Shellshock protection enabled for all customers
09/29/2014
On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF....
Go interfaces make test stubbing easy
08/27/2014
Go's "object-orientation" approach is through interfaces. Interfaces provide a way of specifying the behavior expected of an object, but rather than saying what an object itself can do, they specify what's expected of an object....
CloudFlare hiring Go programmers in London and San Francisco
08/19/2014
Are you familiar with the Go programming language and looking for a job in San Francisco or London? Then think about applying to CloudFlare. We're looking for people with experience writing Go in both locations....
Experimenting with mozjpeg 2.0
07/29/2014
One of the services that CloudFlare provides to paying customers is called Polish. Polish automatically recompresses images cached by CloudFlare to ensure that they are as small as possible and can be delivered to web browsers as quickly as possible....
Courage to change things
07/11/2014
This was an internal email that I sent to the CloudFlare team about how we are not afraid to throw away old code. We thought it was worth sharing with a wider audience....
Making code better with reviews
07/02/2014
In the past we've written about how CloudFlare isn't afraid to rip out and replace chunks of code that have proved to be hard to maintain or have simply reach end of life. ...
New OpenSSL vulnerabilities: CloudFlare systems patched
06/05/2014
The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today....
The Web is World-Wide, or who still needs RC4?
05/19/2014
Two weeks ago we changed our TLS configuration to deprioritize the RC4 encryption method because it is widely thought to be vulnerable to attack. At the time we had an internal debate about turning off RC4 altogether, but statistics showed that we couldn't....
Tracking our SSL configuration
05/03/2014
Over time we've updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we've documented those changes in blog posts....
Searching for The Prime Suspect: How Heartbleed Leaked Private Keys
04/27/2014
Within a few hours of CloudFlare launching its Heartbleed Challenge the truth was out. Not only did Heartbleed leak private session information (such as cookies and other data that SSL should have been protecting), but the crown jewels of an HTTPS web server were also vulnerable....
The weird and wonderful world of DNS LOC records
04/01/2014
A cornerstone of CloudFlare's infrastructure is our ability to serve DNS requests quickly and handle DNS attacks. To do both those things we wrote our own authoritative DNS server called RRDNS in Go. ...
Staying up to date with the latest protocols: SPDY/3.1
02/17/2014
Back in June 2012 CloudFlare started a beta rollout of Google's then new SPDY protocol and we took a detailed look at how SPDY makes web sites faster....
Protect Your Sites With Rapidly Deployed WAF Rules
01/21/2014
An attack on your site could be catastrophic. Even a small attack can have major implications. Responding quickly to an attack is imperative. ...
Understanding and mitigating NTP-based DDoS attacks
01/09/2014
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers....
Using CloudFlare to mix domain sharding and SPDY
12/26/2013
It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. ...
Keeping our open source promise
12/22/2013
Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the many ways in which we use and support open source software....
The two reasons to be an engineer at CloudFlare
11/12/2013
If you're thinking about joining a startup as an engineer we'd like you to think of CloudFlare. The two most important reasons to think of CloudFlare are... because of who your colleagues would be and who our customers are (and who their customers are)....
What we've been doing with Go
11/11/2013
Almost two years ago CloudFlare started working with Go. What started as an experiment on one network and concurrency heavy project has turned into full, production use of Go for multiple services....
CloudFlare And Open Source Software: A Two-Way Street
10/07/2013
CloudFlare uses a great deal of open source and free software. Our core server platform is nginx (which is released using a two-clause BSD license) and our primary database of choice is postgresql (which is released using their own BSD-like license). ...