Customer-configured rules now the biggest contributor to mitigated traffic

The largest contributor to mitigated traffic is now customer-configured rules, with web application firewalls (WAFs) driving the increase. Cloudflare’s Application Security Report showed that old vulnerabilities are still widely exploited and HTTP anomalies are the most common attack vector on API endpoints. Application owners are also increasingly using geolocation blocks, and API traffic continues to grow. The report predicts 2023 to be a record-high year for API breaches.