Always-on detections: eliminating the WAF "log versus block" trade-off

Traditional Web Application Firewalls (WAFs) often require extensive manual configuration to effectively block malicious traffic, which can lead to a trade-off between visibility and protection. Cloudflare addresses these challenges with its new Attack Signature Detection, which inspects every request for malicious payloads and provides detailed detection metadata without impacting performance. This approach enables security teams to create precise mitigation policies, reducing false positives. The system separates detection from mitigation, ensuring continuous analysis while maintaining performance. Cloudflare is also developing Full-Transaction Detection, which analyzes both request and response data to identify threats that traditional methods might miss, such as subtle SQL injections or data exfiltration patterns. Both initiatives aim to enhance web application security by offering comprehensive visibility, allowing users to create custom security rules with greater confidence. Attack Signature Detection offers early access, while Full-Transaction Detection is still under development.