Remote Command Execution

What It Means

This request attempted to invoke a system command within your application as part of an attack.

Why It Matters

Remote command execution (RCE) is the most severe type of web attack. If successful, the attacker can run arbitrary commands on your server — installing malware, creating backdoors, stealing data, or pivoting to attack other systems on your network.

Common Triggers

Requests containing shell commands, pipe operators, command separators (;, &&, |), or references to system binaries like /bin/sh or cmd.exe. Automated scanners test for RCE vulnerabilities across all input parameters.

What To Do

RCE attempts are always malicious. These blocks should never be overridden. If you see a high volume of RCE blocks, it may indicate targeted scanning against your application, but the WAF is handling it.