Shellshock protection enabled for all customers

On September 29, 2014, CloudFlare introduced automatic protection against the Shellshock bash vulnerability for all its paying customers through their WAF (Web Application Firewall). Following this, they received requests to extend this protection to all customers, including those on the Free plan. After assessing the actual Shellshock traffic and understanding the severity of the issue, CloudFlare developed a Basic ShellShock Protection that is now operational for every customer, regardless of their plan (Free, Pro, Business, or Enterprise). Paying customers still benefit from more complex Shellshock rules in the WAF. This ensures that all CloudFlare users are protected from common attack vectors related to Shellshock, while paying customers enjoy additional advanced protection.