Cloudflare’s enterprise-class web application firewall (WAF) protects your web application from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure. Cloudflare sees roughly 2.9 million requests every second and our WAF is continually identifying and blocking new potential threats.
Cloudflare security engineers constantly monitor the Internet for new vulnerabilities. When a threat is found that could potentially affect a large number of users, Cloudflare automatically applies WAF rules to protect their web application.
Cloudflare’s WAF helps you stay ahead of threats by automatically updating when new security vulnerabilities are released. Rules created by Cloudflare in response to new threats are responsible for mitigating the vast majority of threats on our network. While traditional OWASP rules and customer specific rules are important, they are not enough without Cloudflare's automatic WAF updates.
Cloudflare offers a single source of control for the security of websites, applications, and APIs, hosted across multiple cloud environments. Multi-cloud security provides visibility into security events, while allowing for consistent security controls, across all clouds in which Internet assets are deployed. Any attack traffic seen by Cloudflare is recorded and analyzed. Cloudflare’s network then shields Internet assets across all cloud providers.