InfoQ Homepage Cloudflare Content on InfoQ
-
How a Manual Remediation for a Phishing URL Took down Cloudflare R2
Due to human error in handling a phishing report and insufficient validation safeguards in admin tools, Cloudflare experienced an incident affecting its R2 Gateway service on February 5th. As part of a routine remediation for a phishing URL, the R2 service was inadvertently taken down, leading to the outage or disruption of numerous other Cloudflare services for over an hour.
-
Cloudflare Open Sources Documentation and Adopts Astro for Better Scalability
Cloudflare recently published an article detailing their upgrade of developer documentation by migrating from Hugo to the Astro ecosystem. All Cloudflare documentation is open source on GitHub, with opportunities for community contributions.
-
Cloudflare 2024 Year in Review: Strong Growth for GitHub Copilot and Go Surpasses Node.js
Cloudflare has recently published the fifth edition of its Radar Year in Review, a report analyzing data from the global hyperscaler network. The results reveal a 17.2% increase in global internet traffic, with notable growth in mobile and IPv6 requests. Additionally, Go overtook Node.js as the most popular language for automated API requests and GitHub Copilot saw significant growth.
-
Cloudflare Experiences Major Incident in November, Resulting in Log Loss
Cloudflare has recently confirmed that on November 14th they experienced an incident affecting Cloudflare Logs with 55% of logs during a 3.5-hour period being lost. The incident impacted most customers using the service, with a misconfiguration triggering a cascading series of system failures and exposing weaknesses in handling unexpected spikes in demand.
-
Cloudflare Advocates for Broader Adoption of security.txt Standard for Vulnerability Reporting
To address the issue of unreported security vulnerabilities, Cloudflare recently launched a dashboard to help create and manage a security.txt file for website vulnerability disclosures. The generated file adheres to the RFC9116 standard, offering security research teams a standardized method for reporting vulnerabilities.
-
Cloudflare Introduces Short-Lived SSH Access, Eliminating the Need for SSH Credentials
Cloudflare recently announced Access for Infrastructure SSH, a feature that replaces traditional SSH keys with short-lived certificates. The new option leverages BastionZero’s integration into Cloudflare One and reduces the complexity of managing SSH keys while enhancing security by substituting long-term SSH keys with temporary, ephemeral certificates.
-
Cloudflare Introduces Workflows for Building Scalable Resilient Multi-Step Applications
Cloudflare's "Workflows" is a revolutionary execution engine in open beta, enabling developers to build scalable, multi-step applications that autonomously manage errors and state across failures. With seamless retries and modular components, it streamlines development and enhances resource efficiency. Harness the power of Cloudflare's ecosystem for robust app performance.
-
Cloudflare Overhauls Logging Pipeline with OpenTelemetry
Internet infrastructure and security company Cloudflare has documented how it significantly upgraded its logging pipeline by moving from syslog-ng to OpenTelemetry Collector.
-
Ephemeral IDs: Cloudflare's Latest Tool for Fraud Detection
During its recent Birthday Week, Cloudflare introduced Ephemeral IDs, a new feature for fraud detection. The tool identifies fraudulent activity—whether from bots or humans—by linking behavior to a specific client rather than an IP address.
-
Cloudflare Introduces Automatic SSL/TLS to Secure and Simplify Origin Server Connectivity
Cloudflare recently introduced new Automatic SSL/TLS settings to simplify the provider's encryption modes for communication with origin servers. This feature offers automatic configuration, ensuring security without risking site downtime.
-
Cloudflare Application Security Report Highlights Surge in DDoS Attacks and CVE Exploits
Cloudflare recently released its 2024 Application Security Report, offering recommendations and insights on addressing many raised concerns. A key finding of the report is the increase in malicious traffic, driven by geopolitical events and voting seasons.
-
Cloudflare Introduces Advanced Load Balancing to Eliminate Hardware Dependency
Cloudflare recently unveiled significant advancements in its load balancing capabilities, aiming to eliminate the need for hardware-based solutions. The company’s latest enhancements integrate seamlessly with Cloudflare One, providing end-to-end private traffic flow support and WARP authenticated device traffic.
-
The Impact of Cloudflare's Sudden Service Change at an Online Casino
Recently, an online casino website experienced a severe disruption when Cloudflare abruptly disabled its services. Robin Dev, a systems operations engineer at the casino, provided a detailed account of the sequence of events in a blog post, shedding light on the extent of the disruption and its aftermath.
-
Combatting Alert Fatigue at Cloudflare
In a detailed blog post, Monika Singh at Cloudflare explores the stressful environment on-call personnel face. On-call staff frequently deal with numerous alerts, leading to alert fatigue—a state of exhaustion caused by responding to non-prioritised or unclear alerts. To combat this, Cloudflare teams conduct periodic alert analyses to enhance the accuracy and actionability of alerts.
-
Cloudflare AI Gateway Now Generally Available
Cloudflare has recently announced that AI Gateway is now generally available. Described as a unified interface for managing and scaling generative AI workloads, AI Gateway allows developers to gain visibility and control over AI applications.