Historical (2022)
Ruleset | Rule ID | Legacy Rule ID | Description | Change Date | Old Action | New Action |
---|---|---|---|---|---|---|
Cloudflare Specials | …2aede3db | 100554 | Openam - Remote Code Execution - CVE:CVE-2021-35464 | 2022-12-12 | N/A | Disabled |
Cloudflare Specials | …2ab75038 | 100556 | Apache JXPath Library - Code Injection - CVE:CVE-2022-41852 | 2022-12-12 | N/A | Disabled |
Cloudflare Specials | …b8ef67d7 | N/A | SQLi - Equation | 2022-11-29 | N/A | Block |
Cloudflare Specials | …128f1556 | N/A | SQLi - Generic | 2022-11-14 | N/A | Block |
Cloudflare Specials | …b9cfd82d | 100552 | JXPath RCE - CVE:CVE-2022-41852 | 2022-10-31 | N/A | Block |
Cloudflare Specials | …66edb651 | 100555 | Apache Commons Text - Code Injection - CVE:CVE-2022-42889 | Emergency, 2022-10-18 | N/A | Block |
Cloudflare Specials | …1bc977d1 | 100005 | DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892 , CVE:CVE-2022-31474 This detection was announced as …845e3ec7 on new WAF. | 2022-10-17 | N/A | Block |
Sensitive Data Disclosure (SDD) | …eebf3863 | N/A | California Driver’s License This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …5b82d61c | N/A | Florida Driver’s License This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …d47285a0 | N/A | Illinois Driver’s License This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …9f7200b4 | N/A | New York Driver’s License This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …440ec8b9 | N/A | UK Driver’s License This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …c78cf1e1 | N/A | UK National Insurance Number This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …0f8f2657 | N/A | UK Passport This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …5fe4101e | N/A | US Passport This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Sensitive Data Disclosure (SDD) | …0a290153 | N/A | Wisconsin Driver’s License This detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable |
Cloudflare Specials | …e0de97a2 | 100553 | FortiOS - Authentication Bypass - CVE:CVE-2022-40684 | Emergency, 2022-10-14 | N/A | Block |
Cloudflare Specials | …ee9bb2f5 | 100549 | Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804 | 2022-10-10 | N/A | Block |
Cloudflare Specials | …1d870399 | 100546 | XSS - HTML Encoding | 2022-10-03 | N/A | Block |
Cloudflare Specials | …e09c1a1e | 100551 | Microsoft Exchange SSRF and RCE vulnerability - CVE:CVE-2022-41040 , CVE:CVE-2022-41082 | Emergency, 2022-10-03 | N/A | Block |
Cloudflare Specials | …ee9bb2f5 | 100549 | Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804 | Emergency, 2022-09-20 | N/A | Block |
Cloudflare Specials | …cfd0fac1 | 100135A | XSS - JavaScript Events This detection was announced in BETA with ID …92c2ad9f on new WAF and ID 100135A_BETA on legacy WAF. | 2022-09-12 | Block | Block |
Cloudflare Specials | …e09c1a1e | 100542 | Broken Authentication - VMware - CVE:CVE-2022-31656 , CVE:CVE-2022-22972 This detection was announced in BETA with ID …df7d4d7b on new WAF and ID 100542_BETA on legacy WAF. | 2022-09-12 | Block | Block |
Cloudflare Specials | …36fe4cbb | 100547 | Sophos Firewall Auth Bypass Vulnerability - CVE:CVE-2022-1040 | 2022-09-12 | N/A | Block |
Cloudflare Specials | …4529da66 | 100504 | Atlassian - CVE:CVE-2021-26086 | 2022-09-12 | N/A | Block |
Cloudflare Specials | …b090ba9a | 100303 | Command Injection - Nslookup This detection was announced in BETA with ID …d5488862 on new WAF and ID 100303_BETA on legacy WAF. | 2022-09-05 | Block | Block |
Cloudflare Specials | …3a9dc737 | 100532B | Vulnerability scanner activity 2 | 2022-08-30 | N/A | Disable |
Cloudflare Specials | …9b16ea5e | N/A | CVE-2020-13443 | 2022-08-30 | N/A | Block |
Cloudflare Specials | …fd9eb416 | 100541 | Code Injection - WordPress Weblizar Backdoor - CVE:CVE-2022-1609 | 2022-08-22 | N/A | Block |
Cloudflare Specials | …e09c1a1e | 100542 | Broken Authentication - VMware - CVE:CVE-2022-31656 | 2022-08-22 | N/A | Block |
Cloudflare Specials | …9ff2129f | 100544 | Zimbra - Command Injection - CVE:CVE-2022-27925 , CVE:CVE-2022-30333 | 2022-08-22 | N/A | Block |
Cloudflare Specials | …94700cae | N/A | Drupal, Magento, PHP - Deserialization - CVE:CVE-2019-6340 , CVE:CVE-2016-4010 - 2 | 2022-08-22 | N/A | Block |
Cloudflare Specials | …1bc977d1 | 100005 | DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892 | 2022-08-22 | N/A | Block |
Cloudflare Specials | …8e2e15a5 | N/A | SQLi - Strict | 2022-08-15 | N/A | Disable |
Cloudflare Specials | …25ba9d7c | N/A | SSRF - Cloud | 2022-08-15 | N/A | Disable |
Cloudflare Specials | …8242627b | N/A | SSRF - Local | 2022-08-15 | N/A | Disable |
Cloudflare Specials | …74a51804 | N/A | SSRF - Host | 2022-08-15 | N/A | Disable |
Cloudflare Specials | …d77be6e7 | 100540 | XSS, Code Injection - Elementor - CVE:CVE-2022-29455 | 2022-08-01 | N/A | Block |
Cloudflare Specials | …b21a6d17 | 100539 | Alibaba Fastjson Remote Code Execution - CVE:CVE-2022-25845 | 2022-08-01 | N/A | Block |
Cloudflare Specials | …49e6b538 | 100534 | Webshell Activity | 2022-08-01 | N/A | Block |
Cloudflare Specials | …8d667511 | N/A | NoSQL, MongoDB - SQLi - Comparison | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …6418cd0a | N/A | NoSQL, MongoDB - SQLi - Expression | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …0d64e8c3 | N/A | PostgreSQL - SQLi - COPY | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …fe93af88 | N/A | SQLi - AND/OR Digit Operator Digit | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …5dfbd021 | N/A | SQLi - AND/OR Digit Operator Digit - 2 | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …95cb1c78 | N/A | SQLi - AND/OR MAKE_SET/ELT | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …33a94329 | N/A | SQLi - Benchmark Function | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …a0ac8609 | N/A | SQLi - Equation | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …e3f62041 | N/A | SQLi - ORD and ASCII | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …5dcf99b7 | N/A | SQLi - | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …2514d20d | N/A | SQLi - Sleep Function | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …cf1914a0 | N/A | SQLi - String Concatenation | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …484037ce | N/A | SQLi - String Function | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …42123a6c | N/A | SQLi - Sub Query | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …d7aa0008 | N/A | SQLi - | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …3306fcc2 | N/A | SQLi - WaitFor Function | 2022-08-01 | N/A | Disable |
Cloudflare Specials | …1651d0c8 | 100536 | GraphQL Injection | 2022-07-25 | N/A | Block |
Cloudflare Specials | …6a648210 | 100537 | Oracle ADF Remote Code Execution - CVE:CVE-2022-21445 | 2022-07-25 | N/A | Block |
Cloudflare Specials | …2753531e | 100533 | NoSQL - Injection | 2022-07-18 | N/A | Block |
Cloudflare Specials | …49e6b538 | 100534 | Web Shell Activity | 2022-07-18 | N/A | Block |
Cloudflare Specials | …851d2f71 | 100007C | Command Injection - Common Attack Commands | 2022-07-18 | N/A | Block |
Cloudflare Specials | …aa290ad9 | 100135D | XSS - JS On Events | 2022-07-18 | N/A | Block |
Cloudflare Specials | N/A | 100045B | Anomaly:Header , Directory Traversal - Multiple Slashes, Relative Paths, CR, LF or NULL | 2022-07-06 | Log | Block |
Cloudflare Specials | …34780914 | 100532 | Vulnerability scanner activity | 2022-07-05 | N/A | Block |
Cloudflare Specials | …d503ded0 | N/A | XSS, HTML Injection | 2022-06-20 | N/A | Disable |
Cloudflare Specials | …fd09a0e6 | N/A | XSS - JavaScript Events | 2022-06-20 | N/A | Disable |
Cloudflare Specials | …f4b0220e | 100703 | Validate Headers | Emergency, 2022-06-10 | N/A | Block |
Cloudflare Specials | …408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-07 | N/A | Block |
Cloudflare Specials | …0c99546a | 100702 | Command Injection - CVE:CVE-2022-24108 | 2022-06-06 | N/A | Block |
Cloudflare Specials | …e184d050 | 100701 | Command Injection - CVE:CVE-2022-30525 | 2022-06-06 | N/A | Block |
Cloudflare Specials | …56c390a1 | N/A | DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892 2 | 2022-06-06 | N/A | Block |
Cloudflare Specials | …3456f611 | N/A | XXE - System Function | 2022-06-06 | N/A | Block |
Cloudflare Specials | …ae5baf61 | 100005 | DotNetNuke - File Inclusion - CVE:CVE-2018-9126 , CVE:CVE-2011-1892 | 2022-06-06 | N/A | Block |
Cloudflare Specials | …bb44c04a | 100531B | Atlassian Confluence - Code Injection - Extended - CVE:CVE-2022-26134 | Emergency, 2022-06-04 | N/A | Disabled |
Cloudflare Specials | …408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-04 | N/A | Block |
Cloudflare Specials | …408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 | Emergency, 2022-06-03 | N/A | Block |
Cloudflare Specials | …408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-03 | N/A | Block |
Cloudflare Specials | …408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-03 | N/A | Block |
Cloudflare Specials | …0d20ddd9 | 100054 | Improve Apache Struts detection. Merge 100054_BETA into 100054 and …f0c856b4 into …0d20ddd9. Apache Struts - Command Injection - CVE:CVE-2017-5638 . | 2022-05-30 | N/A | Block |
Cloudflare Specials | …e1787c92 | N/A | Microsoft Exchange - Code Injection | 2022-05-16 | N/A | Block |
Specials | …d6e3073f | 100530 | Command Injection - RCE in BIG-IP - CVE:CVE-2022-1388 | Emergency, 2022-05-10 | N/A | Block |
Cloudflare Specials | …02a9ee96 | 100528 | Code Injection - CVE:CVE-2022-29078 | 2022-05-09 | N/A | Block |
Cloudflare Specials | …422313d0 | 100529 | VMware vCenter - CVE:CVE-2021-22054 | 2022-05-09 | N/A | Block |
Cloudflare Specials | …370dc796 | N/A | PostgreSQL - SQLi, Command Injection - CVE:CVE-2019-9193 | 2022-05-09 | N/A | Disable |
Cloudflare Specials | …61337861 | 100056_BETA | Apache Struts - Code Injection - CVE:CVE-2017-9791 - Beta | 2022-04-25 | Disable | Block |
Cloudflare Specials | …bb70a463 | 100527 | Apache Struts - CVE:CVE-2021-31805 | 2022-04-25 | Disable | Block |
Cloudflare Specials | …a24f08b7 | 100526 | VMware vCenter - CVE:CVE-2022-22954 | 2022-04-25 | Disable | Block |
Cloudflare Specials | …4343ef6b | N/A | Anomaly:Header:X-Forwarded-Host | 2022-04-20 | N/A | Disable |
Cloudflare Specials | …ad8ba4bc | N/A | Anomaly:Header:Content-Length - Missing in POST | 2022-04-20 | N/A | Disable |
Cloudflare Specials | …cc74ff69 | N/A | Anomaly:Header:Accept - Missing or Empty | 2022-04-20 | N/A | Disable |
Cloudflare Specials | …041699fb | N/A | Practico CMS - SQLi | 2022-04-20 | N/A | Disable |
Cloudflare Specials | …4751ef80 | N/A | Joomla - Anomaly:Header:User-Agent | 2022-04-20 | N/A | Disable |
Cloudflare Specials | …f2cc4e84 | 100524 | Spring - Code Injection | 2022-04-11 | N/A | Block |
Cloudflare Specials | …4e742bb6 | N/A | Drupal - Header Injection - CVE:CVE-2018-14774 | 2022-04-11 | N/A | Disable |
Cloudflare Specials | …e46c6d76 | N/A | Drupal - XSS - CVE:CVE-2018-9861 | 2022-04-11 | N/A | Disable |
Specials | …f2cc4e84 | 100524 | Spring - Code Injection | Emergency, 2022-04-04 | Simulate | Block |
Specials | …fbe6c869 | 100522 | Spring - CVE:CVE-2022-22947 | Emergency, 2022-04-04 | Simulate | Block |
Specials | …f2cc4e84 | 100524 | Spring - Code Injection | Emergency, 2022-03-31 | N/A | Simulate |
Specials | …fbe6c869 | 100522 | Spring - CVE:CVE-2022-22947 | Emergency, 2022-03-29 | N/A | Simulate |
Cloudflare Specials | …e7c9a2c4 | 100519B | Magento - CVE:CVE-2022-24086 | 2022-03-14 | N/A | Block |
Cloudflare Specials | …a37c3733 | 100520 | Apache - CVE:CVE-2022-24112 | 2022-03-14 | N/A | Block |
Cloudflare Specials | …664ed6fe | 100015 | Anomaly:Port - Non Standard Port (not 80 or 443) | 2022-03-14 | N/A | Disable |
Cloudflare Specials | …5723bcc9 | 100022 | Anomaly:Method
- Not
| 2022-03-14 | N/A | Disable |
Cloudflare Specials | …3fccf643 | 100519 | Magento - CVE:CVE-2022-24086 | 2022-03-07 | N/A | Block |
Cloudflare Specials | …5ea3d579 | 100518 | SAP - Code Injection - CVE:CVE-2022-22532 | 2022-02-28 | N/A | Block |
Cloudflare Specials | …69e0b97a | 100400 | Atlassian Confluence - Code Injection - CVE:CVE-2021-26084 - Improve Rule Coverage | 2022-02-21 | Block | Block |
Cloudflare Specials | N/A | PHP100001 | PHP - Command Injection - CVE:CVE-2012-2336 , CVE:CVE-2012-2311 , CVE:CVE-2012-1823 | 2022-02-14 | Challenge | Block |
Cloudflare Specials | …dc29b753 | 100515B | Log4j Body Obfuscation | 2022-02-14 | N/A | Block |
Cloudflare Specials | …69fe1e0d | 100700 | Apache SSRF vulnerability CVE-2021-40438 | 2022-01-24 | N/A | Block |