When the Internet (Officially) Became the Public Square

Published on by Alissa Starzak.

Sometimes, well-intended efforts to prevent unacceptable behavior run into the reality of what it means to have an open and free society. That is what happened at the Supreme Court on Monday. Souvenir Postcard by unknown The Supreme Court issued an opinion confirming something we at Cloudflare have long believed -- that the First Amendment protects access to the Internet. Using sweeping language, Justice Kennedy compared internet access…

How we built rate limiting capable of scaling to millions of domains

Published on by Julien Desgats.

Back in April we announced Rate Limiting of requests for every Cloudflare customer. Being able to rate limit at the edge of the network has many advantages: it’s easier for customers to set up and operate, their origin servers are not bothered by excessive traffic or layer 7 attacks, the performance and memory cost of rate limiting is offloaded to the edge, and more. In a nutshell,…

Less Is More - Why The IPv6 Switch Is Missing

Published on by Dani Grant.

At Cloudflare we believe in being good to the Internet and good to our customers. By moving on from the legacy world of IPv4-only to the modern-day world where IPv4 and IPv6 are treated equally, we believe we are doing exactly that. "No matter what happens in life, be good to people. Being good to people is a wonderful legacy to leave behind." - Taylor Swift…

Patent Troll Battle Update: Doubling Down on Project Jengo

Published on by Matthew Prince.

Jango Fett by Brickset (Flickr) We knew the case against patent trolls was the right one, but we have been overwhelmed by the response to our blog posts on patent trolls and our program for finding prior art on the patents held by Blackbird Tech, which we’ve dubbed Project Jengo. As we discuss in this post, your comments and contributions have allowed us to expand and intensify…

Reflections on reflection (attacks)

Published on by Marek Majkowski.

Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact. CC BY 2.0 image by RageZ We decided to take a second look through our logs and share some statistics about reflection attacks we see regularly. In…