Changelog · WAF

WAF - Scheduled changes for 2024-08-05

Mon, 29 Jul 2024 08:00:00 EST

Announcement Date	Release Date	Release Behavior	Legacy Rule ID	Rule ID	Description	Comments
2024-07-29	2024-08-05	Log	100664	`...89011f18`	Automation Anywhere - SSRF - CVE:CVE-2024-6922	New Detection
2024-07-29	2024-08-05	Log	100663	`...740bce9a`	WSO2 - Dangerous File Upload - CVE:CVE-2022-29464	New Detection
2024-07-29	2024-08-05	Log	100662	`...77c07fce`	ServiceNow - Input Validation - CVE:CVE-2024-4879, CVE:CVE-2024-5178, CVE:CVE-2024-5217	New Detection

WAF - 2024-07-29

Mon, 29 Jul 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...daa4b037`	100659	Common Payloads for Server-side Template Injection - Base64	N/A	Disabled	N/A
Cloudflare Specials	`...4816b26f`	100559A	Prototype Pollution - Common Payloads - Base64	N/A	Disabled	N/A
Cloudflare Specials	`...818d6040`	100660	Server-side Includes - Common Payloads - Base64	N/A	Disabled	N/A
Cloudflare Specials	`...3defc179`	100661	SQLi - Common Payloads - Base64	N/A	Disabled	N/A
Cloudflare Specials	`...f2cc4e84`	100524	Java - Remote Code Execution	Block	Disabled	N/A

WAF - 2024-07-24

Wed, 24 Jul 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...f2cc4e84`	100524	Java - Remote Code Execution	Log	Block	This was released as rule 100532_BETA in old WAF and `...7d0a9131` in new WAF
Cloudflare Specials	`...a28a42c4`	100659	Common Payloads for Server-side Template Injection	N/A	Disabled	N/A
Cloudflare Specials	`...fa595c5b`	100533A	Generic Payloads NoSQL Injection Base64 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...f8c3c472`	100533A	Generic Payloads NoSQL Injection	N/A	Disabled	N/A
Cloudflare Specials	`...1b5ca35e`	100644	Generic Payloads XSS Base64 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...8d4b794c`	100644	Generic Payloads XSS	N/A	Disabled	N/A
Cloudflare Specials	`...e0713e9f`	100642	LDAP Injection Base64 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...48f6a9cf`	100642	LDAP Injection	N/A	Disabled	N/A
Cloudflare Specials	`...433e5b3d`	100559A	Prototype Pollution - Common Payloads	N/A	Disabled	N/A
Cloudflare Specials	`...1a3e21e4`	100645	Remote Code Execution - Generic Payloads	N/A	Disabled	N/A
Cloudflare Specials	`...ea67490b`	100660	Server-Side Includes - Common Payloads	N/A	Disabled	N/A
Cloudflare Specials	`...1e676265`	100661	SQLi - Common Payloads	N/A	Disabled	N/A

WAF - 2024-07-17

Wed, 17 Jul 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...6fa67018`	100658	Apache OFBiz - SSRF - CVE:CVE-2023-50968	Log	Block	New Detection
Cloudflare Specials	`...f2f0224b`	100657	JEECG - Deserialization - CVE:CVE-2023-49442	Log	Block	New Detection
Cloudflare Specials	`...34780914`	100532	Vulnerability scanner activity	Log	Block	This was released as rule 100532_BETA in old WAF and `...27bea257` in new WAF

WAF - 2024-07-10

Wed, 10 Jul 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...a0c03e6f`	100654	Telerik Report Server - Auth Bypass - CVE:CVE-2024-4358, CVE:CVE-2024-1800	Log	Block	New Detection
Cloudflare Specials	`...ff9f8ca6`	100655	Rejetto HTTP File Server - Remote Code Execution - CVE:CVE-2024-23692	Log	Block	New Detection
Cloudflare Specials	`...85c293eb`	100647	pgAdmin - Remote Code Execution - CVE:CVE-2024-3116	Log	Block	New Detection
Cloudflare Specials	`...b57f700d`	100656	MoveIT - Auth Bypass - CVE:CVE-2024-5806	Log	Block	New Detection
Cloudflare Specials	`...afae3d67`	100079A	Java - Deserialization - 2	Log	Block	New Detection
Cloudflare Specials	`...98760cfd`	100648	Groovy - Remote Code Execution	Log	Block	New Detection
Cloudflare Specials	`...69fe1e0d`	100700	Apache SSRF vulnerability CVE-2021-40438	Log	Block	This rule was released as 100700_BETA in old WAF and `...d4c44dad` in new WAF

WAF - 2024-06-18 - Emergency

Tue, 18 Jun 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...1a9fccda`	100652	PHP CGI - Information Disclosure - CVE:CVE-2024-4577	N/A	Block	N/A
Cloudflare Specials	`...2b931b04`	100653	Veeam Backup Enterprise Manager - Information Disclosure - CVE:CVE-2024-29849	N/A	Block	N/A

WAF - 2024-06-06 - Emergency

Thu, 06 Jun 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...00a71dce`	100651	Atlassian Confluence - Remote Code Execution - CVE:CVE-2024-21683	N/A	Block	N/A

WAF - 2024-05-30 - Emergency

Thu, 30 May 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...b1df0e15`	100650	Check Point Security - Information Disclosure - CVE:CVE-2024-24919	N/A	Block	N/A

WAF - 2024-05-29 - Emergency

Wed, 29 May 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...92b2cc05`	100649	FortiSIEM - Remote Code Execution - CVE:CVE-2024-23108, CVE:CVE-2023-34992	N/A	Block	N/A

Improved detection capabilities

Thu, 23 May 2024 08:00:00 EST

WAF attack score now automatically detects and decodes Base64 and JavaScript (Unicode escape sequences) in HTTP requests. This update is available for all customers with access to WAF attack score (Business customers with access to a single field and Enterprise customers).

WAF - 2024-05-21

Tue, 21 May 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...96ca9284`	N/A	Generic Payloads XSS Base64 2 Beta	N/A	Disabled

WAF - 2024-05-14

Tue, 14 May 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action
Cloudflare Specials	`...fa595c5b`	N/A	Generic Payloads NoSQL Injection Base64 Beta	N/A	Disabled
Cloudflare Specials	`...e0713e9f`	N/A	LDAP Injection Base64 Beta	N/A	Disabled
Cloudflare Specials	`...cad90fb3`	N/A	NoSQL - Injection Base64 2 Beta	N/A	Disabled

WAF - 2024-05-08

Wed, 08 May 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...1b5ca35e`	N/A	Generic Payloads XSS Base64 Beta	N/A	Disabled

WAF - 2024-05-06

Mon, 06 May 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...34780914`	100532	Vulnerability scanner activity	N/A	Block	This was released as BETA via `...554f9705`
Cloudflare Specials	`...2753531e`	100533	NoSQL - Injection	N/A	Block	This was released as BETA via `...aaa061e3`

WAF - 2024-04-24

Wed, 24 Apr 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Sensitive Data Disclosure (SDD)	`...17bd5326`	N/A	Malaysian Phone Number	N/A	Disabled	N/A
Sensitive Data Disclosure (SDD)	`...3172838f`	N/A	Malaysia Identification Card Number	N/A	Disabled	N/A
Cloudflare Specials	`...27e67a11`	N/A	Vulnerability scanner activity 3 Base64 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...9cb76af3`	N/A	Default Windows User - Directory Traversal Base64 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...fa595c5b`	N/A	Generic Payloads NoSQL Injection Base64 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...cad90fb3`	N/A	NoSQL - Injection Base64 2 Beta	N/A	Disabled	N/A
Cloudflare Specials	`...e0713e9f`	N/A	LDAP Injection Base64 Beta	N/A	Disabled	N/A

WAF - 2024-04-22

Mon, 22 Apr 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...1a3e21e4`	100645	Remote Code Execution - Generic Payloads	N/A	Disabled	N/A
Cloudflare Specials	`...f8c3c472`	100533A	Generic Payloads NoSQL Injection	N/A	Disabled	N/A
Cloudflare Specials	`...8d4b794c`	100644	Generic Payloads XSS	N/A	Disabled	N/A
Cloudflare Specials	`...e31d972a`	100007C_BETA	Command Injection - Common Attack Commands Beta	N/A	Disabled	Updated detection logic
Cloudflare Specials	`...7f3009d1`	100643	Default Windows User - Directory Traversal	N/A	Disabled	Updated detection logic
Cloudflare Specials	`...48f6a9cf`	100642	LDAP Injection	N/A	Disabled	Updated detection logic
Cloudflare Specials	`...dd908124`	100532C	Vulnerability scanner activity 3	N/A	Disabled	Updated detection logic

WAF - 2024-04-16 - Emergency

Tue, 16 Apr 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...851d2f71`	100007C	Command Injection - Common Attack Commands	N/A	Block	N/A

WAF - 2024-04-15

Mon, 15 Apr 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...be099a1f`	100045C	Anomaly:URL:Path - Multiple Slashes, Relative Paths, CR, LF or NULL 2	N/A	Disabled	N/A
Cloudflare Specials	`...e31d972a`	100007C_BETA	Command Injection - Common Attack Commands Beta	N/A	Disabled	N/A
Cloudflare Specials	`...7f3009d1`	100643	Default Windows User - Directory Traversal	N/A	Disabled	N/A
Cloudflare Specials	`...cf419cda`	100088E	Generic XXE Attack	N/A	Disabled	N/A
Cloudflare Specials	`...56c53382`	100088D	Generic XXE Attack 2	N/A	Disabled	N/A
Cloudflare Specials	`...af00f61d`	100536A	GraphQL Introspection	N/A	Disabled	N/A
Cloudflare Specials	`...a41e5b67`	100536B	GraphQL SSRF	N/A	Disabled	N/A
Cloudflare Specials	`...48f6a9cf`	100642	LDAP Injection	N/A	Disabled	N/A
Cloudflare Specials	`...dd908124`	100532C	Vulnerability scanner activity 3	N/A	Disabled	N/A

WAF - 2024-04-08

Mon, 08 Apr 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...49621813`	100632	Nginx - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...7dc64fb6`	100633	PHP - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...7eac8439`	100634	Generic Database - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...a0ccf665`	100635	Generic Log - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...e485e537`	100636	Generic Webservers - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...1813c52d`	100637	Generic Home Directory - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...241fb0cb`	100638	Generic System Process - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...d03cd48f`	100639	Command Injection	N/A	Disabled	N/A
Cloudflare Specials	`...e367ad17`	100640	Generic System - File Inclusion	N/A	Disabled	N/A
Cloudflare Specials	`...a8f03d2d`	100641	Apache - File Inclusion	N/A	Disabled	N/A

WAF - 2024-03-18

Mon, 18 Mar 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...2bed8cdd`	100629	JetBrains TeamCity - Auth Bypass, Remote Code Execution - CVE:CVE-2024-27198, CVE:CVE-2024-27199	N/A	Block	N/A
Cloudflare Specials	`...1ef425a5`	100630	Apache OFBiz - Auth Bypass, Remote Code Execution - CVE:CVE-2023-49070, CVE:CVE-2023-51467	N/A	Block	N/A

WAF - 2024-03-11

Mon, 11 Mar 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...dc6877e2`	100627	Wordpress:Plugin:Bricks Builder Theme - Command Injection - CVE:CVE-2024-25600	N/A	Block	N/A
Cloudflare Specials	`...ae685218`	100628	ConnectWise - Auth Bypass	N/A	Block	N/A

WAF - 2024-03-04

Mon, 04 Mar 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...aa290ad9`	100135D	XSS - JS On Events	N/A	Block	This detection was released as ...9c1c14e6 (BETA) in new WAF

WAF - 2024-02-26

Mon, 26 Feb 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...1d870399`	100546	XSS - HTML Encoding	N/A	Block	This detection was released as ...07c62aeb (BETA) in new WAF

WAF - 2024-02-20

Tue, 20 Feb 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...9a5581d0`	100622B, 100622C	Ivanti - Command Injection - CVE:CVE-2023-46805, CVE:CVE-2024-21887, CVE:CVE-2024-22024	N/A	Block	N/A
Cloudflare Specials	`...d0b325aa`	N/A	Microsoft ASP.NET - Code Injection - Function response.write	N/A	Block	This detection was released as ...50c86f85 (BETA) in new WAF
Cloudflare Specials	`...1b138b3e`	N/A	NoSQL, MongoDB - SQLi - Comparison	N/A	Block	This detection was released as ...4ba436bb (BETA) in new WAF
Cloudflare Specials	`...8f66903c`	N/A	NoSQL, MongoDB - SQLi - Expression	N/A	Block	This detection was released as ...f67956b2 (BETA) in new WAF
Cloudflare Specials	`...2d2e031c`	N/A	PHP - Code Injection	N/A	Disabled	This detection was released as ...2a1f3a04 (BETA) in new WAF
Cloudflare Specials	`...824b817c`	N/A	PHP, vBulletin, jQuery File Upload - Code Injection, Dangerous File Upload - CVE:CVE-2018-9206, CVE:CVE-2019-17132	N/A	Block	This detection was released as ...dcd12482 (BETA) in new WAF

WAF - 2024-02-12

Mon, 12 Feb 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...901523c0`	100625	Jenkins - Information Disclosure - CVE:CVE-2024-23897	N/A	Block	N/A
Cloudflare Specials	`...d5e015dd`	100514	Log4j Headers	N/A	Block	N/A
Cloudflare Specials	`...dc29b753`	100515B	Log4j Body Obfuscation	N/A	Block	N/A

WAF - 2024-02-05

Mon, 05 Feb 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...52d6027b`	100624	GoAnywhere - Auth Bypass - CVE:CVE-2024-0204	N/A	Block	N/A
Cloudflare Specials	`...f89ab164`	100626,100626A	Anomaly:Header:Content-Type - Multiple	N/A	Disabled	New Detection
Cloudflare Specials	`...7736c63c`	N/A	AngularJS - XSS	N/A	Block	This detection was released as ...014fc5b9 (BETA) in new WAF
Cloudflare Specials	`...a02344cb`	N/A	Apache HTTP Server - Server-Side Includes	N/A	Disabled	This detection was released as ...10cae4a8 (BETA) in new WAF
Cloudflare Specials	`...af52d528`	N/A	Command Injection - CVE:CVE-2014-6271	N/A	Block	This detection was released as ...d2a0991c (BETA) in new WAF
Cloudflare Specials	`...b090ba9a`	N/A	Command Injection - Nslookup	N/A	Block	This detection was released as ...da3d944c (BETA) in new WAF
Cloudflare Specials	`...d5a14a5e`	N/A	Microsoft ASP.NET - Code Injection	N/A	Disabled	This detection was released as ...70f4f073 (BETA) in new WAF

WAF - 2024-01-22 - Emergency

Mon, 22 Jan 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...da07a922`	100623	Atlassian Confluence - Template Injection - CVE:CVE-2023-22527	N/A	Block	N/A

WAF - 2024-01-17 - Emergency

Wed, 17 Jan 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...34ab53c5`	100622	Ivanti - Auth Bypass, Command Injection - CVE:CVE-2023-46805, CVE:CVE-2024-21887	N/A	Block	N/A

WAF - 2024-01-16

Tue, 16 Jan 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...38906cff`	100620	Microsoft ASP.NET - Remote Code Execution - CVE:CVE-2023-35813	N/A	Block	N/A
Cloudflare Specials	`...84f664a9`	100619	Liferay - Remote Code Execution - CVE:CVE-2020-7961	N/A	Block	N/A
Cloudflare Specials	`...7d29ec39`	100618	pfSense - Remote Code Execution - CVE:CVE-2023-42326	N/A	Block	N/A
Cloudflare Specials	`...9016ef33`	100621	Clerk - Auth Bypass	N/A	Disabled	N/A

WAF - 2024-01-04

Thu, 04 Jan 2024 08:00:00 EST

Ruleset	Rule ID	Legacy Rule ID	Description	Previous Action	New Action	Comments
Cloudflare Specials	`...53c7ccde`	100612	SnakeYAML - CVE:CVE-2022-1471	N/A	Block	N/A