cPanel Forums

Today we are announcing the general availability of Zone Versioning for enterprise customers. Zone Versioning allows you to safely manage zone configuration by versioning changes and choosing how and when to deploy those changes to defined environments of traffic. Previously announced as HTTP Applications, we have redesigned the experience based on testing and feedback to provide a seamless experience for customers looking to safely rollout configuration changes.Problems with making configuration changesThere are two problems we have heard from customers that Zone Versioning aims to solve:How do I test changes to my zone safely?If I do end up making a change that impacts my traffic negatively, how can I quickly revert that change?Customers have worked out various ways of solving these problems. For problem #1, customers will create staging zones that live on a different hostname, often taking the form staging.example.com, that they make changes on first to ensure that those changes will work when deployed to their production zone. When making more than one change this can become troublesome as they now need to keep track of all the changes made to make the exact same set of changes on the production zone. Also, it is possible that something tested in staging never makes it to production, but yet is not rolled back, so now the two environments differ in configuration.For problem #2, customers often keep track of what changes were made and when they were deployed in a ticketing

Today, we’re sharing the release of two new SaaS integrations for Cloudflare CASB - Salesforce and Box - in order to help CIOs, IT leaders, and security admins swiftly identify looming security issues present across the exact type of tools housing this business-critical data.Recap: What is Cloudflare CASB?Released in September, Cloudflare’s API CASB has already proven to organizations from around the world that security risks - like insecure settings and inappropriate file sharing - can often exist across the friendly SaaS apps we all know and love, and indeed pose a threat. By giving operators a comprehensive view of the issues plaguing their SaaS environments, Cloudflare CASB has allowed them to effortlessly remediate problems in a timely manner before they can be leveraged against them.But as both we and other forward-thinking administrators have come to realize, it’s not always Microsoft 365, Google Workspace, and business chat tools like Slack that contain an organization’s most sensitive information.Scan Salesforce with Cloudflare CASBThe first Software-as-a-Service. Salesforce, the sprawling, intricate, hard-to-contain Customer Relationship Management (CRM) platform, gives workforces a flexible hub from which they can do just as the software describes: manage customer relationships. Whether it be tracking deals and selling opportunities, managing customer conversations, or storing contractual agreements, Salesforce has truly become the ubiquitous solution for organizat

This post is also available in 简体中文, Deutsch, 日本語, Français and Español. The landscape of email security is constantly changing. One aspect that remains consistent is the reliance of email as the beginning for the majority of threat campaigns. Attackers often start with a phishing campaign to gather employee credentials which, if successful, are used to exfiltrate data, siphon money, or perform other malicious activities. This threat remains ever present even as companies transition to moving their email to the cloud using providers like Microsoft 365 or Google Workspace.In our pursuit to help build a better Inteet and tackle online threats, Cloudflare offers email security via our Area 1 product to protect all types of email inboxes - from cloud to on premise. The Area 1 product analyzes every email an organization receives and uses our threat models to assess if the message poses risk to the customer. For messages that are deemed malicious, the Area 1 platform will even prevent the email from landing in the recipient's inbox, ensuring that there is no chance for the attempted attack to be successful.We try to provide customers with the flexibility to deploy our solution in whatever way they find easiest. Continuing in this pursuit to make our solution as tukey as possible, we are excited to announce our open beta for Microsoft 365 domain onboarding via the Microsoft Graph API. We know that domains onboarded via API offer quicker deployment times and more flexibility. Th

This post is also available in 简体中文, 日本語, Deutsch, Français and Español. As CIOs navigate the complexities of stitching together multiple solutions, we are extending our partnership with Microsoft to create one of the best Zero Trust solutions available. Today, we are announcing four new integrations between Azure AD and Cloudflare Zero Trust that reduce risk proactively. These integrated offerings increase automation allowing security teams to focus on threats versus implementation and maintenance.What is Zero Trust and why is it important?Zero Trust is an overused term in the industry and creates a lot of confusion. So, let's break it down. Zero Trust architecture emphasizes the “never trust, always verify” approach. One way to think about it is that in the traditional security perimeter or “castle and moat” model, you have access to all the rooms inside the building (e.g., apps) simply by having access to the main door (e.g., typically a VPN).  In the Zero Trust model you would need to obtain access to each locked room (or app) individually rather than only relying on access through the main door. Some key components of the Zero Trust model are identity e.g., Azure AD (who), apps e.g., a SAP instance or a custom app on Azure (applications), policies e.g. Cloudflare Access rules (who can access what application), devices e.g. a laptop managed by Microsoft Intune (the security of the endpoint requesting the access) and other contextual signals.Zero Trust is even more importa

This post is also available in 简体中文, 日本語, Deutsch, Français and Español. Today, we're excited to announce that Cloudflare Access and Gateway now support the System for Cross-domain Identity Management (SCIM) protocol. Before we dive into what this means, let's take a step back and review what SCIM, Access, and Gateway are.SCIM is a protocol that enables organizations to manage user identities and access to resources across multiple systems and domains. It is often used to automate the process of creating, updating, and deleting user accounts and permissions, and to keep these accounts and permissions in sync across different systems.For example, most organizations have an identity provider, such as Okta or Azure Active Directory, that stores information about its employees, such as names, addresses, and job titles. The organization also likely uses cloud-based applications for collaboration. In order to access the cloud-based application, employees need to create an account and log in with a useame and password. Instead of manually creating and managing these accounts, the organization can use SCIM to automate the process. Both the on-premise system and the cloud-based application are configured to support SCIM.When a new employee is added to, or removed from, the identity provider, SCIM automatically creates an account for that employee in the cloud-based application, using the information from the on-premises system. If an employee's information is updated in the identity

Cloudflare has been helping global organizations offer their users a consistent experience all over the world. This includes mainland China, a market our global customers cannot ignore but that continues to be challenging for infrastructure teams trying to ensure performance, security and reliability for their applications and users both in and outside mainland China. We are excited to announce China Express — a new suite of capabilities and best practices in partnership with our partners China Mobile Inteational (CMI) and CBC Tech — that help address some of these performance challenges and ensure a consistent experience for customers and employees everywhere.Cloudflare has been providing Application Services to users in mainland China since 2015, improving performance and security using in-country data centers and caching. Today, we have a presence in 30 cities in mainland China thanks to our strategic partnership with JD Cloud. While this delivers significant performance improvements, some requests still need to go back to the origin servers which may live outside mainland China. With limited inteational Inteet gateways and restrictive cross-border regulations, inteational traffic has a very high latency and packet drop rate in and out of China. This results in inconsistent cached content within China and a poor experience for users trying to access dynamic content that requires frequent access to the origin.Last month, we expanded our Cloudflare One, Zero Trust ne

Cloudflare’s Application Services have been hard at work keeping Inteet-facing websites and applications secure, fast, and reliable for over a decade. Cloudflare One provides similar security, performance, and reliability benefits for your entire corporate network. And today, we’re excited to announce new integrations that make it possible to use these services together in new ways. These integrations unlock operational and cost efficiencies for IT teams by allowing them to do more with fewer tools, and enable new use cases that are impossible without Cloudflare’s  “every service everywhere” architecture.“Just as Canva simplifies graphic design, Cloudflare simplifies performance and security. Thanks to Cloudflare, we can focus on growing our product and expanding into new markets with confidence, knowing that our platform is fast, reliable, and secure.” - Jim Tyrrell, Head of Infrastructure, CanvaEvery service everywhere, now for every networkOne of Cloudflare’s fundamental architectural principles has always been to treat our network like one homogeneous supercomputer. Rather than deploying services in specific locations - for example, using some of our points of presence to enforce WAF policies, others for Zero Trust controls, and others for traffic optimization - every server runs a virtually identical stack of all of our software services. This way, a packet can land on any server and flow through a full set of security filters in a single pass, without having to incur

As part of CIO week, we are announcing a new integration between our DNS Filtering solution and our Partner Tenant platform that supports parent-child policy requirements for our partner ecosystem and our direct customers. Our Tenant platform, launched in 2019, has allowed Cloudflare partners to easily integrate Cloudflare solutions across millions of customer accounts. Cloudflare Gateway, introduced in 2020, has grown from protecting personal networks to Fortune 500 enterprises in just a few short years. With the integration between these two solutions, we can now help Managed Service Providers (MSPs) support large, multi-tenant deployments with parent-child policy configurations and account-level policy overrides that seamlessly protect global employees from threats online.Why work with Managed Service Providers?Managed Service Providers (MSPs) are a critical part of the toolkit of many CIOs. In the age of disruptive technology, hybrid work, and shifting business models, outsourcing IT and security operations can be a fundamental decision that drives strategic goals and ensures business success across organizations of all sizes. An MSP is a third-party company that remotely manages a customer's information technology (IT) infrastructure and end-user systems. MSPs promise deep technical knowledge, threat insights, and tenured expertise across a variety of security solutions to protect from ransomware, malware, and other online threats. The decision to partner with an MSP can

Ping was bo in 1983 when the Inteet needed a simple, effective way to measure reachability and distance. In short, ping (and subsequent utilities like traceroute and MTR)  provides users with a quick way to validate whether one machine can communicate with another. Fast-forward to today and these network utility tools have become ubiquitous. Not only are they now the de facto standard for troubleshooting connectivity and network performance issues, but they also improve our overall quality of life by acting as a common suite of tools almost all Inteet users are comfortable employing in their day-to-day roles and responsibilities.Making network utility tools work as expected is very important to us, especially now as more and more customers are building their private networks on Cloudflare. Over 10,000 teams now run a private network on Cloudflare. Some of these teams are among the world's largest enterprises, some are small crews, and yet others are hobbyists, but they all want to know - can I reach that?That’s why today we’re excited to incorporate support for these utilities into our already expansive troubleshooting toolkit for Cloudflare Zero Trust. To get started, sign up to receive beta access and start using the familiar debugging tools that we all know and love like ping, traceroute, and MTR to test connectivity to private network destinations running behind Tunnel.Cloudflare Zero TrustWith Cloudflare Zero Trust, we’ve made it ridiculously easy to build your pri

CIO Week 2023へようこその記事で、最高情報責任者が組織の安全性と生産性を維持するために行っている仕事を称えることで、1年をスタートさせたいという話をしました。この一週間で、新サービス、ベータ版、戦略的パートナーシップ、サードパーティとの統合など、テクノロジースタックのあらゆる側面に関わる発表をご覧いただきました。この要約のブログでは、各発表を要約し、一般公開（GA）、ベータ版にある機能、またはロードマップ上に記載されている機能をラベル付けしています。私たちは、さらに包括的なフィッシング対策機能やMicrosoftのエコシステムとのより深い統合機能など、お客様からご要望いただいた重要な機能を提供しました。今後については、Digital Experience Monitoringのような新しい技術カテゴリーのロードマップや、Cloudflareのネットワークを通じて任意のソースから任意の宛先へのトラフィックのルーティングを極めて簡単なものにするという私たちのビジョンについても説明しました。私たちが立ち上げたものはすべて、CIOの方々へDXへの取り組みを加速していただくために設計されたものです。本ブログでは、CIOの方々がCloudflareとの提携を検討する際に抱いてほしい3つの感情を軸に、発表内容を整理しました。CIOの皆様によるZero TrustとSASEへのロードマップを策定がより簡単に：組織にZero Trustセキュリティベストプラクティスを採用し、Secure Access Service Edge（SASE）といった意欲的なアーキテクチャに移行しやすくする新機能と緊密な統合を発表しました。CIOの皆様が適切なテクノロジーとチャネルパートナーを見つけることを可能に：組織が適切な専門知識にアクセスして、すでに使用しているテクノロジーを使ってITとセキュリティを自分のペースで近代化するための統合とプログラミングを発表しました。CIOの皆様によるマルチクラウド戦略の合理化を簡単に：多様性を極めるクラウド環境間におけるトラフィックの接続、保護、高速化の新たな方法を発表しました。Cloudflareが開催する多くの2023年イノベーションウィークの第1弾CIO Weekをご覧いただき、ありがとうございます。私たちのイノベーションのペースについていくのは時には難しいかもしれませんが、このブログを読み、私たちの要約のウェビナーに登録していただければ幸いです！ITとセキュリティを近代化し、組織におけるごCIOの業務をより快適にする方法についてご相談されたい方は、こちらのフォームにご記入ください。Zero TrustとSASEへの旅をシンプルにアクセスの保護これらのブログ記事では、Zero Trustの達成に必要な、よりきめ細かな制御と包括的な可視化により、すべてのユーザーがあらゆるアプリケーションに迅速、簡単、かつ安全に接続することに焦点を当てています。 .tg {border-collapse:collapse;border-color:#aaa;border-spacing:0;} .tg td{background-color:#fff;border-color:#aaa;border-style:solid;border-width:1px;color:#333; font-family:Arial, sans-serif;font-size:14px;overflow:hidden;padding:10px 5px;word

This post is also available in 日本語, 简体中文, Français, and Español. In our Welcome to CIO Week 2023 post, we talked about wanting to start the year by celebrating the work Chief Information Officers do to keep their organizations safe and productive. Over the past week, you leaed about announcements addressing all facets of your technology stack – including new services, betas, strategic partnerships, third party integrations, and more. This recap blog summarizes each announcement and labels what capability is generally available (GA), in beta, or on our roadmap.We delivered on critical capabilities requested by our customers – such as even more comprehensive phishing protection and deeper integrations with the Microsoft ecosystem. Looking ahead, we also described our roadmap for emerging technology categories like Digital Experience Monitoring and our vision to make it exceedingly simple to route traffic from any source to any destination through Cloudflare’s network. Everything we launched is designed to help CIOs accelerate their pursuit of digital transformation. In this blog, we organized our announcement summaries based on the three feelings we want CIOs to have when they consider partnering with Cloudflare:CIOs now have a simpler roadmap to Zero Trust and SASE: We announced new capabilities and tighter integrations that make it easier for organizations to adopt Zero Trust security best practices and move towards aspirational architectures like Secure Access Service Edge

This post is also available in 简体中文, 日本語 and Español. For CIOs, networking is a hard process that is often made harder. Corporate networks have so many things that need to be connected and each one of them needs to be connected differently: user devices need managed connectivity through a Secure Web Gateway, offices need to be connected using the public Inteet or dedicated connectivity, data centers need to be managed with their own private or public connectivity, and then you have to manage cloud connectivity on top of it all! It can be exasperating to manage connectivity for all these different scenarios and all their privacy and compliance requirements when all you want to do is enable your users to access their resources privately, securely, and in a non-intrusive manner.Cloudflare helps simplify your connectivity story with Cloudflare One. Today, we’re excited to announce that we support direct cloud interconnection with our Cloudflare Network Interconnect, allowing Cloudflare to be your one-stop shop for all your interconnection needs.Customers using IBM Cloud, Google Cloud, Azure, Oracle Cloud Infrastructure, and Amazon Web Services can now open direct connections from their private cloud instances into Cloudflare. In this blog, we’re going to talk about why direct cloud interconnection is important, how Cloudflare makes it easy, and how Cloudflare integrates direct cloud connection with our existing Cloudflare One products to bring new levels of security to your cor

panic: Invalid TCP packet: TruncatedA few months ago we started getting a handful of crash reports for flowtrackd, our Advanced TCP Protection system that runs on our global network. The provided stack traces indicated that the panics occurred while parsing a TCP packet that was truncated.What was most interesting wasn’t that we failed to parse the packet. It isn’t rare that we receive malformed packets from the Inteet that are (deliberately or not) truncated. Those packets will be caught the first time we parse them and won’t make it to the latter processing stages. However, in our case, the panic occurred the second time we parsed the packet, indicating it had been truncated after we received it and successfully parsed it the first time. Both parse calls were made from a single green thread and referenced the same packet buffer in memory, and we made no attempts to mutate the packet in between.It can be easy to dread discovering a bug like this. Is there a race condition? Is there memory corruption? Is this a keel bug? A compiler bug? Our plan to get to the root cause of this potentially complex issue was to identify symptom(s) related to the bug, create theories on what may be occurring and create a way to test our theories or gather more information.Before we get into the details we first need some background information about AF_XDP and our setup.AF_XDP overviewAF_XDP is the high performance asynchronous user-space networking API in the Linux keel. For network devi

Project Jengo is a Cloudflare effort to fight back against patent trolls by flipping the incentive structure that has encouraged the growth of patent trolls who extract settlements out of companies using frivolous lawsuits. We do this by asking the public to identify prior art that can invalidate any of the patents that a troll holds – not just the ones that are asserted against Cloudflare.Since we launched Project Jengo over five years ago, we’ve given out over $135,000 to individuals who helped us find prior art to invalidate patents owned by patent trolls. By invalidating those patents – many of which are so blatantly marginal or broad that they never should have been granted in the first place – we hope to decrease the amount of harassment and frivolous lawsuits that patent trolls bring against innovative technology companies.Today, we’re excited to announce three new Project Jengo winners. These individuals have helped us push forward our effort to take down patent trolls, and continue to fight trolling in favor of innovation.The patent trollThe current case involves a patent troll called Sable Networks who asserted four patents that generally describe a flow-based router or a mechanism for identifying and penalizing misbehaving flows against Cloudflare. We’ve implemented Project Jengo against Sable on those four patents and their six other patents, which they haven’t asserted against Cloudflare. Today’s recipients have helped us in that fight.And we continue to fight Sa