024-05-29 | N/A | Block | |
| Cloudflare Specials | N/A | Generic Payloads XSS Base64 2 Beta | 2024-05-21 | N/A | Disabled | |
| Cloudflare Specials | N/A | Generic Payloads NoSQL Injection Base64 Beta | 2024-05-14 | N/A | Disabled | |
| Cloudflare Specials | N/A | LDAP Injection Base64 Beta | 2024-05-14 | N/A | Disabled | |
| Cloudflare Specials | N/A | NoSQL - Injection Base64 2 Beta | 2024-05-14 | N/A | Disabled | |
| Cloudflare Specials | N/A | Generic Payloads XSS Base64 Beta | 2024-05-08 | N/A | Disabled | |
| Cloudflare Specials | 100532 | Vulnerability scanner activity | 2024-05-06 | N/A | Block | |
| Cloudflare Specials | 100533 | NoSQL - Injection | 2024-05-06 | N/A | Block | |
| Sensitive Data Disclosure (SDD) | N/A | Malaysian Phone Number | 2024-04-24 | N/A | Disabled | |
| Sensitive Data Disclosure (SDD) | N/A | Malaysia Identification Card Number | 2024-04-24 | N/A | Disabled | |
| Cloudflare Specials | N/A | Vulnerability scanner activity 3 Base64 Beta | 2024-04-24 | N/A | Disabled | |
| Cloudflare Specials | N/A | Default Windows User - Directory Traversal Base64 Beta | 2024-04-24 | N/A | Disabled | |
| Cloudflare Specials | N/A | Generic Payloads NoSQL Injection Base64 Beta | 2024-04-24 | N/A | Disabled | |
| Cloudflare Specials | N/A | NoSQL - Injection Base64 2 Beta | 2024-04-24 | N/A | Disabled | |
| Cloudflare Specials | N/A | LDAP Injection Base64 Beta | 2024-04-24 | N/A | Disabled | |
| Cloudflare Specials | 100645 | Remote Code Execution - Generic Payloads | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100533A | Generic Payloads NoSQL Injection | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100644 | Generic Payloads XSS | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100007C_BETA | Command Injection - Common Attack Commands Beta Updated detection logic. | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100643 | Default Windows User - Directory Traversal Updated detection logic. | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100642 | LDAP Injection Updated detection logic. | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100532C | Vulnerability scanner activity 3 Updated detection logic. | 2024-04-22 | N/A | Disabled | |
| Cloudflare Specials | 100007C | Command Injection - Common Attack Commands | Emergency, 2024-04-16 | N/A | Block | |
| Cloudflare Specials | 100045C | Anomaly:URL:Path - Multiple Slashes, Relative Paths, CR, LF or NULL 2 | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100007C_BETA | Command Injection - Common Attack Commands Beta | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100643 | Default Windows User - Directory Traversal | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100088E | Generic XXE Attack | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100088D | Generic XXE Attack 2 | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100536A | GraphQL Introspection | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100536B | GraphQL SSRF | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100642 | LDAP Injection | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100532C | Vulnerability scanner activity 3 | 2024-04-15 | N/A | Disabled | |
| Cloudflare Specials | 100632 | Nginx - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100633 | PHP - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100634 | Generic Database - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100635 | Generic Log - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100636 | Generic Webservers - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100637 | Generic Home Directory - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100638 | Generic System Process - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100639 | Command Injection | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100640 | Generic System - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100641 | Apache - File Inclusion | 2024-04-08 | N/A | Disabled | |
| Cloudflare Specials | 100629 | JetBrains TeamCity - Auth Bypass, Remote Code Execution - CVE:CVE-2024-27198, CVE:CVE-2024-27199 | 2024-03-18 | N/A | Block | |
| Cloudflare Specials | 100630 | Apache OFBiz - Auth Bypass, Remote Code Execution - CVE:CVE-2023-49070, CVE:CVE-2023-51467 | 2024-03-18 | N/A | Block | |
| Cloudflare Specials | 100627 | Wordpress:Plugin:Bricks Builder Theme - Command Injection - CVE:CVE-2024-25600 | 2024-03-11 | N/A | Block | |
| Cloudflare Specials | 100628 | ConnectWise - Auth Bypass | 2024-03-11 | N/A | Block | |
| Cloudflare Specials | 100135D | XSS - JS On Events | 2024-03-04 | N/A | Block | |
| Cloudflare Specials | 100546 | XSS - HTML Encoding | 2024-02-26 | N/A | Block | |
| Cloudflare Specials | 100622B, 100622C | Ivanti - Command Injection - CVE:CVE-2023-46805, CVE:CVE-2024-21887, CVE:CVE-2024-22024 | 2024-02-20 | N/A | Block | |
| Cloudflare Specials | N/A | Microsoft ASP.NET - Code Injection - Function response.write | 2024-02-20 | N/A | Block | |
| Cloudflare Specials | N/A | NoSQL, MongoDB - SQLi - Comparison | 2024-02-20 | N/A | Block | |
| Cloudflare Specials | N/A | NoSQL, MongoDB - SQLi - Expression | 2024-02-20 | N/A | Block | |
| Cloudflare Specials | N/A | PHP - Code Injection | 2024-02-20 | N/A | Disabled | |
| Cloudflare Specials | N/A | PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132 | 2024-02-20 | N/A | Block | |
| Cloudflare Specials | 100625 | Jenkins - Information Disclosure - CVE:CVE-2024-23897 | 2024-02-12 | N/A | Block | |
| Cloudflare Specials | 100514 | Log4j Headers | 2024-02-12 | N/A | Block | |
| Cloudflare Specials | 100515B | Log4j Body Obfuscation | 2024-02-12 | N/A | Block | |
| Cloudflare Specials | 100624 | GoAnywhere - Auth Bypass - CVE:CVE-2024-0204 | 2024-02-05 | N/A | Block | |
| Cloudflare Specials | 100626,100626A | Anomaly:Header:Content-Type - Multiple | 2024-02-05 | N/A | Disabled | |
| Cloudflare Specials | N/A | AngularJS - XSS | 2024-02-05 | N/A | Block | |
| Cloudflare Specials | N/A | Apache HTTP Server - Server-Side Includes | 2024-02-05 | N/A | Disabled | |
| Cloudflare Specials | N/A | Command Injection - CVE:CVE-2014-6271 | 2024-02-05 | N/A | Block | |
| Cloudflare Specials | N/A | Command Injection - Nslookup | 2024-02-05 | N/A | Block | |
| Cloudflare Specials | N/A | Microsoft ASP.NET - Code Injection | 2024-02-05 | N/A | Disabled | |
| Cloudflare Specials | 100623 | Atlassian Confluence - Template Injection - CVE:CVE-2023-22527 | Emergency, 2024-01-22 | N/A | Block | |
| Cloudflare Specials | 100622 | Ivanti - Auth Bypass, Command Injection - CVE:CVE-2023-46805, CVE:CVE-2024-21887 | Emergency, 2024-01-17 | N/A | Block | |
| Cloudflare Specials | 100620 | Microsoft ASP.NET - Remote Code Execution - CVE:CVE-2023-35813 | 2024-01-16 | N/A | Block | |
| Cloudflare Specials | 100619 | Liferay - Remote Code Execution - CVE:CVE-2020-7961 | 2024-01-16 | N/A | Block | |
| Cloudflare Specials | 100618 | pfSense - Remote Code Execution - CVE:CVE-2023-42326 | 2024-01-16 | N/A | Block | |
| Cloudflare Specials | 100621 | Clerk - Auth Bypass | 2024-01-16 | N/A | Disabled | |
| Cloudflare Specials | 100612 | SnakeYAML - CVE:CVE-2022-1471 | 2024-01-04 | N/A | Block |
Improved VPN Managed List
Customers can now effectively manage incoming traffic identified as originating from VPN IPs. Customers with compliance restrictions can now ensure compliance with local laws and regulations. Customers with CDN restrictions can use the improved VPN Managed List to prevent unauthorized access from users attempting to bypass geographical restrictions. With the new VPN Managed List enhancements, customers can improve their overall security posture to reduce exposure to unwanted or malicious traffic.
Change the order of list items in IP Lists (for API and Terraform users)
Due to changes in the API implementation, the order of list items in an IP list obtained via API or Terraform may change, which may cause Terraform to detect a change in Terraform state. To fix this issue, resync the Terraform state or upgrade the version of your Terraform Cloudflare provider to version 4.44.0 ↗ or later.
Security Events pagination
Fixed an issue with pagination in Security Events' sampled logs where some pages were missing data. Also removed the total count from the events log as these are only sampled logs.
New table in Security Analytics and Security Events
Switched to a new, more responsive table in Security Analytics and Security Events.
Fixed occasional attack score mismatches
Fixed an issue causing score mismatches between the global WAF attack score and subscores. In certain cases, subscores were higher (not an attack) than expected while the global attack score was lower than expected (attack), leading to false positives.
Improved detection capabilities
WAF attack score now automatically detects and decodes Base64 and JavaScript (Unicode escape sequences) in HTTP requests. This update is available for all customers with access to WAF attack score (Business customers with access to a single field and Enterprise customers).