February 21, 2019 3:18PM
Cloudflare Access now supports RDP
Last fall, the United States FBI warned organizations of an increase in attacks that exploit vulnerabilities in the Remote Desktop Protocol (RDP). Attackers stole sensitive data and compromised networks by taking advantage of desktops left unprotected....
February 20, 2019 3:14PM
Stop the Bots: Practical Lessons in Machine Learning
Bot-powered credential stuffing is a scourge on the modern Internet. These attacks attempt to log into and take over a user’s account by assaulting password forms with a barrage of dictionary words and previously stolen account credentials....
February 18, 2019 1:13PM
SOCKMAP - TCP splicing of the future
Proper TCP socket splicing reduces the load on userspace processes and enables more efficient data forwarding. We realized that Linux Kernel's SOCKMAP infrastructure can be reused for this purpose....
February 07, 2019 5:00PM
Give your automated services credentials with Access service tokens
Cloudflare Access secures your internal sites by adding authentication. When a request is made to a site behind Access, Cloudflare asks the visitor to login with your identity provider....
February 05, 2019 4:00PM
Cloudflare Support for Azure Customers
Cloudflare seeks to help its end customers use whichever public and private clouds best suit their needs. Towards that goal, we have been working to make sure our solutions work well with various public cloud providers including Microsoft’s Azure platform....
January 24, 2019 5:57PM
HTTP/3: From root to tip
Explore HTTP/3 from root to tip and discover the backstory of this new HTTP syntax that works on top of the IETF QUIC transport....
January 23, 2019 9:13AM
Tracing Soon-to-Expire Federal .gov Certificates with CT Monitors
As of December 22, 2018, parts of the US Government have “shut down” because of a lapse in appropriation. The shutdown has caused the furlough of employees across the government and has affected federal contracts....
January 16, 2019 5:01PM
One-Click DNSSEC with Cloudflare Registrar
When you launch your domain to the world, you rely on the Domain Name System (DNS) to direct your users to the address for your site. However, DNS cannot guarantee that your visitors reach your content because DNS, in its basic form, lacks authentication....
December 25, 2018 5:42PM
Concise Christmas Cryptography Challenges 2019
We've put together some Christmas Cryptography questions. Do you think you can solve them?...
December 21, 2018 1:11PM
Firewall Rules - Priority and Ordering
Firewall Rules are one of the best security features we released this year, and have been an overwhelming success. Customers have been using Firewall Rules to solve interesting security related use cases....
December 20, 2018 1:00PM
Banking-Grade Credential Stuffing: The Futility of Partial Password Validation
Recently when logging into one of my credit card providers, I was greeted by a familiar screen. After entering in my username, the service asked me to supply 3 random characters from my password to validate ownership of my account....
November 29, 2018 9:54AM
Know your SCM_RIGHTS
As TLS 1.3 was ratified earlier this year, I was recollecting how it started here at Cloudflare. We made the decision to be early adopters of TLS 1.3 a little over two years ago....
November 28, 2018 7:59PM
L4Drop: XDP DDoS Mitigations
Efficient packet dropping is a key part of Cloudflare’s distributed denial of service (DDoS) attack mitigations. In this post, we introduce a new tool in our packet dropping arsenal: L4Drop....
November 16, 2018 11:00AM
Announcing SSH Access through Cloudflare
Speed & Reliability
You can now place applications that require SSH connections, like your source control repository, behind Cloudflare Access. We’re excited to release that same feature so that your team can also destroy your own VPN....
November 15, 2018 5:22PM
How a Nigerian ISP Accidentally Knocked Google Offline
Last Monday evening — 12 November 2018 — Google and a number of other services experienced a 74 minute outage. Incidents like this only serve to demonstrate just how much frailty is involved in how packets get from one point on the Internet to another....