--- title: Historical (2022) description: Changes to WAF managed rulesets done in 2022. image: https://developers.cloudflare.com/core-services-preview.png --- > Documentation Index > Fetch the complete documentation index at: https://developers.cloudflare.com/waf/llms.txt > Use this file to discover all available pages before exploring further. [Skip to content](#%5Ftop) # Historical (2022) | Ruleset | Rule ID | Legacy Rule ID | Description | Change Date | Old Action | New Action | | ------------------------------- | ----------- | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------- | ---------- | ---------- | | Cloudflare Specials | ...2aede3db | 100554 | Openam - Remote Code Execution - CVE:CVE-2021-35464 | 2022-12-12 | N/A | Disabled | | Cloudflare Specials | ...2ab75038 | 100556 | Apache JXPath Library - Code Injection - CVE:CVE-2022-41852 | 2022-12-12 | N/A | Disabled | | Cloudflare Specials | ...b8ef67d7 | N/A | SQLi - Equation | 2022-11-29 | N/A | Block | | Cloudflare Specials | ...128f1556 | N/A | SQLi - Generic | 2022-11-14 | N/A | Block | | Cloudflare Specials | ...b9cfd82d | 100552 | JXPath RCE - CVE:CVE-2022-41852 | 2022-10-31 | N/A | Block | | Cloudflare Specials | ...66edb651 | 100555 | Apache Commons Text - Code Injection - CVE:CVE-2022-42889 | Emergency, 2022-10-18 | N/A | Block | | Cloudflare Specials | ...1bc977d1 | 100005 | DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892, CVE:CVE-2022-31474This detection was announced as ...845e3ec7 on new WAF. | 2022-10-17 | N/A | Block | | Sensitive Data Disclosure (SDD) | ...eebf3863 | N/A | California Driver's LicenseThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...5b82d61c | N/A | Florida Driver's LicenseThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...d47285a0 | N/A | Illinois Driver's LicenseThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...9f7200b4 | N/A | New York Driver's LicenseThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...440ec8b9 | N/A | UK Driver's LicenseThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...c78cf1e1 | N/A | UK National Insurance NumberThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...0f8f2657 | N/A | UK PassportThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...5fe4101e | N/A | US PassportThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Sensitive Data Disclosure (SDD) | ...0a290153 | N/A | Wisconsin Driver's LicenseThis detection is part of Sensitive Data Disclosure (SDD). | 2022-10-17 | Log | Disable | | Cloudflare Specials | ...e0de97a2 | 100553 | FortiOS - Authentication Bypass - CVE:CVE-2022-40684 | Emergency, 2022-10-14 | N/A | Block | | Cloudflare Specials | ...ee9bb2f5 | 100549 | Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804 | 2022-10-10 | N/A | Block | | Cloudflare Specials | ...1d870399 | 100546 | XSS - HTML Encoding | 2022-10-03 | N/A | Block | | Cloudflare Specials | ...e09c1a1e | 100551 | Microsoft Exchange SSRF and RCE vulnerability - CVE:CVE-2022-41040, CVE:CVE-2022-41082 | Emergency, 2022-10-03 | N/A | Block | | Cloudflare Specials | ...ee9bb2f5 | 100549 | Atlassian Bitbucket - Code Injection - CVE:CVE-2022-36804 | Emergency, 2022-09-20 | N/A | Block | | Cloudflare Specials | ...cfd0fac1 | 100135A | XSS - JavaScript EventsThis detection was announced in BETA with ID ...92c2ad9f on new WAF and ID 100135A\_BETA on legacy WAF. | 2022-09-12 | Block | Block | | Cloudflare Specials | ...e09c1a1e | 100542 | Broken Authentication - VMware - CVE:CVE-2022-31656, CVE:CVE-2022-22972This detection was announced in BETA with ID ...df7d4d7b on new WAF and ID 100542\_BETA on legacy WAF. | 2022-09-12 | Block | Block | | Cloudflare Specials | ...36fe4cbb | 100547 | Sophos Firewall Auth Bypass Vulnerability - CVE:CVE-2022-1040 | 2022-09-12 | N/A | Block | | Cloudflare Specials | ...4529da66 | 100504 | Atlassian - CVE:CVE-2021-26086 | 2022-09-12 | N/A | Block | | Cloudflare Specials | ...b090ba9a | 100303 | Command Injection - NslookupThis detection was announced in BETA with ID ...d5488862 on new WAF and ID 100303\_BETA on legacy WAF. | 2022-09-05 | Block | Block | | Cloudflare Specials | ...3a9dc737 | 100532B | Vulnerability scanner activity 2 | 2022-08-30 | N/A | Disable | | Cloudflare Specials | ...9b16ea5e | N/A | CVE-2020-13443 | 2022-08-30 | N/A | Block | | Cloudflare Specials | ...fd9eb416 | 100541 | Code Injection - WordPress Weblizar Backdoor - CVE:CVE-2022-1609 | 2022-08-22 | N/A | Block | | Cloudflare Specials | ...e09c1a1e | 100542 | Broken Authentication - VMware - CVE:CVE-2022-31656 | 2022-08-22 | N/A | Block | | Cloudflare Specials | ...9ff2129f | 100544 | Zimbra - Command Injection - CVE:CVE-2022-27925, CVE:CVE-2022-30333 | 2022-08-22 | N/A | Block | | Cloudflare Specials | ...94700cae | N/A | Drupal, Magento, PHP - Deserialization - CVE:CVE-2019-6340, CVE:CVE-2016-4010 - 2 | 2022-08-22 | N/A | Block | | Cloudflare Specials | ...1bc977d1 | 100005 | DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892 | 2022-08-22 | N/A | Block | | Cloudflare Specials | ...8e2e15a5 | N/A | SQLi - Strict | 2022-08-15 | N/A | Disable | | Cloudflare Specials | ...25ba9d7c | N/A | SSRF - Cloud | 2022-08-15 | N/A | Disable | | Cloudflare Specials | ...8242627b | N/A | SSRF - Local | 2022-08-15 | N/A | Disable | | Cloudflare Specials | ...74a51804 | N/A | SSRF - Host | 2022-08-15 | N/A | Disable | | Cloudflare Specials | ...d77be6e7 | 100540 | XSS, Code Injection - Elementor - CVE:CVE-2022-29455 | 2022-08-01 | N/A | Block | | Cloudflare Specials | ...b21a6d17 | 100539 | Alibaba Fastjson Remote Code Execution - CVE:CVE-2022-25845 | 2022-08-01 | N/A | Block | | Cloudflare Specials | ...49e6b538 | 100534 | Webshell Activity | 2022-08-01 | N/A | Block | | Cloudflare Specials | ...8d667511 | N/A | NoSQL, MongoDB - SQLi - Comparison | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...6418cd0a | N/A | NoSQL, MongoDB - SQLi - Expression | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...0d64e8c3 | N/A | PostgreSQL - SQLi - COPY | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...fe93af88 | N/A | SQLi - AND/OR Digit Operator Digit | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...5dfbd021 | N/A | SQLi - AND/OR Digit Operator Digit - 2 | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...95cb1c78 | N/A | SQLi - AND/OR MAKE\_SET/ELT | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...33a94329 | N/A | SQLi - Benchmark Function | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...a0ac8609 | N/A | SQLi - Equation | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...e3f62041 | N/A | SQLi - ORD and ASCII | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...5dcf99b7 | N/A | SQLi -SELECTExpression | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...2514d20d | N/A | SQLi - Sleep Function | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...cf1914a0 | N/A | SQLi - String Concatenation | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...484037ce | N/A | SQLi - String Function | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...42123a6c | N/A | SQLi - Sub Query | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...d7aa0008 | N/A | SQLi -UNIONin MSSQL | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...3306fcc2 | N/A | SQLi - WaitFor Function | 2022-08-01 | N/A | Disable | | Cloudflare Specials | ...1651d0c8 | 100536 | GraphQL Injection | 2022-07-25 | N/A | Block | | Cloudflare Specials | ...6a648210 | 100537 | Oracle ADF Remote Code Execution - CVE:CVE-2022-21445 | 2022-07-25 | N/A | Block | | Cloudflare Specials | ...2753531e | 100533 | NoSQL - Injection | 2022-07-18 | N/A | Block | | Cloudflare Specials | ...49e6b538 | 100534 | Web Shell Activity | 2022-07-18 | N/A | Block | | Cloudflare Specials | ...851d2f71 | 100007C | Command Injection - Common Attack Commands | 2022-07-18 | N/A | Block | | Cloudflare Specials | ...aa290ad9 | 100135D | XSS - JS On Events | 2022-07-18 | N/A | Block | | Cloudflare Specials | N/A | 100045B | Anomaly:Header, Directory Traversal - Multiple Slashes, Relative Paths, CR, LF or NULL | 2022-07-06 | Log | Block | | Cloudflare Specials | ...34780914 | 100532 | Vulnerability scanner activity | 2022-07-05 | N/A | Block | | Cloudflare Specials | ...d503ded0 | N/A | XSS, HTML Injection | 2022-06-20 | N/A | Disable | | Cloudflare Specials | ...fd09a0e6 | N/A | XSS - JavaScript Events | 2022-06-20 | N/A | Disable | | Cloudflare Specials | ...f4b0220e | 100703 | Validate Headers | Emergency, 2022-06-10 | N/A | Block | | Cloudflare Specials | ...408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-07 | N/A | Block | | Cloudflare Specials | ...0c99546a | 100702 | Command Injection - CVE:CVE-2022-24108 | 2022-06-06 | N/A | Block | | Cloudflare Specials | ...e184d050 | 100701 | Command Injection - CVE:CVE-2022-30525 | 2022-06-06 | N/A | Block | | Cloudflare Specials | ...56c390a1 | N/A | DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892 2 | 2022-06-06 | N/A | Block | | Cloudflare Specials | ...3456f611 | N/A | XXE - System Function | 2022-06-06 | N/A | Block | | Cloudflare Specials | ...ae5baf61 | 100005 | DotNetNuke - File Inclusion - CVE:CVE-2018-9126, CVE:CVE-2011-1892 | 2022-06-06 | N/A | Block | | Cloudflare Specials | ...bb44c04a | 100531B | Atlassian Confluence - Code Injection - Extended - CVE:CVE-2022-26134 | Emergency, 2022-06-04 | N/A | Disabled | | Cloudflare Specials | ...408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-04 | N/A | Block | | Cloudflare Specials | ...408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 | Emergency, 2022-06-03 | N/A | Block | | Cloudflare Specials | ...408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-03 | N/A | Block | | Cloudflare Specials | ...408cff2b | 100531 | Atlassian Confluence - Code Injection - CVE:CVE-2022-26134 (rule improvement) | Emergency, 2022-06-03 | N/A | Block | | Cloudflare Specials | ...0d20ddd9 | 100054 | Improve Apache Struts detection. Merge 100054\_BETA into 100054 and ...f0c856b4 into ...0d20ddd9\. Apache Struts - Command Injection - CVE:CVE-2017-5638. | 2022-05-30 | N/A | Block | | Cloudflare Specials | ...e1787c92 | N/A | Microsoft Exchange - Code Injection | 2022-05-16 | N/A | Block | | Specials | ...d6e3073f | 100530 | Command Injection - RCE in BIG-IP - CVE:CVE-2022-1388 | Emergency, 2022-05-10 | N/A | Block | | Cloudflare Specials | ...02a9ee96 | 100528 | Code Injection - CVE:CVE-2022-29078 | 2022-05-09 | N/A | Block | | Cloudflare Specials | ...422313d0 | 100529 | VMware vCenter - CVE:CVE-2021-22054 | 2022-05-09 | N/A | Block | | Cloudflare Specials | ...370dc796 | N/A | PostgreSQL - SQLi, Command Injection - CVE:CVE-2019-9193 | 2022-05-09 | N/A | Disable | | Cloudflare Specials | ...61337861 | 100056\_BETA | Apache Struts - Code Injection - CVE:CVE-2017-9791 - Beta | 2022-04-25 | Disable | Block | | Cloudflare Specials | ...bb70a463 | 100527 | Apache Struts - CVE:CVE-2021-31805 | 2022-04-25 | Disable | Block | | Cloudflare Specials | ...a24f08b7 | 100526 | VMware vCenter - CVE:CVE-2022-22954 | 2022-04-25 | Disable | Block | | Cloudflare Specials | ...4343ef6b | N/A | Anomaly:Header:X-Forwarded-Host | 2022-04-20 | N/A | Disable | | Cloudflare Specials | ...ad8ba4bc | N/A | Anomaly:Header:Content-Length - Missing in POST | 2022-04-20 | N/A | Disable | | Cloudflare Specials | ...cc74ff69 | N/A | Anomaly:Header:Accept - Missing or Empty | 2022-04-20 | N/A | Disable | | Cloudflare Specials | ...041699fb | N/A | Practico CMS - SQLi | 2022-04-20 | N/A | Disable | | Cloudflare Specials | ...4751ef80 | N/A | Joomla - Anomaly:Header:User-Agent | 2022-04-20 | N/A | Disable | | Cloudflare Specials | ...f2cc4e84 | 100524 | Spring - Code Injection | 2022-04-11 | N/A | Block | | Cloudflare Specials | ...4e742bb6 | N/A | Drupal - Header Injection - CVE:CVE-2018-14774 | 2022-04-11 | N/A | Disable | | Cloudflare Specials | ...e46c6d76 | N/A | Drupal - XSS - CVE:CVE-2018-9861 | 2022-04-11 | N/A | Disable | | Specials | ...f2cc4e84 | 100524 | Spring - Code Injection | Emergency, 2022-04-04 | Simulate | Block | | Specials | ...fbe6c869 | 100522 | Spring - CVE:CVE-2022-22947 | Emergency, 2022-04-04 | Simulate | Block | | Specials | ...f2cc4e84 | 100524 | Spring - Code Injection | Emergency, 2022-03-31 | N/A | Simulate | | Specials | ...fbe6c869 | 100522 | Spring - CVE:CVE-2022-22947 | Emergency, 2022-03-29 | N/A | Simulate | | Cloudflare Specials | ...e7c9a2c4 | 100519B | Magento - CVE:CVE-2022-24086 | 2022-03-14 | N/A | Block | | Cloudflare Specials | ...a37c3733 | 100520 | Apache - CVE:CVE-2022-24112 | 2022-03-14 | N/A | Block | | Cloudflare Specials | ...664ed6fe | 100015 | Anomaly:Port - Non Standard Port (not 80 or 443) | 2022-03-14 | N/A | Disable | | Cloudflare Specials | ...5723bcc9 | 100022 | Anomaly:Method - NotGETorPOST | 2022-03-14 | N/A | Disable | | Cloudflare Specials | ...3fccf643 | 100519 | Magento - CVE:CVE-2022-24086 | 2022-03-07 | N/A | Block | | Cloudflare Specials | ...5ea3d579 | 100518 | SAP - Code Injection - CVE:CVE-2022-22532 | 2022-02-28 | N/A | Block | | Cloudflare Specials | ...69e0b97a | 100400 | Atlassian Confluence - Code Injection - CVE:CVE-2021-26084 - Improve Rule Coverage | 2022-02-21 | Block | Block | | Cloudflare Specials | N/A | PHP100001 | PHP - Command Injection - CVE:CVE-2012-2336, CVE:CVE-2012-2311, CVE:CVE-2012-1823 | 2022-02-14 | Challenge | Block | | Cloudflare Specials | ...dc29b753 | 100515B | Log4j Body Obfuscation | 2022-02-14 | N/A | Block | | Cloudflare Specials | ...69fe1e0d | 100700 | Apache SSRF vulnerability CVE-2021-40438 | 2022-01-24 | N/A | Block | ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"item":{"@id":"/directory/","name":"Directory"}},{"@type":"ListItem","position":2,"item":{"@id":"/waf/","name":"WAF"}},{"@type":"ListItem","position":3,"item":{"@id":"/waf/change-log/","name":"WAF changelog overview"}},{"@type":"ListItem","position":4,"item":{"@id":"/waf/change-log/historical-2022/","name":"Historical (2022)"}}]} ```