Security - Page 1 - Cloudflare Blog

How we built rate limiting capable of scaling to millions of domains

Published on June 7th, 2017 12:47PM by Julien Desgats.

Back in April we announced Rate Limiting of requests for every Cloudflare customer. Being able to rate limit at the edge of the network has many advantages: it’s easier for customers to set up and operate, their origin servers are not bothered by excessive traffic or layer 7 attacks,

Reflections on reflection (attacks)

Published on May 24th, 2017 6:16PM by Marek Majkowski.

Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact. CC BY 2.0 image by RageZ We decided to

IoT Security Anti-Patterns

Published on May 2nd, 2017 1:00PM by Junade Ali.

From security cameras to traffic lights, an increasing amount of appliances we interact with on a daily basis are internet connected. A device can be considered IoT-enabled when the functionality offered by its Embedded System is exposed through an internet connected API. Internet-of-Things technologies inherit many attack vectors that appear

Introducing TLS with Client Authentication

Published on May 1st, 2017 3:58PM by Dani Grant.

In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication, meaning that the server additionally authenticates that the client connecting to it is authorized to connect. TLS

Introducing Cloudflare Orbit: A Private Network for IoT Devices

Published on April 27th, 2017 1:00PM by Dani Grant.

In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras. We continued to see more IoT devices in DDoS attacks, and so we started to put together a security solution to protect the

AES-CBC is going the way of the dodo

Published on April 21st, 2017 4:44PM by Vlad Krasnov.

A little over a year ago, Nick Sullivan talked about the beginning of the end for AES-CBC cipher suites, following a plethora of attacks on this cipher mode. Today we can safely confirm that this prediction is coming true, as for the first time ever the share of AES-CBC cipher

Introducing SSL for SaaS

Published on April 19th, 2017 1:03PM by Patrick R. Donahue.

If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. Your customers—and your revenue stream—depend on it. Putting your app behind a solution such as Cloudflare is an obvious move for your own infrastructure,

Understanding Our Cache and the Web Cache Deception Attack

Published on April 14th, 2017 3:00PM by Joshua Liebow-Feeser.

About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that sit behind a reverse proxy (like Cloudflare) and are misconfigured in a particular way. Unfortunately, the definition of "misconfigured" for the purposes of