New Magento WAF Rule – RCE Vulnerability Protection
Cloudflare Team·2015-04-25·via The Cloudflare Blog
2015-04-25
1 min read
Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately.
Both Magento version 1.9.1.0 CE and 1.14.1.0 EE are compromised by this vulnerability. CloudFlare WAF protection can help mitigate vulnerabilities like this, but it is vital that Magento users patch Magento immediately. Select and download the patch for SUPEE-5344.
When a critical Linux kernel privilege escalation was publicly disclosed, Cloudflare's security and engineering teams detected, investigated, and mitigated the threat across our global fleet, confirming zero customer impact and no malicious exploitation....
On May 5, 2026, DENIC published broken DNSSEC signatures for the .de TLD, making millions of domains unreachable. Here's what 1.1.1.1 saw, how serve stale cushioned the impact, and how we restored resolution....
Panics in Rust Workers were historically fatal, poisoning the entire instance. By collaborating upstream on the wasm‑bindgen project, Rust Workers now support resilient critical error recovery, including panic unwinding using WebAssembly Exception Handling....
Cloudflare now returns RFC 9457-compliant structured Markdown and JSON error payloads to AI agents, replacing heavyweight HTML pages with machine-readable instructions. This reduces token usage by over 98%, turning brittle parsing into efficient control flow....
