At Cloudflare we're dedicated to constantly improving our product. Read below to find out the latest updates.
feature2020 Q4
Mon, December 14, 2020
We are excited to announce updates to the Network Analytics dashboard. First, a new Trends & Insights section has been added at the top of the dashboard and provides insights into DDoS attack analytics and their trends over time. Read more on our blog. Additionally, the time-range filter in the Network Analytics dashboard has been expanded to display trends for up to 3 months at a time, allowing customers to view an entire quarter together. The Network Analytics dashboard also includes a CSV export option that now allows customers to see up to 500 events in one file. Finally, the new Monitor action allows customers to review traffic flagged by Cloudflare’s mitigation systems, before being mitigated. It allows you to identify the traffic type and decide if this is traffic you'd like to receive or have it blocked at the edge.
feature2020 Q4
Thu, October 29, 2020
Bot Analytics helps you understand, analyze, and learn from automated traffic in the dashboard. It works seamlessly with Cloudflare's Bot Management solution. Customers can use Bot Analytics to view up to one week of traffic at a time, and even to filter on particular attributes like IP address or ASN. Enterprise customers who do not have Bot Management now have access to a Bot Report. This tool — available in the Firewall tab — provides an exciting new breakdown of your site traffic.
feature2020 Q4
Wed, October 14, 2020
Cloudflare Gateway now protects roaming users and remote devices via integration with the Cloudflare WARP desktop client. Gateway can apply L7 filtering to inspect traffic for threats that hide below the surface.
feature2020 Q4
Tue, October 13, 2020
Cloudflare Access now can be used to protect both internal and SaaS applications, allowing organizations to extend Zero Trust access capabilities to any application in use in their organization. With Cloudflare Access, every request to applications is evaluated for user identity and device context. Access allows customers to use multiple sources of identity to grant different groups of users access to the same application. This gives customers the flexibility to extend access to external users (3rd parties, contractors, vendors) without having to onboard them onto your centralized Identity Provider.
feature2020 Q4
Thu, October 1, 2020
We're excited to announce native support for gRPC, a next-generation protocol that allows you to build APIs at scale. With gRPC on Cloudflare, you get access to the security, reliability, and performance features that you're used to having at your fingertips for traditional APIs.
When you put your gRPC APIs on Cloudflare, you immediately gain the benefits that come with Cloudflare. Nervous about exposing your APIs to bad actors? Add security features such as WAF and Bot Management. Need more performance? Turn on Argo Smart Routing to decrease time to first byte (TTFB). You can also increase reliability by adding a Load Balancer.
Support for gRPC is currently in beta mode. You can join the beta program from the Network tab on the Cloudflare dashboard.
feature2020 Q3
Mon, September 14, 2020
Cloudflare Spectrum users can now view detailed traffic reports on DDoS attacks to their configured TCP/UDP applications that include:
Cloudflare Spectrum is a reverse proxy product that offers DDoS protection and traffic acceleration for user-specified applications. Users can easily proxy their TCP/ UDP services behind Spectrum from the Cloudflare dashboard by specifying the hostname/ IP address and port number of the application. With support for Network Analytics, Spectrum users can now get detailed insights into DDoS attacks detected and mitigated at Cloudflare's edge on their Internet property.
To learn more about Network Analytics, read the blog post below.
feature2020 Q3
Tue, September 1, 2020
We're introducing a series of features to the Network Analytics dashboard that allows our Magic Transit & BYOIP customers to investigate layer 3/4 DDoS attacks and analyze traffic more easily and effectively.
Network Analytics provides near real-time visibility into network- and transport-layer traffic patterns and DDoS attacks for a customizable timeframe ranging from 30 minutes up to the last 60 days. The Network Analytics dashboard view is available to Enterprise customers that use Cloudflare Magic Transit or Bring-Your-Own-IP for Cloudflare Spectrum.
First, the new increased range of Top Ns allows users to expand their view to lower-tier variables. Users can adjust the Top Ns using a drop-down menu to either top 5, 10, or 15.
Second, the time series chart has an added tooltip to the “Allowed” legend, allowing users to include traffic triggered by Firewall Rules, flowtrackd, and L7 rules, which might not already be reflected in the Block or Rate Limited traffic for the time being.
Third, users can now view the attack distribution in a stacked bar chart that allows for easier comparison of the various attack vectors on your network.
We've also added a link to Network Analytics Knowledge Base (right next to the 'Packer summary' in the 'Packets' view) for users to learn more about the Network Analytics dashboard.
feature2020 Q3
Mon, August 31, 2020
Debugging network issues can be difficult. Tools like ping can help you understand the health of a network path from one point to another, but it can be hard to diagnose problems in other parts of the network that you don't have a direct presence in. That's why we're excited to announce the availability of the Cloudflare traceroute API, allowing customers to run traceroutes from Cloudflare's edge data centers to any target and narrow in on root causes of network issues regarding latency and packet loss.
The traceroute tool is generally available to all Cloudflare ENT customers and is available via our API at the link below.
feature2020 Q3
Thu, July 30, 2020
We’re excited to launch flowtrackd — a software-defined DDoS protection system that significantly improves Cloudflare’s ability to automatically detect and mitigate even the most complex TCP-based DDoS attacks.
Using only the ingress traffic that routes through Cloudflare, flowtrackd determines whether to forward or drop each received TCP packet based on the state of its related connection. The state machine that determines the state of the flows was developed in-house and complements Gatebot and dosd, our existing DDoS protection systems. Together Gatebot, dosd, and flowtrackd provide comprehensive multi-layer DDoS protection.
Flowtrackd is now generally available to all customers using Magic Transit.
feature2020 Q3
Thu, July 30, 2020
Under certain circumstances, Customers may want Cloudflare to announce their IP prefixes on their behalf, a feature known as Bring your own IP, or BYOIP. It may be that these IPs are already allow-listed in important places, or end users are already pointing to these IPs.
Cloudflare can now announce an IP prefix on your behalf for use with our Layer 7 products (e.g. CDN/WAF/Rate Limiting/etc), as well as Spectrum and Magic Transit. It's worth noting that BYOIP is already a requirement for Magic Transit.
Whether you use our ASN or your own (BYOASN), Cloudflare will announce your IPs as Anycast IPs from all of our 200 data centers, just as we would our own. Check out the blog on the release or take a peek at the developer docs, both linked below.
feature2020 Q3
Wed, July 22, 2020
Cloudflare Spectrum is a reverse proxy product that offers DDoS protection and traffic acceleration for user-specified applications. Users can easily proxy their TCP/ UDP services behind Spectrum from the Cloudflare dashboard by specifying the hostname/ IP address and port number of the application.
Many services, however, (such as FTP, WebRTC, VoIP) run on multiple TCP ports requiring users to configure a separate Spectrum application for each port. This can be cumbersome to configure and maintain.
With the introduction of support for port ranges, users can now configure a single Spectrum application for a service that runs on multiple ports, making it significantly easier to configure and maintain.
feature2020 Q2
Fri, May 29, 2020
Cloudflare Access now integrates with Tanium for Zero Trust access to internal apps. Today, Cloudflare and Tanium customers can ensure any connection to their corporate resources is protected with two layers of assurance: number one, the user’s corporate credentials, and number two, their managed device.
In the new Cloudflare for Teams UI, you can add Tanium as an authentication mechanism. The UI will prompt you to add your Tanium public certificate and the endpoint used to validate the connecting device. With that information, Cloudflare Access can query the device’s health when evaluating a connection without the risk that the device could be impersonated. All Cloudflare for Teams customers who have a Tanium deployment can begin integrating device posture into their Access policies today at no additional cost.
feature2020 Q2
Wed, May 13, 2020
We’re happy to announce that we're rolling out a new Secondary DNS onboarding UI for our Enterprise customers (who have the secondary DNS entitlement enabled).
Until now, you could only onboard to our Secondary DNS via API. This meant multiple, manual API calls – resulting in a complicated onboarding experience, especially for those with multiple domains.
With the new UI, you can onboard your zones end-to-end and manage your DNS masters and TSIGs entirely through the Cloudflare dashboard. If you're an enterprise customer who is interested in Cloudflare Secondary DNS, please ask your account team to enable it for you.
feature2020 Q1
Tue, March 31, 2020
Cloudflare's automatic DDoS detection and mitigation systems are now synchronized with your origin servers and leverage your origin’s error response codes as an additional detection signal.
When your origin begins to respond to Cloudflare with an increasing rate of 5xx errors, Cloudflare's DDoS detection systems initiate automatically and will analyze traffic to identify floods faster than ever. Once a flood is detected, dynamically generated mitigation rules are propagated to Cloudflare’s edge data-center(s) to mitigate the flood.
These events will be visible in your Firewall Analytics Dashboard as part of the existing “HTTP DDoS” events. This capability is now enabled by default to all Cloudflare customers at no additional charge.
feature2020 Q1
Wed, March 18, 2020
We've added Cloudflare Fallback Pools to our UI, making it easier for our customers to designate a fallback pool or check if a fallback pool was set at all. The feature is generally available to all Load Balancing customers. Previously, customers could only designate a fallback pool in a given Load Balancer through an API. Now, customers can view, edit, and designate Fallback Pools directly in the Load Balancing UI. This lowers the barrier to utilize Fallback Pools and provides a better understanding of which pool is the fallback at any given time.
Customers can access the new Fallback Pool UI in the Load Balancer creation or edit flow, or within Manage Pools Table.
product2020 Q1
Thu, March 12, 2020
Cloudflare Gateway is now in general availability to all Cloudflare customers. Gateway is a secure web gateway that protects and accelerates outbound Internet traffic. Gateway protects offices, homes and guest wi-fi networks with secure DNS filtering. With 100+ content and security filters, you can use it to protect protects users from malicious and inappropriate content on the Internet, and stop malware, phishing and ransomware attacks before they impact users.
feature2020 Q1
Tue, March 3, 2020
Cloudflare's Advanced Configuration options for Standalone Healthchecks are now generally available to all Pro, Business, and Enterprise customers. With Advanced Configurations, you can preview your Healthcheck(s) prior to deployment, ensuring no unforeseen breakages take place across your origins.
You can also take advantage of threshold-based checks to better target your health reporting, and also choose to be notified for fail, pass, or all health event types. We've also added TCP as a supported protocol for Healthchecks and added more detail for code mismatch errors, along with supporting PATCH and a new Search API. Customers can take advantage of this new functionality through our updated API's found here.
feature2020 Q1
Fri, February 21, 2020
Secondary DNS Analytics are now available to all our secondary DNS customers. This feature provides in-depth insights and visibility into DNS queries. Customers can explore DNS queries based on response code, record type, as well as records that return NXDOMAIN response. Customers can also view DNS query distribution across Cloudflare's data centers. This feature is accessible in the Analytics Tab of the Cloudflare Dashboard or through the DNS Analytics API.
feature2020 Q1
Thu, January 16, 2020
We are announcing Network Analytics for Magic Transit and Bring Your Own IP (BYOIP) enterprise customers. Security professionals are always exploring avenues for better visibility, analytics and reporting. Network Analytics provides actionable insights into the network-layer and transport-layer traffic and attacks. The analytical data enables customers to explore attack events including source, destination, rate, size and duration, in real-time to assess and mitigate DDoS attacks.
Security professionals regularly create customized reports to share with peers, managers and executives. This feature empowers customers with an easy way of creating customized reports for L3/4 DoS attack events. Reports can be created based on select parameters, for example, top events by source or destination and more.
feature2019 Q4
Thu, December 12, 2019
The GraphQL Analytics API, a powerful and flexible new way to explore your Cloudflare metrics and logs, is now generally available for all users. This API offers access to data regarding your HTTP requests, Firewall events, Load Balancing requests, and much more, all from one endpoint. You can select exactly what you need, whether it's one metric for one domain or multiple metrics aggregated for all of your domains. This functionality makes the API ideal for both data exploration and building your own analytics dashboards – it's the same technology we use for the Cloudflare dashboard.
feature2019 Q4
Thu, December 12, 2019
Zero-Downtime Origin Failover is a new capability of our network that improves reliability for all Cloudflare customers. It reduces the number of 52x errors Cloudflare serves to end-users by 20%.
A 52x error occurs when Cloudflare has trouble reaching a customer's origin. Currently, our Load Balancer uses data from our global network to pick the best origin server that we think will be online. However, if Cloudflare ultimately encounters an error, we just return the error to end-users. Zero-Downtime Failover builds on this capability by allowing us to try a new server in real-time before we return an error to the end-user.
Customers who enable Cloudflare Load Balancing and/or add multiple 'A' records for a given domain in their DNS settings will see the most benefit from our Zero-Downtime Origin Failover.
feature2019 Q4
Thu, December 12, 2019
A new account-focused analytics dashboard is now available in open beta for all Cloudflare users. This dashboard helps you understand what's happening across all of your domains at a glance by providing information on metrics such as requests, bandwidth, cache rate, and error rate. You can also see your traffic broken down by country, view trends over the course of the year, and easily compare each period to the preceding one.
feature2019 Q4
Tue, December 10, 2019
Cloudflare Load Balancing Analytics is now generally available to all Load Balancing customers. With LB Analytics, you get a granular view of traffic — identify which origins and pools are being selected for your traffic and why, so you can gather insights to optimize your infrastructure.
LB Analytics lets you graphically view traffic demands on load balancers, pools, and origins over variable time ranges. You can also see all of your current health check information on a new map, letting you see which pools and origins are either down or have higher latency than you would like. You can find Load Balancing Analytics in the Traffic tab of the Cloudflare Dashboard.
feature2019 Q4
Mon, December 9, 2019
We’re making Firewall Analytics available to all paid plans so that more customers can easily understand how their attack mitigation is working.
Previously, Enterprise customers could view 14 days of Firewall Analytics for their domains. Today we’re increasing that retention to 30 days. Business and Professional plan zones will get 30 and 3 days of retention, respectively.
In addition, we’re adding several new enhancements to improve your workflow and productivity. These include:
Read this blog post for more information.
feature2019 Q4
Mon, December 2, 2019
'SSL for SaaS' customers now have the option to enable their domain Apex to be proxied to Cloudflare. This is an improvement to our previous offering that required a subdomain.
To illustrate: Previously, to enable 'SSL for SaaS' you had to use a subdomain as your vanity domain, e.g. subdomain.example.com. Now you can use your domain apex (aka root domain), e.g. example.com.
For more on how 'SSL for SaaS' works, please see the blog post.
feature2019 Q4
Fri, November 22, 2019
We've added a new action to Firewall Rules called Bypass. The new feature allows you to write a Firewall Rule expression, and select any of the 7 supported features to bypass:
With this new capability, you can write complex expressions to bypass, based on any of the supported Request headers. Use cases include capability to bypass Rate Limiting based on trusted cookies, or being able to bypass specific features like WAF Managed Rules for penetration testing.
This new capability is available to all Cloudflare customers and is available within the Rule Builder and Editor, as well as via our API.
feature2019 Q4
Fri, November 22, 2019
'Origin cache-control' is the cache-control header sent from the origin server that tells Cloudflare what assets to cache. Previously, a page-rule was made available for customers to enable advanced cache control directives from the origin server.
We are now making this the default behavior of the cache to be compliant with RFC7234.
Note that Cloudflare always respects origin-server cache-control headers, unless explicitly overridden. This change should not result in additional content getting cached. You must still set a "Cache Everything" rule for Cloudflare to treat all types of files as cacheable.
feature2019 Q4
Fri, November 1, 2019
Enterprise customers now have the ability to print or download a PDF snapshot of their Firewall Analytics based on the filters that they have applied. This has been extremely helpful for customers to include analytical insights into reports that can be shared with executive management, engineering teams and other cross-functional stakeholders, or used as a snapshot as part of compliance/security reviews.
feature2019 Q4
Wed, October 23, 2019
Any Cloudflare customer can now see all upcoming API changes in one place. Cloudflare's API exposes the entire Cloudflare infrastructure via a standardized programmatic interface. Using Cloudflare's API, you can do just about anything you can do on cloudflare.com in the customer dashboard. With the new API Deprecation Page, you will be able to see all changes to your APIs, which will simplify the workflow for your teams.
feature2019 Q3
Mon, September 30, 2019
Cloudflare Enterprise customers can now use Logpush to have their HTTP request logs automatically uploaded to Microsoft Azure Blob Storage. Logpush makes it easy to get comprehensive metadata on the requests served by Cloudflare's network, in order to investigate and debug errors and security mitigations or build customized analytics. Simply select a cloud destination–Amazon S3, Google Cloud Storage, Sumo Logic, and now, Microsoft Azure–provide secure access to Logpush's service, and then receive logs every five minutes.
You can set up Logpush under the Analytics tab in the dashboard for any of your domains. A Logpush API is also available.
feature2019 Q3
Mon, September 30, 2019
Cloudflare's WAF team regularly updates our Managed Rulesets to introduce new protections, update rules to decrease false positives, or to deprecate older rules which have been superseded by other, more effective rules or solutions. To help customers stay up to speed with the changes we are providing a public changelog with an RSS feed, which will provide key details regarding:
feature2019 Q3
Thu, September 26, 2019
HTTP/3 is the next generation of the protocol that powers the web. Instead of using TCP as the transport layer, HTTP/3 uses QUIC, a new Internet transport protocol which is encrypted by default and helps accelerate traffic.
Customers with HTTP/3 enabled on their dashboard for their zones will now be able to deliver their websites and APIs over HTTP/3 to visitors who use Google Chrome or Mozilla Firefox browsers.
feature2019 Q3
Thu, September 26, 2019
The Cloudflare SSL/TLS tab has a new look! The tab is now organized into sections for overview, edge certificates, origin certificates, and SSL for SaaS. Driven by customer feedback, these features present you with all the relevant information and controls you need to configure SSL/TLS with confidence. This tab is available to all customers in the dashboard.
Cloudflare provides a number of solutions for SSL/TLS including Universal SSL, Dedicated Certificates, User uploaded custom certificates, and SSL for SaaS.
feature2019 Q3
Wed, September 25, 2019
WARP is a new feature for the 1.1.1.1 mobile app that uses encryption to protect all of your data while it’s in transit over the Internet. This feature was designed to improve your mobile Internet security without draining your battery life or slowing you down. In fact, when network performance is poor, 1.1.1.1. with WARP has been shown to improve Internet speeds on your mobile device.
1.1.1.1. with WARP is free to download and use from Google Play and the iOS app store; you do NOT need to be a Cloudflare customer to use it. For those who want a faster experience, WARP Plus is a subscription-based add-on that uses ARGO routing to send your requests along the fastest path. See the blog post for more details.
product2019 Q3
Tue, September 24, 2019
By injecting a javascript snippet into the webpage, Browser Insights helps you monitor your website’s performance right from your visitors’ browsers. Measure performance metrics such as TCP connection time, DNS response time, Time to First Byte (TTFB), page load time, and more.
Browser Insights is currently only available in Early Access. Customers can request access to this feature by clicking on the Speed Page in the Dashboard.
feature2019 Q3
Mon, September 23, 2019
We have successfully completed the rollout of DDoS mitigation enhancements to all of our data centers worldwide. These new improvements enable each data center to make localized decisions that will result in the automatic detection and mitigation of UDP and TCP-based DDoS attacks in under 10 seconds.
This faster mitigation has been automatically enabled for all Cloudflare customers.
feature2019 Q3
Mon, September 23, 2019
Bot Fight Mode is now available for all customers in the Firewall settings of the Dashboard. With Bot Fight Mode enabled, requests from traffic that matches malicious bot patterns will be challenged and/or blocked. The goal is to make it more computationally demanding and therefore more expensive to proliferate malicious bot traffic, disincentivizing attackers.
Since making bots consume more CPU resources may have the side effect of increasing carbon emissions, Cloudflare will be planting trees at a much greater rate than would be needed to offset this increase. See the blog post for more details.
feature2019 Q3
Wed, September 11, 2019
Cloudflare API tokens are now available to all Cloudflare customers. API tokens allow you to authorize access to specific Cloudflare apps, accounts, and zones with limited permissions by API.
With API Tokens, you can minimize your security risk by leveraging the practice of least privilege - only granting that token access to exactly what it needs. You can access API Tokens in the ‘My Profile’ section of your Cloudflare account. For more details on how it works, review our blog post and support guide.
product2019 Q3
Mon, August 26, 2019
Cloudflare AMP Real URL is now in general availability to all Cloudflare customers. It uses signed exchanges to guarantee the authenticity of your AMP pages when they are served from a supporting AMP cache. Web visitors will not only experience fast mobile page loads, but the website URL will now be shown natively when served from AMP cache.
feature2019 Q3
Thu, August 22, 2019
The next time you load up the Firewall rules or Rate Limiting rules tab in the dashboard, you will see a new sparkline for each rule showing activity over the last 24 hours. This can be a very useful indicator of whether or not your rules are working as expected. You can also click on any sparkline to see a filtered view of your Analytics or Event Log (for self-serve) for that specific rule. This feature is available for all customers.
feature2019 Q3
Thu, August 22, 2019
Cloudflare's new Firewall Event Log for Self-Serve provides a new smoother user experience and advanced functionality giving you more granularity when you search and filter your Firewall Events. With these extra capabilities, Firewall Events allows you to more accurately identify new or repeated threat attempts against your application. Cloudflare customers are now able to:
feature2019 Q3
Thu, August 22, 2019
Cloudflare's new Firewall Event Log for Free, Pro, and Business customers provides a new smoother user experience and advanced functionality giving you more granularity when you search and filter your Firewall Events. With these extra capabilities, Firewall Events allows you to more accurately identify new or repeated threat attempts against your application. Cloudflare customers are now able to:
product2019 Q3
Tue, August 13, 2019
Cloudflare Magic Transit is now available for Enterprise customers. Magic Transit provides secure, performant, and reliable IP connectivity to the Internet. Out-of-the-box, Magic Transit deployed in front of your on-premises network protects it from DDoS attack and enables provisioning of a full suite of virtual network functions, including advanced packet filtering, load balancing, and traffic management tools.
Enterprises are often forced to pick between performance and security when deploying IP network services. Magic Transit is designed from the ground up to minimize these trade-offs: performance and security are better together. Magic Transit deploys IP security services across our entire global network. This means no more diverting traffic to small numbers of distant “scrubbing centers” or relying on on-premise hardware to mitigate attacks on your infrastructure. Visit the product page to learn more.
feature2019 Q3
Thu, August 8, 2019
CT Monitoring is now in beta for all customers. This is an opt-in service that crawls the public logs of certificate authorities and sends you an email whenever a certificate is issued for one of your domains. This information is important because a suspicious certificate issued to your domain could mean that a certificate authority made an error or that someone is perpetrating an attack on your service. With CT monitoring, you can spot bad certificates as they arise and quickly alert the certificate authority to minimize any harm.
feature2019 Q3
Thu, August 8, 2019
CT Monitoring is now in beta for all customers. This is an opt-in service that crawls the public logs of certificate authorities and sends you an email whenever a certificate is issued for one of your domains. This information is important because a suspicious certificate issued to your domain could mean that a certificate authority made an error or that someone is perpetrating an attack on your service. With CT monitoring, you can spot bad certificates as they arise and quickly alert the certificate authority to minimize any harm.
feature2019 Q3
Thu, August 1, 2019
Enterprise customers now have Subdomain Support enabled by default. Cloudflare Subdomain Support simplifies management of Cloudflare performance and security for subdomains and provides several additional benefits.
Subdomain Support allows designated teams within your organization to control Cloudflare settings for a specific subdomain, while your central IT team maintains control of your root or parent domain. For example, Cloudflare settings for support.example.com can be managed completely separately from example.com. For more information and instructions, see the support document.
feature2019 Q3
Tue, July 2, 2019
The IP Firewall for Spectrum apps now supports whitelisting. Previously, you could only use the IP Firewall to block a specific set of IPs (blacklisting). Starting today, you also have the option to effectively block everyone on the Internet outside of a list of approved IPs (whitelisting).
Additionally, we’ve added filtering for IPv4 and IPv6 on Spectrum apps. Several customers have indicated that they only want to enable IPv4 or IPv6 on their apps, so now you can indicate whether you want your app to use IPv4, IPv6, or both.
feature2019 Q2
Thu, June 27, 2019
Thanks to some recent engineering and operational improvements, we have updated our default size limits for cached files. The new limits are as follows:
product2019 Q2
Wed, June 26, 2019
We have rolled out the beta of AMP Real URL to all users. Accelerated Mobile Pages (AMP) is a Google feature that allows you to serve your mobile site from Google’s cache. Not only does this speed up the delivery of your site, but it is also viewed favorably by Google’s search algorithm. One side effect of using AMP is that users will see a path that starts with ‘google.com/amp' in the URL bar. This can confuse your users and hurt your brand.
Cloudflare’s AMP Real URL lets you retain your URL attribution on AMP pages by digitally signing content submitted to Google’s web crawler, proving that the content belongs to you. You can access AMP Real URL in the ‘speed’ tab of your dashboard; for more details on how it works please see the blog post.
feature2019 Q2
Tue, June 18, 2019
Firewall events can now be seen in Cloudflare Logs, which is available for all Enterprise customers. Previously, customers using Cloudflare Logs had to decode our pathingStatus and pathingOps to understand what was happening during a request; the only way to get more details was by manually checking Firewall Events. But now you can see a breakdown of every service and rule that touched a request directly from Cloudflare Logs, providing you with better and clearer insights.
feature2019 Q2
Fri, June 14, 2019
We now have our report on SOC 2 Type 2 compliance. We previously received our SOC 2 Type 1 compliance, indicating that we designed and implemented strong controls around security, confidentiality, and availability. The new Type 2 compliance confirms that those controls have been tested over a period of time to demonstrate that they are operating effectively. These reports give our customers higher assurance that our internal controls are meeting security best practices/industry standards. Contact your customer representative to see the full report.
feature2019 Q2
Thu, June 6, 2019
Bring Your Own IP (BYOIP) with Spectrum is now in beta for Enterprise customers. When creating a Spectrum application, Cloudflare normally assigns an arbitrary IP from Cloudflare’s IP pool to your application. This may not always be what you want: you may want to be explicit in your network setup or use your own IP addresses. BYOIP with Spectrum allows you to do just that.
If you own an IP prefix, you can migrate it to Cloudflare. Once the migration is complete, Cloudflare will start broadcasting your IP prefix and traffic will get routed to the global Cloudflare network. Without configuration, however, Cloudflare will not know how to handle this traffic. You’ll need to add Spectrum applications for all applications that you wish to protect, making sure to use the IP addresses you want associated with each application. See the docs or contact your customer representative to learn more.
feature2019 Q2
Thu, June 6, 2019
We’ve made some great new additions to Firewall Analytics, Rules, and Managed Rulesets. These updates are all live and available to use today. The complete list is as follows:
Analytics:
Firewall Rules and Managed Rulesets:
feature2019 Q2
Sat, June 1, 2019
We have some major announcements for Workers customers and Workers developers. Workers now has an open-source CLI (command-line interface) called Wrangler, which will enable devs to build Workers in a way that is more native to their workflow. In addition, we are introducing a free tier for Workers as well as the ability to deploy to workers.dev. This means you can try Workers for free, and you won’t need to deploy to a domain. We are also enabling multi-scripting for Free, Pro, and Business plans so you can enjoy the benefit of having multiple scripts per zone. Previously, this feature was only available for Enterprise customers.
On top of all that, we have created a new UI, new documentation, and a new landing page for Workers (workers.cloudflare.com). Our goal is to eliminate barriers and make it easier to get started and build things with Workers. See the new docs for more details.
feature2019 Q2
Thu, May 23, 2019
We are constantly working on improvements to our API so that all Cloudflare customers can have easy access to their data. Previously, Audit Logs API only supported querying by "day". It now supports down to the minute resolution for the since and before fields. The Audit Logs API will also be modified to return records with a maximum age of 18 months. Previously, queries were unbounded and this had a detrimental performance impact.
In addition, ALL Cloudflare APIs now include a standard response envelope, which includes an errors field. Previously, Audit Logs would return null for errors, instead of an empty array, which is the standard.
product2019 Q2
Fri, May 17, 2019
Workers KV is now out of beta and in GA for all Cloudflare customers. Workers KV is a highly distributed, eventually consistent, key-value store that spans Cloudflare's global edge. It allows you to store billions of key-value pairs and read them with ultra-low latency anywhere in the world so you can build entire applications with the performance of a CDN static cache.
Workers KV enables you to store persistent data on the edge and quickly access that data with an API call. Some examples of functionality you can build with Workers KV include mass redirects and user authentication for apps. You can try Workers KV today by accessing it in the Workers tab in your dashboard.
feature2019 Q2
Wed, May 1, 2019
A new feature in Firewall Rules called “Functions” is now available to customers on all plans. Functions will allow a customer to have better control and flexibility to evaluate attributes. Our first two transformations are an "upper" and "lower" function.
One of the biggest challenges with Wordpress and other applications, is that they automatically sanitize URLs to improve user-experience. The negative impact of this is it makes security more challenging. These functions will disable case sensitivity for that field, and you can now evaluate in either UPPER case or lower case. This does not change the actual request, it purely changes the case during the evaluation of the attribute. For examples and documentation please see the developer docs.
feature2019 Q2
Fri, April 26, 2019
ISO 27001 is a security certification that is used as an international standard for managing risks to information security. It is published by the International Organization for Standardization (ISO). Receiving this certification means that an organization has met a set of strict requirements in the implementation of their Information Security Risk Management System (ISMS).
To maintain this certification, an organization must be regularly audited by a certifying body who will ensure that the proper standards are being met. This means that Cloudflare customers can have peace of mind knowing that we are preserving the confidentiality, integrity, and availability of your information. You can see the full list of our security certifications on our Compliance page.
feature2019 Q1
Tue, March 26, 2019
We have improved the way we deliver large file downloads for all of our customers. Concurrent Streaming Acceleration is a new way of delivering large, uncached files to multiple clients simultaneously. Previously, when several users requested an uncached file, the first user to ask for the file would have to finish downloading for the file to be cached and delivered to the other users. With Concurrent Streaming Acceleration, several users can simultaneously download the file while it is being added to the Cloudflare CDN cache.
This change is live across all of Cloudflare, and will be particularly helpful for streaming live video to multiple users via Cloudflare Stream. Several users have noticed a drop in “cache lock wait time,” i.e. how long a request must wait for other requests – since we rolled out this change.
feature2019 Q1
Thu, March 14, 2019
This week we received our SOC 2 Type 1 compliance report. This report evaluates Cloudflare on three trust service principles of SOC 2: Security, Availability, and Confidentiality. SOC 2 is a compliance certification that focuses on internal controls of an organization related to five trust principles: Security, Confidentiality, Processing Integrity, Availability, and Privacy.
To maintain this certification, an organization must be regularly audited by a certifying body who will ensure that the proper standards are being met. This certification means Cloudflare customers can rest assured that their data is being kept private and protected. Enterprise customers can get in touch if they want to see a copy of the report.
feature2019 Q1
Mon, March 4, 2019
Some services you run may require knowledge of the true client IP. However, since Cloudflare intercepts packets before forwarding them to your server, you may see Cloudflare’s IP rather than the true client IP. In these cases, you can use a proxy protocol for Cloudflare to pass on the client IP to your service.
Previously, we enabled Proxy Protocol support for Spectrum TCP packets. Since Proxy Protocol doesn’t support UDP, we have now created our own Simple Proxy Protocol to allow IP preservation for Spectrum UDP packets; this feature is available for all customers. To enable, simply flip the switch in the Spectrum dashboard. See the docs for more details.
feature2019 Q1
Fri, March 1, 2019
Insights into security events are critical for monitoring the health of web applications. Today, Cloudflare announced new Firewall Analytics which will help our Enterprise customers get detailed insights into firewall events, helping them to tailor their security configurations more effectively.
product2019 Q1
Mon, February 25, 2019
Improve your application’s performance and security by tuning your Cloudflare configuration. Investigate and debug errors and security mitigations reported by your end users. Build customized analytics in the tools you already use.
feature2019 Q1
Thu, February 7, 2019
Access improves the security of service-to-service connections by adding service token authentication to the protections offered by Cloudflare. With service tokens, customers can now extend access control to automated tools, scripts, and bots.
feature2019 Q1
Fri, January 25, 2019
Cache API now works with Workers to give customers greater, more fine grained control over Cloudflare's caching behavior. This API will now allow customers to cache objects that were traditionally uncacheable, for example caching POST requests.
feature2019 Q1
Fri, January 18, 2019
Customers on Free, Pro and Business plans can now purchase load balancing support for up to 20 origins. This increased support allows customers to build a more resilient global infrastructure that ensures their customers are served content from locations closest to them, with the lowest latency.
feature2018 Q4
Fri, December 21, 2018
Access improves the security of service-to-service connections by adding service token authentication to the protections offered by Cloudflare.
feature2018 Q4
Fri, December 7, 2018
Access now supports mutual TLS (mTLS) authentication. Mutual TLS authentication ensures that the traffic is secure and trusted in both directions between a client and server. This type of authentication can be used for allowing requests such as Internet of Things devices, that do not login with an identity provider, to demonstrate that they have permissions to reach a given resource. Organizations will be able to use mutual TLS authentication as a second layer of authentication for users or as the primary method of authentication for connected devices.
feature2018 Q4
Fri, November 16, 2018
Access can authenticate users who want to use SSH (Secure Shell). This removes the need for a VPN by developers, IT, and support to use this service while providing secure authentication and integration with major identity providers.
blog2018 Q4
Fri, October 5, 2018
Increase performance for users using APIs over CLI by authenticating near them, not in a far away VPN server. Simplify and reduce costs for deployment, configuration, and maintenance. Tightly control authorization through granular policies based on attributes such as users, IP ranges, and application URLs.
feature2018 Q4
Wed, October 3, 2018
The Cloudflare dashboard now supports Single Sign On (SSO) for ease of centralized identity and access management. Reduce user provisioning times and avoid password sprawl, with a seamless SSO experience that supports your existing identity providers.
feature2018 Q4
Tue, October 2, 2018
Customers have secure SSO access to Confluence or JIRA. Instead of entering credentials twice, users authenticate only once through Access.
feature2018 Q4
Mon, October 1, 2018
Cloudflare Workers now support the inclusion of WebAssembly modules. WebAssembly support allows developers to run code inside of Cloudflare Workers written in almost any language including: Rust, Go, C, C++, and others.
product2018 Q3
Fri, September 28, 2018
Cloudflare Workers KV provides access to a secure low latency key-value store at all 154 Cloudflare data centers. Developers can use Cloudflare Workers and Workers KV to augment existing applications or to build entirely new applications on top of Cloudflare's global cloud network. Workers KV scales seamlessly to support applications serving dozens or millions of users.
product2018 Q3
Thu, September 27, 2018
Cloudflare Registrar lets you securely register and manage your domain names with transparent, no-markup pricing that eliminates surprise renewal fees and hidden add-on charges. Be one of the first to transfer your domains to Cloudflare. Sign up today for the Cloudflare Registrar Early Access.
feature2018 Q3
Mon, September 24, 2018
Server Name Indication (SNI) does not conceal the requested hostname in the ClientHello message during TLS negotiation. This allows intermediaries to have visibility into the hostnames of websites visited by users. Exposing the hostname means that the privacy of users can be compromised, content can be censored, or traffic can be served with discriminatory quality-of-service. Encrypted SNI keeps the hostname private when a user is visiting an ESNI-enabled site on Cloudflare by concealing the browser’s requested hostname from anyone listening on the Internet. All domains on Cloudflare using our authoritative name servers get Encrypted SNI enabled as default.
feature2018 Q3
Fri, September 21, 2018
Cloudflare improves the accuracy of time for TLS handshakes through a rough, authenticated time-synchronization based on Google’s Roughtime protocol. By running a Roughtime service, we enable clients to securely keep approximately correct time, which reduces erroneous authentication from 'clock skew' and increases security through wider adoption of short-lived HTTPS certificates.
feature2018 Q3
Thu, September 20, 2018
Cloudflare will run an Onion Service on its network. Tor users visiting sites that have enabled this feature will be scored for reputation differently from general Tor traffic. This will result in fewer CAPTCHAs for human Tor users while protecting the site from malicious actors and reducing exit node tampering.
feature2018 Q3
Wed, September 19, 2018
Cloudflare supports the RPKI-framework for two important parts of Internet transit: signing BGP routes it announces for all Cloudflare domains, and validating announced IP addresses when routing traffic through its global network. Authenticating BGP routes with public key signing helps prevents visitors or origins on RPKI compliant ISP's from being hijacked.
feature2018 Q3
Tue, September 18, 2018
Provision and manage DNSSEC from within the Cloudflare dashboard instead of logging into the supported registrar.
product2018 Q3
Mon, September 17, 2018
Simplify, speed up, and secure read-only access to files stored on the InterPlanetary File System (IPFS), a peer-to-peer protocol for storing content.
feature2018 Q3
Thu, September 13, 2018
The Cloudflare Provider for Terraform now supports deployment and configuration of Cloudflare Workers. Users of Terraform can now include Cloudflare Workers as another part of their configuration as code approach to infrastructure.
feature2018 Q3
Tue, September 11, 2018
Deploy projects to Cloudflare Workers quickly and consistently using the Serverless Framework.
feature2018 Q3
Thu, August 23, 2018
Spectrum allows TCP applications to support proxying multiple ports on the same hostname. A single application with multiple ports, (e.g. SMTP, which uses ports 25, 465, and 587) can be proxied through Cloudflare using the same hostname to protect it from DDoS attacks.
product2018 Q3
Tue, August 7, 2018
Cloudflare Stream makes streaming high quality video at a global scale easy and affordable. Eliminate the effort of delivering high quality video with a massive, globally distributed video delivery network. Use a single, integrated workflow through a robust API or drag and drop UI that includes video encoding, global delivery, and customizable player.
product2018 Q3
Tue, July 24, 2018
No VPN required. Cloudflare Access enables easy, secure, and fast access to internal applications wherever they are, from whatever device. Leverage a Zero Trust security framework with existing identity providers like Google™, Facebook™, Okta™, Github™, and more. Get your first 5 users per month for free.
feature2018 Q3
Tue, July 24, 2018
Cloudflare Access now provides more granular control by supporting reusable nested user groups and bypass policies that include IP address whitelisting. Access policies based on user groups automatically apply rules to all users in the defined group, simplifying the creation and management of policies. Access rules can also enable traffic to bypass authentication. You can whitelist specific IP addresses, address ranges, or open up specified endpoints to the public internet.
feature2018 Q3
Tue, July 10, 2018
Dynamic steering is a load balancing feature that automates traffic steering across origins in multiple geographic regions. Round-trip time (RTT) for health checks is calculated across multiple pools of load balanced servers and origins to determine the fastest server pools. This RTT data enables the load balancers to identify the fastest pools, and to direct user requests to the most responsive origins.
feature2018 Q2
Mon, June 11, 2018
The Developer Portal has been updated in Q2 to include improved search, documentation for new products, and listings of upcoming Cloudflare community events.
feature2018 Q2
Fri, June 1, 2018
Rocket Loader has been updated to deliver faster performance for website paint & load times by prioritising website content over JavaScript. Majority of mobile devices are now supported. Increased compliance with strict content security policies.
product2018 Q2
Thu, May 31, 2018
Cloudflare’s Stream Delivery solution offers fast caching and delivery of video content across our network of 150+ global data centers.
feature2018 Q2
Tue, May 29, 2018
On June 4, Cloudflare will be dropping support for TLS 1.0 and 1.1 on api.cloudflare.com. Additionally, the dashboard will be moved from www.cloudflare.com/a to dash.cloudflare.com and will require a browser that supports TLS 1.2 or higher.
feature2018 Q2
Mon, May 21, 2018
Rate Limiting has two new features: challenges (CAPTCHA and JS Challenge) as an Action; and matching Header attributes in the response (from either origin or the cache) as the Trigger. These features give more control over how Cloudflare Rate Limiting responds to threshold violations, giving customers granularity over the types of requests to "count" to fit their different applications. To learn more, go to the blog post.
feature2018 Q2
Thu, May 10, 2018
The Cache-Tag header now supports up to 1000 tags and a total header length of 16kb. This update simplifies file purges for customers who deploy websites with Drupal.
feature2018 Q2
Wed, May 2, 2018
Starting May 2 2018, users can go to the new home of Cloudflare’s Dashboard at dash.cloudflare.com and share account access. This has been supported at our Enterprise level of service, but is now being extended to all customers.
product2018 Q2
Thu, April 12, 2018
Spectrum protects TCP applications and ports from volumetric DDoS attacks and data theft by proxying non-web traffic through Cloudflare’s Anycast network.
feature2018 Q2
Thu, April 12, 2018
Cloudflare is now able to validate origin certificates that use a hostname's CNAME target in Full SSL (Strict) mode. Previously, Cloudflare would not validate any certificate without a direct match of the HTTP hostname and the certificate's Common Name or SAN. This update allows SSL for SaaS customers to more easily enable end-to-end security.
feature2018 Q2
Wed, April 11, 2018
Cloudflare workers can now control cache TTL by response code. This provides greater control over cached assets with Cloudflare Workers.
product2018 Q2
Thu, April 5, 2018
Argo Tunnel ensures that no visitor or attacker can reach your web server unless they first pass through Cloudflare. Using a lightweight agent installed on origin infrastructure, including containers or virtual machines, Cloudflare creates an encrypted tunnel between its nearest data center and an application’s origin server without opening a public inbound port.
product2018 Q1
Fri, March 23, 2018
Cloudflare is strengthening the Certificate Transparency (CT) ecosystem with our introduction of Nimbus, a free and open CT log. Certificate Transparency improves security online by bringing accountability to the system that protects HTTPs. Additionally, we have published Merkle Town, a dashboard for exploring and monitoring the certificate transparency ecosystem.
feature2018 Q1
Thu, March 8, 2018
Configurable weighting allows for user defined weighting for how much traffic an origin server receives.
feature2018 Q1
Fri, March 2, 2018
Cloudflare can easily be setup as a secondary DNS provider. When records are edited with the primary DNS provider, the corresponding records at Cloudflare are automatically updated.
feature2018 Q1
Wed, February 28, 2018
Create a rule to block or challenge a specific User Agent from accessing your domain. This works similarly to Zone Lockdown, except the block examines incoming User-Agent strings rather than IPs. User Agent blocking applies to an entire zone, and sub-domains cannot not be specified.
feature2018 Q1
Wed, February 28, 2018
Zone Lockdown allows for the whitelisting of specific IP addresses and IP ranges, whereby all other IPs are effectively blacklisted. This supports specific sub-domains and URLs and is useful to protect an administrative area from non-specified IP addresses.
product2018 Q1
Thu, February 1, 2018
Cloudflare Workers lets you run JavaScript on Cloudflare’s edge, deploying globally to over 120+ data centers around the world in less than 30 seconds. Your code can intercept and modify any request made to your website, make outbound requests to any URL on the Internet, and replace much of what you might need to configure your CDN to do today.
feature2018 Q1
Fri, January 19, 2018
In light of cache deception attacks, we have released a tool called Cache Deception Armor to help our customers make sure only assets that should be cached are being cached.
product2018 Q1
Wed, January 17, 2018
Cloudflare Access offers secure application access without a VPN. Users can secure, authenticate, and monitor user access to any domain, application, or path on Cloudflare.
feature2018 Q1
Tue, January 16, 2018
Load Balancing event logs allow for the review and filtering of status changes of your Load Balancing Origins and Pools.
feature2017 Q4
Thu, December 14, 2017
Cloudflare now supports additional HTTP cache-control directives. These headers allow more control over content caching behavior and enable our cache to handle more complex instructions for handling online assets.
feature2017 Q4
Tue, December 5, 2017
Cloudflare now supports Certification Authority Authorization (CAA). CAA records allow domain owners to specify which CAs are authorized to issue certificates for their domain (or subdomain, as CAAs can be defined at any level of the hierarchy).
feature2017 Q4
Fri, November 17, 2017
Cloudflare's newly released Audit Logs offer the ability to view and download the most recent changes made to domains or account settings. It is provided in both the dashboard and via API.
feature2017 Q4
Thu, November 9, 2017
When people use anonymity services or shared IPs, it makes it more difficult for website protection services like Cloudflare to identify their requests as coming from legitimate users and not bots. The Privacy Pass browser extension reduces the number of challenge pages presented by Cloudflare by letting users prove their identity across multiple sites anonymously. The Privacy Pass extension is available for both Chrome and Firefox.
feature2017 Q4
Thu, October 5, 2017
Cloudflare Load Balancing now supports session affinity, using automatically generated cookies. If session affinity is enabled, the same target receives the request and can use the automated cookie to recover an existing session with the origin server.
feature2017 Q4
Tue, October 3, 2017
Customers with Argo Smart Routing enabled can now get an in-depth look at dynamic content performance statistics across both requests and geographies.
feature2017 Q3
Tue, September 26, 2017
Geo Key Manager provides the ability to choose which Cloudflare data centers have access to private keys in order to establish HTTPS connections. Cloudflare has preconfigured options to select from either US or EU data centers as well as the highest security data centers in the Cloudflare network. Data centers without access to private keys can still terminate TLS, but they will experience a slight initial delay when contacting the nearest Cloudflare data center storing the private key.
