On March 29, 2018, Drupal announced an update to fix a critical remote code execution exploit (SA-CORE-2018-002/CVE-2018-7600). In response, Cloudflare has released a rule to block requests matching these exploit conditions for their Web Application Firewall (WAF). The rule can be found in the Cloudflare ruleset under the Drupal category with the rule ID of D0003. The official Drupal Advisory is available at https://www.drupal.org/sa-core-2018-002.