Cloudflare Workers Q&A
Presented by: Kristian Freeman, Albert Zhao
Originally aired on March 2, 2024 @ 11:00 AM - 11:30 AM CST
Workers Q&A with Developer Advocate Kristian Freeman and Workers Community Manager Albert Zhao - celebrating 1000 members on the Workers Discord server.
To ask questions about Cloudflare Workers and Pages, please join the Discord
English
Q&A
Cloudflare Workers
Transcript (Beta)
Hey everybody, I think we should be live. It might take a couple seconds for things to kind of get situated here And Albert's gonna post in the discord as well and let everyone know Sometimes YouTube doesn't work and you need to refresh and all that stuff Well, hello.
I'm Kristian Freeman I'm the developer advocate for workers and pages and I'm joined by Albert.
You want to introduce yourself Albert? Hey, I'm Albert.
I'm the workers community manager So we are here for our Is this our second community call or is it our third?
Second second. Okay. This is our second one. All our tech is upgraded.
We're now live -streaming on YouTube We're the real deal now.
We're professionals and influencers. It's happening So we have a bunch of questions to get through We have so many questions to get through and we're gonna try and fit all of them if we don't have time I didn't know we have this on our calendars for like half an hour We'll see what we can get to you, but we will make sure regardless that all of your questions do get answered Whether that's like in the text chat or I don't know wherever else so Yeah, I guess the first thing I want to do is we do have like a couple Couple announcements, which we're super excited about The first is that basically any moment now pages is gonna be entering Let me make sure I get the right technical term here open beta is what we're calling it So it's gonna mean, you know If you're in the discord and you've been asking for access to pages You don't have it yet.
If you signed up for a waitlist, you should be able to start deploying your projects that's happening Like right now as we speak So if you don't see it right now go to the dashboard in like 10 minutes and you should be able to deploy your first pages project Which we are super super super excited about So that's the first thing.
Yeah, like I need to have like a sound board It's like and I like cheering and like confetti and like we're beyond excited about that.
So it's gonna be really really exciting Let us know in the discord.
If you're not in the discord, there's a link in the description And yeah, so Andrew says any moment today like you literally right now In the next 10-15 minutes.
The code is being deployed So yeah super excited about that the other thing that I want to shout out before we hop into the Questions is a new thing that Albert and I've been working on called works on workers You can find this at workers Cloudflare.com slash works and this is a community contributed list of open source packages and Tooling and things that we recommend people use for Cloudflare Workers projects So things like authentication packages we like routing packages we like all of that kind of stuff and the best part of it is that it is Like I said community contributed So if you come down here and you have a package you want to show us or you want people to use because it's helped you in the past you can go to submit new packages here and Albert and I will take a look at it And we have a couple other people that help us kind of look at these and evaluate them so thanks to our community champs who have been really helpful in this process and Yeah, we're really excited about it.
We'll put a link to it in the in the discord chat as well Is there anything you want to add about that Albert?
No, you nailed it. Okay, so Making sure I got all my stream stuff back.
So, okay, so we're back on the mainstream here So yeah, let's hop into some questions Real quick.
I'll also say the Q&A channel.
We've got a ton of questions there so far. Thank you to everyone who submitted those Feel free to submit more questions if something comes up during this But I will say we probably will not answer any new questions during the stream.
But like I said, we'll try and get to them You know whenever possible and like last month when we did this we'll also put a doc up like a Google Doc That will have all of the answers so you can go back and read them.
So yeah, let's jump into it the first question is from rustation one three three seven and The question is is there a crate available for rust to easily bind Cloudflare specific types?
Like the custom CF properties on the request object HTML rewriter KB namespace, etc I'm currently writing all this code myself, but it would be nice if there was a standard crate maintained by Cloudflare So this is a really good question I actually went and talked to the Wrangler team about this who are kind of our rust experts because our command-line tool is written in Rust so there is not something for this at the moment I would say that multiple people on the team are super interested in it and what it might look like So if you want to help kind of work on that with them, I'm not a rust expert myself So I really have no idea what form that would take but The Wrangler channel in our discord would be a good place to sync up with them on that It sounds like there's been some conversation about it in the past, but there hasn't been any You know work done to build something like that.
I think it's a really good idea though so yeah, make sure to join the Wrangler channel and Yeah, and ask that question there The next question is from Ben Benu How stable does Cloudflare see the workers slash KB ecosystem being that design something expect that will continue to work for five years without updates in General, this is sort of the stability that I look for in AWS and GCP You should feel confident that while you deploy will keep working five years from now Well, the team's not going anywhere and infrastructure isn't for KB.
We also use giant cloud providers to ensure consistent state So the long-term plan may be to eventually host object storage natively But on your end you shouldn't worry if we get off these cloud providers someday or not The next question is from web tax is the Cloudflare Workers team exploring any sort of paid way to upgrade your max number of workers Yes, we are The edge storage for us is really precious and not cheap Contrary to a lot of people think storage costs So we hope to make a payment model so the scales easily if you do have a specific use case where you want us To add more scripts to your account and message me over discord We can take a look next questions from Andrew NYR any plans to switch build limits to build time style pricing like Netlify Instead of the number of builds for pages We're gonna stick with our pages pricing model and we think it's better because it puts less work on the user when they deploy otherwise If you worry about build minutes, you have to worry about tinkering your script to make sure you save on those minutes We just want you guys to deploy And Christian feel free to hop in at any point if you have stuff to add Yeah So far so good But yeah, I like our pricing as well I'd be curious to hear people's feedback on it, but I think we feel like we landed on the right thing You know feedback always welcome for sure Cool the next question is from Jonathan Can you share how progress is going with pages development?
What you're working on and the target date for open beta? Answer one of those already any plan new features coming Yeah, open beta like Christian mentioned is poppin right now and There are a couple things we want to finish before GA namely access integration and running zone settings such as workers Caching on pages post GA there are a lot of things we want to build such as build hooks and pre-built deployments Which will allow you to run pages regardless of your CI CD infrastructure Yeah, I would say particularly the access integration I think is so so cool and I'm really excited for it to land I've seen what it you know will look like and it's gonna be really cool.
So Yeah, that's a really good question It's and like just to reiterate in case people are just tuning in Like the question was when is the target date for open beta?
It's right now. It's today Just super exciting so you can go in and you can deploy stuff if you haven't had access.
I'm until now you should Now if you go in your dashboard and check it out, so make sure to do that after the Q&A definitely stick around Well, I don't know you can go multitask if you want.
It's okay. It's up to you. I won't judge cool, so next question is What is your favorite Cloudflare Workers router?
So this is a really topical question I mentioned earlier.
We just built a page first kind of showcasing this sort of stuff like a favorite You know routers authentication stuff like that.
So I'm gonna take this answer as like my personal opinion There's two routers that I really like one is called eight track a track is written by someone internally at Cloudflare And it's just a really solid router.
I think it supports typescript It's very opinionated I would say but I think it's a really like it's really powerful It has a like basically all of the routing features that you'd want That's what I've recommended in the past a more recent one is 80 router Which I know a member of our community just the guy who wrote that just joined the discord server So say hi if you're at a camera Brisbane, but say hi in the Q&A Channel if you're there, I really like 80 router.
We think we used it in a tutorial recently It's you know as the name suggests.
It's just really small and it's it's really lightweight and the API is really clean.
So So I recommend those two for sure we have a router template that is Fine, it's not it's not like does it should probably include one of these honestly?
It's one of those things I keep meaning to go back to is like update our router template if anyone's interested in helping me With that in the community like hit me up for sure.
I'm very interested in that There's a lot of options out there, right I would say if you're gonna pick something for like your your production app where you're like Wow, I need like all of this like really legit routing semantics a track or 80 router would be Would be the ones to go with in my opinion.
That's just my personal opinion though Yeah, I don't know.
Have you seen any other ones Albert that you can think of besides those two? I'll say it for me.
It's just those two as well. Yeah, cool The next question is from space matrix When will durable objects be available for the general public and is there a chance to get into the program at this point?
Really want to get started evaluating ideas on how to use durable objects for my upcoming project build Is there a limit on the amount of requests that one worker can handle in a given minute second?
For example, can I send 50 ,000 per second? I'll go in reverse order. There is no limit It's it scales really well every durable object creates its own instance For the open beta, it's planned in the next several weeks though.
No promises Infrastructure is hard the reason why so few are added to the closed beta is because the storage team knows which features they need to ship and still need to ship so We don't want to add a bunch of testers and then you guys get blocked on the same things and ask similar questions Like why am I paying a latency penalty for moving my object to this region?
And what's the pricing all that's getting figured out really soon And I'm sure once we have open beta you guys gonna have a much better experience developing anyway The next question is from Rustation again Are there any plans to increase the CPU limit on the bundled plan from 50 milliseconds to say 75 or 100?
The way Unbound is going to be released for pricing.
The plans will be free and bundled still Except for bundled you'll get to choose which of your scripts you want to turn on for unbound So for bundled you will still be under 50 milliseconds as the limit But you can turn on a script to unbound and go beyond 50 milliseconds.
We haven't figured out the upper bound limit yet, but It's gonna be high You The next questions from Celtic, are you working on goalie and support for workers we Asked and we as an I mean Cloudflare we have a lot of go developers working on the runtime and I'm sure this would be a popular request if we plan to support more languages Supporting more languages in general is a long-term goal.
But in the short term, we're trying to help our JavaScript developers first so No module support will be something we're looking at sooner and gonna spend resources on engineering resources on compared to Python go but it's good to hear these requests Matt from CDNJS says any potential down the road to be able to choose which region or even specific pop a scheduled worker runs in Be incredibly useful for monitoring stuff that a lot of folks have built for workers So you can track response times across multiple parts of the world that's a great feature request and It technically could be possible today to run I'm not from the user perspective, but our infrastructure could technically choose a color where you run a cron trigger, but We don't plan to support this At least until we move cron triggers to durable objects, then this will be a lot easier to implement potentially OXBKT asks, will you build durable objects for bandwidth as with workers unbound?
Great question We're still working on finalizing pricing for durable objects and that should be ready for public viewing once Durable objects goes into open beta Kiet asks the question is a local runtime such as being able to run on any machine With a single worker instance on a roadmap at all, or should I stop holding my breath for it?
This would be incredibly useful for a local testing development I currently use a duct tape together fake environment and node as well as for clients I want to run the code on their own hardware due to strict privacy data protection policies Christian actually, would you want to take a crack at this one first?
Yeah for sure It So, yeah, I mean, I think we got a version of this question last month as well.
It's a really common question There's no plans currently on the roadmap for it.
I Can completely understand the you know, like wanting to have that Honestly the way that like the edge works and the way that workers works there's so much stuff that is really Specific to our infra that it would be a really a really huge undertaking that I think we just Like we we haven't prioritized it really we've talked about it many many times.
I know I I can totally understand Wanting it, but it's it's not on the roadmap currently I think that one opportunity that Albert and I could do to alleviate some of that pain will probably be to give to point people to solutions for things like you're Talking about like some sort of environment stubbing and stuff like that, which I know isn't ideal I think that we could probably do a better job of making some of that in the community because I know there are People making that stuff to kind of expose that more and and help people You know when they need a solution like that.
So if anyone has used stuff like that You know, let us know and I think we could definitely prioritize like making that stuff more available whether that's through that Works on workers page that I talked about at the beginning of this stream or You know, maybe I sit down I have a chat with those people and record a video that helps people understand how that works The amount of times I'm gonna say works in this color workers works, you know, that's a lot But yeah, totally understand the question.
Unfortunately, it's it's not on the road map But I think we could we could find a way to help alleviate that pain through some other methods and stuff like that Is there anything you would add there Albert I Think you captured everything the whole story of Wrangler dev being a type of Simulated local development environment is a long-running debate when we were building it we know is a bit weird and we have a simulated local develop development environment and Making you connect with the Internet except instead of trying everything on your local machine so again, like Christian said there are just a lot of dependencies and Into and like unique Characteristics of our network where you probably still would want to see how your script acts with the Internet Like yeah, what kind of page rules, etc?
But yeah, it's like we get that it's not a typical developer tool Yeah, for sure.
That's yeah. I think that's a great addition Okay.
Next question is from Adam a long time friend of the stream Adam Is there any plan to release API token support for pages API?
I can imagine it's the last thing on the list but it would give some space to the community to start building some nice tooling for Work in progress or not quite released native features for the platform Really really great question Generally that kind of stuff is what we're thinking of putting on the roadmap after we get to you know Open beta or after we get to general availability If you have ideas for that kind of stuff, I'm guessing specifically that what you're talking about is is Basically API access to probably like creating deploys or or getting information about them I would guess so.
Let me know in the pages channel if you have something else in mind so Yeah, I would say we're totally open to ideas and all of that kind of stuff, right?
like a lot of that sort of like automation around deploys is the kind of thing that That a lot of other places have and it's definitely something we're already talking about but let us know What kind of things specifically, you know I know our community loves to hack on stuff.
And so if we can help you guys build something awesome I think we that helps us prioritize and I I know like generally and we'll get to this later as well like webhook API Token stuff is something we've talked a lot about it's we understand how important it is for people We want to get to a you know, open beta at least first in general availability and like have the platform you know in a good place for like the kind of green field path before we start unlocking that kind of Power user stuff.
It's definitely on the radar though Okay, next question is from Toin Toin bis, I'm sorry if I said that wrong So another question regarding API tokens, is there plans to support specific worker script or KB namesake namespace?
scoped API tokens It's a great question, so this is actually a kind of a different Kind of API token, I guess right I was thinking well I mean, I guess not a pages API token would be specifically for like all the pages resources.
So this is more for like workers So as people might know like you when you use Wrangler or when you're just building stuff with the workers platform You can generate API tokens Which are like scoped to your account and let you do things like, you know Look at your workers or look at your KB namespaces So yeah, the question is like can we get more specific and do things like hey this API token only works for You know works for this worker script or this KB namespace token.
I Don't know if we've really talked about it I think the API token stuff is there's a separate API team that deals with all of that API token stuff I think it's a really good feature request which we can pass on to the team I think that makes a ton of sense, especially with like bigger teams If you have like a hundred developers working, you probably don't want everyone to be able to delete everything at any point in time So I think that makes a ton of sense Yeah, I'm not I'm not sure though at the moment, but we'll definitely pass that on and see You know if that's something that we can do and if it's something we've talked about really good question Cool the next question is from Murray How does the normal hundred twenty megabyte memory limit per worker play out with durable objects?
For example given each durable object can rehydrate save state on initialization and cache and memory to speed Subsequent requests to all durable object instances within a pop or machine share the same worker execution context How would this scale of lots of durable objects are inactive use?
Is unbound allow for greater than 128 megabyte in memory yeah, the rehydrating of the safe state is manually done and The durable object doesn't share memory with other instances of the durable object.
So there's only one Durable object instance per key.
So you don't need to worry about a durable object impacting others as a scale because they run in their own context I want a real quick Sorry to just context switch, but I saw some questions in the chat about Where the questions are coming from and how to ask those questions.
So in case people are late to the stream I just want to read a reiterate real quick We have a discord server.
It's uh, what is it discord dot GG slash Cloudflare dev? I think is what the invite URL is.
It's also in the description of the video We have a Q&A channel in there where people have been putting Questions since last week or so So you can definitely ask questions there.
And like I said, we probably won't get to Any past the initial set that we pulled before the video because we just have so many But please ask we'll get them answered for you That's where those questions are coming from and if you've been asking questions on the YouTube If you don't mind, I just don't trust YouTube chat to like persist Please come ask in the discord Q&A channel as well So if that if we can ask one thing of you, it would be that so cool Okay, so next question is from Walshy Do we have any more information on serving cached content rather than firing the worker?
This would be great for my CDN which just checks the cache and serves an asset if it exists or else get content and put into cache That we can save some requests on those frequently hit assets So good question.
I Spent some time thinking about this and I know Walshy you're active in the discord So, please let me know if I don't give if I don't understand the question properly.
I'll give my best answer which is that like True so workers are very route based I think as anyone who's like deployed workers knows like a very much centered around the idea of your route.
And so there isn't a So like if you are serving something through the worker That's cached with our CDN as you probably know and I think is based on your question here Like that still counts as a request for your worker.
That's still you know part of your your usage Numbers, so there isn't a way to because we're we would still be running Worker code to check in the cache and stuff like that.
There isn't a way to Skip firing that worker unless you were to basically fall back to your you know traditional like We go make a request to your origin and then we cache it with our CDN So in that case you would just go back to our like sort of traditional CDN tooling that we have So, you know if you did like a custom domain for your worker and your CDN and then you you can basically set up a route inside of your workers dashboard that says It's basically like a no op I guess is what we would call that in like programming terms where we say like don't run a worker on this so you could use that to define like a subset of your like assets that goes and hits the origin and then gets cached by our normal CDN That's my understanding I guess of the question and if I again if I didn't understand that correctly, let me know There isn't to answer the short version After giving you the really long version Good at talking the answer is like Not really Through your worker you your worker is always just gonna it's always gonna fire if it matches a route you're gonna need to like kind of You know opt out of specific routes in order for For it to go to your CDN into your origin.
So hopefully that was the question We can follow up in the discord if I misunderstood it That was a great answer Next questions from Cerulean any plans for worker side websocket support You can return websockets to the client but worker itself cannot connect to websockets Another idea would be to raise request cap of 50 sub requests so that people can do polling for updates Yeah, durable objects will take care of the use case for websockets and The reason why is for durable objects you actually have a persistent If it give a consistent location now to actually terminate the websocket and We'll simply Have durable object like fetch that thing at a websocket and memory again if it fails But yeah When durable objects goes into open beta, hopefully that can help with your websocket use case Yeah, I think the other part of that question may have been like Websockets inside of the worker.
I'm not a websocket expert at all, but I Would probably probably need to hear more about the use case to understand.
I'm not a websocket expert So I actually don't know that much about it Yeah, that's an interesting question Hmm yeah, let us know in the discord.
I'm not sure I'm like qualified to give an answer on that I don't I'm not I haven't done any websocket stuff really so good It's cool that someone seems like you're pushing the boundaries of stuff though, so into it Cool another question from Adam any idea when pages change of source repository will be possible.
I reserved a Pages dot dev domain and can't wait to actually start using it so the question is like he kind of put a repo like an empty one on The one he wanted to kind of like hold or whatever like the something dot pages dot dev by the way Adam I didn't say What your URL was because my answer is going to be you should probably just remove the project and then just try and read it to your real repository So I didn't want it.
I don't want anyone to try and claim it from you So I didn't say what the pages dot dev domain is So I I don't know of any plans we have for this right now of like changing repositories I can tell you that What you would do right now is just like remove it Whatever you have on there right now, and then just read it with the right project name and the right github repository I can let you know I can you know we can look this up and see If that's something we're talking about is like in the roadmap, but I don't think we're talking about right now It seems like a pretty particular I don't want to call it like an edge case, but just like a pretty infrequent thing But yeah, like I said I intentionally didn't say what your pages that dev subdomain is because I think you could probably just go and grab it right now If you've had it and like something goes wrong when you're trying to read it to the right repo I think we could probably help you out and make sure you get the thing that you tried to claim So yeah, so let me know if that doesn't work and we'll definitely help you get all situated there Cool Yoav asks, what's the current status about the reported and known bugs for pages such as proxying offers SSL, R3?
Yeah Christian and I will update the pages docs as Pages is now an open beta with the common list of bugs that we're hearing and we're actively working on for proxying With pages we have to work with another team to get that to work and with access support We also have to work with the access team to get that to work.
So It might be a little longer than we like to get those things running, but we're looking into it Yeah, we should make a page for that for sure now that open beta Did we mention the open beta is now it's like the sixth time I've mentioned it But in case people again didn't see or miss the stream Login now Yes You should be able to go and if you haven't had access to pages up until now after signing up for the beta It's we should now be in an open beta or if you don't see it.
We're like actively Deploying code to make it happen right now So you should be able to go and do that and we're super excited about it But yeah, we should have a page that kind of matches that that's like You know, what are the known issues during our open beta?
I think that's a great idea. So thank you for asking that question Okay, so it looks like we're at time oh We are well that went by really quickly Okay well Then maybe what we'll do is we have just a couple other questions and we'll just fill out the text answers for them and make sure that we get the doc into into our Q&A channel If any other questions came up, I think I mentioned earlier Like if you have questions that you've asked in the YouTube stream, I'll go back and look here in a second But please join the discord discord dot GG slash Cloudflare dev It's in the description of the video as well and ask your questions there in the Q&A channel What else do what do we miss pages we already mentioned works on workers we mentioned Is there anything else?
That's it for now.
Well duties monthly. So yeah, hopefully in April we can talk more open beta stuff.
How is it March already? It's crazy One thing actually one more thing. I'll say That we have so we've had a lot of really cool videos come out about like workers in pages recently Jesse from code stacker who's in the YouTube chat right now had a really awesome video You should go to his YouTube and watch where he deployed He deployed a discord bot with workers There's also Okay, I'm doing a YouTube search.
I just want to see if this is actually out yet. So It's not out quite yet but I'm just gonna I'm gonna go for it YOLO and give you a teaser which is that we Recorded a video with Chris Coyier from CSS tricks talking about pages.
This should be going out either today or tomorrow as well Which we're super excited about where we walk through deploying a pages project.
That's a 11d Code base that he's written.
It's a really fun video. That should be going out too. And then we have some more stuff planned in the future Everything is all YouTube all workers all pages all the time.
It's it's we got a lot stuff planned. So That's my last thing. I'll mention I think and Albert congratulations on 1500 people in the discord, by the way, congrats to us.
Well Hope you guys aren't bored of us yet Hopefully We keep giving you guys stuff to develop on I mean all you guys are amazing asking questions and helping each other and hopefully this discord continues to be a friendly place fun place to for sure Road to 10,000.
Let's go All right, everybody well, thank you so much You should be able to rewatch this YouTube should just put it up on the channel And like I said, we'll get the rest of the questions and make it available in the Q&A Thank you for tuning in and if you watch this after the fact, thanks for for watching and we'll see you in the discord The real privilege of working at Mozilla is that we're a mission-driven organization And what that means is that before we do things we ask what's good for the users as opposed to what's gonna make the most Mozilla's values are similar to Cloudflares.
They care about Enabling the web for everybody in a way that is secure in a way that is private and in a way that is trustworthy We've been collaborating on improving the protocols that help secure connections between browsers and websites Mozilla and Cloudflare collaborated on a wide range of technologies the first place we really collaborated was the new TLS 1.3 protocol and then we followed it up with quick and DNS over HTTPS and most recently the new Firefox private network.
DNS is core to the way that everything on the Internet works It's a very old protocol and it's also in plain text meaning that it's not encrypted And this is something that a lot of people don't realize you can be using SSL and Connecting securely to websites, but your DNS traffic may still be unencrypted When Mozilla was looking for a partner for providing encrypted DNS Cloudflare was a natural fit the idea was that Cloudflare would won the server piece of it and Mozilla would run the client piece of it and the consequence would be that we protect DNS traffic for anybody who used Firefox Cloudflare was a great partner with this because they were really willing early on to implement the protocol Stand up a trusted recursive resolver and Create this experience for users.
They were strong supporters of it One of the great things about working with Cloudflare is their engineers are crazy fast So the time between we decide to do something and we write down the barest protocol sketch and they have it running in their infrastructure Is a matter of days to weeks not a matter of months to years there's a difference between Standing up a service that one person can use or ten people can use and a service that everybody on the Internet can use When we talk about bringing new protocols to the web, we're talking about bringing it not to millions not to tens of millions We're talking about hundreds of millions to billions of people Cloudflare has been an amazing partner in the privacy front They've been willing to be extremely transparent About the data that they are collecting and why they're using it and they've also been willing to throw those logs away Really users are getting two classes of benefits out of our partnership with Cloudflare The first is direct benefits.
That is we're offering services to the user that make them more secure and we're offering them via Cloudflare So that's like an immediate benefit These users are getting the indirect benefit These users are getting is that we're developing the next generation of security and privacy technology and Cloudflare is helping us do it And that will ultimately benefit every user Both Firefox users and every user of the Internet.
We're really excited to work with an organization like Mozilla That is aligned with the users interests and in taking the Internet and moving it in the direction That is more private more secure and is aligned with what we think the Internet should be You Cloudflare gateway protects offices homes and corporate networks from malware and other security threats without sacrificing performance Gateway provides a secure DNS resolver and filtering service that inspects and logs all DNS queries to apply policies that either block or Allow the request this video will show you how to get started with Cloudflare gateway by configuring a location Creating a policy and using that policy to block security threats To get started navigate to the Cloudflare gateway dashboard at dash dot teams dot Cloudflare Calm if you don't have a Cloudflare account You can sign up and the browser will redirect you back to the gateway overview page Now let's configure a location a location is typically a physical location like your home office Store or a data center that you'd like to protect for this demo Let's call our location a us-1 gateway should automatically detect your IP address Which allows gateway to know which requests are coming from your location or network now?
Let's configure the DNS resolvers to take full advantage of Cloudflare gateway You should change your router settings to the gateway IP addresses for this demo I'm only going to use the IP addresses that gateway assigns now Let's configure the DNS resolvers to do this on a Mac go to your laptop's system preferences Click Network then advanced and navigate to the DNS tab You'll see your existing Internet providers DNS server IP address here add in the IP addresses from the gateway dashboard by clicking the plus sign if Your network supports IPv6 make sure to add the IPv6 address here as well click OK then apply Now my laptop is sending all of its DNS queries to gateways DNS resolvers to complete the location setup Navigate back to the Cloudflare gateway dashboard and click complete setup after configuring your first location You'll see the gateway overview page here You can view your locations requests and if they were allowed or blocked After the initial setup the graph may take a few minutes to show data while we're waiting on the data to populate Let's confirm that our location was properly configured It looks like our location is properly configured, but as you can see there's no policy assigned Let's create one Create a policy and apply it to your location to protect your network from Internet security threats like malware and phishing the policy will Control what the user can or cannot access while connected to your location to create a policy click policies Then create a policy for the purposes of this demo.
I'm going to create a policy that blocks malware and social media Let's call this no malware or social media.
We'll assign it to our location by clicking here here You can enable a block page which will show if a user attempts to access a page that's been blocked Let's enable it then click preview to see what a block page would look like Let's disable it for now You can also enable safe search which allows Cloudflare to automatically filter content based on the same Restrictions that large search engines use to protect users from explicit content now Let's identify what security threats we want Cloudflare gateway to protect against Gateway allows you to block all security threats listed here with one click which include a malware Phishing and spam.
Let's just block malware for now then move on to the content categories Gateway allows you to block certain content categories since we want to block social media with this policy click society and lifestyle then social networks If you'd like to allow or block a specific domain you can do that in the allow block tab Let's enter chat google.com to ensure that it's blocked and click add domain Now that the policy has been configured let's click add Policy the policy will propagate throughout the Cloudflare network in a few seconds.
So in the meantime Let's check out the gateway activity log.
The activity log is where you can see all the requests to your configured location you can also see what content categories the requests were associated with this request was associated with content servers and Information technology content categories.
It was an HTTPS request Created from the AUS-1 location and was allowed as it didn't trigger the policy Now let's test our policy to make sure that it works properly Let's test the social media portion of our policy by attempting to navigate to Twitter shortly after hitting enter You'll see an error page indicating that Twitter cannot be reached Cloudflare gateway has successfully intercepted the request and blocked the page accordingly During this Cloudflare gateway walkthrough you saw how to configure a location Create a policy and use that policy to block Internet security threats to learn more about Cloudflare gateway navigate to teams .Cloudflare.com backslash gateway This year I choose to challenge the biases often associated with gaps in employment history for lack of certain formal qualifications when hiring more women in tech Amplifying the voices of women and non-binary people around me Reminding myself and encouraging my peers to Examine our own implicit bias and doing my best to model the culture of empathy that I want to live and work in I choose to challenge by not accepting the status quo Speaking up for myself and for those that cannot speak for themselves.
I will support other women and lift other women up applaud a woman acknowledge her presence Listen to her Consider her ideas as she grows If she is progressing faster, do not question it A man only gains respect when he excels not speculations I choose to challenge by not accepting anything but equal pay and equal treatment in the workforce I choose to challenge social and gender norms by being independent Strong and empowering all women no matter how they identify to be great Hi, we're Cloudflare We're building one of the world's largest global cloud networks to help make the Internet faster more secure and more reliable Meet our customer Falabella They're South America's largest department store chain with over a hundred locations and operations in over six countries Well, I am the development manager of Falabella.com My role is to continuously improve all the technology platforms My name is Karan Tiwari.
I work as a lead architect in Adesai Commons at Falabella Like many other retailers in the industry, Falabella is in the midst of a digital transformation to evolve their business culture to maintain their competitive advantage and to better serve their customers We have a store legacy that we have to adapt to the digital culture A logistical legacy, a legacy of operations, a legacy that works very well, you know?
It hasn't worked very well, but the challenge now is to transform it Cloudflare was an important step towards not only accelerating their website properties but also increasing their organization's operational efficiencies and agility So, the Cloudflare issue, for example, is not just a decision by TI, it was also a business decision The faster we can deliver the data to our customers, the less time and seconds of loading time we can improve our site And that internalizes it as a business metric So that the business really understands that the performance, that is, a second in the loading of a page, is a sale That is, a loss in customer data is a loss of trust So, I think we are looking at better agility, better response time in terms of support, better operational capabilities Earlier, for a cache purge, it used to take around two hours Today, it takes around 20 milliseconds, 30 milliseconds to do a cache purge The homepage loads faster, your first view is much faster It's fast Cloudflare plays an important role in safeguarding customer information and improving the efficiencies of all of their web properties Cloudflare, for me, is a perfect illustration of how we can deliver value to our customers quickly The big challenge that comes is to start building the culture and building the foundations To allow teams, whoever they are, in 5 or 10 years, to do their job With customers like Falabella and over 10 million other domains that trust Cloudflare with their security and performance We're making the Internet fast, secure, and reliable for everyone Cloudflare, helping build a better Internet Cloudflare Cloudflare Cloudflare Cloudflare Cloudflare Cloudflare Cloudflare Cloudflare Cloudflare Cloudflare Non -profits are made for crisis to step in and help in whatever sector you're in And so this is that moment for them to lean into it and provide that relief Did you ever think you'd be doing an interview this way?
No My name is Chris Mexner, and I'm one of the founding members of Raised Donors We work closely with non-profits to give them a flexible yet very simple fundraising platform That way, they have the funding to go out and achieve their mission What types of threats and security risks do your customers face?
These bad actors, these hackers, just purchased 10,000 stolen credit cards Well, they're probably not going to go to a major online retailer and go through a checkout process and input these cards to see if they work They want to find a very low barrier type of a system, i.e.
a donation page, that is intentionally designed to be simple to use And so how do we lessen those attacks?
Because all of those declines also cost the non-profit money Cloudflare has been amazing in helping us identify these threats So as threats are happening in real time, we can then be aware of what country they're originating from, what kind of threat that that is And then share that information with our customers And the beauty in that is it's not taking up bandwidth or resources on our side How does Raised Donors help make things easier for your customers?
Just last week, we had a customer send out a massive newsletter, but they put in the wrong URL So what are they going to do about that?
Well, in that case, we use the Edge Workers so that when the request comes in, we can actually manipulate that URL and have it actually complete as it was intended to They were so thankful that Raised Donors was able to step in and help quickly and easily And we were able to do that all because of Cloudflare, which was phenomenal What advice would you give to all the non -profits that are out there coping and trying to stay afloat right now?
But if it is something you love to do and you're failing, well, you're learning and it's only going to help you even more so Be bold.
Don't be shy. Jump in headfirst and go for it. Zendesk is one of the world's premier customer service companies, providing its software suite to over 125,000 businesses around the globe My name is Jason Smale.
I'm the vice president of engineering at Zendesk My name is Andrei Balkanashvili.
I'm a technical lead in the Foundation Edge team at Zendesk Zendesk is a customer support platform that builds beautifully simple software for companies to have a better relationship with their own customers We have over 125,000 businesses around the world all using Zendesk And then within those businesses, there's hundreds of people whose day job is to sit in front of Zendesk and use Zendesk For Zendesk, security is paramount.
And when it came to safeguarding its network, Zendesk turned to Cloudflare Web security is very important to our business.
Our customers trust us with their information and their customers' information So we need to make sure that their information is safe, secure The initial need for Cloudflare came back a couple of years ago when we suddenly started to see a lot of attacks coming towards us And all of a sudden we'd get thousands of requests, hundreds of thousands, you know, like millions of requests coming at us from all over the place So we needed a way to be able to control what came into our infrastructure And Cloudflare were the only ones that could meet our requirements It's been really impressive to see how Cloudflare's DDoS mitigation continues to evolve and morph And it's definitely the best DDoS mitigation we've ever had I think Cloudflare just gets you that and so much more And you don't have to pick and choose and layer on all these different providers because it's just one And they're great at all of those things.
It's easy. It's a no-brainer By tapping into Cloudflare's unique integrated security protection and performance acceleration Zendesk has been able to leverage Cloudflare's global platform to enhance its experience for all of its customers Cloudflare is providing an incredible service to the world right now because there's no other competitors who are close Cloudflare is our outer edge.
It makes our application faster, more reliable And allows us to respond with confidence to traffic spikes and make our customers happier Zendesk is all about building the best customer experiences and Cloudflare helps us do that With customers like Zendesk and over 10 million other domains that trust Cloudflare with their security and performance We're making the Internet fast, secure and reliable for everyone Cloudflare.
Helping build a better Internet We have seen malicious foreign actors attempt to subvert democracy What we saw was a sophisticated attack on our electoral system The Athenian project is our little contribution as a company to say How can we help ensure that the political process has integrity That people can trust it and that people can rely on it It's like a small family or community here and I think elections around the nation is the same way We're not a big agency.
We don't have thousands of employees. We have tens of employees We have less than a hundred here in North Carolina So what's on my mind when I get up and go to work every morning is what's next?
What did we not think of and what are the bad actors thinking of?
The Athenian project, we use that to protect our voter information center site And allow it to be securely accessed by the citizens of Rhode Island It's extremely important to protect that and to be able to keep it available There are many bad actors out there that are trying to bring that down And others trying to penetrate our perimeter defenses from the Internet To access our voter registration and or tabulation data So it's very important to have an elections website that is safe, secure and foremost accurate The Athenian project for anyone who is trying to run an election anywhere in the United States Is provided by us for free and we think of it as a community service I stay optimistic by reminding myself there's a light at the end of the tunnel It's not a train Having this protection gives us some peace of mind that we know if for some reason We were to come under attack we wouldn't have to scramble or worry about Trying to keep our site up that Cloudflare has our back Microsoft Mechanics www.microsoft.com Microsoft Mechanics Cloudflare Access as part of Cloudflare for Teams Is a Zero Trust access platform that runs on Cloudflare's global network Access evaluates every request to your applications based on a user's identity and context Whether the application is SaaS, cloud or on-premises This video will walk you through how to protect a SaaS application with Cloudflare Access Cloudflare Access allows you to use multiple identity providers to grant users access to the same application This gives you the flexibility to onboard external users without having to add them to your centralized identity provider For this demo, Cloudflare Access and two identity providers, GitHub and Google Workspace, have already been configured To get started, navigate to the Applications tab in the Teams dashboard Click Add an Application There are two options, connecting a self-hosted application or a SaaS application Choosing self-hosted secures internal tools, applications, or other resources such as Jira or iManage Choosing SaaS integrates access into the login flow of applications not hosted by your organization For this demo, we'll choose SaaS Click Select, then choose an application, in this case Slack, from the drop-down menu Next, retrieve the unique identifier and endpoint URL from Slack Copy these fields from Slack and enter them in the application card After choosing and configuring an application, the next step is to select one or more identity providers, or IDPs When users try to log into your application, Cloudflare Access will check their identity against a list of approved users configured at your IDP SaaS applications can be configured with as many IDPs as needed, but we've chosen GitHub and Google Workspace for this demo Click Next to configure an access rule Configuring access rules allows you to enforce user policies for SaaS or internal applications For this demo, we'll create a rule that denies access to Slack for all users attempting to log in from the United States, except for team members To get started, enter a rule name Then, specify a rule action By selecting an action, you define how the rule protects the SaaS application There are four action options, block, allow, bypass, or service auth In this case, we'll select block, which means we are blocking a user or group of users from logging in to Slack The next step is to identify the user or user groups to allow or block from your application There are three types of rule decisions, include, exclude, and require In this case, we want to deny access to Slack for all users attempting to log in from the United States To do this, select country from the drop-down list on the left, and choose United States We want to make sure our team members can still have access to Slack Click Exception, select emails ending in from the drop-down list, and type atmyteam.com This will block all login attempts from the United States, except those coming from users whose email addresses end in atmyteam.com There's no limit to the number of rules you can add to an application To complete the access rule configuration, click Add Application The final step to add Slack to Cloudflare Access requires adding the SSO endpoint, access entity ID or issue, and public key to Slack's configuration We suggest copying the fields from the Cloudflare dashboard, saving them in a secure location, and reconfiguring Slack before clicking Done You can now see, edit, and delete Slack from the applications list In this video, you saw how to connect a SaaS application, Slack, to Cloudflare Access with Okta and Azure AD, and configure an access rule Now you're ready to get started with Cloudflare Access To learn more about how Cloudflare Access can protect your internal and SaaS applications, all without a VPN, visit Cloudflare.com.
Cloudflare Access www.Cloudflare.com www.microsoft .com
