Skip to content

Historical (2019)

RulesetRule IDDescriptionChange DateOld ActionNew Action
Cloudflare Specials100242

Block Citrix Netscaler ADC -

CVE-2019-19781

Emergency, 2019-12-16N/ABlock
Cloudflare Specials100009CB

Improvement in Equation-like SQLi. Merge 100009CB_BETA into 100009CB.

2019-12-16BlockBlock
Cloudflare Specials100191

Improvement CVE-2019-11043 detection. Merge 100191_BETA into 100191.

2019-12-16BlockBlock
Cloudflare OWASP9802140Minor change to reduce Gutenberg false positivesEmergency, 2019-11-25Scoring basedScoring based
Cloudflare OWASP9802140_JSONMinor change to reduce Gutenberg false positivesEmergency, 2019-11-25Scoring basedScoring based
Cloudflare OWASP9802141Minor change to reduce Gutenberg false positivesEmergency, 2019-11-25Scoring basedScoring based
Cloudflare OWASP9802141_JSONMinor change to reduce Gutenberg false positivesEmergency, 2019-11-25Scoring basedScoring based
Cloudflare OWASP960034Reduce false positives for requests made with HTTP 2 and 3Emergency, 2019-11-25Scoring basedScoring based
Cloudflare Specials100148Disable outdated XSS rule by default2019-11-12BlockDisable
Cloudflare Specials100035CUpdate valid Googlebot IP rangesEmergency, 2019-11-07BlockBlock
Cloudflare Specials100035DUpdate valid Googlebot IP rangesEmergency, 2019-11-07DisabledDisabled
Cloudflare Specials100139AImprove XSS detection. Merge 100139A_BETA into 100139A.2019-11-04DisableDisable
Cloudflare Specials100139BImprove XSS detection. Merge 100139B_BETA into 100139B.2019-11-04BlockBlock
Cloudflare Specials100139CImprove XSS detection. Merge 100139C_BETA into 100139C.2019-11-04BlockBlock
Cloudflare Specials100139DImprove XSS detection2019-11-04N/ABlock
Cloudflare Specials100173Improve XSS detection2019-11-04N/ABlock
Cloudflare Specials100030SVGDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100021CDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100021CEDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100021CBDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100021DDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100107Disable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100030Disable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100030ARGS_STRICTDisable outdated XSS rule by default2019-11-04ChallengeDisable
Cloudflare Specials100021Disable outdated XSS rule by default2019-11-04ChallengeDisable
Cloudflare Specials100021BDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100021EDisable outdated XSS rule by default2019-11-04ChallengeDisable
Cloudflare Specials100090Disable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100091Disable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100091BDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100092Disable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100170Improve XSS detection. Merge 100170_BETA into 100170.2019-11-04BlockBlock
Cloudflare Specials100021HDisable outdated XSS rule by default2019-11-04BlockDisable
Cloudflare Specials100044Disabled obsolete rule by default. Merge 100044_BETA into 100044.2019-11-04BlockDisable
Cloudflare Specials100174Improve XSS detection2019-11-04N/ABlock
Cloudflare Specials100135BReduced false positive rate. Merge 100135B_BETA into 100135B.2019-11-04BlockBlock
Cloudflare Specials100191Block CVE-2019-11043Emergency, 2019-10-27N/ABlock
Cloudflare Specials100035C

Improve Fake Google Bot detection. Merge 100035C_BETA into 100035C.

Emergency, 2019-10-23BlockBlock
Cloudflare Specials100009CB

Improve Comparison-like SQL Injection detection. Merge 100009CB_BETA into 100009CB.

2019-10-21BlockBlock
Cloudflare Specials100026Improve PHP Code Injection and File Upload detection2019-10-21BlockBlock
Cloudflare Specials100186Block vBulletin vulnerability CVE-2019-171322019-10-21LogBlock
Cloudflare Specials100187Block vBulletin vulnerability CVE-2019-171322019-10-21LogBlock
Cloudflare Specials100035D

Improve Fake Google Bot detection. Merge 100035D_BETA into 100035D. Change originally scheduled for 2019-10-21.

Emergency, 2019-10-17DisableDisable
Cloudflare Specials100035

Improve Fake Google Bot detection. Merge 100035_BETA into 100035. Change originally scheduled for 2019-10-21.

Emergency, 2019-10-17BlockBlock
Cloudflare Specials100035C

Improve Fake Google Bot detection. Merge 100035C_BETA into 100035C. Change originally scheduled for 2019-10-21.

Emergency, 2019-10-17BlockBlock
Cloudflare Specials100035B

Improve Fake Bing Bot detection. Merge 100035B_BETA into 100035B. Change originally scheduled for 2019-10-21.

Emergency, 2019-10-17BlockBlock
Cloudflare Specials100035Y

Improve Fake Yandex Bot detection. Merge 100035Y_BETA into 100035Y. Change originally scheduled for 2019-10-21.

Emergency, 2019-10-17BlockBlock
Cloudflare Specials100035U

Improve Fake Baidu Bot detection. Merge 100035U_BETA into 100035U. Change originally scheduled for 2019-10-21.

Emergency, 2019-10-17BlockBlock
Cloudflare Specials100135AImprove XSS detection. Merge 100135A_UBETA into 100135A.2019-10-14BlockBlock
Cloudflare Specials100135BImprove XSS detection. Merge 100135B_UBETA into 100135B.2019-10-14DisableBlock
Cloudflare Specials100135CImprove XSS detection. Merge 100135C_UBETA into 100135C.2019-10-14BlockBlock
Cloudflare Specials100136AImprove XSS detection. Merge 100136A_UBETA into 100136A.2019-10-14BlockBlock
Cloudflare Specials100136BImprove XSS detection. Merge 100136B_UBETA into 100136B.2019-10-14BlockBlock
Cloudflare Specials100136CImprove XSS detection. Merge 100136C_UBETA into 100136C.2019-10-14BlockBlock
Cloudflare Specials100167Improve XSS and HTML Injection detection2019-10-14N/ABlock
Cloudflare Specials100168Improve XSS and HTML Injection detection2019-10-14N/ABlock
Cloudflare Specials100169Improve XSS and HTML Injection detection2019-10-14N/ADisable
Cloudflare Specials100170Improve XSS and HTML Injection detection2019-10-14N/ABlock
Cloudflare Specials100171Improve XSS and HTML Injection detection2019-10-14N/ADisable
Cloudflare Specials100172Improve XSS and HTML Injection detection2019-10-14N/ABlock
Cloudflare WordPressWP0015

Disables outdated WordPress rule by default. If this rule's action is set to anything other than the default, this change will have no effect.

2019-10-07BlockDisable
Cloudflare Specials100008EImprove SQLi protection2019-09-30BlockBlock
Cloudflare Specials100008ESQLi improvement2019-09-30BlockBlock
Cloudflare Specials100166

Block vBulletin

CVE-2019-16759

Emergency, 2019-09-26NoneBlock
Cloudflare OWASP9002140OWASP WordPress improvement2019-09-23Scoring basedScoring based
Cloudflare OWASP9002140_JSONOWASP WordPress improvement2019-09-23Scoring basedScoring based
Cloudflare OWASP9002141OWASP WordPress improvement2019-09-23Scoring basedScoring based
Cloudflare OWASP9002141_JSONOWASP WordPress improvement2019-09-23Scoring basedScoring based
Cloudflare Specials100162

SQLi improvement on SELECT FROM TABLE statements

2019-09-23N/ABlock
Cloudflare Specials100160JBoss protection improvement2019-09-16N/ABlock
Cloudflare OWASP9002140Small improvement to Gutenberg exception rules2019-09-09N/AScoring based
Cloudflare OWASP9002140_JSONSmall improvement to Gutenberg exception rules2019-09-09N/AScoring based
Cloudflare OWASP9002141Small improvement to Gutenberg exception rules2019-09-09N/AScoring based
Cloudflare OWASP9002141_JSONSmall improvement to Gutenberg exception rules2019-09-09N/AScoring based
Cloudflare Specials100158

SQL Injection - Obfuscated SELECT expressions

2019-09-09LogBlock
Cloudflare OWASPURI-973326Small improvement in OWASP rule2019-09-09Scoring basedScoring based
Cloudflare OWASP973326Small improvement in OWASP rule2019-09-09Scoring basedScoring based
Cloudflare OWASPURI-950901Remove OWASP rule2019-09-02Scoring basedN/A
Cloudflare OWASP959151Small improvement in OWASP rule2019-09-02BlockBlock
Cloudflare OWASP950901Remove OWASP rule2019-09-02Scoring basedN/A
Cloudflare DrupalD0003BDisable rule by default2019-07-29BlockDisable
Cloudflare Specials100005ADisable rule by default2019-07-29LogDisable
Cloudflare Specials100007NDisable rule by default2019-07-29LogDisable
Cloudflare Specials100009DBETADisable rule by default2019-07-29LogDisable
Cloudflare Specials100009IDisable rule by default2019-07-29LogDisable
Cloudflare Specials100009LDisable rule by default2019-07-29LogDisable
Cloudflare Specials100010BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100021CDDisable rule by default2019-07-29LogDisable
Cloudflare Specials100030_BETADisable rule by default2019-07-29LogDisable
Cloudflare Specials100030ARGS_LOOSEDisable rule by default2019-07-29LogDisable
Cloudflare Specials100035B2Disable rule by default2019-07-29LogDisable
Cloudflare Specials100035DDisable rule by default2019-07-29LogDisable
Cloudflare Specials100042Disable rule by default2019-07-29LogDisable
Cloudflare Specials100056_BETADisable rule by default2019-07-29LogDisable
Cloudflare Specials100057Disable rule by default2019-07-29LogDisable
Cloudflare Specials100059Disable rule by default2019-07-29LogDisable
Cloudflare Specials100061Disable rule by default2019-07-29LogDisable
Cloudflare Specials100062Disable rule by default2019-07-29LogDisable
Cloudflare Specials100062_BETADisable rule by default2019-07-29LogDisable
Cloudflare Specials100064Disable rule by default2019-07-29LogDisable
Cloudflare Specials100066Disable rule by default2019-07-29LogDisable
Cloudflare Specials100067Disable rule by default2019-07-29LogDisable
Cloudflare Specials100068Disable rule by default2019-07-29LogDisable
Cloudflare Specials100075Disable rule by default2019-07-29LogDisable
Cloudflare Specials100077Disable rule by default2019-07-29LogDisable
Cloudflare Specials100078BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100083Disable rule by default2019-07-29LogDisable
Cloudflare Specials100084Disable rule by default2019-07-29LogDisable
Cloudflare Specials100085Disable rule by default2019-07-29LogDisable
Cloudflare Specials100086Disable rule by default2019-07-29LogDisable
Cloudflare Specials100088CDisable rule by default2019-07-29LogDisable
Cloudflare Specials100093Disable rule by default2019-07-29LogDisable
Cloudflare Specials100096BEVILDisable rule by default2019-07-29LogDisable
Cloudflare Specials100096BHTMLDisable rule by default2019-07-29LogDisable
Cloudflare Specials100096EVILDisable rule by default2019-07-29LogDisable
Cloudflare Specials100096HTMLDisable rule by default2019-07-29LogDisable
Cloudflare Specials100098Disable rule by default2019-07-29LogDisable
Cloudflare Specials100105Disable rule by default2019-07-29LogDisable
Cloudflare Specials100106BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100107ARGSDisable rule by default2019-07-29LogDisable
Cloudflare Specials100108Disable rule by default2019-07-29LogDisable
Cloudflare Specials100108ARGSDisable rule by default2019-07-29LogDisable
Cloudflare Specials100109Disable rule by default2019-07-29LogDisable
Cloudflare Specials100109BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100111Disable rule by default2019-07-29LogDisable
Cloudflare Specials100115Disable rule by default2019-07-29LogDisable
Cloudflare Specials100119Disable rule by default2019-07-29LogDisable
Cloudflare Specials100122Disable rule by default2019-07-29LogDisable
Cloudflare Specials100123BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100126Disable rule by default2019-07-29LogDisable
Cloudflare Specials100131Disable rule by default2019-07-29LogDisable
Cloudflare Specials100133Disable rule by default2019-07-29LogDisable
Cloudflare Specials100135BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100137Disable rule by default2019-07-29LogDisable
Cloudflare Specials100139ADisable rule by default2019-07-29LogDisable
Cloudflare Specials100140Disable rule by default2019-07-29LogDisable
Cloudflare Specials100146Disable rule by default2019-07-29LogDisable
Cloudflare Specials100146BDisable rule by default2019-07-29LogDisable
Cloudflare Specials100149Disable rule by default2019-07-29LogDisable
Cloudflare Specials100158Disable rule by default2019-07-29LogDisable
Cloudflare MiscellaneousCFMISC0004Disable rule by default2019-07-29LogDisable
Cloudflare MiscellaneousCFMISC0004BDisable rule by default2019-07-29LogDisable
Cloudflare MiscellaneousCFMISC0016BDisable rule by default2019-07-29LogDisable
Cloudflare DrupalD0005Disable rule by default2019-07-29LogDisable
Cloudflare DrupalD0016Disable rule by default2019-07-29LogDisable
Cloudflare PHPPHP100008Disable rule by default2019-07-29LogDisable
Cloudflare PHPPHP100009Disable rule by default2019-07-29LogDisable
Cloudflare PHPPHP100010Disable rule by default2019-07-29LogDisable
Cloudflare PHPPHP100011ARGSDisable rule by default2019-07-29LogDisable
Cloudflare PHPPHP100011COOKIEDisable rule by default2019-07-29LogDisable
Cloudflare WordPressWP0012Disable rule by default2019-07-29LogDisable
Cloudflare WordPressWP0025CDisable rule by default2019-07-29LogDisable
Cloudflare WordPressWP0028Disable rule by default2019-07-29LogDisable
Cloudflare WordPressWP0030Disable rule by default2019-07-29LogDisable
Cloudflare Specials100136AImprove XSS JavaScript URI detection and reduce false positives2019-07-29BlockBlock
Cloudflare Specials100136BImprove XSS JavaScript URI detection and reduce false positives2019-07-29BlockBlock
Cloudflare Specials100136CImprove XSS JavaScript URI detection and reduce false positives2019-07-29BlockBlock
Cloudflare Specials100135A

Improve XSS JavaScript Events detection and reduce false positives

2019-07-29BlockBlock
Cloudflare Specials100135B

Improve XSS JavaScript Events detection and reduce false positives

2019-07-29LogBlock
Cloudflare Specials100135C

Improve XSS JavaScript Events detection and reduce false positives

2019-07-29BlockBlock
Cloudflare OWASP9002140Reduce WAF false positives for the Gutenberg WordPress editor2019-07-24N/AScoring based
Cloudflare OWASP9002140_JSONReduce WAF false positives for the Gutenberg WordPress editor2019-07-24N/AScoring based
Cloudflare OWASP9002141Reduce WAF false positives for the Gutenberg WordPress editor2019-07-24N/AScoring based
Cloudflare OWASP9002141_JSONReduce WAF false positives for the Gutenberg WordPress editor2019-07-24N/AScoring based
Cloudflare Specials100030Improve XSS HTML Script Tag detection2019-07-22BlockBlock
Cloudflare Specials100153

Block Oracle WebLogic - Command Injection -

CVE-2019-2729

2019-06-27BlockBlock
Cloudflare OWASP9002140AImprove 9002140A2019-06-19Scoring basedScoring based
Cloudflare OWASP9002140BImprove 9002140B2019-06-19Scoring basedScoring based
Cloudflare OWASP9002140AImprove 9002140A2019-06-17Scoring basedScoring based
Cloudflare OWASP9002140AImprove 9002140B2019-06-17Scoring basedScoring based
Cloudflare WordPressWP0033Easy WP SMTP - Deserialization2019-06-17LogBlock
Cloudflare Specials100156XSS, HTML Injection - Malicious HTML Encoding2019-06-17LogBlock
Cloudflare OWASP9002140B_BETAImprove 9002140B2019-06-10Scoring basedScoring based
Cloudflare Specials100005Improved shell variable normalization2019-06-10BlockBlock
Cloudflare Specials100007NSImproved shell variable normalization2019-06-10BlockBlock
Cloudflare Specials100155

PHPCMS - Dangerous File Upload -

CVE-2018-14399

2019-06-10LogBlock
Cloudflare Specials100096BHTMLXSS, HTML Injection - Body2019-06-03N/ALog
Cloudflare Specials100096BEVILXSS, HTML Injection - Body2019-06-03N/ALog
Cloudflare OWASP9002140A

New OWASP rules to allow requests from the WordPress's Gutenberg editor

2019-06-03N/AScoring based
Cloudflare OWASP9002140B

New OWASP rules to allow requests from the WordPress's Gutenberg editor

2019-06-03N/AScoring based
AllAllImprove Rule Descriptions2019-05-28N/AN/A
Cloudflare Specials100157

Microsoft SharePoint Deserialization -

CVE-2019-0604

(Strict)

2019-05-28BlockBlock
Cloudflare Specials100053Potential FI or Alias/Rewrite Bypass - Double Slash in URL2019-05-20DisableDisable
Cloudflare Specials100122ARGSDangerous stream wrappers2019-05-20BlockDeprecated
Cloudflare Specials100122ARGS_GETDangerous stream wrappers2019-05-20BlockDeprecated
Cloudflare Specials100122Dangerous stream wrappers2019-05-20LogBlock
Cloudflare Specials100157

Microsoft SharePoint Deserialization -

CVE-2019-0604

2019-05-13N/ABlock
Cloudflare Specials100154

WordPress Social Warfare RCE/XSS (

CVE-2019-9978

)

2019-05-13LogBlock
Cloudflare OWASP9002140Reduce OWASP false positives2019-05-13LogAllow
Cloudflare Specials100008Improve SQLi detection2019-05-13BlockBlock
Cloudflare Specials100135AImprove XSS detection and reduce false positives2019-05-07BlockBlock
Cloudflare Specials100135BImprove XSS detection and reduce false positives2019-05-07LogBlock
Cloudflare Specials100135CImprove XSS detection and reduce false positives2019-05-07BlockBlock
Cloudflare Specials100136AImprove XSS detection and reduce false positives2019-05-07BlockBlock
Cloudflare Specials100136BImprove XSS detection and reduce false positives2019-05-07BlockBlock
Cloudflare Specials100153

Block Oracle WebLogic

CVE-2019-2725

,

CVE-2017-10271

,

CVE-2017-3506

2019-05-07N/ABlock
Cloudflare Specials100148Improve inline XSS detection2019-05-07LogBlock
Cloudflare Specials100105HEADERSPHP serialization in headers, excluding Cookies2019-05-07N/ABlock
Cloudflare Specials100146CPotential SSRF attack2019-05-07LogBlock
Cloudflare Specials100106PostgreSQL COPY Injection2019-05-07BlockBlock
Cloudflare Specials100139AHTML Injection, XSS or Code Injection via data URI2019-05-07N/ALog
Cloudflare Specials100139BHTML Injection, XSS or Code Injection via data URI2019-05-07N/ABlock
Cloudflare Specials100139CHTML Injection, XSS or Code Injection via data URI2019-05-07N/ABlock
Cloudflare Specials100105REFERERPHP serialization in Referer header2019-04-29N/ABlock
Cloudflare Specials100152

Joomla

CVE-2019-10945

2019-04-29N/ABlock
Cloudflare Specials100144NoSQL Injection attack (Expression vector)2019-04-29LogBlock
Cloudflare Specials100143NoSQL Injection attack (comparison vector)2019-04-29LogBlock
Cloudflare Specials100148Improve XSS inline detection2019-04-29LogBlock
Cloudflare Specials100135AImprove XSS detection2019-04-22BlockBlock
Cloudflare Specials100135BImprove XSS detection2019-04-22BlockBlock
Cloudflare Specials100136AImprove XSS detection2019-04-22BlockBlock
Cloudflare Specials100136BImprove XSS detection2019-04-22BlockBlock
Cloudflare Specials100097GImprove SQLi blocking2019-04-22LogBlock
Cloudflare WordPressWP0034WordPress zero day XSS2019-04-22N/ABlock
Cloudflare Specials100010AImprove SQLi detection2019-04-22BlockBlock
Cloudflare PHPPHP100013Blocks PHP CGI attack by default2019-04-22LogBlock
Cloudflare Specials100150

Block

CVE-2019-10842

2019-04-22N/ABlock
Cloudflare Specials100142NoSQL Injection attack (array vector)2019-04-15LogBlock
Cloudflare Specials100135AImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100135BImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100135CImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100030SVGImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100021CImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100021CEImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100021CBImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100021CDImprove XSS event detection2019-04-08N/AN/A
Cloudflare Specials100021CD2Improve XSS event detection2019-04-08N/AN/A
Cloudflare Specials100021CD3Improve XSS event detection2019-04-08N/AN/A
Cloudflare DrupalD0020BETAImprove blocking of SA-CORE-2019-0032019-04-08LogBlock
Cloudflare DrupalD0017Improve blocking of SA-CORE-2019-0032019-04-08LogBlock
Cloudflare DrupalD0017Improve blocking of SA-CORE-2019-0032019-04-08LogDeleted
Cloudflare DrupalD0018Improve blocking of SA-CORE-2019-0032019-04-08LogDeleted
Cloudflare DrupalD0019Improve blocking of SA-CORE-2019-0032019-04-08LogDeleted
Cloudflare DrupalD0021Improve blocking of SA-CORE-2019-0032019-04-08LogDeleted
Cloudflare Specials100127Improve blocking of SA-CORE-2019-0032019-04-08LogDeleted
Cloudflare Specials100128Improve blocking of SA-CORE-2019-0032019-04-08LogDeleted
Cloudflare Specials100135AImprove XSS detection using JavaScript URI2019-04-08N/ABlock
Cloudflare Specials100135BImprove XSS detection using JavaScript URI2019-04-08N/ALog
Cloudflare Specials100135CImprove XSS detection using JavaScript URI2019-04-08N/ABlock
Cloudflare Specials100123AImprove invalid UTF-8 detection2019-04-08N/ABlock
Cloudflare Specials100123BImprove invalid UTF-8 detection2019-04-08N/ALog
Cloudflare Specials100130Executable file upload attempt2019-04-08LogBlock
Cloudflare Specials100136AImprove XSS detection using JavaScript events2019-04-01N/ABlock
Cloudflare Specials100136BImprove XSS detection using JavaScript events2019-04-01N/ABlock
Cloudflare Specials100136CImprove XSS detection using JavaScript events2019-04-01N/ABlock
Cloudflare Specials100120BETA2Reduce 100120's false positives2019-04-01LogBlock
Cloudflare WordPressWP0032BETAReduce false positives for WP00322019-04-01LogBlock
Cloudflare Specials100122ARGSBlock use of stream wrappers in all arguments2019-04-01LogBlock
Cloudflare Specials100132

Protection for Apache Tika Command Injection

CVE-2018-1335

2019-04-01LogBlock
Cloudflare PHPPHP100006Improve PHP webshell attempt detection.2019-04-01LogBlock
Cloudflare Specials100005

Merge LFI 100005_BETA into 100005. Mitigates

CVE-2018-9126

,

CVE-2011-1892

.

2019-04-01BlockBlock
Cloudflare Specials100005USuperseded by 1000052019-04-01BlockBlock
Cloudflare Specials100005URSuperseded by 1000052019-04-01BlockBlock
Cloudflare Specials100134

Ruby on Rails File Disclosure

CVE-2019-5418

2019-04-01LogBlock
Cloudflare Specials100120BETAImprove 100120's coverage of SQLi2019-03-25LogBlock
Cloudflare Specials100130BExecutable file with fake extension upload attempt2019-03-25LogBlock
Cloudflare Specials100021CB

Improves XSS event detection using alternate syntax `, brackets, and parentheses.

2019-03-18LogBlock
Cloudflare Specials100021AImprove XSS detection in Referer Header2019-03-18ChallengeBlock
Cloudflare Specials100030SVGImprove XSS event detection2019-03-18ChallengeBlock
Cloudflare Specials100021CImprove XSS event detection2019-03-18BlockBlock
Cloudflare Specials100021CEImprove XSS event detection2019-03-18BlockBlock
Cloudflare Specials100021CBImprove XSS event detection2019-03-18BlockBlock
Cloudflare Specials100122ARGS_GETBlock use of stream wrappers in GET arguments (RFI/RCE)2019-03-18LogBlock
Cloudflare Specials100125Block AngularJS Sandbox attacks2019-03-18LogBlock
Cloudflare Specials100021DImprove XSS detection2019-03-18ChallengeBlock
Cloudflare WordPressWP0031

WordPress RCE -

CVE-2019-8942

,

CVE-2019-8943

2019-03-11N/ABlock
Cloudflare Specials100021CBImprove XSS event detection2019-03-11ChallengeBlock
Cloudflare Specials100021CImprove XSS event detection2019-03-11BlockBlock
Cloudflare Specials100008EImprove SQLi probing2019-03-04BlockBlock
Cloudflare Specials100123UTF-8 Invalid Characters detection (URL)2019-03-04LogBlock
Cloudflare Specials100008EImprove SQLi probe detection2019-02-18N/ABlock
Cloudflare Specials100063_BETAReduce false positives for 1000632019-02-18LogBlock
Cloudflare Specials100021HImprove XSS2019-02-18LogBlock
Cloudflare Specials100021GDelete XSS rule2019-02-18BlockDeleted
Cloudflare Specials100124AUTF-8 Invalid Characters detection2019-02-11N/ADisable
Cloudflare Specials100124BUTF-8 Invalid Characters detection2019-02-11N/ADisable
Cloudflare Specials100008Moved rule out of BETA2019-02-08BlockBlock
Cloudflare Specials100011Block requests with null bytes2019-02-04N/ADisable
Cloudflare Specials100020Blocked SQLi with mysql comments2019-02-04LogBlock
Cloudflare Specials100120BBlocked SQLi with mysql comments2019-02-04LogBlock
Cloudflare Specials100120CBlocked SQLi with mysql comments2019-02-04N/ADisable
Cloudflare Specials100054

Block

CVE-2017-5638

RCE attempts

2019-02-04LogBlock
Cloudflare Specials100009CReduce 100009C false positives2019-01-28BlockBlock
Cloudflare Specials100007Improved RCE detection2019-01-28BlockBlock
Cloudflare PHPPHP100012

Detect

CVE-2017-9841

2019-01-28N/ABlock
Cloudflare Specials100112BBlock requests with duplicated User-Agent headers2019-01-21N/ADisable
Cloudflare Specials100009JReduce 100009J false positives2019-01-21BlockBlock
Cloudflare Specials100114Improved XSS probing detection2019-01-21LogBlock
Cloudflare Specials100005Improved LFI detection2019-01-21LogBlock
Cloudflare DrupalD0015Drupal SA-CORE-2019-002 vulnerabilityEmergency, 2019-01-17N/ABlock
Cloudflare DrupalD0016Drupal SA-CORE-2019-002 vulnerabilityEmergency, 2019-01-17N/ALog
Cloudflare PHPPHP100011Improved PHP code injection detection in URI and headers2019-01-14LogBlock
Cloudflare Specials100121ARGS_GETUse of multiple percent-encoding level in URI arguments2019-01-07N/ADisable
Cloudflare Specials100121URIUse of multiple percent-encoding level in URI2019-01-07N/ADisable
Cloudflare Specials100021CD3XSS reflection with JavaScript events2019-01-02N/ADisable
Cloudflare Specials100068BImprove SQLi detection2019-01-02LogBlock
Cloudflare Specials100021_BETAImprove XSS detection2019-01-02LogChallenge