Home / Companies / Cloudflare / Blog / August 2018

August 2018 Summaries

18 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Anil Karavadra, EMEA Head of Business Development at Cloudflare, shares his experience in building a diverse team since he joined the company. He emphasizes the importance of having a diverse workforce to better understand and relate to customers from different backgrounds. To increase gender diversity on his team, Anil changed job descriptions to be more gender-neutral and included language requirements in the job titles. These changes led to an almost 50:50 mix between male and female candidates. He advises hiring managers to check their processes and make small adjustments that can have a significant impact on attracting diverse talent.
Aug 30, 2018 908 words in the original blog post.
The text discusses how Cloudflare Workers can be used to detect data breaches by inspecting the content of HTTP responses and identifying any leaked sensitive information such as passwords or PII. It provides an example of using a specific string, "SHHHTHISISASECRET", as canary data in the database and checking for its presence in the response body. If detected, the Worker blocks the response, notifies the client with a static block, and triggers a PagerDuty API call to alert about the potential breach. The text also mentions rate limiting using Cloudflare Rate Limiting rules based on response headers and status codes.
Aug 30, 2018 1,041 words in the original blog post.
This article discusses how Edge Side Includes (ESI) can be used not only for better performance but also to optimize availability during backend migration. The author explains how his client, highsnobiety.com, implemented simple edge side includes using Cloudflare Workers. The idea was to partially replace parts of the online magazine with a new frontend implementation while maintaining the existing Wordpress setup. The article covers the use case and provides an overview of the ESI toolbox features such as Includes and Fallbacks. It also highlights how Cloudflare Workers can be used for this purpose, providing code examples and discussing its benefits.
Aug 28, 2018 1,395 words in the original blog post.
Paddy Sherry, Lead Developer at Gambling.com Group, shares their experience using Cloudflare Workers to make static websites more dynamic without changing all of the smart technology they've built to power their network of sites. They discuss how Workers have allowed them to tackle challenges such as geo-targeting, restricting access to content, and A/B testing. The author also compares Cloudflare Workers with AWS Lambda and highlights some improvements that could be made in the future.
Aug 26, 2018 1,506 words in the original blog post.
Cloudflare uses Prometheus to collect operational metrics on hundreds of servers, ingesting millions of metrics per second. They utilize node_exporter for basic system information like CPU usage and memory usage, and cAdvisor for container-level metrics. Histograms are introduced as a superior method for measuring low-level metrics, providing more detailed insights into individual events such as disk IO operations. The use of eBPF is highlighted as a solution to collect these histograms with low overhead, offering safe and efficient kernel execution. Examples of how this technology can be used in practice are provided, including IPC, LLC cache hit rate, run queue latency, and more. Cloudflare's ebpf_exporter tool is open-source and encourages contributions from the community.
Aug 24, 2018 2,961 words in the original blog post.
The author discusses how internet applications have evolved over time, from slow and functional to faster but less performant due to cloud computing. They predict a new era of "Internet Native Applications" that will combine the utility of internet apps with the speed of local desktop apps. This change will be driven by advancements in edge networks, WebAssembly for near-native speed code execution, and improved internet protocols like QUIC and HTTP/2. The author believes this shift will bring about a fundamental change in how applications are architected and calls on engineers, architects, and CIOs to start planning for it.
Aug 21, 2018 1,304 words in the original blog post.
On August 21, 2018, a new feature was introduced for 1.1.1.1's public DNS resolver - the ability to refresh its DNS cache for domain names using the purge cache tool. This is beneficial for domain owners who have recently updated their DNS records and want to ensure that these changes are visible to all users utilizing 1.1.1.1 as their public DNS resolver. The resolver caches DNS entries for up to three hours, but with the purge cache tool, domain owners can now refresh this cache instantly without having to wait for expiration. To use the tool, one simply enters the name of their domain and selects the desired DNS record type before hitting the 'Purge Cache' button. The feature is available at a specific URL where users can provide feedback in the comments section.
Aug 21, 2018 247 words in the original blog post.
Redirection.io is a web traffic redirection manager that provides tools for administrators, SEO agencies, and developers to analyze HTTP errors, set up HTTP redirections, customize HTTP responses, and monitor traffic efficiently. The platform can be integrated with Cloudflare Workers, which allows running code on the edge of Cloudflare locations without changing the existing platform or infrastructure. Redirection.io's integration with Cloudflare Workers involves querying its hosted agent at each incoming request to determine if any redirection or action rule is defined for that type of request. The implementation includes asynchronous non-blocking functions, such as redirectOrPass() and log(), which handle the redirection process and send log data to the backend for analysis and statistics purposes. Cloudflare Workers run very fast, with the ability to execute thousands of scripts per second, making it an efficient way to integrate Redirection.io into a website.
Aug 21, 2018 1,075 words in the original blog post.
On August 20, 2018, a "practical" cache poisoning attack was discovered by Cloudflare and the rest of the world. This type of attack involves a malicious user crafting an HTTP request that tricks the origin into producing a "poisoned" version of a file with the same cache key as an innocuous request. To mitigate this vulnerability, Cloudflare has taken several steps including notifying customers who are at risk and blocking all requests containing obviously malicious content in an HTTP header. Additionally, they have included "interesting" header values in the cache key to prevent unnecessary cache sharding.
Aug 20, 2018 891 words in the original blog post.
The text discusses the concept of Edge-Side-Includes (ESI) at Cloudflare, which is an XML markup language that can be inserted in HTML or other text-based contents to define how interstitial proxies/CDNs need to combine static and dynamic portions. It also explains how ESI can be implemented using Cloudflare Workers, a serverless framework for implementing custom logic directly within the Edge. The author provides an example of a worker script that fetches a globally static page with some dynamic fragment and merges them before sending the final webpage to visitors. Testing results show that the page is served from cache but modified by the worker due to the detected ESI block.
Aug 20, 2018 1,784 words in the original blog post.
Cloudflare, a company that provides content delivery network services, has been expanding its datacenters across Africa to improve internet access for the continent's 1.2 billion people. The company currently operates eight datacenters in Angola, Djibouti, Egypt, Kenya, Mauritius, and three in South Africa. By setting up these datacenters, Cloudflare aims to increase download speeds in the region, improve end-user experience, and ultimately boost internet usage. Since launching its African datacenters, the company has seen a steady increase in delivered traffic across the continent. However, it will take approximately eight to twelve years for Africa to catch up with Europe and North America's current traffic levels if growth continues at the same rate.
Aug 19, 2018 2,053 words in the original blog post.
Google has introduced a new feature in Android 9 Pie called Private DNS Mode, which simplifies configuring custom secure DNS resolvers on Android devices. This feature supports DNS over TLS (DoT), encrypting DNS queries and preventing them from being tampered with or snooped on by ISPs, mobile carriers, or other parties in the network path between a device and its DNS resolver. To enable this feature, users can go to Settings → Network & internet → Advanced → Private DNS and enter 1dot1dot1dot1.cloudflare-dns.com as the hostname. This new protocol ensures communication between devices and resolvers is encrypted, similar to HTTPS traffic.
Aug 16, 2018 760 words in the original blog post.
Cloudflare Access has become the company's fastest-growing subscription service since its beta release three weeks ago. The service allows teams to securely connect to applications from anywhere in the world, moving away from traditional Virtual Private Network (VPN) models. Three solutions have been highlighted for transitioning to Cloudflare Access: collaborating with external partners using One-Time Pin feature; requiring a specific network by creating policies with multiple rules; and reaching on-premise applications with Argo Tunnel. The company is continuously seeking feedback from users to improve the service further.
Aug 15, 2018 1,084 words in the original blog post.
The Internet Engineering Task Force (IETF) has published TLS 1.3, a significant upgrade to Transport Layer Security protocol that provides encryption and ensures the authenticity of HTTPS websites and APIs. This is the first major overhaul of the protocol since its inception, bringing substantial security and performance improvements. The new version removes outdated features and implements more secure cryptographic algorithms, resulting in a faster and safer internet experience for users.
Aug 11, 2018 4,521 words in the original blog post.
In February 2018, Troy Hunt unveiled Pwned Passwords v2, a database containing over half a billion real-world leaked passwords to combat modern threats against password security. To support this project, Junade Ali built a k-Anonymity model that enhances caching by mapping multiple leaked password hashes to a single hash prefix and is performed in a deterministic HTTP-friendly way. Since its launch, Pwned Passwords has been implemented across various platforms such as EVE Online, Kogan, 1Password, Okta's PassProtect, and Firefox Monitor. The anonymity model allows for enhanced caching by mapping multiple leaked password hashes to a single hash prefix and is performed in a deterministic HTTP-friendly way.
Aug 09, 2018 1,538 words in the original blog post.
On August 7th, 2018, Zaid Farooqui announced the general availability of Cloudflare Stream, a video streaming service designed to simplify the process for founders and developers while reducing costs. The service encodes videos in multiple resolutions, prepares DASH and HLS manifest files, and serves them from Cloudflare's global network of data centers. Pricing is based on streaming duration and storage, with a focus on efficiency and cost optimization. Common use cases include video-on-demand, gaming, eLearning, and video ads. To get started, users can sign up for Cloudflare and visit the Stream tab.
Aug 07, 2018 732 words in the original blog post.
Cloudflare has updated its authoritative DNS service to support nine new record types, including DNSKEY, DS, Certificate Related Record Types (SSHFP, TLSA, SMIMEA, CERT), PTR, NAPTR, and URI. These records are less commonly used but provide additional security features such as enabling DNSSEC on subdomains, restricting TLS certificates for a host, and specifying which keys are allowed to be used for a given domain when connecting via TLS. The support of these new record types enhances the flexibility and adoption of Cloudflare's DNS services for customers who need to delegate subdomains or require additional security measures.
Aug 06, 2018 2,003 words in the original blog post.
On August 2nd, 2018, Cloudflare announced two pilot programs: Cloudflare Apps with Workers and Cloudflare Workers Service Providers. The first program allows developers to build, deploy, and package Workers using the Cloudflare Apps platform, making it the world's first serverless Apps platform. The second program aims to connect customers with an ecosystem of developers and services, creating a marketplace for solutions and services backed by experts and system integrators. These programs are designed to expand Cloudflare's growing ecosystem around Workers and deliverability capabilities.
Aug 02, 2018 346 words in the original blog post.