Home / Companies / Cloudflare / Blog / September 2022

September 2022 Summaries

65 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
Cloudflare has introduced its Workers Analytics Engine, a new open-beta tool for developers to store and analyze time series analytics using Cloudflare Workers. The engine is designed to handle high cardinality and high-volume data sets from Cloudflare Workers. It's currently being used by the company to provide insights into how customers use its products. Analytics Engine uses SQL as its interface, allowing developers to visualize request rates across active sessions and data centers. The tool is also integrated with Grafana for interactive debugging. During the closed beta, developers praised the engine's SQL API, ease of integration with Workers, and simple pricing model (free). However, improvements were made to error messaging and a comprehensive SQL reference was added for the open beta. Future updates will include alert definitions based on captured data, field naming capabilities, and a rich UX in the Cloudflare dashboard.
Sep 30, 2022 951 words in the original blog post.
Cloudflare has launched a new dataset called Radar Domain Rankings (Beta), which aims to identify the top most popular domains based on how people use the Internet globally, without tracking individuals' internet use. The dataset is based on aggregated 1.1.1.1 resolver data that is anonymized in accordance with Cloudflare's privacy commitments. Domain Rankings takes into account differences in domain names and defines popularity as the size of the population of users that look up a domain per unit of time. The model uses machine learning to predict the rank of a domain, and results are available on the Cloudflare Radar website.
Sep 30, 2022 1,748 words in the original blog post.
In June 2022, Cloudflare announced a feature that allows users of its Zero Trust platform to create prefilled HTTP policies in Cloudflare Gateway using issues identified by CASB, a new product designed to connect, scan, and monitor SaaS apps for security issues. The integration between Cloudflare's API-driven CASB and Gateway enables IT administrators to easily block identified threats with just three clicks. This feature helps organizations address common pain points such as Shadow IT and file exposure in the cloud era by providing visibility into security issues affecting SaaS apps like Google Workspace, Microsoft 365, Slack, and GitHub. The integration of Gateway and CASB allows admins to create fine-grained policies that prevent specific inappropriate behavior while still allowing for expected access and usage that meets company policy.
Sep 30, 2022 850 words in the original blog post.
Starting December 1, 2022, Business or Pro subscribers on Cloudflare will receive complimentary allocation of Cloudflare Stream, allowing storage and delivery of up to 100 minutes and 10,000 minutes of video content respectively at no additional cost. Beyond the free allocation, users can upgrade to a paid Stream subscription. The Stream service simplifies storage, encoding, and playback of videos and offers features such as dynamic thumbnail generation, multi-language captions, live streaming, and analytics. It also provides an embed code for seamless integration into websites with customizable viewing experiences.
Sep 30, 2022 642 words in the original blog post.
On September 30th, 2022, Cloudflare launched version 2.0 of its Radar tool in beta. The update aims to address three common pieces of feedback from users: ease of finding insights and data, number of insights, and sharing insights. The redesigned homepage features prominent filtering capabilities, content navigation on the sidebar, and content cards showing glanceable information. Users can now search for a country, autonomous system number (ASN), domain, or report to navigate to a specific content page. Additionally, new features include social share, embeddable charts, and an API. The API is available today, while embedding charts and sharing directly to social media will be released later this year.
Sep 30, 2022 1,075 words in the original blog post.
Cloudflare has launched a new tool called the Cloudflare Radar Outage Center (CROC) as part of its Radar 2.0 update, aiming to provide an archive of information on global Internet outages. The CROC is designed to be a first stop and key resource for civil society organizations, journalists, and impacted parties seeking information or corroboration on reported or observed Internet outages. It includes summary information about observed outage events such as location, autonomous system number (ASN), type, scope, cause, start time, and end time. The tool is built on top of an associated API that allows interested parties to integrate the available outage data with their own datasets or develop custom interfaces. Future improvements include increased automation of outage detection, more timely information updates, and plans to extend the CROC to include cloud service providers' status pages.
Sep 30, 2022 741 words in the original blog post.
Cloudflare has announced an improved dashboard experience for users with disabilities, adhering to industry accessibility standards such as Web Content Accessibility Guidelines (WCAG) 2.1 AA and Section 508 of the Rehabilitation Act. The company's team and partners have worked on incorporating accessibility features that meet these guidelines. This includes re-writing form components, improving data visualizations for keyboard and screen reader users, correcting page structure with heading tags, properly labeling SVGs, updating node modules, overhauling color usage, and fixing bugs related to incorrect HTML element use. The company aims to make the Cloudflare dashboard accessible to as many people as possible, including those with low vision or blindness, motor disabilities, or cognitive impairments.
Sep 30, 2022 1,606 words in the original blog post.
Cloudflare has partnered with Yubico to offer exclusive pricing on hardware security keys for its customers. The collaboration aims to make hardware keys more accessible and economical, integrating seamlessly with Cloudflare's Zero Trust service. Hardware security keys provide an additional layer of protection against phishing attacks by using the WebAuthn standard to validate user identity in a cryptographically secured exchange. This partnership removes barriers for organizations of any size in deploying hardware keys and enhancing their overall security posture.
Sep 29, 2022 1,271 words in the original blog post.
Cloudflare has introduced role-based access controls (RBAC) for all its users, regardless of their plan. This feature allows administrators to grant specific permissions to team members based on their roles and responsibilities within the organization. RBAC helps limit access to sensitive information and reduces the risk of security breaches. The company offers a wide range of roles with varying levels of access, allowing administrators to customize user permissions according to their needs. This feature is being rolled out gradually over the next few weeks, and users are encouraged to review their team's duties and tasks before assigning roles.
Sep 29, 2022 792 words in the original blog post.
Cloudflare has transitioned from a traditional "castle and moat" VPN architecture to a more secure multi-factor authentication (MFA) protocol called FIDO2/WebAuthn for its employees. The company now uses hardware security keys, such as YubiKeys, which implement the FIDO standards, making their system phishing-resistant. Cloudflare has also migrated all of its applications and servers to Zero Trust access proxy, allowing secure access to internal sites using security keys. This move has improved role-based access control and enforced the principle of least privilege. The company is now working on integrating security keys with SSH connections for a unified approach to identity and access management.
Sep 29, 2022 1,643 words in the original blog post.
Cloudflare has introduced a new feature called "Email Link Isolation" that aims to protect users from malicious links in emails. When a user clicks on a suspicious link, they are first shown an interstitial page recommending caution before being taken to the website. The user can then choose to proceed and open the webpage in a remote isolated browser running on Cloudflare's global network instead of their local machine. This helps protect both the user and the company from potential threats. During the beta period, Email Link Isolation is available for free on all plans and will be included at no extra cost with Cloudflare's PhishGuard plan after the beta.
Sep 29, 2022 1,410 words in the original blog post.
Cloudflare has announced that it will be making Rate Limiting available for all its Free, Pro and Business plan users without any extra charges. This move is aimed at increasing the overall security posture of millions of applications protected by Cloudflare. The new version of Rate Limiting is built on a powerful ruleset engine and allows building rules like in Custom Rules. It also offers more features than the previous version, such as separate counting and mitigation expressions, counting dimensions, and additional fields available for rule creation. Existing customers will be granted the same amount of rules in the new system as they were using in the previous version.
Sep 29, 2022 1,503 words in the original blog post.
Cloudflare has announced an open beta of its new alternative to CAPTCHA called Turnstile. This smart CAPTCHA alternative automatically chooses from a rotating suite of non-intrusive browser challenges based on telemetry and client behavior exhibited during a session. Turnstile is designed to improve user experience by eliminating the need for users to solve complex puzzles, while also enhancing privacy by reducing data collection. The technology behind Turnstile has been used by Cloudflare itself to reduce its use of CAPTCHA by 91%. Turnstile can be easily integrated into any website without requiring users to be on the Cloudflare network.
Sep 28, 2022 1,241 words in the original blog post.
Cloudflare has announced early access to a free version of Magic Network Monitoring, which provides better visibility into networks and helps answer questions about traffic flow. The tool features an analytics dashboard, self-serve configuration, and a step-by-step onboarding wizard. It allows users to visualize their network traffic and filter by various packet characteristics. Additionally, it includes network traffic volume alerts for specific IP addresses or IP prefixes. Magic Network Monitoring is designed to be easy to use and works with any hardware that exports network flow data. The free version will be released in the coming weeks, and users can request early access through a form.
Sep 28, 2022 1,049 words in the original blog post.
Cloudflare introduces Privacy Edge, a suite of products designed to help site owners and developers build privacy into their applications by default. The collection includes Privacy Gateway, Code Auditability, Private Proxy, and Cooperative Analytics. These technologies aim to enhance network-level privacy in the foundations of app infrastructure, making it easier for developers to create more private internet experiences. Cloudflare is also working on standardizing these approaches and exploring new privacy-enabling technologies.
Sep 28, 2022 1,919 words in the original blog post.
Cloudflare has introduced a free Botnet Threat Feed for Service Providers, including hosting providers, ISPs, and cloud compute providers. The feed provides threat intelligence on IP addresses participating in HTTP DDoS attacks observed from the Cloudflare network, allowing service providers to identify abusers, take down botnet nodes, reduce costs, and decrease the intensity of DDoS attacks across the internet. This initiative is part of Cloudflare's mission to help build a better internet. Service providers can sign up for early access to the feed.
Sep 28, 2022 654 words in the original blog post.
Cloudflare has released a beta version of its first cross-dashboard search tool called "quick search" to help users navigate the company's products and features more efficiently. The tool is currently available to a small percentage of customers, with early access requests being accepted through an online form. Quick search can be accessed from anywhere within the Cloudflare dashboard by clicking the magnifying glass button in the top navigation or using keyboard shortcuts Ctrl + K on Linux and Windows or ⌘ + K on Mac. The tool supports three core capabilities: searching for a page in the dashboard, searching for website-only products, and searching for account-wide products. Future updates to quick search will include returning results of product-specific names or configurations, expanding search functionality to other areas of Cloudflare's content, and improving user experience within the dashboard.
Sep 28, 2022 786 words in the original blog post.
Cloudflare has announced the upcoming open beta of its serverless database D1, which is compatible with SQLite API and designed to store and query relational data without latency concerns or complex management. Since launching in May 2022, D1 has been available for private beta users who have provided valuable feedback on improvements and new features. The upcoming open beta will include features such as automatic backups, one-click restore, stored procedures, and more. Developers can create and manage databases using the Wrangler CLI or directly from the Cloudflare dashboard.
Sep 27, 2022 2,969 words in the original blog post.
Cloudflare has launched a $1.25 billion Workers Launchpad funding program for startups built on its developer platform, Cloudflare Workers. The program aims to help startups build their businesses easily and cost-effectively by providing access to leading venture capital firms. Applications can be submitted through the Workers Launchpad portal in less than five minutes. Successful applicants will have the opportunity to pitch to VC partners, who will match promising startups with suitable investors. The program is supported by a group of world-class VC Launch Partners and aims to level the playing field for startups worldwide.
Sep 27, 2022 1,553 words in the original blog post.
Today, Kenton Varda introduces the first beta release of workerd, an open-source JavaScript/Wasm runtime based on the same code that powers Cloudflare Workers. It is designed to be unopinionated about hosting environments and can be used for self-hosting applications. The name "workerd" comes from the Unix tradition of naming servers with a "-d" suffix standing for "daemon". workerd provides an alternative model for microservices, called nanoservices, which achieve the benefits of independent deployment with overhead closer to that of library calls. It also offers homogeneous deployment and capability bindings for cleaner configuration and SSRF safety.
Sep 27, 2022 2,587 words in the original blog post.
Cloudflare is replacing its Page Rules product with four new dedicated tools: Cache Rules, Configuration Rules, Dynamic Redirects, and Origin Rules. The new products offer increased rules quotas, more functionality, and better granularity compared to the previous single tool. These changes are aimed at addressing limitations in Page Rules and providing users with greater control over their zone's traffic. The new suite of products is built on Cloudflare's lightning-fast Rulesets Engine, which allows for increased quota limits per plan and improved extensibility across multiple products.
Sep 27, 2022 1,550 words in the original blog post.
On September 27, 2022, a new set of tools called Configuration Rules was introduced by Cloudflare as an improved version of Page Rules. Configuration Rules allows users to selectively enable or disable features based on URLs, cookies, and country of origin. This enables a wide range of use cases such as A/B testing configuration and only enabling features for specific file extensions. The tool is available across all plan levels and provides 16 actions that can be used to override corresponding zone-wide settings for matching traffic. Configuration Rules also offers non-URL related fields, allowing users to make decisions based on more nuanced aspects like user agent or presence of a specific cookie.
Sep 27, 2022 1,035 words in the original blog post.
On September 27, 2022, at 2:00 PM, Alex Krivit announced that Page Rules, a popular Cloudflare product released ten years ago, will be re-imagined into four product-specific rule sets: Origin Rules, Cache Rules, Configuration Rules, and Redirect Rules. This evolution aims to provide greater flexibility in caching different types of content through additional rule configurability while offering more visibility into when and how different rules interact across Cloudflare's ecosystem. The new Cache Rules allow users to set caching behavior on additional criteria such as HTTP request headers or the requested file type, providing precise control over when and how Cloudflare and browsers cache their content. Cache Rules are available today in beta and can be configured via the API, Terraform, or UI in the Caching tab of the dashboard.
Sep 27, 2022 1,272 words in the original blog post.
Cloudflare has announced the launch of Cloudflare Calls, a new product that enables developers to build real-time audio/video applications with ease. The platform exposes APIs for building various types of apps such as video conferencing, interactive conversations, group workout apps, and fireside chats. WebRTC is used as the underlying protocol, which allows devices to communicate directly without leaving the browser. Cloudflare Calls abstracts away the complexity by turning the Cloudflare network into a "super peer," helping developers build reliable and secure real-time experiences. The platform eliminates the need for users to answer questions about regions, scalability, and latency, as it uses anycast for every connection and is global by nature. It also focuses on observability to help customers troubleshoot issues faster and ensures privacy and security by default. Cloudflare Calls is currently in closed beta, with an invitation request available on their website.
Sep 27, 2022 1,515 words in the original blog post.
Cloudflare has introduced Dynamic Redirects, a new feature that allows users to redirect visitors to another webpage or website based on various factors such as the visitor's country of origin or preferred language without requiring any coding. This expands upon previous URL redirection capabilities and provides more flexibility in managing complex use cases. The new product offers almost the entire suite of Ruleset Engine fields for filtering, enabling users to create dynamic redirects that cater to their specific needs.
Sep 27, 2022 1,239 words in the original blog post.
Cloudflare has introduced a new product called "Origin Rules" that allows users to override the host header, Server Name Indication (SNI), destination port, and DNS resolution of matching HTTP requests. This feature is designed to provide more control over where traffic goes, when it gets there, and what it looks like when it arrives without requiring any code writing or maintenance. Origin Rules can be used for various scenarios such as routing different URLs to different origins, integrating with cloud storage endpoints, A/B testing different cloud providers, and adjusting destination port mappings. The feature is now available via API, Terraform, and the Cloudflare dashboard.
Sep 27, 2022 2,065 words in the original blog post.
Cloudflare has announced the private beta of its new global message queuing service, Cloudflare Queues. This service is integrated into the Cloudflare Workers runtime and allows applications to send and receive messages reliably using simple APIs. The key features include at-least once message delivery, support for batching of messages, and no bandwidth egress fees. With this new addition, developers can build larger, more sophisticated, and reliable applications on Cloudflare's Developer Platform.
Sep 27, 2022 1,053 words in the original blog post.
Forrester has recognized Cloudflare as a Leader in The Forrester Wave™: Web Application Firewalls, Q3 2022 report. The report evaluated 12 providers on 24 criteria across current offering, strategy and market presence. Cloudflare received the highest score of all assessed vendors in the strategy category and also received the highest possible scores in 10 criteria, including Innovation Management, UIRule creation and modification, Log4Shell response, incident investigation, and security operations feedback loops. The report highlights that "Cloudflare Web Application Firewall shines in configuration and rule creation", "Cloudflare stands out for its active online user community and its associated response time metrics", and "Cloudflare is a top choice for those prioritizing usability and looking for a unified application security platform." The core value of any WAF is to keep web applications safe from external attacks by stopping any compromise attempt. Cloudflare's fast response to the Log4Shell vulnerability, which affected the popular Apache Log4J software, helped protect its customers against exploit attempts in less than 17 hours globally.
Sep 27, 2022 588 words in the original blog post.
Cloudflare has announced that its live video streaming service, Cloudflare Stream, now supports WebRTC with sub-second latency for unlimited concurrent viewers in open beta. This feature enables developers to build low latency live streaming and playback into their websites or apps using web standards without relying on old protocols from the era of Flash. The new open WebRTC standards, WHIP and WHEP, provide a standardized end-to-end way for broadcasters to send media content and viewers to request and receive media content over WebRTC at scale. Cloudflare Stream is the first cloud service to let users broadcast using WHIP and playback using WHEP without needing a vendor-specific SDK.
Sep 27, 2022 1,613 words in the original blog post.
Cloudflare has expanded its Startup Plan to include more products and broaden eligibility criteria for startups. The plan now offers four times the value of the original program, with additional features such as Workers KV, Pages, R2 Storage, and Argo Smart Routing. Eligibility requirements for new participants have been updated to include startups at an early stage that have raised less than $3 million and are enrolled or recently graduated from a participating accelerator program. Current Startup Plan users will automatically receive the additional products in their accounts over the coming weeks.
Sep 27, 2022 1,323 words in the original blog post.
The article discusses the evolution of the internet from computers to smartphones and now to Internet of Things (IoT) devices, which are expected to grow tremendously in number. It highlights the security risks associated with IoT devices and how NIST is working on defining requirements for IoT device security. The author announces Cloudflare's new IoT platform aimed at providing a single pane-of-glass view over IoT devices, provisioning connectivity for new devices, and securing every device from the moment it powers on. The article also mentions how IoT devices are not limited to simple objects like lightbulbs but include payment terminals, modern cars, and industrial devices that require cellular connectivity. Cloudflare's IoT Platform will support provisioning cellular connectivity at scale, ensuring secure communication between IoT devices and the internet or cloud infrastructure. The platform also extends Zero Trust security to IoT devices by allowing developers to better restrict and control what endpoints their devices talk to. Finally, the article discusses how Cloudflare's platform enables keeping compute off the device while still keeping it close to the device thanks to its global network, reducing deployment risk and improving operational efficiency.
Sep 26, 2022 1,390 words in the original blog post.
Cloudflare is excited about the upcoming 5G future and its potential for high throughput and low-latency wireless networks. To address security concerns, they have announced a new partnership program called Zero Trust for Mobile Operators to tackle the biggest security and performance challenges. The company's SASE product, Cloudflare One, offers comprehensive network solutions including Magic WAN, Cloudflare Access, Gateway, Cloud Access Security Broker, and Cloudflare Area 1. They are partnering with mobile network operators for these services as their networks and services are complementary. Additionally, they have an edge compute platform called Workers that executes code at the edge to improve performance and reduce latency. The company is also looking forward to providing a platform for new innovations in the 5G era.
Sep 26, 2022 1,256 words in the original blog post.
The Cloudflare SIM is the world's first Zero Trust SIM, designed to enhance security for mobile devices in the modern workplace. It combines software and network layers to provide better protection against cyber threats, especially those targeting mobile devices. The Cloudflare SIM prevents employees from visiting phishing or malware sites, mitigates common SIM attacks, and enables secure private connectivity to various services. This solution simplifies the installation process for employees by allowing them to scan a QR code from their phone's camera during onboarding. It also addresses privacy concerns by ensuring that only blocked resources are logged without logging every domain visited beyond that. The Zero Trust SIM is currently being tested and will be rolled out to customers in different regions as connectivity is built across the globe.
Sep 26, 2022 1,636 words in the original blog post.
Cloudflare is celebrating its 12th birthday with a series of product announcements aimed at improving the internet. The company was founded in 2010 to counter threats to the permissionless nature of the internet, such as Facebook's potential control over online content. In recent years, the internet has become a battleground for free speech and accessibility, with more countries shutting down internet access than ever before. Cloudflare continues to work on improving security, privacy, and efficiency for its users while also providing products that enhance the fundamentals of how the internet works. The company is committed to helping build a better internet and remains optimistic about the future despite ongoing challenges.
Sep 25, 2022 2,292 words in the original blog post.
During the week of September 19th, 2022, known as "GA Week", Cloudflare launched a number of new products and services. These included updates to their threat operations and research team, Cloudforce One; improvements to Access Control with Domain Scoped Roles; availability of Account WAF for Enterprise customers; introduction of Adaptive DDoS Protection and Advanced DDoS Alerts; enhancements to Cloudflare CASB and Data Loss Prevention; expansion of the Cloudflare One Partner Program; launch of Browser Isolation with WAN-as-a-Service; improvements to email security with Cloudflare Area 1; availability of R2 object storage, Stream Live video service, Workers for Platforms, Log Storage on R2, and SVG support in Cloudflare Images. The company also expanded its Data Localization Suite to Japan, India, and Australia, added API Endpoint Management and Metrics, introduced Managed Components and DLP to make third-party tools private with Zaraz, and made updates to Logpush for better cost efficiency and visibility.
Sep 23, 2022 941 words in the original blog post.
Apple's latest operating system, iOS 16, introduces a new feature that eliminates the need for CAPTCHAs by enabling Private Access Tokens (PAT). This technology automatically validates users as humans without requiring them to complete a CAPTCHA or provide personal data. The collaboration between Cloudflare and industry leaders extends the Privacy Pass protocol with support for cryptographic tokens, simplifying application security for developers and enhancing privacy for users. With PATs incorporated into Cloudflare's Managed Challenge platform, customers can improve their visitors' browsing experience on supported devices without compromising on privacy.
Sep 23, 2022 720 words in the original blog post.
The Internet relies on Application Programming Interfaces (APIs) for the constant exchange of information between computers. With more than half of traffic handled by Cloudflare being for APIs, it is crucial to manage and protect these endpoints. To address this need, API Shield has been expanded into a full API Gateway. Today, the ability to save, update, and monitor the performance of all your API endpoints is generally available to API Shield customers. This includes key metrics like latency, error rate, and response size that provide insights into the overall health of API endpoints. The new features aim to empower developers with data-driven decisions for better management of their APIs.
Sep 22, 2022 1,487 words in the original blog post.
On September 22, 2022, Yo'av Moshe discussed privacy concerns related to third-party tools on websites. He explained that while these tools can enhance user experience and website functionality, they often involve third-party scripts with unrestricted access to user data. To address this issue, Cloudflare introduced Managed Components, an open-source API for loading third-party tools in a secure and privacy-aware manner. These components run isolated within a Component Manager, which grants and revokes permissions and controls the information shared with each tool. Additionally, upcoming Data Loss Prevention (DLP) features will allow users to report, mask, or remove Personally Identifiable Information (PII) from data shared with third parties by mistake. The integration of Managed Components and DLP features is considered a safer approach as it fences information before components access it. Users can start using Cloudflare Zaraz today, and advanced permissions handling, data masking, and DLP filters are in development for all users.
Sep 22, 2022 933 words in the original blog post.
Cloudflare has announced three new features related to its Logpush product, which pushes critical logs from its products and services to customer-defined destinations for analysis and consumption. The first feature allows customers to filter logs before they are pushed, reducing the need for complex infrastructure and storage costs. The second feature enables alerting when log pushing fails due to issues with customer destinations or network problems. Finally, a new GraphQL API provides analytics on Logpush job health, including bytes and records pushed, successful push numbers, and failing push numbers. These features enhance Cloudflare's logging infrastructure and offer greater visibility into its core components.
Sep 22, 2022 791 words in the original blog post.
Protests have erupted across Iran following the death of Mahsa Amini in police custody. In response to these protests, Iran has restricted internet connectivity and blocked social media platforms. The government's actions have resulted in significant drops in internet traffic, with some regions experiencing near-zero connectivity for several hours. Additionally, access to DNS-over-HTTPS from open resolver services has been reportedly blocked. Internet users can monitor the impact of these disruptions using Cloudflare Radar and follow updates on Twitter at @CloudflareRadar.
Sep 22, 2022 749 words in the original blog post.
In 2020, Cloudflare introduced its Data Localization Suite to address growing data localization requirements globally. The Regional Services feature allows customers to limit which data centers decrypt and inspect their traffic, catering to those affected by regional regulations or contractual agreements. This is achieved through anycast routing protocols that direct users to the closest Cloudflare data center. However, this approach does not guarantee traffic within a country will be serviced there due to network routing decisions made by Internet Service Providers (ISPs). Regional Services solves this issue by making each data center aware of its region and forwarding encrypted TCP streams to data centers within the correct region for decryption and application of Layer 7 products. Currently, support is available in India, Japan, and Australia, with plans to expand to more regions soon.
Sep 22, 2022 828 words in the original blog post.
Stream Live, a feature of Cloudflare Stream, is now out of beta and available to everyone for production traffic at scale. Developers can use this tool to build live video features in websites and native apps. Since its beta launch, developers have used Stream to broadcast live concerts, create new video platforms, operate global 24/7 OTT services, and more. Stream Live simplifies the process of streaming live video by handling encoding, storage, and delivery systems, making it easy for developers to add live video to their websites or apps.
Sep 21, 2022 1,930 words in the original blog post.
R2, an object storage service by Cloudflare, is now generally available after a successful open beta period with over 12k developers using it for various applications like podcasts, video platforms, and ecommerce websites. R2 offers developers the ability to access data freely without incurring egress fees, breaking the ecosystem lock-in that has long tied the hands of application builders. It provides S3 Compatibility, Automatic Region Selection, Cloudflare Workers Integration, Presigned URLs, Public Buckets, and Transparent Pricing. Future plans for R2 include Object Lifecycles, Jurisdictional Restrictions, and Live Migration without Downtime. Developers are encouraged to sign up and start building on Cloudflare's platform.
Sep 21, 2022 1,274 words in the original blog post.
Cloudflare has announced that Custom Domains are now generally available (GA). This feature allows developers to connect their Workers to the internet without having to deal with DNS records or certificates, making it easier to build globally distributed and instantly scalable applications on Cloudflare's Developer Platform. With Custom Domains, developers can leverage the power of Cloudflare's global network to run their applications everywhere, resulting in a truly serverless experience.
Sep 21, 2022 1,417 words in the original blog post.
Cloudflare has announced the General Availability of its R2 object storage and added log storage capabilities. This allows customers to store and retrieve their logs on R2, which provides vital insights into applications' performance, health, and security incidents. Previously, customers could only export logs to third-party destinations for analysis. Log Storage on R2 offers a cost-effective solution for storing event logs from any Cloudflare product without egress costs or access fees. Customers can store logs using the dashboard or API and retrieve them via the Retrieval API, providing operational savings by centralizing storage and retrieval.
Sep 21, 2022 630 words in the original blog post.
Cloudflare has announced that its serverless functions offering for SaaS businesses, Workers for Platforms, is now generally available for all Enterprise customers. This service allows customers to build custom logic into a SaaS application, providing flexibility and freeing up internal engineering time. Key features include Dispatch Worker, User Workers, Unlimited Scripts, and Dynamic Dispatch Namespaces. The company also plans to release this feature down to the Workers Paid plan in the future.
Sep 21, 2022 1,360 words in the original blog post.
On September 21, 2022, it was announced that Cloudflare Images now supports SVG files. This feature aims to simplify image delivery by storing, resizing, optimizing, and serving images in a single pipeline. The support for SVG files is particularly beneficial as they are scalable vector graphics that can be resized without losing quality. However, SVG files have been known to pose security risks due to their ability to contain arbitrary JavaScript, fetch external content from other URLs, or embed HTML elements. To address these concerns, Cloudflare has developed a filter that removes scripting and hyperlinks to other documents, making SVG files as safe as JPEG or PNG images while preserving their vector graphics capabilities. The SVG format is complex with many features, and the company encourages users to report issues and contribute to the development of the filter.
Sep 21, 2022 1,722 words in the original blog post.
On February 23, 2022, Cloudflare acquired Area 1 Security to enhance email security and prevent phishing attacks. The new integration allows users to proactively identify and protect against phishing campaigns before they happen. A dedicated Email Security section is now available on the Cloudflare dashboard for customers to access and use Cloudflare Area 1 Email Security. This cloud-based solution provides real-time updates, threat intelligence data, and machine-learning models to improve email security and protect against various types of cyber threats. Additionally, a new initiative called Cloudforce One is being developed to make every Cloudflare customer safer by working closely with existing teams to improve products based on observed tactics, techniques, and procedures (TTPs).
Sep 20, 2022 1,004 words in the original blog post.
In September 2022, Cloudflare launched the Cloudflare One Partner Program to help customers navigate their journey towards Zero Trust architecture. Since then, there has been a significant increase in new Cloudflare Zero Trust customers being won with the channel. The program provides access to a broad set of Cloudflare-enabled professional services and exclusive bundles optimized for real use cases encountered by partners when helping customers map out a Zero Trust strategy. The Cloudflare One Partner Program also acknowledges the critical role channel partners play in assessing customer requirements, designing and implementing solutions, and providing ongoing support. Reward for Value is the partner financial incentive structure that rewards for developing Zero Trust opportunities, designing bundled solutions, and delivering professional services.
Sep 20, 2022 881 words in the original blog post.
Cloudflare has announced the general availability of its new Zero Trust product, Data Loss Prevention (DLP). This feature helps customers identify and protect sensitive data by inspecting traffic moving into, out of, and around their corporate network. DLP is part of Cloudflare One, a Zero Trust network-as-a-service platform that connects users to enterprise resources. The service leverages HTTP filtering abilities to detect sensitive information such as credit card numbers and US Social Security numbers. Proper data usage can include who used the data, where the data was sent, and how the data is stored. DLP works in conjunction with other Cloudflare security services like Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Remote Browser Isolation (RBI), and API-based Cloud Access Security Broker (CASB).
Sep 20, 2022 897 words in the original blog post.
Cloudflare has released its API-driven Cloud Access Security Broker (CASB), a new addition to their Zero Trust platform, aimed at helping IT and security administrators monitor third-party SaaS applications for various security issues. CASB supports integrations with Google Workspace, Microsoft 365, Slack, and GitHub, allowing users to scan and identify application-specific security issues across several domains of information security. The solution helps organizations gain visibility into their SaaS app security and data loss prevention (DLP) posture by connecting critical SaaS applications in just minutes and clicks.
Sep 20, 2022 987 words in the original blog post.
Cloudflare has introduced a new capability that enables administrators to integrate its Browser Isolation solution into their existing network from any traffic source such as IPsec and GRE via its WAN-as-a-service, Magic WAN. This feature allows companies to protect internet activity from browser-borne malware and zero-day threats without installing any endpoint software or requiring users to update their browsers. The integration of Browser Isolation with Magic WAN enhances network perimeter architecture and a defense-in-depth security strategy by eliminating the complexity, fragility, and performance limitations of legacy network perimeters.
Sep 20, 2022 753 words in the original blog post.
Cloudflare has introduced its new Adaptive DDoS Protection system, which is now generally available for Enterprise customers. This innovative technology learns the unique traffic patterns of each Internet property and adapts to protect against sophisticated DDoS attacks. The system creates a traffic profile by looking at a customer's maximal rates of traffic every day for the past seven days and stores the maximal traffic rates seen for every predefined dimension value. Adaptive DDoS Protection also leverages Cloudflare's Machine Learning generated Bot Scores to differentiate between user and automated traffic. The system works out of the box, automatically creating profiles that can be tweaked and tuned as needed via DDoS Managed Rules. This new feature complements Cloudflare's existing DDoS protection systems, which leverage dynamic fingerprinting to detect and mitigate DDoS attacks.
Sep 19, 2022 890 words in the original blog post.
Cloudflare has introduced Account WAF, a single Web Application Firewall (WAF) configuration for managing multiple enterprise domains. This feature simplifies the management of large numbers of domains by allowing users to deploy managed rulesets across all their production domains with just one click. Users can also create custom rulesets and deploy them on user-defined filters to scope on specific portions of traffic. Account WAF is an Enterprise only feature, available for customers on Cloudflare's new Advanced plan.
Sep 19, 2022 874 words in the original blog post.
Cloudflare introduces Advanced DDoS Alerts, offering customizable and flexible alerts for users managing multiple internet properties. The new feature includes two types of alerts: Advanced HTTP DDoS Attack Alerts for WAF/CDN customers on the Enterprise plan, and Advanced L3/4 DDoS Attack Alerts for Magic Transit and Spectrum BYOIP customers on the Enterprise plan. Standard DDoS Alerts are available to all plans, including the Free plan. The alerts help users verify that their internet properties are protected and available during a DDoS attack by informing them in real-time about decisions made by Cloudflare's automated systems. Advanced DDoS Alerts allow users to select specific internet properties they want to be notified about, define the minimum size of an attack for alerts, and choose which protocols to be alerted on.
Sep 19, 2022 906 words in the original blog post.
Domain Scoped Roles, a new feature by Cloudflare, allows account owners to manage user access to specific domains. This enhances security and control over team members' permissions. With the use of Domain Groups, users can be granted access to multiple domains simultaneously, reducing management efforts. The feature is being rolled out across all Enterprise Cloudflare accounts, with existing access remaining unchanged. It represents a step forward in Cloudflare's migration towards a new authorization system for better control over team access across its services.
Sep 19, 2022 634 words in the original blog post.
Cloudflare's threat operations and research team, Cloudforce One, is now operational and providing threat briefings via an add-on subscription. The subscription includes access to threat data and briefings, security tools, and the ability to make requests for information (RFIs) to the team. Subscriptions are available in two packages based on the number of employees: "Premier" and "Core". Cloudforce One offers a range of services such as a threat investigation portal, sinkholes-as-a-service, and brand protection. The team is composed of analysts with experience from organizations like NSA, USCYBERCOM, and Area 1 Security. They provide regular briefings on various threats and threat actors, and also offer the ability to make "requests for information" (RFIs) on any security topic of interest.
Sep 19, 2022 869 words in the original blog post.
On September 18th, John Graham-Cumming discussed how Cloudflare's products are developed and improved through beta testing with its large customer base. He highlighted that once a product is ready for general availability (GA), it becomes part of the company's best-of-breed offerings in various categories such as WAF, DDoS mitigation, bot management, API protection, CDN, and developer platform. These products are trusted by major companies like Broadcom, NCR, DHL Parcel, Panasonic, Canva, Shopify, L'Oréal, DoorDash, Garmin, among others. The company operates three main innovation teams that work on projects with varying time horizons and encourages external innovation as well. In the coming week, Cloudflare will announce new products during its 12th birthday celebration, which is also known as Innovation Week or GA Week.
Sep 18, 2022 507 words in the original blog post.
In this blog post, Sudarsan Reddy discusses using Cloudflare R2 as an apt/yum repository to distribute cloudflared (the Cloudflare Tunnel daemon) for Debian/Ubuntu and CentOS/RHEL systems. The author explains how apt-get works, including the role of Release files and Packages files in the process. They then describe how to create an apt repository by building a deb file out of the binary using fpm, generating plaintext files needed by apt with reprepro, uploading them to Cloudflare R2, and serving them from an R2 worker. The author concludes by providing a script for automating these steps in a release process.
Sep 15, 2022 925 words in the original blog post.
Cloudflare has developed Pingora, an HTTP proxy built using Rust that serves over 1 trillion requests per day. The new system replaces NGINX and offers improved performance, efficiency, and the ability to support more features for Cloudflare customers. Pingora's design decisions include choosing Rust as the programming language, building a customizable HTTP library, and implementing a multithreaded workload scheduling system with work stealing capabilities. The new architecture allows for better connection reuse ratios, resulting in faster TTFB (time-to-first-byte) and reduced handshake time. Pingora also consumes less CPU and memory compared to the previous service, making it more efficient. Additionally, Rust's memory-safe semantics provide safer feature shipping and help prevent crashes due to undefined behavior.
Sep 14, 2022 2,177 words in the original blog post.
Cloudflare has announced support for Ethereum Merge and its gateways now support Görli and Sepolia test networks (testnets). These testnets can be used to test and develop full decentralized applications or test upgrades before deploying on the mainnet Ethereum network. The Ethereum Foundation has executed merges on multiple testnets to ensure that the actual mainnet merge will occur with minimal disruption, and Cloudflare's Testnet Gateway handled the Görli-Prater merge without issue. The Merge is a significant upgrade to the Ethereum network, changing the consensus method from Proof of Work to Proof of Stake, which promises to speed up transactions and lower costs.
Sep 13, 2022 1,221 words in the original blog post.
Cloudflare has been recognized by Gartner as a Leader in the 2022 "Magic Quadrant™ for Web Application and API Protection (WAAP)" report, which evaluated 11 vendors based on their 'ability to execute' and 'completeness of vision'. The company's WAAP portfolio includes features such as DDoS protection & mitigation, Web Application Firewall, Bot Management, API Gateway, Page Shield, and Security Center. Cloudflare continues to invest in application security research and product development, with a focus on providing better and more effective security solutions for its users and customers.
Sep 06, 2022 1,683 words in the original blog post.
Cloudflare developed a machine learning based Web Application Firewall (WAF) solution to enhance security and performance for its customers. The WAF analyzes HTTP requests to identify potential malicious content or intent, protecting against common attack vectors such as cross-site-scripting (XSS), file inclusion, and SQL injection. To overcome the challenge of obtaining high quality labeled data, Cloudflare employed data augmentation and generation techniques. These methods allowed them to create a diverse dataset covering various malicious samples for all attack categories, benign samples, and obfuscation techniques. Data augmentation involved generating artificial but realistic data by studying statistical distributions of existing real-world data. The use of pseudo-random noise samples was particularly effective in improving the model's performance. By creating a series of token sampling distributions that made it increasingly difficult for the model to distinguish them from a real payload, they were able to significantly reduce false positives and improve overall robustness. After implementing data augmentation techniques, the machine learning WAF demonstrated comparable performance to Cloudflare's signature-based WAF, with particular strengths in handling highly obfuscated or irregularly fuzzed content. The results showed a significant improvement in model performance, as indicated by an F1 score of 0.99 after augmentation compared to 0.61 before. In conclusion, data augmentation and generation techniques played a crucial role in improving the machine learning WAF's performance and inducing the right set of properties. Cloudflare plans to further investigate autoregressive language models for generating synthetic pseudo-valid payloads in the future.
Sep 05, 2022 2,660 words in the original blog post.
Cloudflare has blocked access to Kiwifarms due to escalating threats and an immediate danger to human life. Although this decision is unusual for Cloudflare, the company felt compelled to act given the severity of the situation. The pressure campaign against Kiwifarms had intensified over the last two weeks, leading to more aggressive rhetoric on the site. Despite taking action, Cloudflare acknowledges that it may only exacerbate the problem and calls for a mechanism to address emergency threats to human life in collaboration with legal authorities.
Sep 03, 2022 755 words in the original blog post.
The text discusses challenges faced in maintaining logging pipelines at Cloudflare, a global network provider handling millions of HTTP requests per second. It highlights issues such as unpredictable log volume, semi-structured and contextual logs, and write-heavy nature of centralized logging systems. The logging pipeline architecture is described, consisting of producers (applications), shippers, queues (Kafka), consumers (Logstash), and datastores (Elasticsearch). The text then delves into the limitations faced with Elasticsearch clusters at Cloudflare, including mapping explosion, lack of multi-tenancy support, cluster operational tasks, and garbage collection. It explains how these issues affect the logging pipeline's performance and cost-efficiency. The proposed solution involves using ClickHouse as an alternative datastore due to its columnar storage design, efficient indexing, compression capabilities, and linear scalability. The text also discusses optimizations for providing faster read/write throughput and better compression on log data, such as inserter scaling, batch size optimization, data modeling in ClickHouse, and data partitioning. It highlights the importance of primary key selection and introduces data skipping indexes to improve query performance. The text concludes by explaining how using ClickHouse for logs has resulted in significant improvements in CPU and memory consumption, storage efficiency, and query latency compared to Elasticsearch. It emphasizes that while both tools have their strengths, ClickHouse is particularly well-suited for handling large volumes of log data and performing analytics tasks.
Sep 02, 2022 2,602 words in the original blog post.