Home / Companies / Cloudflare / Blog / August 2022

August 2022 Summaries

17 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare has updated its abuse policies for different products and services. The company's approach is guided by principles that require abuse policies to be specific to the service being used, ensure access to an abuse process, and maintain transparency about both policies and actions taken. Cloudflare offers a broad range of products in three categories: hosting, security, and core Internet technology services. Each category has its own set of policies for handling abuse complaints and actions. The company maintains discretion in enforcing its Acceptable Hosting Policy and strives to apply content restrictions as narrowly as possible. For security services, Cloudflare does not terminate access based on content but supports human rights groups, journalists, and other vulnerable entities online through Project Galileo and the Athenian Project. The company also complies with legal orders controlling security services and generally challenges or appeals legal orders that attempt to restrict core Internet technology services.
Aug 31, 2022 2,554 words in the original blog post.
Cloudflare has introduced thresholds for Security Event Alerts, a new method of detecting anomalous spikes in security events on internet properties. Previously, calculations were based solely on z-score methodology, which determined most significant spikes but could be inaccurate for domains with few security events. By introducing a threshold, alerts are now more accurate and only sent when truly necessary. The new strategy combines the strengths of both z-score and threshold methods to accurately detect anomalous spikes while minimizing false positives.
Aug 30, 2022 1,179 words in the original blog post.
Cloudflare operates highly available Postgres production clusters across multiple data centers, supporting transactional workloads of their core service offerings such as DNS Resolver, Firewall, and DDoS Protection. PgBouncer instances sit at the front of the gateway layer per each cluster, acting as a TCP proxy that provides Postgres connection pooling. The company has worked on improving how their database clusters behave under load and open source the resulting code. They have also added features and fixed bugs in PgBouncer to enforce stricter tenant performance isolation at the database level (CPU time utilized, memory consumption, disk IO operations). These improvements include enforcing or shrinking per user connection pool limits at runtime, implementing new administrative commands to throttle the maximum connections per user or per pool at runtime, and supporting statically configuring and dynamically enforcing connection limits per connection pool. Cloudflare is committed to improving PgBouncer in open source and contributing all of their features to benefit the wider community.
Aug 26, 2022 867 words in the original blog post.
Cloudflare's Postgres clusters support multiple tenants with varying load conditions, leading to the need for isolation to prevent one tenant from taking too much time from others. The company has implemented gateway concurrency throttling at its database proxy server/connection pooler, PgBouncer, allowing faster and more granular "load shedding" against a misbehaving tenant's concurrency. Future solutions include automated approaches to enforce strict tenant performance isolation, such as congestion avoidance algorithms and configurable resource quotas per tenant. The goal is to prevent database server resource starvation and improve overall system performance.
Aug 26, 2022 1,996 words in the original blog post.
Cloudflare has compiled a list of its favorite blog posts from over the years, covering topics such as how the internet works, deep dives into specific technologies, and insights into company history. Some highlights include explanations of CAPTCHAs, optimizing TCP for high WAN throughput, live-patching the Linux kernel, and a look at the demise of Internet Explorer. Other posts delve into research focused topics like the Hertzbleed attack, future-proofing SaltStack, and sizing up post-quantum signatures. The list also includes historical pieces on internet milestones and discussions about privacy and security on the web.
Aug 25, 2022 2,307 words in the original blog post.
Cloudflare has launched a new Customer Support Portal designed to provide quick and accurate responses to customers' support tickets. The portal offers features such as fast and secure ticket submission, an easier-to-use interface with relevant resources based on issue summary, and a machine learning-powered Support Bot for diagnostics and targeted help guides. Customers are encouraged to use the new portal, which is expected to resolve issues even faster than before.
Aug 16, 2022 1,238 words in the original blog post.
The article discusses the inefficiencies of the current model for indexing websites, which is based on a "pull" model where search engine bots crawl webpages at regular intervals to look for changes. It mentions that over 50% of this crawler traffic is wasted effort and highlights the environmental impact of such practices. The article proposes an alternative approach: a "push" model, where websites can ping search engines when updates are made. This would benefit all parties involved - website owners, search engines, and users. To implement this new model, Cloudflare launched Crawler Hints, which sends signals to web indexers based on cache data and origin status codes to help them understand when content has likely changed or been added to a site. On the other hand, IndexNow Protocol is a standard developed by Microsoft, Seznam.cz, and Yandex that represents a major shift in the way search engines operate. It provides a mechanism for search engines to receive signals from Crawler Hints. Microsoft has reported that millions of websites are now using IndexNow to signal to search engine crawlers when their content needs to be crawled and indexed, with about 7% of all new URLs clicked being processed through this protocol. Since its launch in October 2021, Crawler Hints has processed around six-hundred billion signals to IndexNow. The article concludes by encouraging users to enable Crawler Hints on their websites for free and mentions plans to default it on for all Cloudflare customers. It also expresses hope that Google will adopt IndexNow or a similar standard to reduce the burden of search crawling on the environment. The author emphasizes the importance of creating and supporting standards that make the internet operate better, greener, and faster.
Aug 12, 2022 1,121 words in the original blog post.
In 2022, cybersecurity is crucial as the number of cyberattacks continues to rise. Cloudflare has been actively preventing and mitigating various types of attacks, blocking an average of 124 billion cyber threats per day. The company's services have helped protect millions of Internet properties and customers worldwide. As part of its efforts to enhance cybersecurity, Cloudflare offers a range of free services that can improve users' cyber readiness. Additionally, the company has integrated Area 1 Security into its global network to provide comprehensive protection against advanced email attacks and phishing campaigns.
Aug 11, 2022 2,949 words in the original blog post.
On August 8, 2022, Twilio was compromised by a targeted phishing attack. Around the same time, Cloudflare experienced an attack with similar characteristics targeting its employees. Despite some individual employees falling for the phishing messages, Cloudflare managed to thwart the attack using their own Cloudflare One products and physical security keys issued to every employee. No Cloudflare systems were compromised. The targeted text messages contained a link pointing to what appeared to be a legitimate Okta login page. If clicked on, it took users to a phishing page designed to look identical to an Okta login page. Three Cloudflare employees fell for the phishing message and entered their credentials, but the attacker could not get past the hard key requirement as every employee at the company is issued a FIDO2-compliant security key from vendors like YubiKey. The phishing page also initiated the download of a remote access software if someone made it past the earlier steps. Cloudflare took several measures to respond to this incident, including blocking the phishing domain using Cloudflare Gateway, identifying all impacted employees and resetting compromised credentials, taking down threat-actor infrastructure, updating detections to identify any subsequent attack attempts, and auditing service access logs for any additional indications of attack. Lessons learned from this attack include adjusting settings for Cloudflare Gateway, using Cloudflare's own technology to protect employees and systems, having a paranoid but blame-free culture, requiring hard keys for access to all applications, and tightening up Access implementation to prevent any logins from unknown VPNs, residential proxies, and infrastructure providers.
Aug 09, 2022 2,057 words in the original blog post.
Cloudflare has introduced new documentation specifically designed for its "Cloudflare for SaaS" product suite. The updated documentation is aimed at helping customers fully utilize the capabilities of the product, which provides solutions such as setting up an origin server, encrypting customer traffic, supporting custom domains, protecting against attacks and bots, scaling for growth, and providing insights and analytics. The new documentation is organized into six main categories with detailed guides on various aspects like WAF for SaaS and Regional Services for SaaS. It also offers tutorials on how to reduce latency and enhance security through features such as Early Hints for SaaS, Cache for SaaS, Argo Smart Routing for SaaS, and more. The company plans to further expand the accessibility of these resources by adding more step-by-step guides in the future.
Aug 09, 2022 586 words in the original blog post.
Cloudflare has announced two major improvements to its 1.1.1.1 + WARP mobile app, which is designed for a consumer-friendly way to connect to their network and privacy-respecting DNS resolver. The first improvement involves enhancing geolocation accuracy without compromising user privacy by replacing users' original IP addresses with ones that accurately represent their approximate location. This helps ensure search results are relevant and not confusing, especially in areas where country borders are dense. The second improvement is expanding the network for WARP+ subscribers to over 275 cities in more than 100 countries, offering even speedier connections to Cloudflare's global network without changing subscription pricing. These updates aim to provide users with a better internet browsing experience while maintaining privacy and relevance.
Aug 06, 2022 892 words in the original blog post.
The text discusses the development of a scalable service for scheduling HTTP requests on specific schedules or as one-off at a specific time using Cloudflare Workers, Durable Objects, and Alarms. It provides an overview of the application stack, including Wrangler, Cloudflare Workers, and Cloudflare Durable Objects. The text also outlines the components of the application, such as the scheduling system API, unique Durable Object per scheduled request with storage and alarm, and the role of the global network in storing and replicating data. Additionally, it provides step-by-step instructions on how to initialize a new Workers project, prepare TypeScript types, create a Durable Object class & alarm, configure Wrangler, and start a local development server for testing purposes. Finally, it explains the process of publishing the application to the network using wrangler publish command.
Aug 05, 2022 1,430 words in the original blog post.
Cloudflare Pages is a platform designed for developers, offering unlimited requests, bandwidth, free seats, and projects without any additional cost. It integrates with various tools such as Workers, Access, Custom Domains, and Web Analytics to provide a seamless experience. The platform also offers fast performance through its global network of data centers. In the future, Cloudflare plans to integrate Pages with its storage offerings like R2 and D1 for building full-stack applications without worrying about costs.
Aug 05, 2022 1,049 words in the original blog post.
The text discusses the potential threat of quantum computers to data security on the internet, as they could decrypt currently encrypted information. To address this issue, the National Institute of Standards and Technology (NIST) has announced plans to standardize Kyber, a post-quantum key agreement scheme, by 2024. In July 2022, Cloudflare added support for hybrid post-quantum key agreements X25519Kyber512Draft00 and X25519Kyber768Draft00 to a number of test domains. Users can experiment with these features on their test websites by enrolling them in the Cloudflare post-quantum beta program. The text also explains how to test the performance of these new key agreements using open-source forks of BoringSSL and Go, as well as what to look for when testing. It is noted that while Kyber requires less computation than classical key agreements like X25519, it has larger keys and requires more RAM. The text also mentions the fine print associated with enabling post-quantum cryptography on websites, including no stability or support guarantees due to ongoing changes in Kyber and its integration into TLS.
Aug 04, 2022 1,153 words in the original blog post.
Cloudflare has introduced Managed Components, a new technology designed to improve the way third-party tools integrate with websites. The company has open-sourced parts of its innovative Zaraz technology, making it accessible and usable for everyone online. Managed Components are built around a permissions system that allows website owners to control what scripts can do on their sites. This approach promotes transparency and helps prevent malicious activities such as stealing user credentials or manipulating websites. The new Managed Components API enables developers to create server-side connections, cache information, use key-value stores, and more, resulting in faster website performance and a smaller attack surface. Cloudflare's WebCM is an open-source Component Manager that allows users to run Managed Components on their websites without being a Cloudflare user. The company encourages developers to build their own Managed Components and contribute to the technology's growth for the benefit of every user of the World Wide Web.
Aug 03, 2022 2,341 words in the original blog post.
Cloudflare has introduced a new feature, Weighted Pools, for its Load Balancer service. This extension of the standard random steering policy allows users to specify what percentage of requests should be sent to each respective origin pool. The feature can be used to balance unequally sized origin pools, perform data center kill switches during troubleshooting or maintenance, and conduct network A/B testing for new data centers or server upgrades. Weighted Pools are available for all Cloudflare Load Balancer customers.
Aug 02, 2022 1,038 words in the original blog post.
The author explores the possibility of running Zig code on Cloudflare Workers by creating a simple program that reads from stdin and prints to stdout with line numbers. They successfully compile the Zig code into WebAssembly with WASI support, allowing it to run seamlessly on any WASI-compatible WebAssembly runtime such as wasmtime. The author then publishes the worker using wrangler2 and confirms its successful deployment by invoking the URL printed from the output. They express their confidence in the potential of Zig code running on Cloudflare Workers, especially with the maturation of technology like WASI.
Aug 01, 2022 748 words in the original blog post.