Prepare Your Site for Traffic Spikes this Holiday Season

Published on by Andrew A. Schafer.

The holiday season is approaching, and everyone is thinking about gifts for their friends and family. As people increasingly shop online, this means huge spikes in traffic for web sites---especially ecommerce sites. We want you to get the most out of this year’s surge in web traffic, so we’ve created a list of tips to help you prepare your site to ensure your visitors have a…

Migrating to the Ghost Blogging Platform

Published on by Andrew A. Schafer.

For those of you that follow the CloudFlare blog, you’ll know that we try to be prolific. We have industry leaders like Matthew Prince, John Graham-Cumming, Nick Sullivan, and others publishing pieces weekly from the front lines of internet performance and security. We’re also big fans of open source software, which is used in almost everything we do. A little over a year ago we watched…

CloudFlare and SHA-1 Certificates

Published on by Nick Sullivan.

At CloudFlare, we’re dedicated to ensuring sites are not only secure, but also available to the widest audience. In the coming months, both Google’s Chrome browser and Mozilla’s Firefox browser are changing their policy with respect to certain web site certificates. We are aware of these changes, and we have modified our SSL offerings to ensure customer sites continue to be secure and available to…

DNSSEC: Complexities and Considerations

Published on by Nick Sullivan.

This blog post is a follow-up to our previous introduction to DNSSEC. Read that first if you are not familiar with DNSSEC. DNSSEC is an extension to DNS: it provides a system of trust for DNS records. It’s a major change to one of the core components of the Internet. In this post we examine some of the complications of DNSSEC, and what CloudFlare plans to do…

Take a break and watch two recent engineering talks

Published on by John Graham-Cumming.

Recently, I spoke at the dotGo 2014 conference in Paris and my colleague (and creator of OpenResty) Yichun Zhang spoke at the first NGINX conference in San Francisco. If you need to take a break, go grab a drink and enjoy one of these two talks. The Latest and Greatest from ngx_lua: New Features & Tools Tired of writing NGINX C-modules or setting-up back-end application servers? The…

Drupal 7 SA-CORE-2014-005 SQL Injection Protection

Published on by John Graham-Cumming.

Yesterday the Drupal Security Team released a critical security patch for Drupal 7 that fixes a very serious SQL injection vulnerability. At the same time we pushed an update to our Drupal WAF rules to mitigate this problem. Any customer using the WAF and with the Drupal ruleset enabled will have received automatic protection. Rule D0002 provides protection against this vulnerability. If you do not have that ruleset…