Industry Internet Website www.cloudflare.com CEO Matthew Prince (2009–) Founded 2009 | Products Cloudflare Alexa rank 1103 (February 2017) | |
Key people Matthew Prince (CEO)Lee HollowayMichelle Zatlyn Services Website performanceSecurity as a service Founders Matthew Prince, Michelle Zatlyn, Lee Holloway Profiles |
Building business systems with domain specific languages for nginx openresty cloudflare
Cloudflare, Inc. is a U.S. company that provides a content delivery network, Internet security services and distributed domain name server services, sitting between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites. Cloudflare is headquartered in San Francisco, California, with additional offices in London, Singapore, Champaign, Austin, Boston and Washington, D.C..
Contents
- Building business systems with domain specific languages for nginx openresty cloudflare
- Prince says attacks improve cloudflare security service
- History
- Funding rounds
- Acquisitions
- Security breaches
- DDoS protection
- Web application firewall
- Domain name server
- Reverse proxy
- Content delivery network
- Values
- Customers
- Awards and recognition
- Criticism and controversies
- References
Prince says attacks improve cloudflare security service
History
Cloudflare was created in 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn, who had previously worked on Project Honey Pot. Cloudflare was launched at the September 2010 TechCrunch Disrupt conference. It received media attention in June 2011, after providing security to LulzSec's website.
In June 2012, Cloudflare partnered with various web hosts, including HostPapa, to implement its Railgun technology.
In February 2014, Cloudflare mitigated the largest-ever recorded DDoS attack at that time, which peaked at 400 Gbit/s against an undisclosed customer. In November 2014, Cloudflare reported another massive DDoS attack with independent media sites being targeted at 500 Gbit/s.
Funding rounds
In November 2009, Cloudflare raised $2.1 million in a Series A round from Pelion Venture Partners and Venrock.
In July 2011, Cloudflare raised $20 million in a Series B round from New Enterprise Associates, Pelion Venture Partners, Venrock.
In December 2012, Cloudflare raised $50 million in a Series C round from New Enterprise Associates, Pelion Venture Partners, Venrock, Union Square Ventures, and Greenspring Associates.
In December 2014, Cloudflare raised $110 million in a Series D round led by Fidelity Investments, with participation from Google Capital, Microsoft, Qualcomm, and Baidu.
Acquisitions
In June 2014, Cloudflare acquired CryptoSeal, founded by Ryan Lackey, in a deal it says will extend web user security services. In February 2014 it acquired StopTheHacker, which offers malware detection, automatic malware removal, and reputation and blacklist monitoring. In December 2016, Cloudflare acquired Eager Platform, with the view of upgrading Cloudflare's Apps platform to allow for drag-and-drop of installation of third-party apps onto Cloudflare enabled sites.
Security breaches
CloudFlare experienced a security breach in 2012 that allowed the hijacking of CloudFlare CEO account which allowed access to CloudFlare customer accounts.
From September 2016 through February 2017, a major CloudFlare bug (nicknamed Cloudbleed) leaked sensitive data—including passwords and authentication tokens from customer websites, by sending extra data in response to web requests. The leaks resulted from a buffer overflow, which occurred according to analysis by CloudFlare, on approximately 1 in every 3,300,000 HTTP requests.
DDoS protection
For all customers Cloudflare offers an "I'm Under Attack Mode" setting. Cloudflare claims this can mitigate advanced Layer 7 attacks by presenting a JavaScript computational challenge which must be completed before a user can access a website.
Cloudflare defended SpamHaus from a DDoS attack that exceeded 300Gbit/s. Akamai's chief architect stated it was "the largest publicly announced DDoS attack in the history of the Internet". Cloudflare have also reportedly absorbed attacks that have peaked over 400Gbit/s from an NTP Reflection attack.
Web application firewall
Cloudflare allows customers on paid plans to utilize a web application firewall service, by default; the firewall has the OWASP ModSecurity Core Rule Set alongside Cloudflare's own ruleset and rulesets for popular web applications.
Domain name server
Cloudflare offers free domain name server (DNS) for all clients which are powered by an anycast network. According to W3Cook Cloudflare's DNS service currently powers over 35% of managed DNS domains. SolveDNS have found Cloudflare to consistently have one of the fastest DNS lookup speeds worldwide, with a reported lookup speed of 8.66ms in April 2016.
Reverse proxy
A key functionality of Cloudflare is that they act as a reverse proxy for web traffic.
Cloudflare supports new web protocols, including SPDY and HTTP/2. In addition to this, Cloudflare offers support for HTTP/2 Server Push. Cloudflare also supports proxying Websockets.
Content delivery network
Cloudflare's network has the highest number of connections to Internet exchange points of any network worldwide. Cloudflare caches content to its edge locations to act as a content delivery network (CDN), all requests are then reverse proxied through Cloudflare with cached content served directly from Cloudflare.
Values
Cloudflare has been vocal of their support of free speech values, with CEO Matthew Prince stating: "One of the greatest strengths of the United States is a belief that speech, particularly political speech, is sacred. A website, of course, is nothing but speech,"..."A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain."
Cloudflare publishes a Transparency Report on a semiannual basis to show how often law enforcement agencies request data about its clients.
Customers
Cloudflare hosts thousands of websites, among some popular one are Uber, OK Cupid, and Fitbit. others
Awards and recognition
Criticism and controversies
Cloudflare was ranked in the 7th rank among the top 50 Bad Hosts by HostExploit. The service has been used by Rescator, a website that sells payment card data.
Two of ISIS' top three online chat forums are guarded by Cloudflare but U.S. law enforcement has not asked them to discontinue the service.
The hacker group UGNazi attacked Cloudflare partially via flaws in Google's authentication systems in June 2012, gaining administrative access to Cloudflare and using it to deface 4chan. Cloudflare published in full the details of the hack. Following this, Google publicly announced they had patched the flaw in the Google Enterprise App account recovery process which allowed the hackers to bypass two-step verification. Later the leader of the hacking group, Cosmo, was arrested and sentenced in California.
An October 2015 report found that Cloudflare provisioned 40% of SSL certificates used by phishing sites with deceptive domain names resembling those of banks and payment processors.
In November 2015, Anonymous discouraged the use of Cloudflare's services, following the ISIS attacks in Paris and renewed accusation of providing help to terrorists. Cloudflare responded by calling their accusers "15-year-old kids in Guy Fawkes masks" and saying that whenever such concerns are raised they consult actual anti-terrorism experts and that they abide by the law.
Cloudflare is listed on Spamhaus for providing spam support services. The most obvious of these is providing service to a malware controller.