CloudFlare sites protected from httpoxy

Published on by Ben Cartwright-Cox.

CC BY 2.0 image by Joe Seggiola We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy. This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk to. By default httpoxy requests are modified to be harmless and then request is allowed through, however customers…

More data, more data

Published on by Hunter Blanks.

"multas per gentes et multa per aequora" [1] The life of a request to CloudFlare begins and ends at the edge. But the afterlife! Like Catullus to Bithynia, the log generated by an HTTP request or a DNS query has much, much further to go. This post comes from CloudFlare's Data Team. It reports the state of processing these sort of edge logs, including what's worked…

Why we use the Linux kernel's TCP stack

Published on by Marek Majkowski.

A recent blog post posed the question Why do we use the Linux kernel's TCP stack?. It triggered a very interesting discussion on Hacker News. I've also thought about this question while working at CloudFlare. My experience mostly comes from working with thousands of production machines here and I can try to answer the question from that perspective. CC BY 2.0 image by John Vetterli Let's start…

HTTP/2 Server Push with multiple assets per Link header

Published on by John Graham-Cumming.

In April we announced that we had added experimental support for HTTP/2 Server Push to all CloudFlare web sites. We did this so that our customers could iterate on this new functionality. CC BY 2.0 image by https://www.flickr.com/photos/mryipyop/ Our implementation of Server Push made use of the HTTP Link header as detailed in W3C Preload Working Draft. We also showed how…

The complete guide to Go net/http timeouts

Published on by Filippo Valsorda.

When writing an HTTP server or client in Go, timeouts are amongst the easiest and most subtle things to get wrong: there’s many to choose from, and a mistake can have no consequences for a long time, until the network glitches and the process hangs. HTTP is a complex multi-stage protocol, so there's no one-size fits all solution to timeouts. Think about a streaming endpoint versus a…