October 04, 2013 1:48PM
How I created the viral sensation: isthegovernmentopen.com
A few years ago, amidst the final crunch of a project deadline, a friend and former colleague looked me directly in the eye and said, "It's like I don't even know how to build a website anymore."...
October 03, 2013 12:00PM
Patching a WHMCS zero day on day zero
A critical zero-day vulnerability was published today affecting any hosting provider using WHMCS. As part of building a safer web, CloudFlare has added a ruleset to our Web Application Firewall (WAF) to block the published attack vector....
October 03, 2013 6:00AM
Ensuring Randomness with Linux's Random Number Generator
When building secure systems, having a source of random numbers is essential. Without them, most cryptographic systems break down and the privacy and authenticity of communications between two parties can be subverted....
September 27, 2013 5:15AM
Cloudflare: Happy 3rd Birthday
Life @ Cloudflare
Today is CloudFlare's birthday. We opened to the public exactly three years ago today, September 27, 2010. In those three years we've grown to power more than 1.5 million websites and sit in front of more than 4% of all web requests....
September 20, 2013 7:00AM
Why some cryptographic keys are much smaller than others
If you connect to CloudFlare's web site using HTTPS the connection will be secured using one of the many encryption schemes supported by SSL/TLS....
September 13, 2013 7:00AM
Why secure systems require random numbers
If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator....
September 05, 2013 10:49AM
SXSW 2014: Get your PanelPicker votes in today!
CloudFlare is headed to the Interactive portion of SXSW in Austin from March 7-11, 2014. We are very excited to share some of the knowledge and experiences we’ve gained since our CloudFlare journey began....
August 27, 2013 7:15PM
Details Behind Today's Internet Hacks
At 1:19pm (PDT) today, a researcher noticed that the New York Times' website wasn't loading. We know the New York Times tech team, so we sent an email to check in. A few minutes later, the CTO of the NYT called us back....
August 27, 2013 1:10AM
The story of a little DNS easter egg
About a year ago, we realized that CloudFlare's current DNS infrastructure had some challenges. We were using PowerDNS, an open source DNS server that is popular with hosting providers....
August 24, 2013 2:46AM
Recycling memory buffers in Go
This blog post is very old now. You probably don't want to use the techniques described here. GO'S sync.Pool is a better way to go....
August 23, 2013 6:31AM
CloudFlare's new WAF: compiling to Lua
We use nginx throughout our network for front-line web serving, proxying and traffic filtering. In some cases, we've augmented the core C code of nginx with our own modules, but recently we've made a major move to using Lua in conjunction with nginx.
One project that's now almost entirely written in Lua is the new CloudFlare WAF that we blogged about the other day.
The Lua WAF uses the nginx Lua module to embed Lua code and execute that code as part of the normal nginx handling of phases....
August 20, 2013 6:00PM
Hi I’m Ken Carter, CloudFlare’s newly minted in-house counsel. Now that I have introduced myself, feel free to introduce yourself. Or, don’t. You may want to remain anonymous because you value your privacy. We do, too....
August 19, 2013 7:00AM
Heuristics and Rules: Why We Built a New Old WAF
We just rolled out an update to CloudFlare's Web Application Firewall (WAF). Previously, CloudFlare's WAF has received criticism from people who have tested it and found that it didn't behave as traditional WAFs are expected to....
August 09, 2013 12:00PM
Cloudflare and Free Speech
Freedom of Speech
This question assumes the answer. A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain....
August 06, 2013 3:40PM
What's the story behind the names of CloudFlare's name servers?
We're going to do a series of blog posts about some of the inner workings of CloudFlare. One of the questions we get often is what the names of our name servers mean. Here's the story....
July 30, 2013 9:20AM
DDoS Prevention: Protecting The Origin
One of the many great features that CloudFlare provides is protection from Distributed Denial of Service (DDoS) attacks. A malicious party who wants to make your website or web service unavailable could try to overwhelm it with requests from compromised machines (or bots) all around the world....
July 22, 2013 9:30AM
A Tour Inside CloudFlare's Latest Generation Servers
Speed & Reliability
CloudFlare operates at a significant scale, handling more than a trillion requests through our network every month....
July 18, 2013 5:00AM
Government Surveillance: Why Transparency Matters
The web is one of the greatest inventions of human history because it has made the world more transparent. Fundamentally, that's what the web does: it takes information that was inaccessible and opaque and makes it available and lucid....
July 15, 2013 4:00PM
Railgun Gives our Ecommerce Sites the Edge
Speed & Reliability
In March 2013, we started testing Railgun, and slowly rolled it out across our three web properties. We saw immediate results. First, we saw instant reductions in time to retrieve uncached HTML documents, and as an ecommerce web property every millisecond counts....
July 12, 2013 12:02AM
Staying on top of TLS attacks
CloudFlare makes extensive use of TLS connections throughout our
service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints....