Redesigning CloudFlare

Published on by Kevin Wilson.

CloudFlare’s original interface grew at an amazing speed. Visually, it hadn't changed much since CloudFlare’s launch in 2010. After several years of new features, settings, and ancillary UIs buried beneath clicks, it became clear that the user experience was lacking and would only get worse as we continued to add features. The question became: How could we make a UI that was versatile, scalable, and consistent?…

An introduction to JavaScript-based DDoS

Published on by Nick Sullivan.

CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack. In a typical DDoS attack, an attacker causes a large number of computers to send data to a server, overwhelming its capacity and preventing legitimate users from accessing it. In recent years, DDoS techniques have become more diversified: attackers are tricking…

Introducing Multi-User Organizations: Share An Account Without Sharing A Login

Published on by Dani Grant.

An enterprise needs security and controls around access. Your web developer needs to update your website’s logo and make sure it’s live immediately, but doesn’t need access to your SSL keys. Your sysadmin manages your DNS, but doesn’t need to see your visitor traffic. Your marketing team needs to see traffic, but shouldn’t have access to your WAF. Today CloudFlare is introducing new…

CloudFlare's New Dashboard

Published on by Matthew Prince.

When we started CloudFlare, we thought we were building a service to make websites faster and more secure, and we wanted to make the service as easy and accessible as possible. As a result, we built the CloudFlare interface to put basic functions front and center and designed it to look more like a consumer app than the UI for the powerful network it controlled. Over time, we…

New Magento WAF Rule – RCE Vulnerability Protection

Published on by Peter Dumanian.

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in the WAF Settings to enable protection immediately. Both Magento version 1.9.1.0 CE and 1.14.…