WAF Release - 2025-12-18
This week's release focuses on improvements to existing detections to enhance coverage.
Key Findings
- Existing rule enhancements have been deployed to improve detection resilience against broad classes of web attacks and strengthen behavioral coverage.
|Ruleset
|Rule ID
|Legacy Rule ID
|Description
|Previous Action
|New Action
|Comments
|Cloudflare Managed Ruleset
|N/A
|Atlassian Confluence - Code Injection - CVE:CVE-2021-26084 - Beta
|Log
|Block
|This rule is merged into the original rule "Atlassian Confluence - Code Injection - CVE:CVE-2021-26084" (ID:
|Cloudflare Managed Ruleset
|N/A
|PostgreSQL - SQLi - Copy - Beta
|Log
|Block
|This rule is merged into the original rule "PostgreSQL - SQLi - COPY" (ID:
|Cloudflare Managed Ruleset
|N/A
|Generic Rules - Command Execution - Body
|Log
|Disabled
|This is a new detection.
|Cloudflare Managed Ruleset
|N/A
|Generic Rules - Command Execution - Header
|Log
|Disabled
|This is a new detection.
|Cloudflare Managed Ruleset
|N/A
|Generic Rules - Command Execution - URI
|Log
|Disabled
|This is a new detection.
|Cloudflare Managed Ruleset
|N/A
|SQLi - Tautology - URI - Beta
|Log
|Block
|This rule is merged into the original rule "SQLi - Tautology - URI" (ID:
|Cloudflare Managed Ruleset
|N/A
|SQLi - WaitFor Function - Beta
|Log
|Block
|This rule is merged into the original rule "SQLi - WaitFor Function" (ID:
|Cloudflare Managed Ruleset
|N/A
|SQLi - AND/OR Digit Operator Digit 2 - Beta
|Log
|Block
|This rule is merged into the original rule "SQLi - AND/OR Digit Operator Digit" (ID:
|Cloudflare Managed Ruleset
|N/A
|SQLi - Equation 2 - Beta
|Log
|Block
|This rule is merged into the original rule "SQLi - Equation" (ID: