September 2023 Summaries
51 posts from Cloudflare
Filter
Month:
Year:
Post Summaries
Back to Blog
Cloudflare is rolling out General Availability of post-quantum cryptography support to its customers, services, and internal systems in response to the growing importance of encryption on the internet. This technology offers fast connections and future-proofed security against potential quantum computer threats that could break current cryptography methods. The rollout includes products such as Pingora for origin connectivity, 1.1.1.1, R2, Argo Smart Routing, Snippets, and more. Cloudflare aims to have all systems supporting post-quantum outbound connections by the end of March 2024, while also continuing work on implementing support in other products including Cloudflare Gateway, DNS, Load Balancer, Access, and Always Online.
Sep 29, 2023
984 words in the original blog post.
Cloudflare announces a new feature for its customers - Retro Scan, which allows scanning of old messages in Office 365 Inboxes for potential threats. The tool employs advanced machine learning models and is free to use. Customers can navigate the Cloudflare dashboard to access the Retro Scan option under the Area 1 tab, providing necessary authorizations for message scans. The retro scan detects and highlights any threats found within inboxes, enabling customers to clean up their mailboxes by addressing them through their email accounts. Additionally, it provides information about targeted employees and threat origins. As of now, Retro Scan is available only via a closed beta program; interested users can reach out to their Cloudflare contact for access. After using the retro scan, customers have the option to purchase Cloudflare Area 1 or sign up for a free trial of phishing risk assessment for better mailbox protection.
Sep 29, 2023
647 words in the original blog post.
Cloudflare has been consistently measuring its network performance against other providers since June 2021, sharing benchmarking results to assess improvements in comparison. In August 2023, Cloudflare was the fastest provider for 44% of networks and within 5% of the fastest provider for an additional 10%. This growth has been steady with a higher rate of increase than other providers.
Cloudflare uses Real User Measurements (RUM) to monitor various performance metrics, such as TCP Connection Time and Time to First Byte (TTFB), comparing their data with competitors like Akamai, Amazon CloudFront, Fastly, and Google Cloud CDN. The company aims to be the fastest provider in most last mile networks by closely monitoring its rankings based on these metrics.
In terms of geographical performance, Cloudflare's network has become faster in Iran and Paraguay since June 2023 but remains within 1-2ms of competitors Fastly, Amazon CloudFront, and Akamai in countries like Brazil, Norway, and various African nations. The company plans to continue monitoring its performance against other providers, identifying areas for improvement, resolving any issues, and sharing updates on their journey to become the fastest network globally.
Sep 29, 2023
934 words in the original blog post.
Cloudflare has developed a protocol called Prio that enables privacy-preserving measurement of user data while maintaining their privacy. The process involves secret sharing and special zero-knowledge proofs to ensure no single bit of the measurements can be discerned by an aggregator, even during interaction for non-linear computation tasks like finding heavy hitters among the set of measurements.
The PPM working group at IETF aims to standardize multi-party computation (MPC) techniques for privacy preserving measurement through three main prongs: identifying problems that need solutions, providing cryptography researchers with "templates" such as Verifiable Distributed Aggregation Functions (VDAFs), and offering a deployment roadmap for emerging protocols like Prio.
Cloudflare has also developed an implementation of a DAP aggregator server called Daphne using Rust and Workers, which allows easy integration with their storage solutions like Durable Objects and KV. The company is looking to collaborate on the project or participate in the development of MPC techniques for privacy-preserving measurement through the PPM working group at IETF.
Cloudflare's contributions have helped improve both their Workers products and the DAP standard, as well as provide feedback into the protocol's interoperability tests during deployment.
Sep 29, 2023
2,391 words in the original blog post.
Cloudflare has announced that it is rolling out support for post-quantum secure outbound connections by implementing a hybrid key agreement system with classical (X25519) and post-quantum cryptography (Kyber). This will help mitigate the "store now, decrypt later" threat posed by quantum computers.
Cloudflare is offering three settings for their customers to configure how they interact with origins that support or prefer post-quantum key agreement:
1. Off - Do not send a post-quantum keyshare in ClientHello and do not accept one from the origin. This setting can be used if your server does not have any form of quantum resistance, but this is strongly discouraged due to security implications.
2. Supported - Send a classical (X25519) then a post-quantum keyshare in ClientHello and accept both types of keyshares from the origin. This setting will introduce an extra roundtrip for origins that support post-quantum key agreement but is recommended as it provides quantum resistance without sacrificing compatibility with non-post-quantum-capable servers.
3. Preferred - Only send a post-quantum keyshare in ClientHello and accept only post-quantum keyshares from the origin. This setting will not introduce an extra roundtrip for origins that support post-quantum key agreement but may cause issues with some non-post-quantum capable servers as they require classical (X25519) key exchange to establish a connection.
Cloudflare is also using these settings to scan origin server configurations, helping them determine the best setting for zones that haven't been configured yet by removing the extra roundtrip caused by HelloRetryRequest for origins that support post-quantum cryptography. The scanner pipeline they built will not only benefit post-quantum origins but also speed up non post-quantum origins by sending the most preferred keyshare directly to them, thus eliminating an additional roundtrip due to HRR (Hello Retry Request).
Cloudflare's implementation of hybrid key agreement is a significant step towards making the internet more secure and resistant against potential attacks from quantum computers. Encouraging customers to configure their zones appropriately and sharing experiences or seeking help at [email protected] will further enhance the adoption and effectiveness of this technology.
Sep 29, 2023
3,011 words in the original blog post.
Cloudflare has introduced new bot categories and reporting features for its customers to provide better control over AI crawlers visiting their websites. The update includes Verified Bot subcategories such as Search Engine Crawler, Aggregator, AI Crawler, Page Preview, Advertising, Academic Research, Accessibility, Feed Fetcher, Security, and Webhooks. Customers can now create firewall rules based on these categories for more targeted responses to different types of bots. Additionally, Cloudflare is working on a new exclusion protocol specifically designed for AI crawlers to give website operators even more flexibility in managing them in the future. The company has also encouraged bot creators to respect robots.txt and adhere to other good practices to be considered as Verified Bots by Cloudflare.
Cloudflare's new bot categories are available for all customers, including those on free plans, and can be accessed through the WAF tab in the dashboard. In the coming months, the company will also introduce more detailed reporting based on these bot categories to help customers visualize how often different types of bots visit their websites over time.
The introduction of Verified Bot subcategories is part of Cloudflare's ongoing efforts to address concerns related to AI crawlers and provide better protection for its users against potential risks associated with them. The company plans to continue evolving its approach as the use of AI continues to grow on the Internet.
Sep 29, 2023
1,676 words in the original blog post.
Cloudflare introduces Encrypted Client Hello (ECH), a new privacy standard that masks the Server Name Indication (SNI) used in TLS handshakes, preventing networks from determining which websites users are visiting. ECH is available on all Cloudflare plans and can be enabled by website owners who want to ensure user privacy. Browsers like Google Chrome and Firefox are already ramping up support for this technology. By using ECH, intermediaries will only see identical TLS handshakes indicating a connection to cloudflare-ech.com rather than the actual websites being visited. Cloudflare aims to encourage widespread adoption of ECH to enhance privacy on the internet and eventually solve it completely.
Sep 29, 2023
1,182 words in the original blog post.
Cloudflare has implemented a machine learning classifier for detecting web application attacks, which augments their existing signature-based system. The new classifier generates a WAF Attack Score ranging from 1 to 99, with lower scores indicating higher probability of malicious activity. This score is available to all business and enterprise users, providing instant zero-day mitigation for novel attack vectors without the need for manual intervention. Cloudflare has validated its effectiveness using Sitecore CVEs as an example
Sep 29, 2023
2,824 words in the original blog post.
Cloudflare's bot-fighting solution, Turnstile, is now generally available with new features such as support for 17 languages, additional callbacks, error codes to understand challenge failures, and a feedback form in the widget. Turnstile has been used by over 76,000 users during its beta phase and blocked more than one million automated signup attempts on Cloudflare's own platform. The solution is now free for unlimited use via visible mode with the Cloudflare logo, while advanced features are available in self-serve pay-as-you-go option expected to launch in early 2024.
Sep 29, 2023
1,466 words in the original blog post.
D1 is a serverless SQL database built for Cloudflare Workers that allows you to deploy databases quickly with no configuration needed. It provides automatic horizontal scaling, supports over 100,000+ databases for platform users without any limits or charges per database, and has free global read replication in the works. D1 is now generally available for use by everyone, including developers building on Workers and platforms looking to deploy a dedicated D1 database per customer.
The pricing model for D1 changed as of October 20th, with costs based solely on reads, writes, and storage. The free tier includes up to 25 billion queries per month, while the $5/month worker plan allows users to run their most expensive query 59 million times before incurring additional costs.
D1 returns row counts for each query via its HTTP API, allowing developers to understand how many rows a query reads or writes and optimize their queries with indexes accordingly. This feature is also available through the Cloudflare dashboard and GraphQL analytics API.
For platform users on Workers, D1 supports creating more databases programmatically using the D1 HTTP API without redeploying workers. There are no limits or charges for idle databases, and per-database analytics are provided via the GraphQL analytics API to help understand usage patterns across all databases. RONIN is one of the early adopters of D1 for Platforms, deploying a dedicated database per customer for isolating data closer to users and providing strong separation from other customers' queries.
D1 aims to reach general availability (GA) for production use-cases by early next year (Q1 2024), with plans to expand Time Travel capabilities and increase limits on per-database storage and the number of databases that can be created in the meantime. Developers can get started using D1
Sep 28, 2023
2,191 words in the original blog post.
Cloudflare Pages has introduced a beta version for build caching support aimed at improving the overall development experience by reducing subsequent build times. By leveraging cached dependencies and output, developers can save time on iterations and deployment processes, leading to increased productivity in continuous integration/continuous deployment (CI/CD) workflows. The feature currently supports node-based package managers such as npm, yarn, pnpm, and Bun, along with popular frameworks like Gatsby.js, Next.js, and Astro. Users can toggle the build cache option in their project settings for seamless integration.
Sep 28, 2023
669 words in the original blog post.
Cloudflare has announced new additions to its Cloudflare Integrations Marketplace for developers using its Workers platform. The latest integrations include Sentry, Turso, and Momento. These partnerships aim to simplify the process of connecting third-party services by automating tasks such as managing credentials and writing glue code.
Sentry is an application monitoring tool that helps detect errors in real-time for Workers applications without requiring any modifications to existing code. Turso, a distributed edge database based on libSQL, focuses on minimizing query latency and offers automatic routing of requests to the nearest replica. Finally, Momento Cache provides low-latency caching solutions for databases or object stores to improve performance by reducing loading times.
These integrations allow developers using Cloudflare Workers to easily discover, configure, and deploy products that can be used alongside their applications, enabling them to focus more on development rather than configuration tasks.
Sep 28, 2023
723 words in the original blog post.
Cloudflare has revamped its Workers playground, focusing on the Worker-as-origin use case where the Worker is responsible for returning the full response. The updated playground includes an authenticated dashboard editor experience powered by VSCode, offering multi-module support, type-checking via JSDoc comments and the `workers-types` package, pretty error pages, and real previews that update as you edit code. It provides access to Chrome DevTools technology for visibility into the Worker, an "HTTP" tab for testing against various HTTP methods, and a new way to share your playground code through unique URLs which can be deployed instantly to Cloudflare's global network using a "Deploy" button.
Sep 28, 2023
664 words in the original blog post.
Introducing Cloudflare Hyperdrive, a new beta service for Cloudflare Workers that speeds up database queries by pooling connections across Cloudflare's network and caching popular read-only queries to reduce latency. This allows developers using traditional databases in distributed or serverless environments to improve the performance of their applications without having to migrate away from their favorite ORM libraries or rewrite existing code. Hyperdrive currently supports PostgreSQL, including Neon, Google Cloud SQL, AWS RDS, and Timescale, with plans for MySQL support by the end of 2023. During its open beta period, connection pooling is free but pricing information will be announced closer to GA (early in 2024).
Sep 28, 2023
1,839 words in the original blog post.
Cloudflare has partnered with Microsoft Edge to provide a fast and secure VPN directly within the browser. The "Edge Secure Network" is available on the latest version of Microsoft Edge in most markets and comes with 5GB of data for free. Cloudflare's Privacy Proxy Platform uses HTTP CONNECT, a method defined by the HTTP standard that proxies traffic through an established tunnel to ensure privacy. When enabled, users can maintain geolocation-based browsing results without sacrificing their privacy. This partnership aims to bring more private and secure browsing options for Edge users.
Sep 28, 2023
1,034 words in the original blog post.
Cloudflare has announced changes to its Workers serverless platform's pricing model, moving from a request-based pricing system to one based on CPU time for each Worker function execution. This change aims to address the issue of surprise bills and provide more predictable costs for developers building serverless applications. The new pricing will allow users to set a maximum limit on CPU time for individual Workers as an added cost control measure, ensuring that they won't be charged excessively even if there is an error or performance issues with their code.
In addition, Cloudflare introduced the Hibernation API for Durable Objects to help users avoid being billed for idle connections when clients are connected but not actively using them. This feature allows developers to maintain open WebSocket connections while "hibernating" Durable Objects, which helps prevent unnecessary costs without impacting application performance.
New Workers pricing will be available starting October 31, 2023, for individual projects on accounts that choose to opt-in. Newly created projects will default to new pricing, and existing users have until March 1, 2024 (or the end of their Enterprise contract), whichever comes later, to switch over at their convenience. Cloudflare is seeking feedback from developers about this change through a survey on their website.
Sep 28, 2023
2,530 words in the original blog post.
The Cloudflare Browser Rendering API allows developers to automate responsive web design testing using Puppeteer, a Node.js library that provides a high-level API to control Chrome or Chromium over the DevTools Protocol. The service can be customized with less than a hundred lines of code and incorporated into a CI pipeline for automated testing. The pricing is based on two usage metrics: number of sessions (browser instances) and number of concurrent sessions. Developers are encouraged to use Durable Objects for session re-use to improve performance and cut down on the number of concurrent sessions needed, which can also help reduce costs when using this API. Cloudflare is currently accepting signups for access to the Browser Rendering API through their waitlist.
Sep 28, 2023
1,114 words in the original blog post.
This year, the Web-interoperable Runtimes Community Group (WinterCG) has reached a milestone in developing the connect() sockets API for creating outbound TCP connections across various runtimes and platforms, including Node.js. Cloudflare and Vercel engineers have published a draft specification along with a compatible implementation of the connect() API for developers to use today. This new standard aims to address compatibility issues and make it easier for maintainers of open-source libraries by replacing callback-based node:net and node:tls APIs. The proposed Promise-based API is designed based on feedback from the JavaScript community, reusing existing standards when possible. It uses ReadableStream and WritableStream for data transfer. A Node.js implementation of connect() has been released to help open-source library maintainers adopt the new standard without maintaining runtime-specific code. The draft specification is now available for feedback before contributing a direct implementation in Node.js.
Sep 28, 2023
873 words in the original blog post.
Cloudflare co-founders Matthew and Michelle have published their annual founders' letter, which includes a poem written by an AI using Workers AI on Cloudflare's global network. The code uses the Meta Llama 2 model with 7B parameters and 8-bit integers and is deployed on Workers AI. Users can interact with this AI to generate poems based on prompts. In one example, a poem contrasting "connectivity cloud" and "captivity cloud" was generated using Elizabethan English or in the style of Lord Byron. Cloudflare encourages others to explore building applications using Workers AI.
Sep 27, 2023
766 words in the original blog post.
Cloudflare Workers has announced support for WebGPU, a new API that allows developers to access GPU resources directly in the browser. This move follows Cloudflare’s previous collaboration with Mozilla and other technology companies on the development of this new standard. WebGPU aims to address some issues with current APIs like OpenGL or Direct3D, making it easier for developers to use GPUs across different browsers and platforms without worrying about compatibility issues.
Cloudflare Workers will be using WebGPU in their Durable Objects feature which allows workers to maintain state over time and communicate with each other efficiently. This new GPU support will allow compute-intensive tasks, such as machine learning inferencing, to be executed more quickly by harnessing the power of GPUs. The company has shared a demo using WebGPU in combination with Workers and ONNX runtime, an open-source high-performance ML inferencing accelerator, for image classification on the browser.
Cloudflare plans to merge the workerd WebGPU code into their production environment soon, making it available globally as part of their growing GPU nodes fleet. They believe that this new feature will enable developers to build even more powerful and efficient applications using Cloudflare Workers.
REFERENCES:
1. [Cloudflare blog post](https://blog.cloudflare.com/introducing-webgpu-support-for-workers/)
2. [WebGPU specification](https://www.w3.org/TR/2022/WD-webgpu-20220510/)
3
Sep 27, 2023
2,823 words in the original blog post.
Cloudflare announces its new AI platform for serverless inference with Workers AI, a vector database called Vectorize, an AI Gateway for caching, rate limiting and visibility into AI deployments, the availability of Llama 2 models on Workers AI, collaboration with Hugging Face to provide optimized models at developers' fingertips, partnership with Databricks, compliance-friendly AI, budget-friendly AI, and privacy-friendly AI. The platform aims to create a seamless experience for developers as they build AI applications across various locations along the spectrum of device, edge, and centralized cloud.
Sep 27, 2023
2,076 words in the original blog post.
Introducing Vectorize, a vector database for Cloudflare Workers that enables semantic search using precomputed embeddings from any text or embedding API, including Workers AI and OpenAI's Embedding API. With pricing based on the total number of vector dimensions queried and stored, it aims to provide predictable costs without limiting features like per-index analytics and sub-index filtering capabilities. Vectorize is currently in open beta for all Cloudflare Workers developers with a paid plan, allowing them to start building semantic search applications immediately. The tutorial on how to combine OpenAI's Embedding API and Vectorize showcases an example of using the database for document search, while other use cases include enhancing large language models (LLMs) by giving them more context or providing multilingual capabilities through the BYO embeddings feature that supports popular embedding APIs like Cohere. Developers can join a dedicated Discord channel to discuss their ideas and get support from Cloudflare's product and engineering teams for building on Workers AI.
The announcement of Vectorize as an addition to the existing suite of tools available in the serverless computing environment provided by the article mentions about other upcoming changes like introducing sub-index filtering capabilities, increased metadata limits.
CloudflareVectorize (coming soon) - (total queried dimensions inclu) :```
SUMMARY:
Cloudflare Workers AI Vector Database Semantic Search Pricing Predictability BYO Embeddings Indexes Large Language Models OpenAI Cohere Metadata Limits Latency Beta Cloudflare Workers AI Semantic Search Precomputed Embeddings Workers Paid Plans Discord Channels Product Engineering Support
Sep 27, 2023
2,900 words in the original blog post.
Cloudflare has announced a beta version of their AI Gateway, designed to improve observability, reliability, and scalability for AI applications. The gateway acts as an intermediary between the application and used AI APIs (such as OpenAI), caching responses, limiting requests, and offering analytics for monitoring usage. Developers can integrate with Cloudflare's AI Gateway by replacing API URLs in their code with unique endpoints provided by the platform. This solution currently supports model providers such as OpenAI, Hugging Face, and Replicate, with plans to add more. The gateway allows developers to define fallback models and handle request retries for improved resiliency. In addition to core features, Cloudflare intends to expand AI Gateway's capabilities to include usage alerts, jailbreak protection, dynamic model routing with A/B testing, and advanced cache rules.
By using the AI Gateway, developers can build full-stack AI applications within the Workers ecosystem, deploying their work on Cloudflare's platform and utilizing tools such as Vectorize to store vector embeddings. Future use cases for AI Gateway include enterprise solutions that allow organizations to monitor how employees utilize AI systems while applying access policies and data loss prevention strategies to ensure user privacy and security.
Cloudflare aims to help people build and use applications, accelerating the adoption and development of AI with greater control and visibility through their AI Gateway solution. Developers can try out AI Gateway by visiting the Cloudflare dashboard and providing feedback on their experience.
Sep 27, 2023
1,254 words in the original blog post.
Cloudflare has partnered with Hugging Face to make AI models more accessible and affordable for developers by offering three key features: serverless GPU models on Hugging Face, popular Hugging Face optimized models in Cloudflare's model catalog, and Cloudflare integrations as a part of Hugging Face's Inference solutions. With over 500,000 models hosted on the platform and serving more than one million model downloads daily, Hugging Face is a go-to destination for developers to integrate AI into their applications. The partnership aims to provide familiar models within the Cloudflare developer experience and enable serverless GPU inference solutions for Hugging Face users. Both companies share a commitment to building the best possible experiences for developers as they work on innovative AI projects.
Sep 27, 2023
546 words in the original blog post.
Today we are excited to announce that several innovative companies have chosen Cloudflare as their platform to power AI-based applications and websites. These startups, including Causaly, Chainfuse, ai.moda, Kami, 6sense, Hidden, Neurolabs, Nanonets, Tangent, VergeGenomics, Vybe Network, Foresight, GiftFox, and others, are building on Cloudflare to leverage our powerful serverless platform Workers.
We will be highlighting some of these companies in more detail below:
1. Causaly is a London-based startup that uses AI technology to help pharmaceutical researchers identify hidden connections between diseases and potential treatments. They have built their application on top of Cloudflare's serverless platform Workers, which enables them to scale their infrastructure seamlessly as they continue to grow.
2. Chainfuse is a San Francisco-based startup that provides a multichannel AI platform for organizations to collect and analyze user feedback at scale. They have chosen to use Cloudflare’s range of security solutions such as WAF, API Shield, Zero Trust Gateway, and Durable Objects to secure their applications and employees from malicious attacks.
3. ai.moda is a startup building multiple AI tools with a focus on helping bridge humans, developers, and machines together. They are using Cloudflare's serverless platform Workers to create SaaS services at scale and cost-effectively.
4. Kami is an online whiteboard that allows users to collaborate in real time. They have built their application on top of Cloudflare’s powerful infrastructure, which enables them to scale their website quickly as they continue to grow their user base.
5. 6sense is a San Francisco-based startup that provides predictive marketing and sales solutions using AI technology. They are leveraging Cloudflare's serverless platform Workers to build a high-performance application for their customers.
These startups have chosen Cloudflare because of our powerful serverless products, scalability, and security features such as Zero Trust platform that enables them to secure both production but also the lower environments including secured access to internal systems and apps.
We are excited to see what these innovative companies will achieve with Cloudflare's powerful infrastructure and look forward to seeing more AI-based applications built on our serverless platform Workers in the future. 🚀```
Sep 27, 2023
2,152 words in the original blog post.
Cloudflare has announced Cloudflare Workers AI, a platform that enables developers to build, train, deploy, and manage AI models directly on its global network. This new offering aims to address the limitations of running AI inference solely on devices or centralized public clouds by providing GPU resources across Cloudflare's connectivity cloud. By year-end 2024, nearly every city where Cloudflare operates will have inference-tuned GPUs deployed within milliseconds of most internet-connected devices worldwide. This new platform promises to bring affordable and powerful AI capabilities to anyone, anywhere on Earth while respecting user privacy and security. The introduction of Workers AI highlights Cloudflare's continued efforts to revolutionize the way modern applications are developed and improve the future of the Internet.
Source: https://blog.cloudflare.com/workers-ai/```
Sep 27, 2023
1,466 words in the original blog post.
Cloudflare has introduced a feature called "IPv4-to-IPv6 NAT" that allows website owners to serve traffic over IPv6, even if their origin server only supports IPv4. This can help users save costs on purchasing additional public IPv4 addresses and ensure seamless connectivity for users without breaking the bank. Cloudflare's network is built to support both protocols (dual-stack), making it easier for website owners to transition to IPv6 while still serving some traffic over IPv4 if needed. By using this feature, websites can avoid paying Amazon extra fees for IPv4 usage. ⬆️
```
Sep 26, 2023
1,542 words in the original blog post.
Cloudflare has announced the open beta of "Sippy", an incremental migration service that transfers data from S3 (with other cloud providers planned) to R2 as it is requested, avoiding large upfront transfer fees and allowing for selective data migration. The process involves creating a new R2 bucket if necessary and enabling Sippy via the API. This beta release serves as the first step towards providing configurable incremental migration options directly from the Cloudflare dashboard along with analytics to track progress and cost savings.
Sep 26, 2023
642 words in the original blog post.
Introducing Cloudflare Radar notifications, a new feature that enables users to receive automatic updates about traffic anomalies, confirmed Internet outages, BGP route leaks, and BGP origin hijacks. Users can subscribe to these notifications by creating an account on the Cloudflare dashboard or logging in if they already have one. Notification messages include key information like event type, affected entities, and start time, and are available via email and webhooks for integration into tools like Slack. This feature aims to provide timely knowledge about Internet events that may be of interest to customer service agents, network administrators, and civil society organizations. Cloudflare encourages users to visit Radar on the dashboard, set up notifications, and share feedback to help improve the system.
Sep 26, 2023
1,839 words in the original blog post.
The connectivity cloud is a network solution that provides secure, low-latency, infinitely scalable connectivity between every user, application, and infrastructure in an enterprise digital environment. It offers integration, programmability, platform intelligence, and simplicity to manage various security and IT needs effectively. Cloudflare's connectivity cloud helps businesses like Conrad Electric, Carrefour, and Canva address their challenges related to secure access, securing applications, and application development at the network edge.
Sep 26, 2023
1,577 words in the original blog post.
Cloudflare is merging its Cloudflare Images and Image Resizing products on November 15th, 2023. The combined product will offer storage, optimization, and delivery features in one package. Pricing changes include billing $0.50 per 1,000 unique transformations for non-Cloudflare stored images to provide more predictable costs. Existing Image Resizing customers can continue using the legacy version or opt into the new pricing model with the merged Cloudflare Images product. The move aims to simplify products and offer transparent and predictable pricing for users.
Sep 26, 2023
935 words in the original blog post.
This article explains how Cloudflare detects Internet disruptions by analyzing Internet traffic data from various sources. The main challenge in this task is the heterogeneity of time series and presence of artifacts, which can affect the accuracy of anomaly detection algorithms. To overcome these challenges, Cloudflare developed a method that involves computing Euclidean distances to find most similar 24-hour periods for a reference day, selecting the top six closest matches based on the last 28 days (plus the reference day), and using median traffic volume as forecasted data. The algorithm also incorporates rules for relative change in actual vs. forecasted traffic, sustained anomaly detection, point anomaly detection, and closing an anomaly event. This approach has been effective at detecting traffic anomalies while keeping a low false positive rate, and Cloudflare will continue refining the algorithm to cover more use cases in the future.
Sep 26, 2023
3,707 words in the original blog post.
Cloudflare has expanded its list of available roles from 1 to over 60 in order to improve user management and security within accounts. Roles are a set of permissions that allow access to specific capabilities or job functions within the platform. Users can be assigned these roles at different levels such as account, zone, or token level based on their needs. This flexibility helps organizations manage access control more effectively while maintaining security standards. Cloudflare plans to continue improving its user management features by adding new roles and scopes in the future.
Sep 25, 2023
1,290 words in the original blog post.
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we're joining the SBTi)
Cloudflare commissioned an independent report by Analysys Mason which found that migrating enterprise network services from on-premises devices to Cloudflare's cloud platform can reduce carbon emissions up to 96%. The majority of these gains come from consolidating services, increasing the utilization of servers providing multiple network functions. Cloudflare has applied for membership in the Science Based Targets initiative (SBTi) to set science-based carbon reduction targets across its operations, facilities, and supply chain, aligning with the Paris Climate Agreement goal of limiting global warming to 1.5 degrees above pre-industrial levels.
Sep 25, 2023
1,226 words in the original blog post.
Cloudflare announces Incident Alerts to provide transparent and proactive alerting during incidents. Available via email, webhook, or PagerDuty, these notifications can be customized to prevent notification overload and are accessible in the Cloudflare dashboard for free account holders. This service aims to improve communication with customers by offering push notifications about incidents affecting their services without requiring programmatic efforts on their end. Incident Alerts can be filtered by specific services, impact levels, and more, allowing users to tailor alerts based on their needs and preferences.
Sep 25, 2023
826 words in the original blog post.
Cloudflare is introducing a new feature called Cloudflare Fonts that allows websites to serve Google fonts from their own domain instead of using Google servers, improving both data privacy and website speed. This is achieved by rewriting the HTML as it passes through Cloudflare's global network, embedding the CSS response, performing font URL transformations within the embedded CSS, and caching these modified responses in Cloudflare's infrastructure. The new module called ROFL (Response Overseer for FL), written entirely in Rust, powers various Cloudflare products that need to alter HTML as it streams and allows for fast and safe HTML rewrites. Cloudflare Fonts will be available to all Cloudflare customers in October.
Sep 25, 2023
1,395 words in the original blog post.
Stream Live introduces a closed beta for Low Latency HTTP Live Streaming (LL-HLS), an extension of the high-quality, feature-rich HTTP Live Streaming protocol. LL-HLS aims to reduce latency in live streaming by delivering video content faster and decreasing the time it takes for viewers to see broadcasted material on their screens. This update enables more interactive features like chat and allows the use of live streaming in applications that require real-time responses, such as e-learning, sports events, gaming tournaments, and other time-sensitive events. LL-HLS is priced at $1 per 1,000 minutes delivered with no extra charges for encoding or bandwidth. The technology is powered by Cloudflare's global network to ensure fast delivery worldwide.
Sep 25, 2023
873 words in the original blog post.
Cloudflare has introduced Cloudflare Trace, an innovative tool available to all customers that provides insights into how HTTP requests traverse their zone's configuration and what Cloudflare rules are being applied to the request. This new feature aims to demystify the journey of web traffic through the complex Cloudflare ecosystem for its users. Cloudflare Trace allows users to set various parameters, enabling them to tailor their trace according to specific needs. The tool visualizes products matched on a request, such as Configuration Rules, Transform Rules, and Firewall Rules, along with details of filters and actions undertaken by the rules. It also generates a programmatic version for use via command line tools like jq. Cloudflare Trace has been available via API for nine months and has already proven useful in addressing customer issues. In the coming months, additional features such as scheduling and alerts will be added to enhance its functionality further.
[Reference](https://blog.cloudflare.com/introducing-cloudflare-trace/)
Sep 25, 2023
1,373 words in the original blog post.
Traffic Manager is an integral part of the Cloudflare network that ensures uptime and reliability for products by constantly measuring system health metrics, redistributing traffic to avoid overloading data centers, and reverting actions as needed. It uses available CPU time to determine how much traffic can be moved between data centers based on their capacity and latency. Traffic Manager allows Cloudflare's Browser Isolation product to predict reliability issues and preemptively move the service elsewhere for better user experience. The system operates faster than human intervention, ensuring a reliable network infrastructure that keeps all products online and fast at all times. To join the team responsible for Traffic Manager, check out the open position on Cloudflare's Careers page.
Sep 25, 2023
4,796 words in the original blog post.
Cloudflare celebrates its 13th anniversary with Birthday Week, highlighting its achievements and future plans. Some key points include working towards a more widespread use of IPv6, improving privacy with Turnstile technology, exploring AI's role in applications and the network, introducing new products like Hyperdrive, focusing on speed optimization for better Internet performance, and addressing climate change impacts and commitments.
Sep 24, 2023
558 words in the original blog post.
This case study analyzed the email traffic coming into a dummy email address "exmaple.com" over a period of five months, starting from January 2023. The results shed light on various aspects of email usage and misuse. It found that emails sent to this dummy account can be categorized into several groups: legitimate, spam, malicious, and typo-related. The majority of emails were related to typos or accidental sending errors by users. No major security incidents occurred during the observation period.
The analysis also revealed insights about the domain "example.com," which is commonly used in examples for teaching purposes. It showed that this domain has been consistently popular since 2022, receiving billions of DNS queries daily. On the other hand, emails sent to the incorrect address "exmaple.com" received significantly fewer DNS queries (around 40k per day).
The case study underscored the importance of human error prevention in maintaining secure and reliable communication systems. While some mistakes may be harmless, others could lead to serious security breaches if not addressed properly.
Sep 22, 2023
3,194 words in the original blog post.
CrowdStrike and Cloudflare have announced an extended partnership to integrate Cloudflare Email Security with CrowdStrike Falcon LogScale. This integration enables joint customers using both services to send detection data for visualization and querying within their Falcon LogScale dashboard, providing valuable insights and identifying security threats or anomalies. The integration supports log ingestion from various sources, real-time search capabilities, customizable dashboards, and visualizations for efficient monitoring and securing environments. Cloudflare Email Security allows users to configure which events are sent to Falcon LogScale, while the Falcon LogScale marketplace provides a parser for field extraction and out-of-box content through a dashboard. The partnership aims to expand integration of Cloudflare products with Falcon LogScale in the future.
Sep 21, 2023
671 words in the original blog post.
Cloudflare's Waiting Room solution uses a sophisticated approach to queue users attempting to access a website when there is high traffic or potential overload on servers, preventing crashes and downtime. The system divides available slots among the company's workers across data centers worldwide based on real-time utilization levels. Initially, they evenly divided these slots; however, this led to some queuing happening too early at a data center and potentially exceeding customer set limits during sudden spikes in traffic after periods of low utilization.
To address these issues, Cloudflare implemented "counters" as part of the Waiting Room system that help manage synchronization between workers and ensure that decisions about whether to grant access or queue users are made with minimal latency at the right time. Counters divide available slots among data centers based on real-time traffic patterns, avoiding early queuing while still respecting customer set limits. This approach has been successful in maintaining website performance without compromising user experience due to negligible added latency for new users trying to access a site during high traffic periods.
Cloudflare continues to refine the Waiting Room system by learning from different types of traffic patterns and adapting their approach accordingly, ensuring optimal protection for customer websites.
Sep 20, 2023
5,301 words in the original blog post.
Rate limiting rules are crucial for managing security threats such as volumetric attacks, spamming, and abuse. A new analytics experience has been introduced along with a throttle behavior feature for Enterprise rate limiting plans. This enhances the control over IP addresses exceeding predefined request thresholds by selectively dropping requests to maintain the specified threshold while minimizing impact on legitimate traffic. Customers can now define scopes and rates, validate their choices using sampled logs, and create rules with various actions and behaviors for maximum protection against security threats.
Sep 19, 2023
1,519 words in the original blog post.
Cloudflare has introduced new features to its Page Shield offering, aimed at enhancing the security of websites by mitigating risks associated with third-party JavaScript (JS). The upgrades include better policy suggestions and full support for all major Content Security Policy (CSP) directives.
Page Shield is designed to protect businesses against supply chain attacks, client-side data leaks, and malicious behavior from untrusted or compromised scripts. It provides a way to create and manage CSPs directly within the Cloudflare dashboard.
The new policy suggestions engine offers a more intuitive interface for building and deploying Page Shield policies, with full support for both script-src (Scripts) directive and connect-src (Connections) directive. It also allows users to specify the scope of their CSPs by only allowing them on specific pages or sections of their websites.
Furthermore, all major CSP directives are now supported by Page Shield, although suggestions are currently limited to script-src and connect-src. The system can parse existing CSP policies pasted into the policy interface, making it easier for users to migrate from other systems or configurations.
Additionally, improved violation reporting shows which directive is causing potential issues when a Page Shield policy is deployed. Domain insights have also been added, providing details such as WHOIS info and any categorizations available for any given domain.
To use the new features, users need to be on the Pro plan or higher with the Page Shield enterprise add-on enabled. Existing customers can access these updates in their dashboard immediately.
Source: https://blog.cloudflare.com/csp-directives-and-policy-suggestions/```
SUMMARY:
Cloudflare's Page Shield offering has been upgraded with new features, including better policy suggestions and full support for all major Content Security Policy directives.
Sep 15, 2023
1,840 words in the original blog post.
The text narrates the career journey of an individual who started in biotechnology before moving on to work with Amazon's AWS, Tableau, and now Cloudflare. They emphasize their passion for scaling companies, building talent strategies, promoting diverse and inclusive workplaces, and fostering healthy company cultures. They were drawn to Cloudflare due to its transformative technology in the tech industry, strong values of customer and employee focus, and a culture that is both innate and carefully nurtured by leaders. In their new position at Cloudflare, they aim to learn about the company's people-first culture and align their work within the People team accordingly.
Sep 13, 2023
660 words in the original blog post.
Cloudflare has announced that its Load Balancing service now supports private IP addresses. This integration enables organizations to deploy load balancers while keeping their applications securely shielded from the public Internet, using Cloudflare Tunnels and private IP support. The new feature is designed to simplify the process of managing web traffic across multiple data centers or servers by consolidating network architecture into a single lens for both Global Traffic Management (GTM) and Local Traffic Manager (LTM). This innovative solution provides enhanced security, privacy, and performance, while reducing complexity, lowering operational overhead, and facilitating efficient resource allocation. Cloudflare's commitment to providing cutting-edge tools that prioritize security, privacy, and performance underscores the company's dedication to empowering businesses with the tools they need to succeed in today's digital landscape.
Sep 08, 2023
2,983 words in the original blog post.
As data sprawl continues to grow and evolving regulatory standards put more pressure on security teams, organizations must adapt their approaches for addressing modern data risks. Data protection has become an increasingly complex task with the proliferation of cloud services, remote work environments, and sophisticated cybersecurity threats. Organizations are now faced with the challenge of protecting sensitive information while maintaining agility and productivity in a rapidly changing landscape.
To address these evolving data protection needs, many organizations are turning to unified security solutions that integrate various security controls into a single platform. This approach simplifies security management by providing a consolidated view of risk across an organization's entire IT environment. Additionally, it enables more efficient and effective use of limited security resources.
One such solution is Cloudflare One, which offers comprehensive data protection capabilities through its unified data protection suite. With this platform, organizations can secure AI tools and developer code, gain visibility into unsanctioned app usage, enforce multi-factor authentication (MFA) for regulatory compliance, and more. By leveraging Cloudflare's global network architecture, customers can ensure that their security controls are both fast and reliable while minimizing disruptions to work productivity.
In conclusion, modern data risks require innovative approaches to protect sensitive information effectively. Unified security solutions like Cloudflare One offer a promising path forward by consolidating multiple security services into one platform with a single control plane. As businesses continue to adapt their strategies for addressing evolving data protection needs, these types of integrated security solutions will likely play an increasingly important role in helping organizations stay secure and compliant in the face of ever-growing threats.
Sep 07, 2023
1,864 words in the original blog post.
"Cloudflare has announced new features for its Data Loss Prevention (DLP) and Cloud Access Security Broker (CASB) services, part of the company's broader Cloudflare One suite. The enhancements aim to simplify security workflows and improve visibility across data environments, including file sharing and SaaS applications like Google Workspace, Microsoft 365, and GitHub.
Among the new features are:
- Enhanced detection capabilities for sensitive data types, such as financial information, personal identifiers, and source code.
- Expanded predefined DLP profiles to cover more types of sensitive data.
- Deepened detection through context analysis that reduces false positives by analyzing proximity keywords.
- File type control, allowing scans to be limited to specific file types.
- Improved logging details for higher fidelity insights into individual files and their payloads.
- Integration with more SaaS applications, such as chat tools.
- Convergence of CASB and DLP functionality for scanning sensitive data in SaaS apps like Google Workspace.
Cloudflare also previewed some upcoming capabilities on the data protection suite roadmap, including:
- Exact Data Matching with custom wordlists to improve search precision.
- Predefined profiles to detect developer source code and protected health information (PHI).
- Convergence of API-driven CASB & DLP for data-at-rest protections in Microsoft 365 and GitHub.
- Introduction of a risk score based on user behavior and activities detected across Cloudflare One's services, allowing organizations to control access to sensitive data and applications based on changing risk factors."
Sep 07, 2023
1,649 words in the original blog post.
The Internet's Domain Name System (DNS) is one of the most critical components that enable web browsing. It's used by clients to discover and resolve IP addresses for requested hostnames. However, DNS queries can expose client metadata such as which websites a user is visiting or interacting with, to network eavesdroppers.
One of the ways in which modern browsers attempt to protect this information from being exposed over plaintext UDP/TCP connections on port 53 is by implementing Encrypted Client Hello (ECH) and DNS over HTTPS (DoH), but these do not completely solve the problem as there are other sources of metadata leakage.
A more effective way to minimize such metadata leaks can be achieved using HTTP/2 ORIGIN Frames, which allow a server to specify that it is acting on behalf of another hostname when serving resources for a client's web page load request. By doing so, clients can coalesce multiple connections into one, thereby reducing the number of DNS queries and TLS handshakes needed, while also minimizing the exposure of cleartext DNS information to network observers.
In a recent study by researchers at Cloudflare, they found that by enabling ORIGIN Frames for resources from their cdnjs CDN service on over 5000 websites, they were able to achieve up to a 50% reduction in new TLS connections per second and a 60% decrease in DNS queries.
These results highlight the potential benefits of adopting ORIGIN Frames for enhancing both performance and privacy in today's Internet ecosystem. To further promote their use, server operators are encouraged to add support for HTTP/2 ORIGIN Frames on their endpoints.
Sep 04, 2023
3,190 words in the original blog post.
The Workers Tail feature was developed to provide developers with real-time information on their applications in production. It enables users to view requests, exceptions, and other crucial data, allowing quick debugging of issues reported by users. Initially limited to Workers receiving 100 requests per second (RPS) or less, the scalability limitation has been addressed by enhancing Tail's performance at high loads.
The first improvement involved moving filters out of the Durable Object and into the message producer. This prevented any filtered messages from reaching the Tail Durable Object, reducing its load. The second enhancement added a safety mechanism for the Durable Object during its operation. A simple controller was created to track RPS hitting the Durable Object, sampling messages until the desired volume of 100 RPS is reached. Finally, a failsafe mechanism was introduced in case the Durable Object gets overloaded due to an extremely high volume of traffic.
These improvements have made it possible for Tail to reach new limits and scale according to users' needs. The enhanced feature is now available to all users, allowing them to monitor their applications more effectively. Users can tail Workers through the Cloudflare dashboard by logging in, navigating to their Worker, and clicking on the Logs tab. For those using Wrangler CLI, a new Tail can be started by running "wrangler tail". In addition to Live logs provided by Tail, users may also push log events to additional destinations for a historical view of their application's performance with Logpush or gain more insight and control over log messages and events themselves using Tail Workers.
Sep 01, 2023
948 words in the original blog post.