Cloudflare Docs
WAF
Edit this page on GitHub
Set theme to dark (⇧+D)

Historical - 2022

RulesetRule IDLegacy Rule IDDescriptionChange DateOld ActionNew Action
Cloudflare Specials...2aede3db100554Openam - Remote Code Execution - CVE:CVE-2021-354642022-12-12N/ADisabled
Cloudflare Specials...2ab75038100556Apache JXPath Library - Code Injection - CVE:CVE-2022-418522022-12-12N/ADisabled
Cloudflare Specials...b8ef67d7N/ASQLi - Equation2022-11-29N/ABlock
Cloudflare Specials...128f1556N/ASQLi - Generic2022-11-14N/ABlock
Cloudflare Specials...b9cfd82d100552JXPath RCE - CVE:CVE-2022-418522022-10-31N/ABlock
Cloudflare Specials...66edb651100555Apache Commons Text - Code Injection - CVE:CVE-2022-42889Emergency, 2022-10-18N/ABlock
Cloudflare Specials...1bc977d1100005

DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892, CVE:CVE-2022-31474

This detection was announced as ...845e3ec7 on new WAF.
2022-10-17N/ABlock
Sensitive Data Disclosure (SDD)...eebf3863N/A

California Driver's License

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...5b82d61cN/A

Florida Driver's License

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...d47285a0N/A

Illinois Driver's License

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...9f7200b4N/A

New York Driver's License

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...440ec8b9N/A

UK Driver's License

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...c78cf1e1N/A

UK National Insurance Number

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...0f8f2657N/A

UK Passport

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...5fe4101eN/A

US Passport

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Sensitive Data Disclosure (SDD)...0a290153N/A

Wisconsin Driver's License

This detection is part of Sensitive Data Disclosure (SDD).
2022-10-17LogDisable
Cloudflare Specials...e0de97a2100553FortiOS - Authentication Bypass - CVE:CVE-2022-40684Emergency, 2022-10-14N/ABlock
Cloudflare Specials...ee9bb2f5100549Atlassian Bitbucket - Code Injection - CVE:CVE-2022-368042022-10-10N/ABlock
Cloudflare Specials...1d870399100546XSS - HTML Encoding2022-10-03N/ABlock
Cloudflare Specials...e09c1a1e100551Microsoft Exchange SSRF and RCE vulnerability - CVE:CVE-2022-41040, CVE:CVE-2022-41082Emergency, 2022-10-03N/ABlock
Cloudflare Specials...ee9bb2f5100549Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804Emergency, 2022-09-20N/ABlock
Cloudflare Specials...cfd0fac1100135A

XSS - JavaScript Events

This detection was announced in BETA with ID ...92c2ad9f on new WAF and ID 100135A_BETA on legacy WAF.
2022-09-12BlockBlock
Cloudflare Specials...e09c1a1e100542

Broken Authentication - VMware - CVE:CVE-2022-31656, CVE:CVE-2022-22972

This detection was announced in BETA with ID ...df7d4d7b on new WAF and ID 100542_BETA on legacy WAF.
2022-09-12BlockBlock
Cloudflare Specials...36fe4cbb100547Sophos Firewall Auth Bypass Vulnerability - CVE:CVE-2022-10402022-09-12N/ABlock
Cloudflare Specials...4529da66100504Atlassian - CVE:CVE-2021-260862022-09-12N/ABlock
Cloudflare Specials...b090ba9a100303

Command Injection - Nslookup

This detection was announced in BETA with ID ...d5488862 on new WAF and ID 100303_BETA on legacy WAF.
2022-09-05BlockBlock
Cloudflare Specials...3a9dc737100532BVulnerability scanner activity 22022-08-30N/ADisable
Cloudflare Specials...9b16ea5eN/ACVE-2020-134432022-08-30N/ABlock
Cloudflare Specials...fd9eb416100541Code Injection - WordPress Weblizar Backdoor - CVE:CVE-2022-16092022-08-22N/ABlock
Cloudflare Specials...e09c1a1e100542Broken Authentication - VMware - CVE:CVE-2022-316562022-08-22N/ABlock
Cloudflare Specials...9ff2129f100544Zimbra - Command Injection - CVE:CVE-2022-27925, CVE:CVE-2022-303332022-08-22N/ABlock
Cloudflare Specials...94700caeN/ADrupal, Magento, PHP - Deserialization - CVE:CVE-2019-6340, CVE:CVE-2016-4010 - 22022-08-22N/ABlock
Cloudflare Specials...1bc977d1100005DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-18922022-08-22N/ABlock
Cloudflare Specials...8e2e15a5N/ASQLi - Strict2022-08-15N/ADisable
Cloudflare Specials...25ba9d7cN/ASSRF - Cloud2022-08-15N/ADisable
Cloudflare Specials...8242627bN/ASSRF - Local2022-08-15N/ADisable
Cloudflare Specials...74a51804N/ASSRF - Host2022-08-15N/ADisable
Cloudflare Specials...d77be6e7100540XSS, Code Injection - Elementor - CVE:CVE-2022-294552022-08-01N/ABlock
Cloudflare Specials...b21a6d17100539Alibaba Fastjson Remote Code Execution - CVE:CVE-2022-258452022-08-01N/ABlock
Cloudflare Specials...49e6b538100534Webshell Activity2022-08-01N/ABlock
Cloudflare Specials...8d667511N/ANoSQL, MongoDB - SQLi - Comparison2022-08-01N/ADisable
Cloudflare Specials...6418cd0aN/ANoSQL, MongoDB - SQLi - Expression2022-08-01N/ADisable
Cloudflare Specials...0d64e8c3N/APostgreSQL - SQLi - COPY2022-08-01N/ADisable
Cloudflare Specials...fe93af88N/ASQLi - AND/OR Digit Operator Digit2022-08-01N/ADisable
Cloudflare Specials...5dfbd021N/ASQLi - AND/OR Digit Operator Digit - 22022-08-01N/ADisable
Cloudflare Specials...95cb1c78N/ASQLi - AND/OR MAKE_SET/ELT2022-08-01N/ADisable
Cloudflare Specials...33a94329N/ASQLi - Benchmark Function2022-08-01N/ADisable
Cloudflare Specials...a0ac8609N/ASQLi - Equation2022-08-01N/ADisable
Cloudflare Specials...e3f62041N/ASQLi - ORD and ASCII2022-08-01N/ADisable
Cloudflare Specials...5dcf99b7N/ASQLi - SELECT Expression2022-08-01N/ADisable
Cloudflare Specials...2514d20dN/ASQLi - Sleep Function2022-08-01N/ADisable
Cloudflare Specials...cf1914a0N/ASQLi - String Concatenation2022-08-01N/ADisable
Cloudflare Specials...484037ceN/ASQLi - String Function2022-08-01N/ADisable
Cloudflare Specials...42123a6cN/ASQLi - Sub Query2022-08-01N/ADisable
Cloudflare Specials...d7aa0008N/ASQLi - UNION in MSSQL2022-08-01N/ADisable
Cloudflare Specials...3306fcc2N/ASQLi - WaitFor Function2022-08-01N/ADisable
Cloudflare Specials...1651d0c8100536GraphQL Injection2022-07-25N/ABlock
Cloudflare Specials...6a648210100537Oracle ADF Remote Code Execution - CVE:CVE-2022-214452022-07-25N/ABlock
Cloudflare Specials...2753531e100533NoSQL - Injection2022-07-18N/ABlock
Cloudflare Specials...49e6b538100534Web Shell Activity2022-07-18N/ABlock
Cloudflare Specials...851d2f71100007CCommand Injection - Common Attack Commands2022-07-18N/ABlock
Cloudflare Specials...aa290ad9100135DXSS - JS On Events2022-07-18N/ABlock
Cloudflare SpecialsN/A100045BAnomaly:Header, Directory Traversal - Multiple Slashes, Relative Paths, CR, LF or NULL2022-07-06LogBlock
Cloudflare Specials...34780914100532Vulnerability scanner activity2022-07-05N/ABlock
Cloudflare Specials...d503ded0N/AXSS, HTML Injection2022-06-20N/ADisable
Cloudflare Specials...fd09a0e6N/AXSS - JavaScript Events2022-06-20N/ADisable
Cloudflare Specials...f4b0220e100703Validate HeadersEmergency, 2022-06-10N/ABlock
Cloudflare Specials...408cff2b100531Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)Emergency, 2022-06-07N/ABlock
Cloudflare Specials...0c99546a100702Command Injection - CVE:CVE-2022-241082022-06-06N/ABlock
Cloudflare Specials...e184d050100701Command Injection - CVE:CVE-2022-305252022-06-06N/ABlock
Cloudflare Specials...56c390a1N/ADotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892 22022-06-06N/ABlock
Cloudflare Specials...3456f611N/AXXE - System Function2022-06-06N/ABlock
Cloudflare Specials...ae5baf61100005DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-18922022-06-06N/ABlock
Cloudflare Specials...bb44c04a100531BAtlassian Confluence - Code Injection - Extended - CVE:CVE-2022-26134Emergency, 2022-06-04N/ADisabled
Cloudflare Specials...408cff2b100531Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)Emergency, 2022-06-04N/ABlock
Cloudflare Specials...408cff2b100531Atlassian Confluence - Code Injection - CVE:CVE-2022-26134Emergency, 2022-06-03N/ABlock
Cloudflare Specials...408cff2b100531Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)Emergency, 2022-06-03N/ABlock
Cloudflare Specials...408cff2b100531Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement)Emergency, 2022-06-03N/ABlock
Cloudflare Specials...0d20ddd9100054Improve Apache Struts detection. Merge 100054_BETA into 100054 and ...f0c856b4 into ...0d20ddd9. Apache Struts - Command Injection - CVE:CVE-2017-5638.2022-05-30N/ABlock
Cloudflare Specials...e1787c92N/AMicrosoft Exchange - Code Injection2022-05-16N/ABlock
Specials...d6e3073f100530Command Injection - RCE in BIG-IP - CVE:CVE-2022-1388Emergency, 2022-05-10N/ABlock
Cloudflare Specials...02a9ee96100528Code Injection - CVE:CVE-2022-290782022-05-09N/ABlock
Cloudflare Specials...422313d0100529VMware vCenter - CVE:CVE-2021-220542022-05-09N/ABlock
Cloudflare Specials...370dc796N/APostgreSQL - SQLi, Command Injection - CVE:CVE-2019-91932022-05-09N/ADisable
Cloudflare Specials...61337861100056_BETAApache Struts - Code Injection - CVE:CVE-2017-9791 - Beta2022-04-25DisableBlock
Cloudflare Specials...bb70a463100527Apache Struts - CVE:CVE-2021-318052022-04-25DisableBlock
Cloudflare Specials...a24f08b7100526VMware vCenter - CVE:CVE-2022-229542022-04-25DisableBlock
Cloudflare Specials...4343ef6bN/AAnomaly:Header:X-Forwarded-Host2022-04-20N/ADisable
Cloudflare Specials...ad8ba4bcN/AAnomaly:Header:Content-Length - Missing in POST2022-04-20N/ADisable
Cloudflare Specials...cc74ff69N/AAnomaly:Header:Accept - Missing or Empty2022-04-20N/ADisable
Cloudflare Specials...041699fbN/APractico CMS - SQLi2022-04-20N/ADisable
Cloudflare Specials...4751ef80N/AJoomla - Anomaly:Header:User-Agent2022-04-20N/ADisable
Cloudflare Specials...f2cc4e84100524Spring - Code Injection2022-04-11N/ABlock
Cloudflare Specials...4e742bb6N/ADrupal - Header Injection - CVE:CVE-2018-147742022-04-11N/ADisable
Cloudflare Specials...e46c6d76N/ADrupal - XSS - CVE:CVE-2018-98612022-04-11N/ADisable
Specials...f2cc4e84100524Spring - Code InjectionEmergency, 2022-04-04SimulateBlock
Specials...fbe6c869100522Spring - CVE:CVE-2022-22947Emergency, 2022-04-04SimulateBlock
Specials...f2cc4e84100524Spring - Code InjectionEmergency, 2022-03-31N/ASimulate
Specials...fbe6c869100522Spring - CVE:CVE-2022-22947Emergency, 2022-03-29N/ASimulate
Cloudflare Specials...e7c9a2c4100519BMagento - CVE:CVE-2022-240862022-03-14N/ABlock
Cloudflare Specials...a37c3733100520Apache - CVE:CVE-2022-241122022-03-14N/ABlock
Cloudflare Specials...664ed6fe100015Anomaly:Port - Non Standard Port (not 80 or 443)2022-03-14N/ADisable
Cloudflare Specials...5723bcc9100022Anomaly:Method - Not GET or POST2022-03-14N/ADisable
Cloudflare Specials...3fccf643100519Magento - CVE:CVE-2022-240862022-03-07N/ABlock
Cloudflare Specials...5ea3d579100518SAP - Code Injection - CVE:CVE-2022-225322022-02-28N/ABlock
Cloudflare Specials...69e0b97a100400Atlassian Confluence - Code Injection - CVE:CVE-2021-26084 - Improve Rule Coverage2022-02-21BlockBlock
Cloudflare SpecialsN/APHP100001PHP - Command Injection - CVE:CVE-2012-2336, CVE:CVE-2012-2311, CVE:CVE-2012-18232022-02-14ChallengeBlock
Cloudflare Specials...dc29b753100515BLog4j Body Obfuscation2022-02-14N/ABlock
Cloudflare Specials...69fe1e0d100700Apache SSRF vulnerability CVE-2021-404382022-01-24N/ABlock