Skip to content
Cloudflare Docs

Changelog

New updates and improvements at Cloudflare.

Subscribe to RSS
View all RSS feeds

hero image

WAF Release - 2025-09-26

Managed Ruleset Updated

This update introduces 11 new detections in the Cloudflare Managed Ruleset (all currently set to Disabled mode to preserve remediation logic and allow quick activation if needed). The rules cover a broad spectrum of threats - SQL injection techniques, command and code injection, information disclosure of common files, URL anomalies, and cross-site scripting.

RulesetRule IDLegacy Rule IDDescriptionPrevious ActionNew ActionComments
Cloudflare Managed Ruleset 100859ASQLi - UNION - 3N/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100889Command Injection - Generic 9N/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100890Information Disclosure - Common Files - 2N/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100891Anomaly:URL - Relative PathsN/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100894XSS - Inline FunctionN/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100895XSS - DOMN/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100896SQLi - MSSQL Length EnumerationN/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100897Generic Rules - Code Injection - 3N/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100898SQLi - EvasionN/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100899SQLi - Probing 2N/ADisabledThis is a New Detection
Cloudflare Managed Ruleset 100900SQLi - ProbingN/ADisabledThis is a New Detection