Google Cloud Armor WAF rule to help mitigate Apache Log4j vulnerability
Editor's note: As of 12/16/2021 at 12pm PST, this post was updated to include more information about the latest NIST publication, CVE-2021-45046. The existing Cloud Armor ‘cve-canary’ rule offers the same level of protection for the new CVE. As of 12/13/2021 at 5:30pm PST, this post was updated to include more information about how our rules function and instructions on how to tune them. As of 12/11/2021 at 5:30pm PST, this post was updated to include more information about the new Cloud Armor WAF rules and an explanation of the log snippet screenshot. NIST has announced a recent vulnerability ( [...]