Welcome, WP Engine!
September 05, 2018 4:50 PM
We’ve had the tremendous pleasure of working with WP Engine for nearly 5 years, starting when both companies employed less than 100 people in total. ...
How Cloudflare protects customers from cache poisoning
August 20, 2018 3:53 PM
A few days ago, Cloudflare — along with the rest of the world — learned of a "practical" cache poisoning attack. In this post I’ll walk through the attack and explain how Cloudflare mitigated it for our customers....
Three new ways teams are using Cloudflare Access
August 15, 2018 9:00 PM
Since leaving beta three weeks ago, Cloudflare Access has become our fastest-growing subscription service. Every day, more teams are using Access to leave their VPN behind and connect to applications quickly and securely from anywhere in the world....
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
August 10, 2018 11:00 PM
TLS 1.3 (RFC 8446) was published today. This article provides a deep dive into the changes introduced in TLS 1.3 and its impact on the future of internet security....
MORE POSTS
July 24, 2018 5:32 PM
Going Proactive on Security: Driving Encryption Adoption Intelligently
It's no secret that Cloudflare operates at a huge scale. Cloudflare provides security and performance to over 9 million websites all around the world, from small businesses and WordPress blogs to Fortune 500 companies. That means one in every 10 web requests goes through our netw...
- By
July 24, 2018 4:15 PM
Cloudflare Access: Now teams of any size can turn off their VPN
Using a VPN breaks your workflow with logins, needs separate credentials for admins to handle, slows you when not in the office, and brings security risks that extend past mere inconvenience to users....
- By
July 24, 2018 3:04 PM
Today, Chrome Takes Another Step Forward in Addressing the Design Flaw That is an Unencrypted Web
I still remember my first foray onto the internet as a university student back in the mid 90's. It was a simpler time back then, of course; we weren't doing our personal banking or our tax returns or handling our medical records so encrypting the transport layer wasn't exactly a ...
- By
July 14, 2018 5:13 PM
DNS-Over-TLS Built-In & Enforced - 1.1.1.1 and the GL.iNet GL-AR750S
Back in April, I wrote about how it was possible to modify a router to encrypt DNS queries over TLS using Cloudflare's 1.1.1.1 DNS Resolver and a GL.iNet router; the folks at GL.iNet read that blog post and decided to bake DNS-Over-TLS support into their new router using the 1.1....
- By
July 06, 2018 1:00 PM
How to drop 10 million packets per second
Internally our DDoS mitigation team is sometimes called "the packet droppers". When other teams build exciting products to do smart things with the traffic that passed through our network, we take joy in discovering novel ways of discarding it....
- By
June 28, 2018 5:40 PM
Delivering a Serverless API in 10 minutes using Workers
In preparation for Chrome’s Not Secure flag, which will update the indicator to show Not Secure when a site is not accessed over https, we wanted people to be able to test whether their site would pass. ...
- By
May 16, 2018 5:28 PM
You get TLS 1.3! You get TLS 1.3! Everyone gets TLS 1.3!
It's no secret that Cloudflare has been a big proponent of TLS 1.3, the newest edition of the TLS protocol that improves both speed and security, since we have made it available to our customers starting in 2016. ...
- By
May 02, 2018 3:00 PM
Expanding Multi-User Access on dash.cloudflare.com
One of the most common feature requests we get is to allow customers to share access to their account. This has been supported at our Enterprise level of service, but is now expanding to all customers. ...
- By
April 24, 2018 10:31 PM
BGP leaks and cryptocurrencies
Over the few last hours, a dozen news stories have broken about how an attacker attempted (and perhaps managed) to steal cryptocurrencies using a BGP leak....
- By
April 23, 2018 7:08 PM
Now You Can Setup Centrify, OneLogin, Ping and Other Identity Providers with Cloudflare Access
Today we would like to announce support for two more Identity Providers with Cloudflare Access: Centrify and OneLogin. If you are using Centrify or OneLogin as your identity provider you can now easily integrate them with Cloudflare Access....
- By
April 17, 2018 10:11 PM
mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product....
- By
April 12, 2018 1:01 PM
Introducing Spectrum: Extending Cloudflare To 65,533 More Ports
We are introducing Spectrum, which brings Cloudflare’s security and acceleration to the whole spectrum of TCP ports and protocols for our Enterprise customers. It’s DDoS protection for any box, container or VM that connects to the internet....
- By
April 12, 2018 1:00 PM
Abusing Linux's firewall: the hack that allowed us to build Spectrum
Introducing Spectrum: a new Cloudflare feature that brings DDoS protection, load balancing, and content acceleration to any TCP-based protocol.Today we are releasing Spectrum. ...
- By
April 09, 2018 7:20 PM
Privacy-Protecting Portable Router: Adding DNS-Over-TLS support to OpenWRT (LEDE) with Unbound
This blog post explains how you can configure an OpenWRT router to encrypt DNS traffic to Cloudflare Resolver using DNS-over-TLS....
- By