CC BY 2.0 image by Joe Seggiola We have rolled out automatic protection for all customers for the the newly announced vulnerability called httpoxy. This vulnerability affects applications that use “classic” CGI execution models, and could lead to API token disclosure of the services that your application may talk
An introduction to JavaScript-based DDoS
CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack. In a typical DDoS attack, an attacker causes a large number of computers to send data to a server, overwhelming its capacity and
New Magento WAF Rule – RCE Vulnerability Protection
Today the Magento Security Team created a new ModSecurity rule and added it to our WAF rules to mitigate an important RCE (remote code execution) vulnerability in the Magento web e-commerce platform. Any customer using the WAF needs to click the ON button next to the “CloudFlare Magento” Group in
Protection against critical Windows vulnerability (CVE-2015-1635)
A few hours ago, more details surfaced about the MS15-034 vulnerability. Simple PoC code has been widely published that will hang a Windows web server if sent a request with an HTTP Range header containing large byte offsets. We have rolled out a WAF rule that blocks these requests. Customers
Kyoto Tycoon Secure Replication
Kyoto Tycoon is a distributed key-value store written by FAL Labs, and it is used extensively at CloudFlare. Like many popular key-value stores, Kyoto Tycoon uses timestamp-based replication to ensure eventual consistency and guarantee ordering. Kyoto Tycoon is an open source project, and in the spirit of the holidays, we’