Mitigate Log4j exploits in Cloudflare Logs

I just got an email about making some modifications to logs sent via logpush via cloudflare.

I’ve never heard of cloudflare logpush (pro plan), and after a quick search, it appears as though it has something to do enterprise plans. To that end, was I perhaps sent this email by mistake? Am I using logpush and don’t even realize it?

That brings up another question - I’m still under the impression that I don’t use log4j for anything on my public servers. However, if an attacker can send the attack via a user agent string, would standard log files created via nginx be impacted? Is there a way to strip those headers out (or are they already being stripped out via the cloudflare WAF modifications?


No, unless a log4j service consumes those logs written by NGINX.

WAF tries its best to mitigate those requests, however, an attacker could obfuscate the payload and fool the existing rules.

This message is mostly targeted at customers that use external tools such as grafana to visualize CF logs.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.