CloudFlare and Gandi have been hosting a speaker series on DNS, previously bringing in the founder of DNS Paul Mockapetris and Dan Kaminsky, who uncovered one of the most critical vulnerabilities in DNS. Our third and final talk is coming up on June 21st at 6PM PST at the Gandi office in San Francisco (live […]
Archive by Author
Secure and fast GitHub Pages with CloudFlare
GitHub offers a web hosting service whereby you can serve a static website from a GitHub repository. This platform, GitHub Pages, can be used with CloudFlare whilst using a custom domain name. In this tutorial, I will show you how to use CloudFlare and GitHub together. By taking advantage of CloudFlare’s global network, you can […]
Supporting the transition to IPv6-only networking services for iOS
Early last month Apple announced that all apps submitted to the Apple Store June 1 forward would need to support IPv6-only networking as they transition to IPv6-only network services in iOS 9. Apple reports that “Most apps will not require any changes”, as these existing apps support IPv6 through Apple’s NSURLSession and CFNetwork APIs. Our […]
The Sleepy User Agent
From time to time a customer writes in and asks about certain requests that have been blocked by the CloudFlare WAF. Recently, a customer couldn’t understand why it appeared that some simple GET requests for their homepage were listed as blocked in WAF analytics. A sample request looked liked this: GET / HTTP/1.1 Host: www.example.com […]
How we built Origin CA: Web Crypto
At CloudFlare we strive to combine features that are simple, secure, and backed by solid technology. The Origin CA is a great example of this. You no longer need to go to a third-party certificate authority to protect the connection between CloudFlare and your origin server. You can now get a certificate to encrypt the […]
Inside ImageTragick: The Real Payloads Being Used to Hack Websites
Last week multiple vulnerabilities were made public in the popular image manipulation software ImageMagick. These were quickly named ImageTragick. Although a vulnerability in image manipulation software might not seem like a problem for web site owners it is in fact a genuine concern. CloudFlare quickly rolled out a WAF rule to protect our customers from […]
Yet Another Padding Oracle in OpenSSL CBC Ciphersuites
Yesterday a new vulnerability has been announced in OpenSSL/LibreSSL. A padding oracle in CBC mode decryption, to be precise. Just like Lucky13. Actually, it’s in the code that fixes Lucky13. It was found by Juraj Somorovsky using a tool he developed called TLS-Attacker. Like in the “old days”, it has no name except CVE-2016-2107. (I […]
Introducing CloudFlare Origin CA
Free and performant encryption to the origin for CloudFlare customers In the fall of 2014 CloudFlare launched Universal SSL and doubled the number of sites on the Internet accessible via HTTPS. In just a few days we issued certificates protecting millions of our customers’ domains and became the easiest way to secure your website with […]
Stronger protection and more control over security settings with CloudFlare’s new cPanel plugin
CloudFlare has released a new version of our plugin for cPanel with two new features and more control over the security settings of your website. The new plugin (v6.0) uses the latest cPanel PHP-based APIs, and is completely re-architected to make adding new features easier, allowing for more frequent updates. We’ve always focused on making […]
Lizard Squad Ransom Threats: New Name, Same Faux Armada Collective M.O.
CloudFlare recently wrote about the group of cyber criminals claiming to be be the “Armada Collective.” In that article, we stressed that this group had not followed through on any of the ransom threats they had made. Quite simply, this copycat group of cyber criminals had not actually carried out a single DDoS attack—they were […]
