WAF - WAF Release - 2026-04-27
2mo ago
Source
CloudflareWAF - WAF Release - 2026-04-27cloudflare.comThis week's release focuses on new improvements to enhance coverage. Key Findings Existing rule enhancements have been deployed to improve detection resilience against broad classes of web attacks and strengthen behavioral coverage. Continuous Rule Improvements We are continuously refining our managed rules to provide more resilient protection and deeper insights into attack patterns. To ensure an optimal security posture, we recommend consistently monitoring the Security Events dashboard and adjusting rule actions as these enhancements are deployed. Ruleset Rule ID Legacy Rule ID Description Previous Action New Action Comments Cloudflare Managed Ruleset d866f980582748568385b94480cec1dd N/A PostgreSQL - SQLi - COPY - Beta Log Block This is a new detection. This rule is merged into the original rule "PostgreSQL - SQLi - COPY - Body (ID: 705a6b5569d5472596910e3ce7265a4e ). The rule previously known as "PostgreSQL - SQLi - COPY" is now renamed to "PostgreSQL - SQLi - COPY - Body". Cloudflare Managed Ruleset 71d133c374d94559aa9fdf042903de89 N/A PostgreSQL - SQLi - COPY - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 9f1b1b7fd28a401b9d5c172d1036cfa6 N/A PostgreSQL - SQLi - COPY - URI Log Block This is a new detection. Cloudflare Managed Ruleset 8e40416659334b8ba789365755ff389e N/A SQLi - AND/OR MAKE_SET/ELT - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - AND/OR MAKE_SET/ELT - Body" (ID: 0f41a593c8fe42c38a26f709252d3934 ). The rule previously known as "SQLi - AND/OR MAKE_SET/ELT" is now renamed to "SQLi - AND/OR MAKE_SET/ELT - Body". Cloudflare Managed Ruleset 1e0d4372ee1e41b9804b2d5c346487f9 N/A SQLi - AND/OR MAKE_SET/ELT - Headers Log Block This is a new detection. Cloudflare Managed Ruleset d2c961a164a64cf6b871c9511ac6ceca N/A SQLi - AND/OR MAKE_SET/ELT - URI Log Block This is a new detection. Cloudflare Managed Ruleset 4dacc0e6f32d4c5da3c2293edd471337 N/A SQLi - Common Patterns - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - Common Patterns - Body" (ID: 98f746d07a6d48ab9dae669acb5d0b9b ). The rule previously known as "SQLi - Common Patterns" is now renamed to "SQLi - Common Patterns - Body". Cloudflare Managed Ruleset 53a374379f2e41e9934791c1975c07b7 N/A SQLi - Common Patterns - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 9efedebfc371443f9fe7308605b1b06b N/A SQLi - Common Patterns - URI Log Block This is a new detection. Cloudflare Managed Ruleset d53a791496d64700870334f4dd0ba3c7 N/A SQLi - Equation - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - Equation - Body" (ID: e7691e1e4f4d4769909f3df6c2eb3e7f ). The rule previously known as "SQLi - Equation" is now renamed to "SQLi - Equation - Body". Cloudflare Managed Ruleset 46efbd3496e64c3f902ad33d3d1c2384 N/A SQLi - Equation - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 46b937649a424b7ead90f6d0e1149ea6 N/A SQLi - Equation - URI Log Block This is a new detection. Cloudflare Managed Ruleset 04d9182545f54ba8a4fa29fe205adbb0 N/A SQLi - AND/OR Digit Operator Digit - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - AND/OR Digit Operator Digit - Body" (ID: 762dd334ed0b4273816e3ff13893c564 ). The rule previously known as "SQLi - AND/OR Digit Operator Digit" is now renamed to "SQLi - AND/OR Digit Operator Digit - Body". Cloudflare Managed Ruleset a24e7c15503948bc8766481aad2abbaa N/A SQLi - AND/OR Digit Operator Digit - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 0c55eb362df64f92a85aa46753acbc0d N/A SQLi - AND/OR Digit Operator Digit - URI Log Block This is a new detection. Cloudflare Managed Ruleset 18c9879b7e184c559d23c1652b45a97d N/A SQLi - Benchmark Function - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - Benchmark Function - Body" (ID: ac4e9ebfb43a4f3998f6072d2ebc44ad ). The rule previously known as "SQLi - Benchmark Function" is now renamed to "SQLi - Benchmark Function - Body". Cloudflare Managed Ruleset 2adbc36c52324efcb4681b829889aadc N/A SQLi - Benchmark Function - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 69564af3bc54406080deed72491b28e9 N/A SQLi - Benchmark Function - URI Log Block This is a new detection. Cloudflare Managed Ruleset 94b1646f0b0b46ec9b96f7742aa649de N/A SQLi - Comparison - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - Comparison - Body" (ID: 8166da327a614849bfa29317e7907480 ). The rule previously known as "SQLi - Comparison" is now renamed to "SQLi - Comparison - Body". Cloudflare Managed Ruleset 455ce87681bd4200bf53456c39e3e013 N/A SQLi - Comparison - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 8152816062ed47f69be0f907f4bdb492 N/A SQLi - Comparison - URI Log Block This is a new detection. Cloudflare Managed Ruleset d5afd403a0544248b829fe5da1ff3b34 N/A SQLi - String Concatenation - Body - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - String Concatenation - Headers" (ID: 3b0c61407d0b4f7d87e516472116d2fe ).The rule previously known as "SQLi - String Concatenation - Headers" is now renamed to "SQLi - String Concatenation - Body". Cloudflare Managed Ruleset cb0ec290ee454138abe18b750d0e6c3b N/A SQLi - String Concatenation - Headers Log Block This is a new detection.(Former Id was 380099df2bb2469c91ebbb7b846d1940 ) Cloudflare Managed Ruleset c46d9097c9ef419aa4d9f10626cc211f N/A SQLi - String Concatenation - URI Log Block This is a new detection. (Former Id was bd19397228404b85aa3797238fae8c84 ) Cloudflare Managed Ruleset 6542d36980cf4018b4d5e2bfeacc78ab N/A SQLi - SELECT Expression - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - SELECT Expression - Body" (ID: 00da180570d34b5bae2121acd0023a36 ). The rule previously known as "SQLi - SELECT Expression" is now renamed to "SQLi - SELECT Expression - Body". Cloudflare Managed Ruleset 4073f7b575ff45dfb7621b43630bb223 N/A SQLi - SELECT Expression - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 2721e3184d50466ea637e9afdcd6efb5 N/A SQLi - SELECT Expression - URI Log Block This is a new detection. Cloudflare Managed Ruleset 7ecca84c08aa4aad9b5a7bda18c47cea N/A SQLi - ORD and ASCII - Beta Log Block This is a new detection. This rule is merged into the original rule "SQLi - ORD and ASCII- Body" (ID: 2fc38b34a9d744d2a3cbcc41d0d207f9 ). The rule previously known as "SQLi - ORD and ASCII" is now renamed to "SQLi - ORD and ASCII- Body". Cloudflare Managed Ruleset f6d10e10c9514eb49dcc2122bdb1618f N/A SQLi - ORD and ASCII - URI Log Block This is a new detection. Cloudflare Managed Ruleset 60704f5c5513425c94cf77031d0906b6 N/A SQLi - ORD and ASCII - Headers Log Block This is a new detection. Cloudflare Managed Ruleset 700613b191d3479ea2782b4e9fe4eff5 N/A SQLi - Destructive Operations Log Block This is a new detection.
You might also wanna read
Cloudflare expands AI bot management tools with granular traffic controls for all customers
Cloudflare is celebrating the second "Content Independence Day" by expanding AI traffic management options for all website owners. Building
Workers - Simpler runtime types with @cloudflare/workers-types v5
Cloudflare·1d ago
AI Search - Manage AI Search sync jobs with Wrangler CLI
Cloudflare·2d ago
Workers - Work across multiple accounts with Wrangler auth profiles
Cloudflare·2d ago
Cache - Cache multiple versions of a URL with Vary
Cloudflare·2d ago
Cloudflare One - Hostname routing for Cloudflare Mesh
Cloudflare·2d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.