Waf client - how do we know if we are a waf client?

*Stupid question from a total baby beginner - I received a message from Cloudflare about
As you may know, a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).

For all organizations using Log4j, you should update to version 2.15.0 as soon as possible. The latest version can be found at the Log4j download page.

As a Cloudflare WAF customer, if the WAF is deployed on your traffic, you are automatically receiving mitigation against exploit attempts.

Three newly deployed rules are already in place and were switched to a default action of BLOCK as of 14:15 UTC today.

Paid Plans have regular WAF.

For that exploit, all plans are getting that protection automatically.

3 Likes

Thank you for your answer.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.