CloudFlare sites protected from httpoxy

On July 18, 2016, Ben Cartwright-Cox announced a new vulnerability called httpoxy that affects applications using "classic" CGI execution models and could lead to API token disclosure of services your application communicates with. Cloudflare has implemented automatic protection for all customers against this vulnerability. By default, harmful httpoxy requests are modified to be harmless and allowed through. However, customers can also use Web Application Firewall rule 100050 in Cloudflare Specials to block such requests that could lead to the httpoxy vulnerability.