Fixing request smuggling vulnerabilities in Pingora OSS deployments
Today we’re disclosing request smuggling vulnerabilities when our open source Pingora service is deployed as an ingress proxy and how we’ve fixed them in Pin...
Cloudflare Blog
7 articles
Active defense: introducing a stateful vulnerability scanner for APIs
Cloudflare’s new Web and API Vulnerability Scanner helps teams proactively find logic flaws. By using AI to build API call graphs, we identify vulnerabilitie...
Complexity is a choice. SASE migrations shouldn’t take years.
Discover how Cloudflare partners TachTech and Adapture are shattering the 18-month migration myth, deploying agile SASE for global enterprises in weeks by tr...
From the endpoint to the prompt: a unified data security vision in Cloudflare One
Cloudflare One unifies data security from endpoint to prompt: RDP clipboard controls, operation-mapped logs, on-device DLP, and Microsoft 365 Copilot scannin...
Ending the "silent drop": how Dynamic Path MTU Discovery makes the Cloudflare One Client more resilient
The Cloudflare One Client now features the ability to actively probe and adjust packet sizes. This update eliminates the problems caused by tunnel layering a...
How Automatic Return Routing solves IP overlap
Automatic Return Routing (ARR) solves the common enterprise challenge of overlapping private IP addresses by using stateful flow tracking instead of traditio...
A QUICker SASE client: re-building Proxy Mode
By transitioning the Cloudflare One Client to use QUIC streams for Proxy Mode, we eliminated the overhead of user-space TCP stacks, resulting in a 2x increas...