Cloudflare announced that they are offering a Web Application Firewall (WAF) free of charge to subscribers on the free plan. The WAF will provide access to the WAF user interface which comes with a ruleset that can be used to block known threats automatically.
The free managed ruleset has been tested against the Cloudflare network and allows free users to activate their firewall and begin enjoying the benefits of a firewall right away.
Because the ruleset is a managed ruleset, free users will benefit from updates that will protect their sites from new wide ranging security threats.
The free tier of the firewall is especially tuned for protecting WordPress websites as it protects against common WordPress exploits.
Cloudflare WAF
The Cloudflare WAF is an application firewall that monitors incoming web traffic from the Internet to the website and automatically blocks any traffic that it identifies as malicious.
The firewall uses a ruleset which is a set of patterns and signals that it looks for in order to identify malicious traffic and filter it out.
Cloudflare Free Managed Ruleset
The Free Cloudflare WAF comes with a managed ruleset that is designed to block a multitude of common vulnerability attacks.
A managed ruleset consists of pre-configured rules that allows a user to deploy the firewall and have it ready to inspect and block malicious web traffic.
The benefit of a managed ruleset is that the firewall is ready to deploy and with minimal configuration on the part of the user.
Cloudflare describes this free managed ruleset:
“Designed to provide mitigation against high and wide impacting vulnerabilities. The rules are safe to deploy on most applications. If you deployed the Cloudflare Managed Ruleset for your site, you do not need to deploy this Managed Ruleset.”
The free managed ruleset will be updated whenever a wide ranging threat appears that can affect many websites. This is a huge deal that can go a long way toward mitigating the effects of brand new hacking attacks.
The free version of the ruleset protects against the Shellshock server security bug, blocks Log4J vulnerabilities, and protects WordPress websites from vulnerabilities that are common to WordPress.
Access to Cloudflare Firewall User Interface
Cloudflare is providing the free tier of users access to the Firewall User Interface (UI), a dashboard where publishers can manage their firewall.
The dashboard allows users to alter their firewall and also to monitor actions taken by the firewall via the Security Overview tab.
Free users can do the following in the dashboard:
“Overriding all rules to LOG or other action.
Overriding specific rules only to LOG or other action.
Completely disabling the ruleset or any specific rule”
Citations
Read the Official Cloudflare Announcement
WAF for everyone: protecting the web from high severity vulnerabilities