InfoQ Homepage Cloudflare Content on InfoQ
-
Cloudflare Experiences Major Incident in November, Resulting in Log Loss
Cloudflare has recently confirmed that on November 14th they experienced an incident affecting Cloudflare Logs with 55% of logs during a 3.5-hour period being lost. The incident impacted most customers using the service, with a misconfiguration triggering a cascading series of system failures and exposing weaknesses in handling unexpected spikes in demand.
-
Cloudflare Advocates for Broader Adoption of security.txt Standard for Vulnerability Reporting
To address the issue of unreported security vulnerabilities, Cloudflare recently launched a dashboard to help create and manage a security.txt file for website vulnerability disclosures. The generated file adheres to the RFC9116 standard, offering security research teams a standardized method for reporting vulnerabilities.
-
Cloudflare Introduces Short-Lived SSH Access, Eliminating the Need for SSH Credentials
Cloudflare recently announced Access for Infrastructure SSH, a feature that replaces traditional SSH keys with short-lived certificates. The new option leverages BastionZero’s integration into Cloudflare One and reduces the complexity of managing SSH keys while enhancing security by substituting long-term SSH keys with temporary, ephemeral certificates.
-
Cloudflare Introduces Workflows for Building Scalable Resilient Multi-Step Applications
Cloudflare's "Workflows" is a revolutionary execution engine in open beta, enabling developers to build scalable, multi-step applications that autonomously manage errors and state across failures. With seamless retries and modular components, it streamlines development and enhances resource efficiency. Harness the power of Cloudflare's ecosystem for robust app performance.
-
Cloudflare Overhauls Logging Pipeline with OpenTelemetry
Internet infrastructure and security company Cloudflare has documented how it significantly upgraded its logging pipeline by moving from syslog-ng to OpenTelemetry Collector.
-
Ephemeral IDs: Cloudflare's Latest Tool for Fraud Detection
During its recent Birthday Week, Cloudflare introduced Ephemeral IDs, a new feature for fraud detection. The tool identifies fraudulent activity—whether from bots or humans—by linking behavior to a specific client rather than an IP address.
-
Cloudflare Introduces Automatic SSL/TLS to Secure and Simplify Origin Server Connectivity
Cloudflare recently introduced new Automatic SSL/TLS settings to simplify the provider's encryption modes for communication with origin servers. This feature offers automatic configuration, ensuring security without risking site downtime.
-
Cloudflare Application Security Report Highlights Surge in DDoS Attacks and CVE Exploits
Cloudflare recently released its 2024 Application Security Report, offering recommendations and insights on addressing many raised concerns. A key finding of the report is the increase in malicious traffic, driven by geopolitical events and voting seasons.
-
Cloudflare Introduces Advanced Load Balancing to Eliminate Hardware Dependency
Cloudflare recently unveiled significant advancements in its load balancing capabilities, aiming to eliminate the need for hardware-based solutions. The company’s latest enhancements integrate seamlessly with Cloudflare One, providing end-to-end private traffic flow support and WARP authenticated device traffic.
-
The Impact of Cloudflare's Sudden Service Change at an Online Casino
Recently, an online casino website experienced a severe disruption when Cloudflare abruptly disabled its services. Robin Dev, a systems operations engineer at the casino, provided a detailed account of the sequence of events in a blog post, shedding light on the extent of the disruption and its aftermath.
-
Combatting Alert Fatigue at Cloudflare
In a detailed blog post, Monika Singh at Cloudflare explores the stressful environment on-call personnel face. On-call staff frequently deal with numerous alerts, leading to alert fatigue—a state of exhaustion caused by responding to non-prioritised or unclear alerts. To combat this, Cloudflare teams conduct periodic alert analyses to enhance the accuracy and actionability of alerts.
-
Cloudflare AI Gateway Now Generally Available
Cloudflare has recently announced that AI Gateway is now generally available. Described as a unified interface for managing and scaling generative AI workloads, AI Gateway allows developers to gain visibility and control over AI applications.
-
Cloudflare Adapts to Let's Encrypt's Certificate Chain Expiration, Minimizing Disruption for Users
In response to the upcoming expiration of Let's Encrypt's cross-signed certificate chain with IdenTrust on September 30, 2024, Cloudflare recently discussed a change in its certificate issuance strategy. For those managing client connections to their applications, Cloudflare has recommended updating the trust store to include the ISRG Root X1 certificate.
-
Fortran on Cloudflare Workers Leveraging WebAssembly
Cloudflare has recently showcased how to run Fortran on Cloudflare Workers by compiling to WebAssembly. The project leveraged recent advancements in LLVM Flang, enabling Fortran to compile to Wasm.
-
Understanding Email Threats with Cloudflare Radar
Cloudflare recently announced the launch of a new Email Security section on Cloudflare Radar. This section will provide insights into the current state of email security. The new metrics offer real-time visibility into email-borne threats, allowing organizations to correlate trends within their environment with broader security observations from Cloudflare.