top | item 43548817

(no title)

tom_usher | 11 months ago

Seems to be a change in Cloudflare's managed WAF ruleset - any site using that will have URLs containing 'camel' blocked due to the 'Apache Camel - Remote Code Execution - CVE:CVE-2025-29891' (a9ec9cf625ff42769298671d1bbcd247) rule.

That rule can be overridden if you're having this issue on your own site.

discuss

internetter|11 months ago

> any site using that will have URLs containing 'camel' blocked

What engineer at cloudflare thought this was a good resolution?

Raed667|11 months ago

I doubt the system is that simple. No one wrote a rule saying `if url.contains("camel") then block()` it's probably an unintended side-effect

TacticalCoder|11 months ago

[deleted]

cbovis|11 months ago

Confirmed here: https://www.cloudflarestatus.com/incidents/gshczn1wxh74

oncallthrow|11 months ago

WAFs are so shit

ronsor|11 months ago

WAFs are literally "a pile of regexes can secure my insecure software"

UltraSane|11 months ago

But are they less shit than the shitty software they filter traffic for?