Go crypto: bridging the performance gap
2015-05-07
It is no secret that we at CloudFlare love Go. We use it, and we use it a LOT. There are many things to love about Go, but what I personally find appealing is the ability to write assembly code!...
Redesigning CloudFlare
2015-05-01
After several years of new features, settings, and ancillary UIs buried beneath clicks, it became clear that the user experience was lacking and would only get worse as we continued to add features. The question became: How could we make a UI that was versatile, scalable, and consistent?...
An introduction to JavaScript-based DDoS
2015-04-30
CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack....
Introducing Multi-User Organizations: Share An Account Without Sharing A Login
2015-04-29
An enterprise needs security and controls around access. Your web developer needs to update your website’s logo and make sure it’s live immediately, but doesn’t need access to your SSL keys. ...
CloudFlare's New Dashboard
2015-04-28
When we started CloudFlare, we thought we were building a service to make websites faster and more secure, and we wanted to make the service as easy and accessible as possible. ...
New Magento WAF Rule – RCE Vulnerability Protection
2015-04-25
Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform....
Of Phishing Attacks and WordPress 0days
2015-04-24
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. However, it also makes us a target. ...
Contributing back to the security community
2015-04-21
This Friday at the RSA Conference in San Francisco, along with Marc Rogers, Principal Security Researcher at CloudFlare, I'm speaking about a version of The Grugq's PORTAL, an open source network security device designed to make life easier and safer....
Oceania Redundancy: Auckland and Melbourne data centers now online
2015-04-20
The genesis of our 33rd and 34th data centers in Auckland and Melbourne started a short hop away in nearby Sydney. Prior to these deployments traffic from all of New Zealand and Australia's collective 23 million Internet users was routed through CloudFlare's Sydney data center. ...
Protection against critical Windows vulnerability (CVE-2015-1635)
2015-04-15
A few hours ago, more details surfaced about the MS15-034 vulnerability. Simple PoC code has been widely published that will hang a Windows web server if sent a request with an HTTP Range header containing large byte offsets....
CloudFlare is now a Google Cloud Platform Technology Partner
2015-04-13
We’re excited to announce that CloudFlare has just been named a Google Cloud Platform Technology Partner. So what does this mean?...
The oldest trick in the ASCII book
2015-04-12
If you're old enough (or interested enough) to have spent a lot of time messing around with the ASCII table then you might have run into a strange fact: it's possible to uppercase ASCII text using just bitwise AND....
Scaling out PostgreSQL for CloudFlare Analytics using CitusDB
2015-04-09
When I joined CloudFlare about 18 months ago, we had just started to build out our new Data Platform. At that point, the log processing and analytics pipeline built in the early days of the company had reached its limits. ...
CloudFlare's Buenos Aires data center now online
2015-04-01
Che, ya estamos en Argentina! It is con placer that we announce our 32nd data center in Buenos Aires, Argentina. Our Buenos Aires data center is our 5th in Latin America following deployments in Santiago, São Paulo, Medellin, and Lima. ...
Improving compression with a preset DEFLATE dictionary
2015-03-30
A few years ago Google made a proposal for a new HTTP compression method, called SDCH (SanDwiCH). The idea behind the method is to create a dictionary of long strings that appear throughout many pages of the same domain (or popular search results)....
A Go Gotcha: When Closures and Goroutines Collide
2015-03-25
Here's a small Go gotcha that it's easy to fall into when using goroutines and closures. Here's a simple program that prints out the numbers 0 to 9....
Integrating our Integrations: Getting WHMCS and cPanel Talking
2015-03-23
CloudFlare provides integrations for several of the most popular hosting control panels and billing systems such as WHMCS, cPanel, and Plesk....
OpenSSL Security Advisory of 19 March 2015
2015-03-19
Today there were multiple vulnerabilities released in OpenSSL, a cryptographic library used by CloudFlare (and most sites on the Internet)....
Announcing Virtual DNS: DDoS Mitigation and Global Distribution for DNS Traffic
2015-03-10
It’s 9am and CloudFlare has already mitigated three billion malicious requests for our customers today. Six out of every one hundred requests we see are malicious, and increasingly, more of those bad requests are targeting DNS nameservers. ...
Deprecating the DNS ANY meta-query type
2015-03-06
DNS, one of the oldest technologies running the Internet, keeps evolving. There is a constant stream of new developments, from DNSSEC, through DNS-over-TLS, to a plentiful supply of fresh EDNS extensions....
