top | item 43552686

(no title)

lynnesbian | 11 months ago

> a product that mostly doesn't do anything except for occasionally break the internet

I wouldn't say that. The postmortem you referred to links to another CloudFlare blog post - one about a pretty serious RCE vuln in Microsoft SharePoint that was blocked by their WAF: https://blog.cloudflare.com/stopping-cve-2019-0604/

discuss

pvg|11 months ago

I mean, it's hardly surprising CloudFlare will tell you this is a useful product. But it is to securing a web application what regex is to parsing HTML.

jiggawatts|11 months ago

Sadly I work with web developers that all assume they don’t need to bother too much with security “because we have a WAF”.