Home / Companies / Cloudflare / Blog / March 2019

March 2019 Summaries

22 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Kassian Wren, a non-binary employee at Cloudflare, shares their experience as a transgender individual in the tech industry on International Transgender Day of Visibility. They discuss the challenges faced by transgender individuals in the workplace and emphasize the importance of respecting pronouns and treating everyone fairly. Wren also highlights the efforts made by organizations like Proudflare to support and advocate for the rights of the LBGTQIA+ community within tech companies. The author encourages readers to listen to trans people, share their work, and help them be visible while staying safe and healthy.
Mar 31, 2019 439 words in the original blog post.
The author shares their positive experience interviewing with Cloudflare, describing it as a refreshing departure from the typical grueling process. They highlight the company's deliberate, thoughtful approach to getting to know candidates and emphasize the supportive environment during interviews. The CEO of Cloudflare even engages in a conversation with the candidate during the final call stage. The author concludes by stating that interviewing with Cloudflare is not only impressive but also an opportunity for personal growth and learning.
Mar 28, 2019 908 words in the original blog post.
Cloudflare has open sourced wrangler, a CLI tool for building, previewing, and publishing Rust and WebAssembly Cloudflare Workers. The company aims to help build a better internet by leveraging its large global network of servers to run code as close as possible to end users, reducing latency associated with server-side logic or large client-side bundles. Wrangler is designed to enable developers to harness the power of WebAssembly on Workers and support various toolchains such as Emscripten (C, C++) and AssemblyScript (TypeScript). The open source release aims to broaden the community that has access at the early stages of this technology and gather valuable feedback from users.
Mar 28, 2019 731 words in the original blog post.
On March 27, 2019, Vlad Krasnov announced the release of BoringTun, a userspace implementation of the WireGuard® protocol written in Rust. WireGuard is a new VPN protocol designed to be simple, fast, and secure. Unlike legacy VPNs, it uses modern cryptographic primitives and works over UDP. The simplicity of the protocol makes it more robust and easier to implement than older codebases. BoringTun aims to provide userspace, cross-platform support for WireGuard on Linux, Windows, macOS, iOS, and Android. It is currently under internal security review and contributions from the community are welcome.
Mar 27, 2019 711 words in the original blog post.
In this post, the author discusses building a CI/CD pipeline for Cloudflare Workers using Travis CI. The process involves creating a Worker script, optional unit tests, a serverless.yml file, a .gitignore file, and a .travis.yml configuration file. These files are stored in the same GitHub repository with a specific layout. The author then explains how to test the worker using mocha and cloudworker, create a serverless.yml file for deployment, and configure Travis CI for testing and deploying the worker. Finally, environmental variables are added to the build process, and the pipeline is tested.
Mar 22, 2019 787 words in the original blog post.
On March 21, 2019 at 4:49 PM, Connor Peshek and Andrew Fitch introduced the third edition of The Serverlist. This publication provides updates on serverless technology, offers developer tutorials, encourages discussions among serverless developers, and highlights upcoming meetups and conferences. To receive The Serverlist directly in your email, sign up using the provided link while ensuring your privacy is maintained.
Mar 21, 2019 65 words in the original blog post.
The text discusses the development of a system for reserving custom subdomains on the upcoming platform, Workers.dev. This involves creating two distinct Worker scripts to handle email verification and subdomain reservation processes. Google Cloud Platform's Firestore is used as the database due to its immediate consistency feature which prevents double-reservations. The text also explains how JWTs are generated for authentication requests to the Firestore API, and how these are stored in KV (Cloudflare’s Key-Value data store). Lastly, it mentions that users can reserve a workers.dev subdomain even if they don't have a domain on Cloudflare.
Mar 21, 2019 2,226 words in the original blog post.
A collaboration between multiple Content Delivery Network (CDN) providers, including Cloudflare, has led to a new mechanism for loop protection against malicious or accidental request loops that can consume resources and degrade user's internet performance. The CDN-Loop header sets out a syntax that allows individual CDNs to mark requests as having been processed by their edge, providing a unified solution to the loop protection problem across different CDN providers. Cloudflare has recently added support for the CDN-Loop header to replace previous headers used for establishing loop protection.
Mar 20, 2019 1,919 words in the original blog post.
Cloudflare has announced the launch of Spectrum for UDP, a feature that extends its DDoS protection and IP Firewall rules to UDP-based applications. This follows the release of Spectrum for TCP last year, which brought similar features to TCP ports and services. Spectrum for UDP allows users to protect standard UDP services as well as custom protocols using UDP. The feature is currently available only for Enterprise customers, but interested users can reach out to their account team for setup assistance.
Mar 20, 2019 610 words in the original blog post.
The blog post discusses the practice of HTTPS Interception, which has been scrutinized for weakening security. It introduces two new tools: MITMEngine, an open-source library for detecting HTTPS interception, and MALCOLM, a dashboard displaying metrics about HTTPS interception observed on Cloudflare's network. The post explains various types of HTTPS Interception, including TLS-terminating forward proxies, antivirus software, corporate proxies, malware proxies, leaky proxies, and reverse proxies. It also highlights the reasons for examining HTTPS interception, such as identifying suspicious clients and hindering the adoption of new innovations in TLS. The post introduces MITMEngine, an open-source HTTPS interception detector developed by Cloudflare's Cryptography team, which compares values in observed TLS Client Hello to a set of known browser Client Hellos. It also presents MALCOLM, a dashboard that applies MITMEngine to a sample of Cloudflare's overall traffic and observes HTTPS interception in the requests hitting their network. The post concludes by encouraging readers to explore more HTTPS interception data using these tools and contribute to MITMEngine.
Mar 18, 2019 2,314 words in the original blog post.
Cloudflare Workers, which allow running JavaScript in all 165+ of their data centers, have seen creative applications as use cases grow in complexity. As a result, the need to smoke test code also increases. This post demonstrates how to unit test Cloudflare Workers and their individual functions using Cloudworker, created by the Dollar Shave Club engineering team. The example script contains two functions that contribute to the response to the client. To set up the directory for testing, create a new npm project in a new directory with a worker.js file containing the script and a test folder with a worker-test.js file. Install Cloudworker and Mocha testing framework, then write tests using mocha's async/await support. This allows for more confidence when deploying complex workers as each component can be tested individually.
Mar 15, 2019 611 words in the original blog post.
The DNS ANY query type has been deprecated by RFC8482 due to its difficulty in implementation on modern DNS servers, poor understanding of semantics within the community, and unnecessary exposure to abuse. Historically, "ANY" queries were hard for modern DNS servers as they assumed the server could retrieve all records, which is not possible with many modern implementations. Additionally, clients had a hard time interpreting responses from "ANY" queries, leading to confusion and potential security risks. Finally, network operators faced challenges in handling large responses generated by "ANY" queries, making them vulnerable to DNS amplification attacks. With RFC8482, the semantics of ANY queries are now clearly defined, allowing for simpler DNS authoritative and resolver implementations while reducing the risk of DoS attacks on the entire Internet.
Mar 15, 2019 1,270 words in the original blog post.
Aliza Knox, Head of Asia for Cloudflare, reflects on the company's progress in Asia over the past year. Key achievements include expanding the Singapore team from 40 to almost 100 people, doubling the number of Asian businesses working with them, and signing eight new partners representing seven markets. Additionally, they have moved into a larger office in Singapore and expanded their network presence in Australia. The company is also focusing on developing products tailored for the region, such as adding UDP capability to Spectrum for mobile game developers.
Mar 13, 2019 941 words in the original blog post.
Employee Resource Groups (ERGs) are essential for building a great company culture and promoting diversity and inclusion. However, they alone are not enough to create an inclusive environment where diverse perspectives are valued and integrated into the workplace. Integration starts with empathy, understanding the struggles of different backgrounds and experiences. Leadership that values this specific kind of empathy can help create a culture where diversity has the safety it needs to speak up and be heard. Cloudflare is consistently making efforts to improve its inclusivity by honoring diverse perspectives as truth equally alongside their own, reflecting the true diversity of the world we live in.
Mar 12, 2019 983 words in the original blog post.
Today, March 12th, 2019, marks the 30th birthday of the World Wide Web. Cloudflare is celebrating this milestone in collaboration with the Web Foundation as part of a 30-hour commemoration of the web's impact on our lives. Sir Tim Berners Lee started his journey at CERN, where he wrote the first web browser. The Web Foundation is organizing a Twitter timeline of the web, with each hour representing a year starting from 1989. Cloudflare will be tweeting significant milestones in its history and the web's history, along with fun infographics. People are encouraged to join the celebration on Twitter using #Web30 and #ForTheWeb, sharing their memories and thoughts about the web.
Mar 12, 2019 154 words in the original blog post.
The article discusses the conversion of a former Node server into a Cloudflare Worker, simplifying backend management for developers. It provides an example of how this transition was carried out in a Spotify OAuth integration service that broke mysteriously. By using Cloudflare Workers, the author reduced the number of layers in their service and eliminated the need to manage multiple platforms. The conversion involved rewriting the routing logic, adjusting response return methods, and removing unnecessary configuration files. This serverless approach allowed for easier development and maintenance of the codebase.
Mar 08, 2019 852 words in the original blog post.
This article discusses the potential applications of Cloudflare Workers in relation to search engine optimization (SEO). The authors, Igor Krestov and Dan Taylor, are lead software developers at SALT.agency, a technical SEO agency with offices in London, Leeds, and Boston. They illustrate how Workers can be used to overcome common obstacles faced by businesses when trying to achieve "technical SEO excellence." The article covers various use cases for Workers, including redirects, Hreflang injection, and response body modification. It also explores the performance of different search algorithms and the potential benefits of using WASM in serverless applications. Overall, the authors believe that Workers can help overcome legacy tech stack issues and improve efficiency in SEO management.
Mar 07, 2019 1,740 words in the original blog post.
On February 20th, 2019, Drupal announced the discovery of a severe vulnerability in their system and released a patch for it the next day. The company quickly analyzed the patch to identify potential payloads that could be used against it and created rules to mitigate these threats. Within an hour of the Drupal announcement, they had deployed several experimental rules to catch exploit attempts. By February 22nd, they had already blocked a number of attackers using their WAF rule D0020. The first malicious payload uploaded a backdoor file onto the target system, allowing continued access even after patching. Another minimalistic payload created a PHP file on the server that could execute arbitrary commands directly on the potentially vulnerable system. This vulnerability was weaponized within two days of disclosure, highlighting the importance of timely patches and effective security measures like Cloudflare's WAF to protect against emerging threats.
Mar 05, 2019 823 words in the original blog post.
The text discusses the evolution of Cloudflare's firewall features, from IP Access Rules to Page Rules, and eventually leading to the development of Firewall Rules. It explains how the new matching engine in Rust was created to power Firewall Rules, providing a fast way to compute if a request matches a rule that could contain multiple properties as well as pattern matching. The text also covers the challenges faced during this process, such as handling specificity and mutual exclusion of rules, and how they were overcome by introducing a priority value for ordering and grouping Firewall Rules. It concludes with an outlook on future possibilities for the firewall, including extending its capabilities beyond HTTP to other application protocols or even layer 4.
Mar 04, 2019 3,415 words in the original blog post.
Cloudflare has open-sourced its configurable Rust library for writing and executing Wireshark®-like filters in different parts of their stack. The library is called WireFilter and can be found on GitHub at https://github.com/cloudflare/wirefilter. The design of the library, reasons for choosing Rust, parsing approach, execution engine, and WebAssembly support are discussed in detail in this post.
Mar 04, 2019 3,472 words in the original blog post.
Cloudflare has introduced an official GitHub Action that allows users to automatically deploy their Cloudflare Workers directly from a GitHub repository. This integration is built on the Serverless Framework, which enables developers to build and deploy serverless applications more easily. The new GitHub Action runs in a containerized environment and deploys the user's Worker script to Cloudflare. By utilizing the Serverless Framework within their GitHub Action, Cloudflare aims to raise awareness of its benefits and promote the development of more serverless applications using Cloudflare Workers.
Mar 01, 2019 661 words in the original blog post.
Cloudflare has introduced two improvements to its Firewall, making it easier to use and more accessible. The features have been reorganized into meaningful pages: Events, Firewall Rules, Managed Rules, Tools, and Settings. Additionally, a new Overview tab containing the Firewall Analytics is now available for Enterprise customers. This analytics tool helps visualize and analyze firewall events, enabling users to tailor their security configurations more effectively.
Mar 01, 2019 687 words in the original blog post.