How Cloudflare mitigated yet another Okta compromise
How Cloudflare mitigated yet another Okta compromise2023-10-20 This post is also available in 简体中文, 繁體中文, 日本語 and 한국어. On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance. While this was a troubling security incident, our
Welcome to Wildebeest: the Fediverse on Cloudflare
Welcome to Wildebeest: the Fediverse on Cloudflare2023-02-08 The Fediverse has been a hot topic of discussion lately, with thousands, if not millions, of new users creating accounts on platforms like Mastodon to either move entirely to "the other side" or experiment and learn about this new social network. Today we're introducing Wildebeest, an open-source, easy-to-deploy ActivityPub and Mastodon-
CloudflareのサーバーはもうIPを所有していません。では、どのようにインターネットに接続しているのでしょうか?
データセンター内のIP共有サーバー間でIPを共有するという考え方は新しいものではありません。ルーター上のSource-NATで実現してきた方法です。残念なことに、必要なエグレスIPの数が非常に多く、また運用のサイズも大きいため、ルーターレベルでステートフルファイアウォールまたはNATに依存できません。また、当社は共有状態を好まないので、NATの分散インストールは避けたいところです。 代わりに選択したのは、ポート範囲によるサーバー間におけるエグレスIPの分割です。特定のエグレスIP に対して、各サーバーは使用可能な送信元ポートのごく一部(ポートスライス)を所有します。 インターネットからリターンパケットが届くと、それを正しいマシンに戻すルーティングをしなければなりません。このタスクのために、L4 XDPベースのロードバランサーである "Unimog "をカスタマイズしました。当社のL4 XD
開発者ウィーク(それと開発者ウィーク2022)へようこそ
CloudflareのS-1ドキュメントには、次のような言葉で始まるセクションがあります。「インターネットは、今あるもののために作られたのではない」この一文は、実験から始まったインターネットが、今や私たちの日常生活や仕事に欠かせない存在として開花したという考えを表現しています。そして、設計通りのインターネットだけでなく、セキュリティやパフォーマンス、プライバシーなど、より多くのものが必要とされているということです。 クラウドについても同じことが言えます。クラウドは、どうなるべきかということを想定して設計されたものではありませんでした。 Amazon EC2のようなサービスの登場は、サーバーやストレージシステムをラック単位で購入・設置し、それをメンテナンスするという以前のやり方からすれば、間違いなく大きな改善となったでしょう。 しかし、クラウドはその性質上、旧来の現実世界のインフラを仮想化し
Automate an isolated browser instance with just a few lines of code
Automate an isolated browser instance with just a few lines of code2022-11-16 If you’ve ever created a website that shows any kind of analytics, you’ve probably also thought about adding a “Save Image” or “Save as PDF” button to store and share results. This isn’t as easy as it seems (I can attest to this firsthand) and it’s not long before you go down a rabbit hole of trying 10 different librarie
Web相互運用性JavaScriptランタイムコミュニティグループ
本日、CloudflareはVercel、Shopify、およびNode.jsとDenoの両方の中心的な個々のコントリビューターと協力して、Webブラウザではない、JavaScriptベース開発環境で標準化Web APIを相互運用できる実装に焦点を当てた、新しいコミュニティグループの設立を発表いたします。 W3CおよびWeb Hypertext Application Technology Working Group(WHATWG)は、開発環境としての標準化APIとWebの機能を、長い間先頭に立って開発してきました。fetch()、ReadableStreamおよび WritableStream、URL、URLPattern、TextEncoder などのAPIは、現代のWeb開発における馴染みの、そして貴重なコンポーネントになりました。ただし、これら既存グループは常にWebブラウザの特定
Cloudflare outage on June 21, 2022
IntroductionToday, June 21, 2022, Cloudflare suffered an outage that affected traffic in 19 of our data centers. Unfortunately, these 19 locations handle a significant proportion of our global traffic. This outage was caused by a change that was part of a long-running project to increase resilience in our busiest locations. A change to the network configuration in those locations caused an outage
Cloudflare and StackBlitz partner to deliver an instant and secure developer experience
Cloudflare and StackBlitz partner to deliver an instant and secure developer experience2022-05-09 We are starting our Platform Week focused on the most important aspect of a developer platform — developers. At the core of every announcement this week is developer experience. In other words, it doesn’t matter how groundbreaking the technology is if at the end of the day we’re not making your job as
A Community Group for Web-interoperable JavaScript runtimes
Whenever one of the environments diverges from the standardized definition of the API (such as Node.js implementation of setTimeout() and setInterval()), clear documentation describing the differences will be made available. Such differences should only exist for backwards compatibility with existing code. Web Cryptography StreamsThe Web Cryptography API provides a minimal (and very limited) APIs
The next chapter for Cloudflare Workers: open source
The next chapter for Cloudflare Workers: open source2022-05-09 450,000 developers have used Cloudflare Workers since we launched. When we announced Cloudflare Workers nearly five years ago, we had no idea if we’d ever be in this position. But a lot of care, hard work — not to mention dogfooding — later, we’ve been absolutely blown away by the use cases and applications built on our developer platf
In 2021, the Internet went for TikTok, space and beyond
In 2021, the Internet went for TikTok, space and beyond Loading... This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch. The years come and go, Internet traffic continues to grow (at least so far and with some ‘help’ from the pandemic), and Internet applications, be they websites, IoT devices or mobile apps, continue to evolve throughout the year, depending on if they attract human beings.
CVE-2021-44228 - Log4j RCE 0-day mitigation
This post is also available in 简体中文, 繁體中文, 日本語, 한국어. Update: all three WAF rules have now been configured with a default action of BLOCK. A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0
Workers Durable Objects Beta: A New Approach to Stateful Serverless
Workers Durable Objects Beta: A New Approach to Stateful Serverless2020-09-28 We launched Cloudflare Workers® in 2017 with a radical vision: code running at the network edge could not only improve performance, but also be easier to deploy and cheaper to run than code running in a single datacenter. That vision means Workers is about more than just edge compute -- we're rethinking how applications
Cloudflare Workers Announces Broad Language Support
Cloudflare Workers Announces Broad Language Support2020-07-28 We initially launched Cloudflare Workers with support for JavaScript and languages that compile to WebAssembly, such as Rust, C, and C++. Since then, Cloudflare and the community have improved the usability of Typescript on Workers. But we haven't talked much about the many other popular languages that compile to JavaScript. Today, we’r
Announcing Keyless SSL™: All the Benefits of CloudFlare Without Having to Turn Over Your Private SSL Keys
Announcing Keyless SSL™: All the Benefits of CloudFlare Without Having to Turn Over Your Private SSL Keys2014-09-18 CloudFlare is an engineering-driven company. This is a story we're proud of because it embodies the essence of who we are: when faced with a problem, we found a novel solution. Technical details to follow but, until then, welcome to the no hardware world. (Update: The post with the t
Details Behind Today's Internet Hacks
When I woke up this morning I had no idea I'd be on a video conference with CloudFlare, OpenDNS, Google, GoDaddy, Twitter tech folks all day — Rajiv Pant (@rajivpant) August 28, 2013 At 1:19pm (PDT) today, a researcher noticed that the New York Times' website wasn't loading. We know the New York Times tech team, so we sent an email to check in. A few minutes later, the CTO of the NYT called us bac
Staying on top of TLS attacks
CloudFlare makes extensive use of TLS connections throughout our service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints. Broadly there are three ways we use TLS: to handle HTTPS connections from web browsers visiting web sites that use CloudFlare, to make HTTPS
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Unlocking new use cases with 17 new models in Workers AI, including new LLMs, image generation models, and more | The Cloudflare Blog
Amazon’s $2bn IPv4 tax — and how you can avoid paying it
New OpenSSL vulnerabilities: CloudFlare systems patched