Helping protect against Log4j

The Log4j vulnerability allows attackers to execute code on a remote server. Cloudflare is helping all customers, free or paid, mitigate the Log4j issue.

On December 9th, 2021, a very serious vulnerability in the popular Java-based logging package Log4j was disclosed. To mitigate attacks, Cloudflare has deployed mitigation rules for all of our customers.

What is the Log4j exploit?

Context

Log4j is a popular open source software library that is used to log web application activity to logs in memory. These files often contain information coming from outside an organization — for instance, a User-Agent string that is sent by a browser along with an HTTP request.

Vulnerability

Unfortunately, a flaw in Log4j means that by using special characters in logged data, it is possible to get a machine inside a company to run code that an attacker controls. Through an attack known as remote code execution (RCE), attackers can gain a foothold into what would normally be a secure, protected system.

Learn more

How Cloudflare Helps

In response to the Log4j vulnerability, Cloudflare has rolled out basic protections to all customers, irrespective of their plan type. As this vulnerability is actively being exploited, Log4j users should update to the latest version as soon as possible.

Cloudflare WAF now includes four rules to help mitigate any exploit attempts. See this blog post for details on how to enable these rules.

In addition, Cloudflare rolled out a config option for our Logpush service to find and replace known exploit strings in Cloudflare logs to help mitigate the impact of this vulnerability.

If you have been affected by the Log4j vulnerability or are concerned about its potential impact, sign up to start using Cloudflare today.