The Cloudflare Blog

Subscribe to receive notifications of new posts:

Cloudflare is adding Drupal WAF Rule to Mitigate Critical Drupal Exploit

2018-03-29

Pasha Kravtsov

1 min read

Drupal has recently announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). In response we have just pushed out a rule to block requests matching these exploit conditions for our Web Application Firewall (WAF). You can find this rule in the Cloudflare ruleset in your dashboard under the Drupal category with the rule ID of D0003.

Drupal Advisory: https://www.drupal.org/sa-core-2018-002

WAF Rules Drupal Attacks Vulnerabilities WAF

Follow on X

Cloudflare|@cloudflare

June 09, 2026

Defend against frontier cyber models: Cloudflare's architecture as customer zero

In our post about Project Glasswing, we made the argument that the architecture around a vulnerability matters more than the speed of the patch. Here we walk through what that architecture looks like, the threats it defends against, and how we run it ourselves as Cloudflare's customer zero....

Security, AI, Threat Intelligence, Risk Management, Customer Zero, WAF, Zero Trust, Cloudforce One, Bot Management

June 08, 2026

Turning Cloudflare’s threat indicators into real-time WAF rules

Cloudflare customers can now use Cloudforce One threat intelligence directly within the WAF to block high-risk traffic. By using new cf.intel fields, security teams can automate protection against specific threat actors and targeted industries in real time....

Security, WAF, Threat Intelligence, Cloudforce One, Product News

May 07, 2026

How Cloudflare responded to the “Copy Fail” Linux vulnerability

When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation....

Linux, Security, Incident Response, Kernel, Vulnerabilities, Mitigation, eBPF

March 11, 2026

Slashing agent token costs by 98% with RFC 9457-compliant error responses

Cloudflare now returns RFC 9457-compliant structured Markdown and JSON error payloads to AI agents, replacing heavyweight HTML pages with machine-readable instructions. This reduces token usage by over 98%, turning brittle parsing into efficient control flow....

Sam Marsh

AI, Developer Platform, Developers, WAF, Edge Computing