Route leak incident on October 2, 2014
2014-10-02
Today, CloudFlare suffered downtime which caused customers’ sites to be inaccessible in certain parts of the world....
Inside Shellshock: How hackers are using it to exploit systems
2014-09-30
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash....
Shellshock protection enabled for all customers
2014-09-29
On Thursday, we rolled out protection against the Shellshock bash vulnerability for all paying customers through the CloudFlare WAF....
Go interfaces make test stubbing easy
2014-08-27
Go's "object-orientation" approach is through interfaces. Interfaces provide a way of specifying the behavior expected of an object, but rather than saying what an object itself can do, they specify what's expected of an object....
CloudFlare hiring Go programmers in London and San Francisco
2014-08-19
Are you familiar with the Go programming language and looking for a job in San Francisco or London? Then think about applying to CloudFlare. We're looking for people with experience writing Go in both locations....
Experimenting with mozjpeg 2.0
2014-07-29
One of the services that CloudFlare provides to paying customers is called Polish. Polish automatically recompresses images cached by CloudFlare to ensure that they are as small as possible and can be delivered to web browsers as quickly as possible....
Courage to change things
2014-07-11
This was an internal email that I sent to the CloudFlare team about how we are not afraid to throw away old code. We thought it was worth sharing with a wider audience....
Making code better with reviews
2014-07-02
In the past we've written about how CloudFlare isn't afraid to rip out and replace chunks of code that have proved to be hard to maintain or have simply reach end of life. ...
New OpenSSL vulnerabilities: CloudFlare systems patched
2014-06-05
The OpenSSL team announced seven vulnerabilities covering OpenSSL 0.9.8, 1.0.0, 1.0.1 and 1.0.2 (i.e. all versions) earlier today....
The Web is World-Wide, or who still needs RC4?
2014-05-19
Two weeks ago we changed our TLS configuration to deprioritize the RC4 encryption method because it is widely thought to be vulnerable to attack. At the time we had an internal debate about turning off RC4 altogether, but statistics showed that we couldn't....
Tracking our SSL configuration
2014-05-03
Over time we've updated the SSL configuration we use for serving HTTPS as the security landscape has changed. In the past we've documented those changes in blog posts....
Searching for The Prime Suspect: How Heartbleed Leaked Private Keys
2014-04-27
Within a few hours of CloudFlare launching its Heartbleed Challenge the truth was out. Not only did Heartbleed leak private session information (such as cookies and other data that SSL should have been protecting), but the crown jewels of an HTTPS web server were also vulnerable....
The weird and wonderful world of DNS LOC records
2014-04-01
A cornerstone of CloudFlare's infrastructure is our ability to serve DNS requests quickly and handle DNS attacks. To do both those things we wrote our own authoritative DNS server called RRDNS in Go. ...
Staying up to date with the latest protocols: SPDY/3.1
2014-02-17
Back in June 2012 CloudFlare started a beta rollout of Google's then new SPDY protocol and we took a detailed look at how SPDY makes web sites faster....
Protect Your Sites With Rapidly Deployed WAF Rules
2014-01-21
An attack on your site could be catastrophic. Even a small attack can have major implications. Responding quickly to an attack is imperative. ...
Understanding and mitigating NTP-based DDoS attacks
2014-01-09
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers....
Using CloudFlare to mix domain sharding and SPDY
2013-12-26
It’s common knowledge that domain sharding, where the resources in a web page are shared across different domains (or subdomains), is a good thing. ...
Keeping our open source promise
2013-12-22
Back in October I wrote a blog post about CloudFlare and open source software titled CloudFlare And Open Source Software: A Two-Way Street which detailed the many ways in which we use and support open source software....
The two reasons to be an engineer at CloudFlare
2013-11-12
If you're thinking about joining a startup as an engineer we'd like you to think of CloudFlare. The two most important reasons to think of CloudFlare are... because of who your colleagues would be and who our customers are (and who their customers are)....