Troy Hunt: CloudFlare - Troy Hunt

Sponsored by:

CloudFlare

A 8-post collection

Seamless A/B Testing, Deployment Slots and DNS Rollover with Azure Functions and Cloudflare Workers

Two of my favourite developer things these days are Azure Functions and Cloudflare Workers. They're both "serverless" in that rather than running on your own slice of infrastructure, that concept is abstracted away and you get to focus on just code executions rather than the logical bounds of the server it runs on. So for example, when you have an Azure function and you deploy it under a consumption plan, you pay for per-second resource consumption (how much memory you use for how long) and the number of times it executes. If you have an efficient function that executes quickly it can be extremely cost effective as I recently demonstrated with the Pwned Passwords figures: So here'...

I Wanna Go Fast: Why Searching Through 500M Pwned Passwords Is So Quick

In the immortal words of Ricky Bobby, I wanna go fast. When I launched Pwned Passwords V2 last week, I made it fast - real fast - and I want to talk briefly here about why that was important, how I did it and then how I've since shaved another 56% off the load time for requests that hit the origin. And a bunch of other cool perf stuff while I'm here. Why Speed Matters for Pwned Passwords Firstly, read the previous post about k-Anonymity and protecting the privacy of passwords to save me repeating it all here. I've been amazed at how quickly this has been adopted since I pushed it out very early on Thursday morning my time....

Pragmatic thoughts on #CloudBleed

It has a cool name and a logo - this must be serious! Since Heartbleed, bug branding has become a bit of a thing and more than anything, it points to the way vulnerabilities like these are represented by the press. It helps with headlines and I'm sure it does wonderful things for bug (brand?) recognition, but it also has a way of drumming up excitement and sensationalism in a way that isn't always commensurate with the actual risk. That said, the Cloudflare bug is bad, but the question we need to be asking is "how bad"? I saw the news break yesterday morning my time and I've been following it closely since. As I've written a lot...

Should you care about the quality of your neighbours on a SAN certificate?

We've all had bad neighbours before. Perhaps they were noisy, maybe the kids ran riot or they could have been just continually snaring all the visitor parking spots in your apartment building (bastards). But last week, someone popped up with another bad neighbour story which was quite different to usual... Fellow MVP Paul Cunningham runs a blog over at paulcunningham.me and for the most part, it looks like any other ordinary blog: Now being a forward-thinking bloke, Paul has elected to serve his blog over HTTPS and as I've advocated for many times in the past, he chose to go with Cloudflare to do it. It would have been a 5-minute job for Paul; create the site on Cloudflare,...

Azure Functions in practice

I wrote recently about how Have I been pwned (HIBP) had an API rate limit introduced and then brought forward which was in part a response to large volumes of requests against the API. It was causing sudden ramp ups of traffic that Azure couldn't scale fast enough to meet and was also hitting my hip pocket as I paid for the underlying infrastructure to scale out in response. By limiting requests to one per every 1.5 seconds and then returning HTTP 429 in excess of that, the rate limit meant there was no longer any point in hammering away at the service. However, just because there's no point in it doesn't mean that people aren't going to do...

CloudFlare, SSL and unhealthy security absolutism

Let's start with a quick quiz: Take a look at haveibeenpwned.com (HIBP) and tell me where the traffic is encrypted between: You see HTTPS which is good so you know it's doing crypto things in your browser, but where's the other end of the encryption? I mean at what point is the traffic decrypted? Many people would say it's at the web server but it's not, it's upstream of there at Microsoft's appliances that sits in front of the web application PaaS offering. You might see a padlock, but your traffic is not encrypted all the way to the server. But it's not just HIBP and it's not just Microsoft either, many of the websites you visit every day...

It's a new blog!

It's been 434 blog posts over six and a half years. It's gone from being excited about a hundred visitors in a week to hundreds of thousands on a big day. It's taken me from a hobby to a career. In so many ways, this blog has defined who I am and what I do today but finally, it was time for a change. You're now reading an all new blog in an all new design on an all new platform. The content is the only thing that remains and I've literally rebuilt everything from the ground up over the last few months. Over that time, I've made many promises to explain how I decided to do it so my...

How to get your SSL for free on a Shared Azure website with CloudFlare

This content is now available in the Pluralsight course "Getting Started with CloudFlare Security" As you may be well aware by this, Microsoft’s Azure gets me rather excited. That’s not without merit IMHO, it’s a sensational product for all the reasons you can read about in the blog posts at the end of that link. Almost without exception, when I get a question about Azure I have an awesome answer ready to go. Almost… The one question that throws me is the one I was once again asked just recently: I can only justify paying for a Shared Azure website but I need SSL – what do I do? I have...