On the 11th of January 1982 twenty-two computer scientists met to discuss an issue with ‘computer mail’ (now known as email). Attendees included the guy who would create Sun Microsystems, the guy who made Zork, the NTP guy, and the guy who convinced the government to pay for Unix. The problem was simple: there were 455 hosts on the ARPANET and the situation was getting out of control. This issue w
This post is also available in Deutsch, Français, 简体中文, 繁體中文, 日本語, 한국어, Español and ไทย. IntroductionToday, June 21, 2022, Cloudflare suffered an outage that affected traffic in 19 of our data centers. Unfortunately, these 19 locations handle a significant proportion of our global traffic. This outage was caused by a change that was part of a long-running project to increase resilience in our busi
This post is also available in Français, Deutsch, Español, 简体中文, 日本語 and 繁體中文. We announced Cloudflare Workers in 2017, giving developers access to compute on our network. We were excited about the possibilities this unlocked, but we quickly realized — most real world applications are stateful. Since then, we’ve delivered KV, Durable Objects, and R2, giving developers access to various types of st
Understanding how Facebook disappeared from the Internet
Understanding how Facebook disappeared from the Internet10/04/2021 This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français, Español, Português, Pусский, and Italiano. The Internet - A Network of Networks“Facebook can't be down, can it?”, we thought, for a second. Today at 15:51 UTC, we opened an internal incident entitled "Facebook DNS lookup returning SERVFAIL" because we were worr
HTTP/3: the past, the present, and the future09/26/2019 This post is also available in 简体中文, 日本語, 한국어, Français, Español. During last year’s Birthday Week we announced preliminary support for QUIC and HTTP/3 (or “HTTP over QUIC” as it was known back then), the new standard for the web, enabling faster, more reliable, and more secure connections to web endpoints like websites and APIs. We also let
This post is also available in 简体中文, 繁體中文, 日本語, and 한국어. By reading this, you are a participant of the web. It's amazing that we can write this blog and have it appear to you without operating a server or writing a line of code. In general, the web of today empowers us to participate more than we could at any point in the past. Last year, we mentioned the next phase of the Internet would be always
This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français, Español and Português. At over thirty years old, HTTP is still the foundation of the web and one of the Internet’s most popular protocols—not just for browsing, watching videos and listening to music, but also for apps, machine-to-machine communication, and even as a basis for building other protocols, forming what some refer
Announcing Pub/Sub: Programmable MQTT-based Messaging
Announcing Pub/Sub: Programmable MQTT-based Messaging05/12/2022 This post is also available in 简体中文, 日本語, Español. One of the underlying questions that drives Platform Week is “how do we enable developers to build full stack applications on Cloudflare?”. With Workers as a serverless environment for easily deploying distributed-by-default applications, KV and Durable Objects for caching and coordin
We announced support for HTTP/3, the successor to HTTP/2 during Cloudflare’s birthday week last year. Our goal is and has always been to help build a better Internet. Collaborating on standards is a big part of that, and we're very fortunate to do that here. Even though HTTP/3 is still in draft status, we've seen a lot of interest from our users. So far, over 113,000 zones have activated HTTP/3 an
This post is also available in 简体中文, 日本語, Deutsch and Français. Two years ago today we announced 1.1.1.1, a secure, fast, privacy-first DNS resolver free for anyone to use. In those two years, 1.1.1.1 has grown beyond our wildest imagination. Today, we process more than 200 billion DNS requests per day making us the second largest public DNS resolver in the world behind only Google. Yesterday, we
Public keys are not enough for SSH security Loading... If your organization uses SSH public keys, it’s entirely possible you have already mislaid one. There is a file sitting in a backup or on a former employee’s computer which grants the holder access to your infrastructure. If you share SSH keys between employees it’s likely only a few keys are enough to give an attacker access to your entire sy
Introducing workerd: the Open Source Workers runtime09/27/2022 Today I'm proud to introduce the first beta release of workerd, the JavaScript/Wasm runtime based on the same code that powers Cloudflare Workers. workerd is Open Source under the Apache License version 2.0. workerd shares most of its code with the runtime that powers Cloudflare Workers, but with some changes designed to make it more p
While working on our Spectrum server, we noticed something weird: the TCP sockets which we thought should have been closed were lingering around. We realized we don't really understand when TCP sockets are supposed to time out! In our code, we wanted to make sure we don't hold connections to dead hosts. In our early code we naively thought enabling TCP keepalives would be enough... but it isn't. I
Data encryption at rest is a must-have for any modern Internet company. Many companies, however, don't encrypt their disks, because they fear the potential performance penalty caused by encryption overhead. Encrypting data at rest is vital for Cloudflare with more than 200 data centres across the world. In this post, we will investigate the performance of disk encryption on Linux and explain how w
Automate an isolated browser instance with just a few lines of code
Automate an isolated browser instance with just a few lines of code11/16/2022 If you’ve ever created a website that shows any kind of analytics, you’ve probably also thought about adding a “Save Image” or “Save as PDF” button to store and share results. This isn’t as easy as it seems (I can attest to this firsthand) and it’s not long before you go down a rabbit hole of trying 10 different librarie
In December, we announced the beta of Cloudflare Pages: a fast, secure, and free way for frontend developers to build, host, and collaborate on Jamstack sites. It’s been incredible to see what happens when you put a powerful tool in developers’ hands. In just a few months of beta, thousands of developers have deployed over ten thousand projects, reaching millions of people around the world. Today,
Starting today, Cloudflare’s API Gateway can protect GraphQL APIs against malicious requests that may cause a denial of service to the origin. In particular, API Gateway will now protect against two of the most common GraphQL abuse vectors: deeply nested queries and queries that request more information than they should. Typical RESTful HTTP APIs contain tens or hundreds of endpoints. GraphQL APIs
SAD DNS Explained
This week, at the ACM CCS 2020 conference, researchers from UC Riverside and Tsinghua University announced a new attack against the Domain Name System (DNS) called SAD DNS (Side channel AttackeD DNS). This attack leverages recent features of the networking stack in modern operating systems (like Linux) to allow attackers to revive a classic attack category: DNS cache poisoning. As part of a coordi
How we built Pingora, the proxy that connects Cloudflare to the Internet
How we built Pingora, the proxy that connects Cloudflare to the Internet09/14/2022 This post is also available in 简体中文 and 繁體中文. IntroductionToday we are excited to talk about Pingora, a new HTTP proxy we’ve built in-house using Rust that serves over 1 trillion requests a day, boosts our performance, and enables many new features for Cloudflare customers, all while requiring only a third of the CP
Today, Cloudflare is very excited to announce full support for HTTP/3 Extensible Priorities, a new standard that speeds the loading of webpages by up to 37%. Cloudflare worked closely with standards builders to help form the specification for HTTP/3 priorities and is excited to help push the web forward. HTTP/3 Extensible Priorities is available on all plans on Cloudflare. For paid users, there is
This post is also available in Deutsch, Français. When we announced D1 in May of this year, we knew it would be the start of something new – our first SQL database with Cloudflare Workers. Prior to D1 we’ve announced storage options like KV (key-value store), Durable Objects (single location, strongly consistent data storage) and R2 (blob storage). But the question always remained “How can I store
Welcome to Wildebeest: the Fediverse on Cloudflare02/08/2023 This post is also available in 简体中文 and 繁體中文. The Fediverse has been a hot topic of discussion lately, with thousands, if not millions, of new users creating accounts on platforms like Mastodon to either move entirely to "the other side" or experiment and learn about this new social network. Today we're introducing Wildebeest, an open-so
Cloudflareは12年前に創立されました。現在では、世界100か国を超える275都市以上にネットワークを展開するまでに成長しました。中小企業や個人開発者からフォーチュン500社の約30パーセントに至るまで、何百万ものお客様を抱えています。現在では、Webの20%以上がCloudflareのサービスに直接依存しています。 サービスの立ち上げ以来、時間の経過とともに当社のサービスははるかに複雑なものになりました。このような複雑さの中で、私たちはCloudflareのさまざまな機能が不正使用された場合の扱いについてポリシーを策定しました。Googleのような広範なプラットフォームが、検索、Gmail、YouTube、Bloggerに対して異なる不正利用ポリシーを設けているように、Cloudflareも新製品の導入に伴い、それぞれに不正利用に対するポリシーを策定してきました。 昨年、当社では
The next chapter for Cloudflare Workers: open source05/09/2022 450,000 developers have used Cloudflare Workers since we launched. When we announced Cloudflare Workers nearly five years ago, we had no idea if we’d ever be in this position. But a lot of care, hard work — not to mention dogfooding — later, we’ve been absolutely blown away by the use cases and applications built on our developer platf
A few months ago, after reading about Cloudflare doubling its intern class size, I quickly dusted off my CV and applied for an internship. Long story short: now, a couple of months later, I found myself staring into Linux kernel code and adding a pretty cool feature to gVisor, a Linux container runtime. My internship was under the Emerging Technologies and Incubation group on a project involving g
Cloudflare is free of CAPTCHAs; Turnstile is free for everyone
Cloudflare is free of CAPTCHAs; Turnstile is free for everyone09/29/2023 This post is also available in 简体中文, 繁體中文, 日本語 and 한국어. For years, we’ve written that CAPTCHAs drive us crazy. Humans give up on CAPTCHA puzzles approximately 15% of the time and, maddeningly, CAPTCHAs are significantly easier for bots to solve than they are for humans. We’ve spent the past three and a half years working to b
Cloudflare Workers Announces Broad Language Support07/28/2020 We initially launched Cloudflare Workers with support for JavaScript and languages that compile to WebAssembly, such as Rust, C, and C++. Since then, Cloudflare and the community have improved the usability of Typescript on Workers. But we haven't talked much about the many other popular languages that compile to JavaScript. Today, we’r
Oxy is Cloudflare's Rust-based next generation proxy framework
Oxy is Cloudflare's Rust-based next generation proxy framework03/02/2023 In this blog post, we are proud to introduce Oxy - our modern proxy framework, developed using the Rust programming language. Oxy is a foundation of several Cloudflare projects, including the Zero Trust Gateway, the iCloud Private Relay second hop proxy, and the internal egress routing service. Oxy leverages our years of expe
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
HTTP/2 Rapid Reset: deconstructing the record-breaking attack10/10/2023 This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español. Starting on Aug 25, 2023, we started to notice some unusually big HTTP attacks hitting many of our customers. These attacks were detected and mitigated by our automated DDoS system. It was not long however, before they started to reach record b
When the window is not fully open, your TCP stack is doing more than you think
When the window is not fully open, your TCP stack is doing more than you think07/26/2022 This post is also available in 简体中文 and 繁體中文. Over the years I've been lurking around the Linux kernel and have investigated the TCP code many times. But when recently we were working on Optimizing TCP for high WAN throughput while preserving low latency, I realized I have gaps in my knowledge about how Linux
This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español. ≈On April 1, 2018, Cloudflare announced the 1.1.1.1 public DNS resolver. Over the years, we added the debug page for troubleshooting, global cache purge, 0 TTL for zones on Cloudflare, Upstream TLS, and 1.1.1.1 for families to the platform. In this post, we would like to share some behind the scenes details and cha
Announcing connect() — a new API for creating TCP sockets from Cloudflare Workers
Announcing connect() — a new API for creating TCP sockets from Cloudflare Workers05/16/2023 Today, we are excited to announce a new API in Cloudflare Workers for creating outbound TCP sockets, making it possible to connect directly to any TCP-based service from Workers. Standard protocols including SSH, MQTT, SMTP, FTP, and IRC are all built on top of TCP. Most importantly, nearly all applications
We've added JavaScript-native RPC to Cloudflare Workers
We've added JavaScript-native RPC to Cloudflare Workers04/05/2024 Cloudflare Workers now features a built-in RPC (Remote Procedure Call) system enabling seamless Worker-to-Worker and Worker-to-Durable Object communication, with almost no boilerplate. You just define a class: export class MyService extends WorkerEntrypoint { sum(a, b) { return a + b; } } And then you call it: let three = await env.
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks
HTTP/2 Zero-Day vulnerability results in record-breaking DDoS attacks Loading... This post is also available in 简体中文, 繁體中文, 日本語, 한국어, Deutsch, Français and Español. Earlier today, Cloudflare, along with Google and Amazon AWS, disclosed the existence of a novel zero-day vulnerability dubbed the “HTTP/2 Rapid Reset” attack. This attack exploits a weakness in the HTTP/2 protocol to generate enormous,
D1: open beta is here
This post is also available in 简体中文, 繁體中文, 日本語 and 한국어. D1 is now in open beta, and the theme is “scale”: with higher per-database storage limits and the ability to create more databases, we’re unlocking the ability for developers to build production-scale applications on D1. Any developers with an existing paid Workers plan don’t need to lift a finger to benefit: we’ve retroactively applied this
The first Zero Trust SIM
This post is also available in 简体中文, 日本語, Deutsch, Français and Español. The humble cell phone is now a critical tool in the modern workplace; even more so as the modern workplace has shifted out of the office. Given the billions of mobile devices on the planet — they now outnumber PCs by an order of magnitude — it should come as no surprise that they have become the threat vector of choice for th
How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today
How Verizon and a BGP Optimizer Knocked Large Parts of the Internet Offline Today06/24/2019 Massive route leak impacts major parts of the Internet, including Cloudflare What happened?Today at 10:30UTC, the Internet had a small heart attack. A small company in Northern Pennsylvania became a preferred path of many Internet routes through Verizon (AS701), a major Internet transit provider. This was t
How Cloudflare mitigated yet another Okta compromise10/20/2023 This post is also available in 简体中文, 繁體中文, 日本語 and 한국어. On Wednesday, October 18, 2023, we discovered attacks on our system that we were able to trace back to Okta – threat actors were able to leverage an authentication token compromised at Okta to pivot into Cloudflare’s Okta instance. While this was a troubling security incident, our
Cloudflare has always been a leader in deploying secure versions of insecure Internet protocols and making them available for free for anyone to use. In 2014, we launched one of the world’s first free, secure HTTPS service (Universal SSL) to go along with our existing free HTTP plan. When we launched the 1.1.1.1 DNS resolver, we also supported the new secure versions of DNS (DNS over HTTPS and DNS
This post is also available in Deutsch, 简体中文, 日本語, Español, Français. We’re not going to bury the lede: we’re excited to launch a major update to our D1 database, with dramatic improvements to performance and scalability. Alpha users (which includes any Workers user) can create new databases using the new storage backend right now with the following command: $ wrangler d1 create your-database --ex
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
The History of the URL | The Cloudflare Blog
Cloudflare outage on June 21, 2022
Announcing D1: our first SQL database
HTTP/3: the past, the present, and the future
Web3 — A vision for a decentralized web
The state of HTTP in 2022
Comparing HTTP/3 vs. HTTP/2 Performance
Introducing 1.1.1.1 for Families
Public keys are not enough for SSH security
Introducing workerd: the Open Source Workers runtime
When TCP sockets refuse to die
Speeding up Linux disk encryption
Cloudflare Pages is now Generally Available
Protecting GraphQL APIs from malicious queries
Introducing HTTP/3 Prioritization
D1: our quest to simplify databases
Welcome to Wildebeest: the Fediverse on Cloudflare
Cloudflareの不正利用に対するポリシーとその取り組み
The next chapter for Cloudflare Workers: open source
Diving into /proc/[pid]/mem
Cloudflare Workers Announces Broad Language Support
How Rust and Wasm power Cloudflare's 1.1.1.1
How Cloudflare mitigated yet another Okta compromise
Introducing time.cloudflare.com
D1: We turned it up to 11