Seems to be a change in Cloudflare's managed WAF ruleset - any site using that will have URLs c...

tom_usher • last Tuesday at 4:38 PM • 3 replies • view on HN

Seems to be a change in Cloudflare's managed WAF ruleset - any site using that will have URLs containing 'camel' blocked due to the 'Apache Camel - Remote Code Execution - CVE:CVE-2025-29891' (a9ec9cf625ff42769298671d1bbcd247) rule.

That rule can be overridden if you're having this issue on your own site.

Replies

internetter • last Tuesday at 7:52 PM

> any site using that will have URLs containing 'camel' blocked

What engineer at cloudflare thought this was a good resolution?

➕ show 2 replies

cbovis • last Tuesday at 5:05 PM

Confirmed here: https://www.cloudflarestatus.com/incidents/gshczn1wxh74

oncallthrow • last Tuesday at 6:38 PM

WAFs are so shit

➕ show 2 replies

alt Hacker News

Replies