Category Archives: CloudFlare

Incident report on memory leak caused by Cloudflare parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare.

It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug.

https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/

 

cloudflare – Rate Limiting

Rate Limiting

Rate limit specific traffic from IP addresses based on URI, threshold, and other attributes for added protection from attacks.

Traffic Manager

Configure load balancing and failover across multiple servers, data centers and geographic regions, based on active health checks.

Note: If you’re currently a part of the API-only Early Access program, this card will not update to reflect your status. Please consult the API documentation to configure your Load Balancers.

 

 

How to get a Let’s Encrypt certificate while using CloudFlare

 

How to get a Let’s Encrypt certificate while using CloudFlare

./certbot-auto certonly --webroot --webroot-path /usr/share/nginx/html/ --renew-by-default --email [email protected] --text --agree-tos -d example.tld -d www.example.tld

Cloudflare – ban country with .htaccess

One of my clients asked me to BAN an specific country to one of his sites.
Since we have Cloudflare, this is how I made it…

On .htaccess I’v simply added the following lines – on the top of .htaccess -.

SetEnvIf CF-IPCountry IN BuzzOff=1
SetEnvIf CF-IPCountry PT BuzzOff=1
Order allow,deny
Allow from all
Deny from env=BuzzOff

But remember!
Domain/subdomain must have Cloudflare active on DNS settings…