Cloudflare has built the next generation Content Delivery Network. The platform was designed and built to integrate emerging technologies to ensure customers receive the most advanced protocols on the web; today and tomorrow.
The Cloudflare CDN
Cloudflare caches your content across our global network, bringing it closer to visitors from every region.
Technology Built for Modern Cloud Computing
Cloudflare has designed its CDN without the legacy of the last 15 years. The proprietary technology was built to continuously adapt and integrate emerging technologies to meet future needs of everyone’s Internet properties.
Setting Up Our Data Centers to Scale
Cloudflare deploys smaller footprints in more locations. This allows them to take advantage of innovative deployment, power, and cooling strategies. As a result, they have been able to optimize the processing of high volumes of traffic through their network.
Cloudflare’s global Anycast network powers our DNS and other services. With Anycast, multiple machines can share the same IP address. When a request is sent to an Anycast IP address, routers will direct it to the machine on the network that is closest.
Anycast allows us to save significant network latency while creating an extremely resilient network. The nature of Cloudflare’s Anycast network is that we inherently increase the surface area to absorb such an attack. A distributed botnet will have a portion of its denial of service traffic absorbed by each of our points-of-presence.
With built-in load balancing and automatic failover, the Cloudflare network has been designed to withstand losing 50% of the network without impacting service availability.
Cloud Web Application Firewall
Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.
Automatic WAF Updates
Cloudflare security engineers constantly monitor the Internet for new vulnerabilities. When they find threats that apply to a large portion of users, they automatically apply WAF rules to protect their Internet properties.
On-premise firewalls quickly become outdated and require professional service hours to regularly update rules to protect against new threats. Cloudflare’s WAF helps you stay ahead of threats by automatically updating when new security vulnerabilities are released.
Cloudflare sees roughly 2.9 million requests every second, and their WAF is continually identifying and blocking new potential threats. If you’re using a web application firewall that doesn’t leverage the collective intelligence of other web properties, you need to supply all your own WAF rules from scratch, which means you need to monitor the entire Internet security landscape on your own.
When one customer requests a new custom WAF rule, they analyze whether it applies to all 4,000,000 domains on their network. If it does, they automatically apply that rule to everybody on the network. The more web properties on the network, the stronger the WAF gets, and the safer the Cloudflare community becomes.
Built for Performance
Cloudflare is just as concerned with performance as with security. The web application firewall sits on the same Anycast network that powers the global CDN, HTTP/2, and web optimization features. The WAF rule sets result in latency of less than 1 millisecond.
Utilizing Cloudflare’s WAF helps you cost effectively fulfill PCI compliance. If you’re a merchant who handles consumer credit card information, PCI DSS 2.0 and 3.0 Requirement 6.6 allows for two options to meet this requirement:
Deploy a WAF in front of your website
Or, conduct application vulnerability security reviews of all of your in-scope web applications
OWASP, Application-Specific, and Custom Rules
Cloudflare’s WAF protects your web properties from the OWASP top 10 vulnerabilities by default. These OWASP rules are supplemented by 148 built-in WAF rules that you can apply with the click of a button. Business and Enterprise customers can also request custom WAF rules to filter out specific attack traffic.
OWASP Top 10 Vulnerabilities
- Broken authentication and session management
- Cross-site scripting (XSS)
- Insecure direct object references
- Security misconfiguration
- Sensitive data exposure
- Missing function-level access control
- Cross-Site Request Forgery (CSRF)
- Using components with known vulnerabilities
- Unvalidated redirects and forwards