Mitigate Log4j exploits in Cloudflare Logs

dplus3 · December 14, 2021, 5:10pm

I just got an email about making some modifications to logs sent via logpush via cloudflare.

I’ve never heard of cloudflare logpush (pro plan), and after a quick search, it appears as though it has something to do enterprise plans. To that end, was I perhaps sent this email by mistake? Am I using logpush and don’t even realize it?

That brings up another question - I’m still under the impression that I don’t use log4j for anything on my public servers. However, if an attacker can send the attack via a user agent string, would standard log files created via nginx be impacted? Is there a way to strip those headers out (or are they already being stripped out via the cloudflare WAF modifications?

Thanks!

jnperamo · December 14, 2021, 5:26pm

No, unless a log4j service consumes those logs written by NGINX.

WAF tries its best to mitigate those requests, however, an attacker could obfuscate the payload and fool the existing rules.

This message is mostly targeted at customers that use external tools such as grafana to visualize CF logs.

system · December 17, 2021, 5:26pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability Security Blog	1	1757	December 29, 2021
Allow Free Users to use the "Log" Action under WAF Feature Request Submitting & Feedback	5	2029	August 30, 2022
Log4j v 2.17.0 update for free plans Security	2	1926	December 22, 2021
CVE-2021-44228 - Log4j RCE 0-day mitigation Security Blog , Log4J	11	4694	December 29, 2021
Waf client - how do we know if we are a waf client? Security	3	2573	December 14, 2021

Mitigate Log4j exploits in Cloudflare Logs

Related topics