Skip to content

Historical (2022)

RulesetRule IDLegacy Rule IDDescriptionChange DateOld ActionNew Action
Cloudflare Specials…2aede3db100554Openam - Remote Code Execution - CVE:CVE-2021-35464 2022-12-12N/ADisabled
Cloudflare Specials…2ab75038100556Apache JXPath Library - Code Injection - CVE:CVE-2022-41852 2022-12-12N/ADisabled
Cloudflare Specials…b8ef67d7N/ASQLi - Equation2022-11-29N/ABlock
Cloudflare Specials…128f1556N/ASQLi - Generic2022-11-14N/ABlock
Cloudflare Specials…b9cfd82d100552JXPath RCE - CVE:CVE-2022-41852 2022-10-31N/ABlock
Cloudflare Specials…66edb651100555Apache Commons Text - Code Injection - CVE:CVE-2022-42889 Emergency, 2022-10-18N/ABlock
Cloudflare Specials…1bc977d1100005

DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892 , CVE:CVE-2022-31474

This detection was announced as …845e3ec7 on new WAF.

2022-10-17N/ABlock
Sensitive Data Disclosure (SDD)…eebf3863N/A

California Driver’s License

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…5b82d61cN/A

Florida Driver’s License

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…d47285a0N/A

Illinois Driver’s License

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…9f7200b4N/A

New York Driver’s License

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…440ec8b9N/A

UK Driver’s License

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…c78cf1e1N/A

UK National Insurance Number

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…0f8f2657N/A

UK Passport

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…5fe4101eN/A

US Passport

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Sensitive Data Disclosure (SDD)…0a290153N/A

Wisconsin Driver’s License

This detection is part of Sensitive Data Disclosure (SDD).

2022-10-17LogDisable
Cloudflare Specials…e0de97a2100553FortiOS - Authentication Bypass - CVE:CVE-2022-40684 Emergency, 2022-10-14N/ABlock
Cloudflare Specials…ee9bb2f5100549Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804 2022-10-10N/ABlock
Cloudflare Specials…1d870399100546XSS - HTML Encoding2022-10-03N/ABlock
Cloudflare Specials…e09c1a1e100551

Microsoft Exchange SSRF and RCE vulnerability - CVE:CVE-2022-41040 , CVE:CVE-2022-41082

Emergency, 2022-10-03N/ABlock
Cloudflare Specials…ee9bb2f5100549Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804 Emergency, 2022-09-20N/ABlock
Cloudflare Specials…cfd0fac1100135A

XSS - JavaScript Events

This detection was announced in BETA with ID …92c2ad9f on new WAF and ID 100135A_BETA on legacy WAF.

2022-09-12BlockBlock
Cloudflare Specials…e09c1a1e100542

Broken Authentication - VMware - CVE:CVE-2022-31656 , CVE:CVE-2022-22972

This detection was announced in BETA with ID …df7d4d7b on new WAF and ID 100542_BETA on legacy WAF.

2022-09-12BlockBlock
Cloudflare Specials…36fe4cbb100547Sophos Firewall Auth Bypass Vulnerability - CVE:CVE-2022-1040 2022-09-12N/ABlock
Cloudflare Specials…4529da66100504Atlassian - CVE:CVE-2021-26086 2022-09-12N/ABlock
Cloudflare Specials…b090ba9a100303

Command Injection - Nslookup

This detection was announced in BETA with ID …d5488862 on new WAF and ID 100303_BETA on legacy WAF.

2022-09-05BlockBlock
Cloudflare Specials…3a9dc737100532BVulnerability scanner activity 22022-08-30N/ADisable
Cloudflare Specials…9b16ea5eN/ACVE-2020-134432022-08-30N/ABlock
Cloudflare Specials…fd9eb416100541Code Injection - WordPress Weblizar Backdoor - CVE:CVE-2022-1609 2022-08-22N/ABlock
Cloudflare Specials…e09c1a1e100542Broken Authentication - VMware - CVE:CVE-2022-31656 2022-08-22N/ABlock
Cloudflare Specials…9ff2129f100544

Zimbra - Command Injection - CVE:CVE-2022-27925 , CVE:CVE-2022-30333

2022-08-22N/ABlock
Cloudflare Specials…94700caeN/A

Drupal, Magento, PHP - Deserialization - CVE:CVE-2019-6340 , CVE:CVE-2016-4010 - 2

2022-08-22N/ABlock
Cloudflare Specials…1bc977d1100005

DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892

2022-08-22N/ABlock
Cloudflare Specials…8e2e15a5N/ASQLi - Strict2022-08-15N/ADisable
Cloudflare Specials…25ba9d7cN/ASSRF - Cloud2022-08-15N/ADisable
Cloudflare Specials…8242627bN/ASSRF - Local2022-08-15N/ADisable
Cloudflare Specials…74a51804N/ASSRF - Host2022-08-15N/ADisable
Cloudflare Specials…d77be6e7100540XSS, Code Injection - Elementor - CVE:CVE-2022-29455 2022-08-01N/ABlock
Cloudflare Specials…b21a6d17100539Alibaba Fastjson Remote Code Execution - CVE:CVE-2022-25845 2022-08-01N/ABlock
Cloudflare Specials…49e6b538100534Webshell Activity2022-08-01N/ABlock
Cloudflare Specials…8d667511N/ANoSQL, MongoDB - SQLi - Comparison2022-08-01N/ADisable
Cloudflare Specials…6418cd0aN/ANoSQL, MongoDB - SQLi - Expression2022-08-01N/ADisable
Cloudflare Specials…0d64e8c3N/APostgreSQL - SQLi - COPY2022-08-01N/ADisable
Cloudflare Specials…fe93af88N/ASQLi - AND/OR Digit Operator Digit2022-08-01N/ADisable
Cloudflare Specials…5dfbd021N/ASQLi - AND/OR Digit Operator Digit - 22022-08-01N/ADisable
Cloudflare Specials…95cb1c78N/ASQLi - AND/OR MAKE_SET/ELT2022-08-01N/ADisable
Cloudflare Specials…33a94329N/ASQLi - Benchmark Function2022-08-01N/ADisable
Cloudflare Specials…a0ac8609N/ASQLi - Equation2022-08-01N/ADisable
Cloudflare Specials…e3f62041N/ASQLi - ORD and ASCII2022-08-01N/ADisable
Cloudflare Specials…5dcf99b7N/A

SQLi -SELECT Expression

2022-08-01N/ADisable
Cloudflare Specials…2514d20dN/ASQLi - Sleep Function2022-08-01N/ADisable
Cloudflare Specials…cf1914a0N/ASQLi - String Concatenation2022-08-01N/ADisable
Cloudflare Specials…484037ceN/ASQLi - String Function2022-08-01N/ADisable
Cloudflare Specials…42123a6cN/ASQLi - Sub Query2022-08-01N/ADisable
Cloudflare Specials…d7aa0008N/A

SQLi -UNION in MSSQL

2022-08-01N/ADisable
Cloudflare Specials…3306fcc2N/ASQLi - WaitFor Function2022-08-01N/ADisable
Cloudflare Specials…1651d0c8100536GraphQL Injection2022-07-25N/ABlock
Cloudflare Specials…6a648210100537Oracle ADF Remote Code Execution - CVE:CVE-2022-21445 2022-07-25N/ABlock
Cloudflare Specials…2753531e100533NoSQL - Injection2022-07-18N/ABlock
Cloudflare Specials…49e6b538100534Web Shell Activity2022-07-18N/ABlock
Cloudflare Specials…851d2f71100007CCommand Injection - Common Attack Commands2022-07-18N/ABlock
Cloudflare Specials…aa290ad9100135DXSS - JS On Events2022-07-18N/ABlock
Cloudflare SpecialsN/A100045B

Anomaly:Header , Directory Traversal - Multiple Slashes, Relative Paths, CR, LF or NULL

2022-07-06LogBlock
Cloudflare Specials…34780914100532Vulnerability scanner activity2022-07-05N/ABlock
Cloudflare Specials…d503ded0N/AXSS, HTML Injection2022-06-20N/ADisable
Cloudflare Specials…fd09a0e6N/AXSS - JavaScript Events2022-06-20N/ADisable
Cloudflare Specials…f4b0220e100703Validate HeadersEmergency, 2022-06-10N/ABlock
Cloudflare Specials…408cff2b100531

Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)

Emergency, 2022-06-07N/ABlock
Cloudflare Specials…0c99546a100702Command Injection - CVE:CVE-2022-24108 2022-06-06N/ABlock
Cloudflare Specials…e184d050100701Command Injection - CVE:CVE-2022-30525 2022-06-06N/ABlock
Cloudflare Specials…56c390a1N/A

DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892 2

2022-06-06N/ABlock
Cloudflare Specials…3456f611N/AXXE - System Function2022-06-06N/ABlock
Cloudflare Specials…ae5baf61100005

DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892

2022-06-06N/ABlock
Cloudflare Specials…bb44c04a100531B

Atlassian Confluence - Code Injection - Extended - CVE:CVE-2022-26134

Emergency, 2022-06-04N/ADisabled
Cloudflare Specials…408cff2b100531

Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)

Emergency, 2022-06-04N/ABlock
Cloudflare Specials…408cff2b100531Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 Emergency, 2022-06-03N/ABlock
Cloudflare Specials…408cff2b100531

Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)

Emergency, 2022-06-03N/ABlock
Cloudflare Specials…408cff2b100531

Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)

Emergency, 2022-06-03N/ABlock
Cloudflare Specials…0d20ddd9100054

Improve Apache Struts detection. Merge 100054_BETA into 100054 and …f0c856b4 into …0d20ddd9. Apache Struts - Command Injection - CVE:CVE-2017-5638 .

2022-05-30N/ABlock
Cloudflare Specials…e1787c92N/AMicrosoft Exchange - Code Injection2022-05-16N/ABlock
Specials…d6e3073f100530Command Injection - RCE in BIG-IP - CVE:CVE-2022-1388 Emergency, 2022-05-10N/ABlock
Cloudflare Specials…02a9ee96100528Code Injection - CVE:CVE-2022-29078 2022-05-09N/ABlock
Cloudflare Specials…422313d0100529VMware vCenter - CVE:CVE-2021-22054 2022-05-09N/ABlock
Cloudflare Specials…370dc796N/APostgreSQL - SQLi, Command Injection - CVE:CVE-2019-9193 2022-05-09N/ADisable
Cloudflare Specials…61337861100056_BETAApache Struts - Code Injection - CVE:CVE-2017-9791 - Beta2022-04-25DisableBlock
Cloudflare Specials…bb70a463100527Apache Struts - CVE:CVE-2021-31805 2022-04-25DisableBlock
Cloudflare Specials…a24f08b7100526VMware vCenter - CVE:CVE-2022-22954 2022-04-25DisableBlock
Cloudflare Specials…4343ef6bN/AAnomaly:Header:X-Forwarded-Host 2022-04-20N/ADisable
Cloudflare Specials…ad8ba4bcN/AAnomaly:Header:Content-Length - Missing in POST2022-04-20N/ADisable
Cloudflare Specials…cc74ff69N/AAnomaly:Header:Accept - Missing or Empty2022-04-20N/ADisable
Cloudflare Specials…041699fbN/APractico CMS - SQLi2022-04-20N/ADisable
Cloudflare Specials…4751ef80N/AJoomla - Anomaly:Header:User-Agent 2022-04-20N/ADisable
Cloudflare Specials…f2cc4e84100524Spring - Code Injection2022-04-11N/ABlock
Cloudflare Specials…4e742bb6N/ADrupal - Header Injection - CVE:CVE-2018-14774 2022-04-11N/ADisable
Cloudflare Specials…e46c6d76N/ADrupal - XSS - CVE:CVE-2018-9861 2022-04-11N/ADisable
Specials…f2cc4e84100524Spring - Code InjectionEmergency, 2022-04-04SimulateBlock
Specials…fbe6c869100522Spring - CVE:CVE-2022-22947 Emergency, 2022-04-04SimulateBlock
Specials…f2cc4e84100524Spring - Code InjectionEmergency, 2022-03-31N/ASimulate
Specials…fbe6c869100522Spring - CVE:CVE-2022-22947 Emergency, 2022-03-29N/ASimulate
Cloudflare Specials…e7c9a2c4100519BMagento - CVE:CVE-2022-24086 2022-03-14N/ABlock
Cloudflare Specials…a37c3733100520Apache - CVE:CVE-2022-24112 2022-03-14N/ABlock
Cloudflare Specials…664ed6fe100015Anomaly:Port - Non Standard Port (not 80 or 443)2022-03-14N/ADisable
Cloudflare Specials…5723bcc9100022

Anomaly:Method - Not GET or POST

2022-03-14N/ADisable
Cloudflare Specials…3fccf643100519Magento - CVE:CVE-2022-24086 2022-03-07N/ABlock
Cloudflare Specials…5ea3d579100518SAP - Code Injection - CVE:CVE-2022-22532 2022-02-28N/ABlock
Cloudflare Specials…69e0b97a100400

Atlassian Confluence - Code Injection - CVE:CVE-2021-26084 - Improve Rule Coverage

2022-02-21BlockBlock
Cloudflare SpecialsN/APHP100001

PHP - Command Injection - CVE:CVE-2012-2336 , CVE:CVE-2012-2311 , CVE:CVE-2012-1823

2022-02-14ChallengeBlock
Cloudflare Specials…dc29b753100515BLog4j Body Obfuscation2022-02-14N/ABlock
Cloudflare Specials…69fe1e0d100700Apache SSRF vulnerability CVE-2021-404382022-01-24N/ABlock