An introduction to JavaScript-based DDoS

Published on by Nick Sullivan.

CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack. In a typical DDoS attack, an attacker causes a large number of computers to send data to a server, overwhelming its capacity and

New Magento WAF Rule – RCE Vulnerability Protection

Published on by Peter Dumanian.

Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in

Protection against critical Windows vulnerability (CVE-2015-1635)

Published on by Ben Cartwright-Cox.

A few hours ago, more details surfaced about the MS15-034 vulnerability. Simple PoC code has been widely published that will hang a Windows web server if sent a request with an HTTP Range header containing large byte offsets. We have rolled out a WAF rule that blocks these requests. Customers

Kyoto Tycoon Secure Replication

Published on by Nick Sullivan.

Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon uses timestamp-based replication to ensure eventual consistency and guarantee ordering. Kyoto Tycoon is an open source project, and in the spirit of the holidays, we’