Best of Cloudflare2025

  1. 1
    Article
    Avatar of cloudflareCloudflare·34w

    Every Cloudflare feature, available to everyone

    Cloudflare announces a major shift in its product strategy, making nearly all enterprise-only features available to customers on any plan without requiring sales calls or contracts. The rollout begins with Single Sign-On (SSO) for the dashboard, which is now accessible to all users. This change aims to democratize access to advanced security and performance tools, removing the traditional two-tiered system that restricted powerful features to large organizations. Future product releases will follow this self-service model from launch.

  2. 2
    Article
    Avatar of cloudflareCloudflare·34w

    Announcing Cloudflare Email Service’s private beta

    Cloudflare launches Email Service in private beta, combining email sending and routing capabilities. Developers can send transactional emails directly from Workers using native bindings without API keys. The service includes automatic DNS configuration for deliverability, global delivery infrastructure, and integration with existing email frameworks like React Email. Email Routing allows processing incoming emails with Workers for automated workflows.

  3. 3
    Article
    Avatar of cloudflareCloudflare·32w

    How we found a bug in Go's arm64 compiler

    Cloudflare discovered a race condition in Go's arm64 compiler that caused sporadic crashes during stack unwinding. The bug occurred when async preemption interrupted a split stack pointer adjustment in function epilogues, leaving the stack in an invalid state. Through systematic debugging involving coredumps, disassembly analysis, and reproducer creation, they traced crashes to a one-instruction race where the runtime preempted between two ADD opcodes adjusting RSP. The fix ensures stack pointer modifications happen atomically by building offsets in temporary registers first.

  4. 4
    Article
    Avatar of cloudflareCloudflare·34w

    Cloudflare just got faster and more secure, powered by Rust

    Cloudflare has replaced their core NGINX-based proxy system (FL1) with a new Rust-based modular proxy (FL2) built on their Oxy framework. The migration delivers a 25% performance boost with 10ms faster median response times, uses less than half the CPU and memory, and provides better security through Rust's memory safety guarantees. The new modular architecture allows faster product development, graceful restarts without dropping connections, and eliminates the incremental performance cost of adding new features that plagued the legacy system.

  5. 5
    Article
    Avatar of cloudflareCloudflare·27w

    Replicate is joining Cloudflare

    Cloudflare acquires Replicate, a platform for running AI models with 50,000+ models in its catalog. The integration will bring Replicate's model catalog and fine-tuning capabilities to Cloudflare's Workers AI platform, while maintaining existing APIs for current users. The combined platform aims to provide serverless GPU inference on Cloudflare's global network, unified model management through AI Gateway, and seamless integration with Cloudflare's developer tools including Workers, R2, Vectorize, and Durable Objects.

  6. 6
    Article
    Avatar of cloudflareCloudflare·30w

    From .com to .anything: introducing Top-Level Domain (TLD) insights on Cloudflare Radar

    Cloudflare Radar launched a new Top-Level Domain (TLD) insights page that provides comprehensive data on TLD popularity, traffic patterns, and security metrics. The page uses DNS Magnitude—a metric measuring how many unique networks query domains within a TLD—to rank over 2,500 TLDs. Surprisingly, .su (Soviet Union's legacy TLD) tops the ranking due to queries from a popular online game. Individual TLD pages offer detailed information including DNSSEC support, RDAP availability, DNS query volumes, certificate issuance data, and geographic distribution. The feature extends existing DNS insights to all delegated TLDs and integrates with Cloudflare Registrar for domain registration. All data is accessible via API and the Radar Data Explorer.

  7. 7
    Article
    Avatar of cloudflareCloudflare·35w

    Supporting the future of the open web: Cloudflare is sponsoring Ladybird and Omarchy

    Cloudflare announces sponsorship of two independent open source projects: Ladybird, a new browser built completely from scratch with its own rendering and JavaScript engines, and Omarchy, an opinionated Arch Linux distribution designed for developers. Both projects aim to provide alternatives in ecosystems dominated by a few major players, with Ladybird challenging browser consolidation around Chromium and Omarchy making Linux more accessible for development work.

  8. 8
    Article
    Avatar of cloudflareCloudflare·44w

    Cloudflare 1.1.1.1 Incident on July 14, 2025

    Cloudflare's 1.1.1.1 DNS resolver experienced a 62-minute global outage on July 14, 2025, caused by an internal configuration error that inadvertently linked the resolver's IP prefixes to a non-production Data Localization Suite service. The issue originated from a dormant misconfiguration made on June 6, which was triggered when changes were made to the test service on July 14, causing BGP route withdrawals globally. The outage affected most DNS resolution methods except DNS-over-HTTPS traffic using the cloudflare-dns.com domain. Cloudflare is addressing the root cause by deprecating legacy systems and implementing staged deployment methodologies.

  9. 9
    Article
    Avatar of cloudflareCloudflare·24w

    Python Workers redux: fast cold starts, packages, and a uv-first workflow

    Cloudflare Python Workers now support any Pyodide-compatible package with significantly faster cold starts than competitors. Using memory snapshots and WebAssembly architecture, Workers achieve 2.4x faster cold starts than AWS Lambda and 3x faster than Google Cloud Run when loading common packages. The platform integrates with uv for package management through pywrangler tooling, enabling easy deployment of Python applications globally. Technical innovations include memory snapshot restoration, careful entropy handling for randomness, and function pointer table management to eliminate Python initialization overhead during cold starts.

  10. 10
    Article
    Avatar of cloudflareCloudflare·29w

    So long, and thanks for all the fish: how to escape the Linux networking stack

    Cloudflare engineers developed a custom service called SLATFATF ("fish") to handle IP packet forwarding using their soft-unicast addressing system, which shares IP addresses across machines. The team encountered fundamental conflicts between Linux's socket subsystem and Netfilter's conntrack module when attempting to use both packet rewriting and bound sockets simultaneously. After exploring solutions including Netlink interfaces, TCP_REPAIR, and TCP Fast Open with cookieless connections, they discovered that Linux's "early demux" optimization bypassed custom routing rules. Despite successfully implementing workarounds, they ultimately chose to terminate TCP connections rather than forward raw IP packets due to better observability and minimal performance impact.

  11. 11
    Article
    Avatar of cloudflareCloudflare·35w

    Cap'n Web: a new RPC system for browsers and web servers

    Cap'n Web is a new open-source RPC protocol built in TypeScript that brings object-capability features to web development. Unlike traditional RPC systems, it requires no schemas or boilerplate, supports bidirectional calling, function passing by reference, and promise pipelining. The protocol works over HTTP, WebSocket, and postMessage, compresses to under 10kB, and enables complex interactions like authentication patterns and array operations in single network round trips. It aims to solve GraphQL's waterfall problem while maintaining familiar JavaScript programming patterns.

  12. 12
    Article
    Avatar of cloudflareCloudflare·1y

    Forget IPs: using cryptography to verify bot and agent traffic

    As the distinction between malicious and beneficial bots becomes blurred due to increased AI traffic, Cloudflare proposes using cryptographic methods to authenticate bots. This approach includes HTTP message signatures and request mTLS to verify bot identity. These methods aim to replace outdated IP address validation, providing a reliable way for bots to declare their identity. Both mechanisms are explored, with the potential to integrate them into broader bot management and AI audit systems, aimed at enhancing both security and traffic control for websites.

  13. 13
    Article
    Avatar of cloudflareCloudflare·1y

    Your frontend, backend, and database — now in one Cloudflare Worker

    Cloudflare Workers now supports end-to-end hosting for static sites and full-stack applications, with GA framework support for React Router v7, Astro, Vue, and more. It allows integration with PostgreSQL and MySQL via Hyperdrive, providing a seamless way to host projects without needing separate platforms. New features include Vite plugin support, extended Node.js API compatibility, and enhanced deployment tools, making Cloudflare Workers a versatile platform for developers.

  14. 14
    Article
    Avatar of cloudflareCloudflare·22w

    Code Orange: Fail Small — Our resilience plan following recent incidents

    Cloudflare declared "Code Orange: Fail Small" following two major outages in November and December 2025. Both incidents were caused by instantaneous global deployment of configuration changes that broke the network. The resilience plan focuses on three areas: implementing controlled rollouts for configuration changes (similar to existing software deployment processes), reviewing and improving failure modes across all systems to handle errors gracefully, and fixing break glass procedures to remove circular dependencies. The goal is to ensure configuration changes pass through testing gates before global deployment, preventing single changes from taking down the entire network.

  15. 15
    Article
    Avatar of cloudflareCloudflare·47w

    Containers are available in public beta for simple, global, and programmable compute

    Cloudflare Containers are now in public beta, allowing developers to deploy containerized applications alongside Workers globally. The service offers simple deployment via wrangler, automatic global distribution, on-demand scaling, and tight integration with the Cloudflare developer platform. Containers can be programmatically controlled by Workers code, support various instance sizes, and use pay-per-use pricing. Future features include autoscaling, larger instances, and deeper platform integrations.

  16. 16
    Article
    Avatar of cloudflareCloudflare·1y

    Introducing AutoRAG: fully managed Retrieval-Augmented Generation on Cloudflare

    AutoRAG, now in open beta, is a fully managed Retrieval-Augmented Generation (RAG) pipeline from Cloudflare that simplifies the integration of context-aware AI into applications. It automates the creation and maintenance of RAG pipelines, eliminating the need for manual indexing and embedding. AutoRAG uses Cloudflare's R2 for data storage, Vectorize for semantic search, and Workers AI for processing. It can handle various data types and continuously updates to ensure up-to-date information for AI responses.

  17. 17
    Article
    Avatar of cloudflareCloudflare·25w

    Why Replicate is joining Cloudflare

    Replicate, a platform for running machine learning models as APIs, has been acquired by Cloudflare. Founded in 2019 to make research models accessible to developers through tools like Cog, Replicate became a key infrastructure provider during the Stable Diffusion era. The acquisition enables integration with Cloudflare's network infrastructure, Workers, R2, and other services to build a comprehensive AI stack. The combined platform aims to support edge model execution, instant-booting Workers for model pipelines, and WebRTC streaming for model inputs and outputs.

  18. 18
    Article
    Avatar of cloudflareCloudflare·40w

    Announcing the Cloudflare Browser Developer Program

    Cloudflare launches a Browser Developer Program to collaborate with browser development teams on improving compatibility between browsers and Cloudflare's security systems like Challenges and Turnstile. The program offers direct communication channels, best practices, early access to updates, and testing integration. It aims to balance security needs with supporting the diverse browser ecosystem, from mainstream browsers to privacy-focused, embedded, and specialized browsers that collectively represent a significant portion of web traffic.

  19. 19
    Article
    Avatar of cloudflareCloudflare·47w

    Russian Internet users are unable to access the open Internet

    Russian ISPs have been throttling internet connections to Cloudflare-protected websites since June 9, 2025, limiting data transfer to only 16 KB per connection. This effectively renders most web navigation impossible for Russian users. The throttling affects all connection protocols including HTTP/1.1, HTTP/2, and HTTP/3, and is implemented through various mechanisms like packet injection and connection blocking. Multiple ISPs including Rostelecom, Megafon, and MTS are participating in these restrictions, which appear to be part of Russia's broader effort to isolate its internet infrastructure from Western technology providers.

  20. 20
    Article
    Avatar of cloudflareCloudflare·45w

    How TimescaleDB helped us scale analytics and reporting

    Cloudflare migrated from vanilla PostgreSQL to TimescaleDB for their Digital Experience Monitoring and Zero Trust Analytics products, achieving 5-35x query performance improvements and 33x storage compression. The team initially chose PostgreSQL over ClickHouse to maintain architectural simplicity, but as data scaled to billions of rows, they needed better performance. TimescaleDB provided automatic partitioning, continuous aggregates, columnstore compression, and sparse indexes while maintaining PostgreSQL compatibility. Key optimizations included proper index column ordering, compression policies, and segmentation strategies that dramatically improved query latency and reduced storage costs.

  21. 21
    Article
    Avatar of cloudflareCloudflare·48w

    Connect any React application to an MCP server in three lines of code

    Cloudflare open-sourced use-mcp, a React library that connects to Model Context Protocol (MCP) servers with just 3 lines of code, handling transport protocols, authentication, and session management automatically. The library supports OAuth 2.1, connection retries, real-time state management, and both Server-Sent Events and Streamable HTTP transport methods. Additionally, Cloudflare released their AI Playground source code, a complete chat interface that demonstrates MCP integration with Workers AI and provides debugging capabilities for MCP connections.

  22. 22
    Article
    Avatar of cloudflareCloudflare·29w

    Go and enhance your calm: demolishing an HTTP/2 interop problem

    Cloudflare engineers discovered that Go's HTTP/2 client implementation sends unnecessary RST_STREAM and PING frames when closing response bodies without reading them first, even when empty. This behavior triggered Cloudflare's PING flood DDoS mitigations, causing connections to close with ENHANCE_YOUR_CALM errors. The solution is to always fully read response bodies using io.Copy(io.Discard, resp.Body) before closing them, especially when reusing connections for multiple requests. The issue highlights how legitimate HTTP/2 client behavior can inadvertently mimic attack patterns and trigger security defenses.

See all Cloudflare archives