This week we introduced several new detections across Cloudflare Managed Rulesets, expanding coverage for high-impact vulnerability classes such as SSRF, SQLi, SSTI, Reverse Shell attempts, and Prototype Pollution. These rules aim to improve protection against attacker-controlled payloads that exploit misconfigurations or unvalidated input in web applications.
Key Findings
New detections added for multiple exploit categories:
SSRF (Server-Side Request Forgery) — new rules targeting both local and cloud metadata abuse patterns (Beta).
SQL Injection (SQLi) — rules for common patterns, sleep/time-based injections, and string/wait function exploitation across headers and URIs.
SSTI (Server-Side Template Injection) — arithmetic-based probe detections introduced across URI, header, and body fields.
Reverse Shell and XXE payloads — enhanced heuristics for command execution and XML external entity misuse.
Prototype Pollution — new Beta rule identifying common JSON payload structures used in object prototype poisoning.
PHP Wrapper Injection and HTTP Parameter Pollution detections — to catch path traversal and multi-parameter manipulation attempts.
Anomaly Header Checks — detecting CRLF injection attempts in header names.
Impact
These updates help detect multi-vector payloads that blend SSRF + RCE or SQLi + SSTI attacks, especially in cloud-hosted applications with exposed metadata endpoints or unsafe template rendering.
Prototype Pollution and HTTP parameter pollution rules address emerging JavaScript supply-chain exploitation patterns increasingly seen in real-world incidents.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | N/A | Anomaly:Header - name - CR, LF | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - Reverse Shell - Body | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - Reverse Shell - Header | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - Reverse Shell - URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - XXE - Body | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - Common Patterns - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - Sleep Function - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - String Function - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - WaitFor Function - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Local - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Local - 2 - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Cloud - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Cloud - 2 - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSTI - Arithmetic Probe - URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSTI - Arithmetic Probe - Header | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSTI - Arithmetic Probe - Body | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | PHP Wrapper Injection | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | PHP Wrapper Injection | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | HTTP parameter pollution | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Prototype Pollution - Common Payloads - Beta | N/A | Disabled | This is a New Detection |
This week we introduced several new detections across Cloudflare Managed Rulesets, expanding coverage for high-impact vulnerability classes such as SSRF, SQLi, SSTI, Reverse Shell attempts, and Prototype Pollution. These rules aim to improve protection against attacker-controlled payloads that exploit misconfigurations or unvalidated input in web applications.
Key Findings
New detections added for multiple exploit categories:
SSRF (Server-Side Request Forgery) — new rules targeting both local and cloud metadata abuse patterns (Beta).
SQL Injection (SQLi) — rules for common patterns, sleep/time-based injections, and string/wait function exploitation across headers and URIs.
SSTI (Server-Side Template Injection) — arithmetic-based probe detections introduced across URI, header, and body fields.
Reverse Shell and XXE payloads — enhanced heuristics for command execution and XML external entity misuse.
Prototype Pollution — new Beta rule identifying common JSON payload structures used in object prototype poisoning.
PHP Wrapper Injection and HTTP Parameter Pollution detections — to catch path traversal and multi-parameter manipulation attempts.
Anomaly Header Checks — detecting CRLF injection attempts in header names.
Impact
These updates help detect multi-vector payloads that blend SSRF + RCE or SQLi + SSTI attacks, especially in cloud-hosted applications with exposed metadata endpoints or unsafe template rendering.
Prototype Pollution and HTTP parameter pollution rules address emerging JavaScript supply-chain exploitation patterns increasingly seen in real-world incidents.
| Ruleset | Rule ID | Legacy Rule ID | Description | Previous Action | New Action | Comments |
|---|---|---|---|---|---|---|
| Cloudflare Managed Ruleset | N/A | Anomaly:Header - name - CR, LF | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - Reverse Shell - Body | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - Reverse Shell - Header | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - Reverse Shell - URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - XXE - Body | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - Common Patterns - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - Sleep Function - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - String Function - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Generic Rules - SQLi - WaitFor Function - Header URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Local - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Local - 2 - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Cloud - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSRF - Cloud - 2 - Beta | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSTI - Arithmetic Probe - URI | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSTI - Arithmetic Probe - Header | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | SSTI - Arithmetic Probe - Body | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | PHP Wrapper Injection | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | PHP Wrapper Injection | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | HTTP parameter pollution | N/A | Disabled | This is a New Detection | |
| Cloudflare Managed Ruleset | N/A | Prototype Pollution - Common Payloads - Beta | N/A | Disabled | This is a New Detection |