Cloudflare is now offering Cloudflare WAF Managed Ruleset to all Cloudflare plans for free to protect organizations of all sizes against major threats. The company is providing a Cloudflare Free Managed Ruleset to all plans on top of its new WAF engine. It will help small application owners and teams protect their applications against being compromised.
Free Cloudflare Managed Ruleset
Cloudflare stated that users on a free plan are already receiving protection. Within the next months, all free zone plan users will also receive access to the Cloudflare WAF user interface in the dashboard, allowing them to deploy and configure the new ruleset. The ruleset will include mitigation rules for notorious vulnerabilities. However, a broader set of WAF rulesets and advanced WAF features will only be available in PRO or higher plans.
This ruleset is automatically deployed on any new Cloudflare zone and is specially designed to reduce false positives to a minimum across a very broad range of traffic types. Ruleset can be disabled anytime by the customers. Traffic filters or individual rules can also be configured. Currently, the ruleset contains the following rules:
- Log4J rules matching payloads in the URI and HTTP headers;
- Shellshock rules;
- Rules matching very common WordPress exploits;
Cloudflare also stated that the Cloudflare Free Managed Ruleset will be updated by the company whenever a relevant wide-ranging vulnerability is discovered.