Waf client - how do we know if we are a waf client?

user14039 · December 11, 2021, 1:09am

*Stupid question from a total baby beginner - I received a message from Cloudflare about
As you may know, a zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).

For all organizations using Log4j, you should update to version 2.15.0 as soon as possible. The latest version can be found at the Log4j download page.

As a Cloudflare WAF customer, if the WAF is deployed on your traffic, you are automatically receiving mitigation against exploit attempts.

Three newly deployed rules are already in place and were switched to a default action of BLOCK as of 14:15 UTC today.

sdayman · December 11, 2021, 1:34am

Paid Plans have regular WAF.

For that exploit, all plans are getting that protection automatically.

user14039 · December 11, 2021, 1:45am

Thank you for your answer.

system · December 14, 2021, 1:46am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
CVE-2021-44228 - Log4j RCE 0-day mitigation Security Blog , Log4J	11	4690	December 29, 2021
Exploitation of Log4j CVE-2021-44228 before public disclosure & evolution Security Blog	2	1959	December 30, 2021
Log4j v 2.17.0 update for free plans Security	2	1926	December 22, 2021
Inside the Log4j2 vulnerability (CVE-2021-44228) Security Blog , Log4J	1	2068	January 1, 2022
Question About New WordPress Vulnerabilities (CVEs) Security	2	1110	February 6, 2023

Waf client - how do we know if we are a waf client?

Related topics