Skip to content

Historical (2021)

RulesetRule IDLegacy Rule IDDescriptionChange DateOld ActionNew Action
Specials...fe5abb10100515Log4j RCE Body - CVE-2021-44228Emergency, 2021-12-16BlockBlock
Specials...60ba67d7100517Log4j RCE Advanced URI, Headers - CVE-2021-44228Emergency, 2021-12-14N/ADisabled
Specials...74430f12100514Log4j RCE Headers - CVE-2021-44228Emergency, 2021-12-10N/ABlock
Specials...fe5abb10100515Log4j RCE Body - CVE-2021-44228Emergency, 2021-12-10N/ABlock
Specials...d5e015dd100516Log4j RCE URI - CVE-2021-44228Emergency, 2021-12-10N/ABlock
Specials...1c8e7f7f100009B3SQLi - ORDER/GROUP BY2021-11-01N/ADisabled
SpecialsN/A100201_2Anomaly:Header:User-Agent - Fake Google Bot2021-11-01N/ABlock
SpecialsN/A100202_2Anomaly:Header:User-Agent - Fake Bing or MSN Bot2021-11-01N/ABlock
SpecialsN/A100203_2Anomaly:Header:User-Agent - Fake Yandex Bot2021-11-01N/ABlock
SpecialsN/A100204_2Anomaly:Header:User-Agent - Fake Baidu Bot2021-11-01N/ABlock
Specials...88d80772100008E2SQLi - AND/OR Digit Operator Digit2021-10-25N/ABlock
Specials...a72a6b3a100009CB2SQLi - Equation2021-10-25N/ABlock
Specials...2ebc44ad100008DSQLi - Benchmark Function2021-10-25N/ABlock
Specials...521e1effWP0036WordPress - Broken Access Control2021-10-19N/ABlock
Specials...cfd0fac1100135AXSS - JavaScript Events - Improve Rule Coverage2021-10-04BlockBlock
Specials...95afef63100135BXSS - JavaScript Events - Improve Rule Coverage2021-10-04BlockBlock
Specials...b3de2e0a100410SQLi - Tautology - URI2021-10-04N/ABlock
Specials...cfd0fac1100135AXSS - JavaScript Events - Improve Rule Coverage2021-09-06BlockBlock
Specials...de5e2367100135CXSS - JavaScript Events - Improve Rule Coverage2021-09-06BlockBlock
Specials...901dddd0100139DXSS, HTML Injection - Data URI - Improve Rule Coverage2021-09-06BlockBlock
Specials...69e0b97a100400Atlassian Confluence - Code Injection - CVE:CVE-2021-26084Emergency, 2021-09-01N/ABlock
Specials...6aa0bef8100201Anomaly:Header:User-Agent - Fake Google Bot2021-08-31BlockBlock
Specials...c12cf9c8100202Anomaly:Header:User-Agent - Fake Bing or MSN Bot2021-08-31BlockBlock
Specials...f6cbb163100203Anomaly:Header:User-Agent - Fake Yandex Bot2021-08-31BlockBlock
Specials...047f06b4100204Anomaly:Header:User-Agent - Fake Baidu Bot2021-08-31BlockBlock
Specials...090d53ee100045

Anomaly:URL:Path - Multiple Slashes, Relative Paths, CR, LF or NULL

2021-08-23DisabledDisabled
Specials...603649a2100210Laravel - Code Injection - CVE-2021-31292021-08-16N/ABlock
Specials...fe8ceb2f100045A

Anomaly:URL:Query String - Multiple Slashes, Relative Paths, CR, LF or NULL

2021-08-16N/ADisabled
OWASP XSS (URI)N/Auri-973345Improve rule performance2021-07-26Scoring BasedScoring Based
OWASP XSSN/A973345Improve rule performance2021-07-26Scoring BasedScoring Based
SpecialsN/A100009Improve rule performance2021-07-26BlockBlock
Specials...54622f7d100200Anomaly Header: Content-Type - Missing2021-07-26N/ADisabled
OWASP XSS (URI)N/Auri-973346Improve Rule Performance2021-07-19Scoring BasedScoring Based
OWASP XSS (URI)N/Auri-973322Improve Rule performance2021-07-19Scoring BasedScoring Based
OWASP XSSN/A973346Improve Rule performance2021-07-19Scoring BasedScoring Based
OWASP XSSN/A973322Improve Rule performance2021-07-19Scoring BasedScoring Based
Cloudflare SpecialsN/A100197Block ReGeorg webshellEmergency, 2021-07-01N/ABlock
Cloudflare SpecialsN/A100197BBlock ReGeorg webshellEmergency, 2021-07-01N/ADisabled
SpecialsN/A100196CVE-2021-21985 VSphere Virtual SAN Health Check2021-06-21N/ABlock
SpecialsN/A100136AImprove rule performance2021-06-21BlockBlock
SpecialsN/A100139AImprove rule performance2021-06-14DisabledDisabled
SpecialsN/A100139BImprove rule performance2021-06-14BlockBlock
SpecialsN/A100139CImprove rule performance2021-06-14BlockBlock
SpecialsN/A100195

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2021-31166

2021-06-07N/ABlock
WordPressN/AWP0025DImprove Rule Performance2021-06-01BlockBlock
WordPressN/AWP0026Improve Rule Coverage2021-06-01BlockBlock
WordPressN/AWP0023Improve Rule Performance - Supersedes 1002452021-06-01BlockBlock
SpecialsN/A100245

Remove 100245 (WordPress - Broken Access Control - Update Script) - Superseded by WP0023

2021-06-01BlockDisabled
DrupalN/AD0000Improve Rule Coverage2021-06-01BlockBlock
PHPN/APHP100012Improve Rule Coverage2021-06-01BlockBlock
SpecialsN/A100222Improve Rule Coverage2021-06-01DisabledDisabled
Cloudflare SpecialsN/A100188ACVE-2021-22893 Pulse Secure Vendor WorkaroundEmergency, 2021-04-21N/ABlock
Cloudflare SpecialsN/A100038Improve Information Disclosure Coverage2021-04-19BlockBlock
Cloudflare SpecialsN/A100185A

Deprecated Short PHP Open Tag (<?) Mitigation

2021-03-22N/ADisable
Cloudflare SpecialsN/A100179Improve Rule Performance2021-03-08BlockBlock
Cloudflare SpecialsN/A100181

Microsoft Exchange - Code Injection - CVE-2021-26858 - CVE-2021-27065

Emergency, 2021-03-06N/ABlock
Cloudflare SpecialsN/A100179Microsoft Exchange - SSRF - CVE-2021-26855Emergency, 2021-03-05N/ABlock
Cloudflare SpecialsN/A100005Improve LFI Log Injection/Disclosure coverage2021-03-01BlockBlock