

Cloudflare(Cloudflare, Inc.)是一家總部位於三藩市美國跨國科技企業,以向客戶提供基於反向代理內容傳遞網路Content Delivery Network, CDN)及分佈式域名解析服務Distributed Domain Name Server)為主要業務。




Cloudflare由三個曾為Project Honey Pot英語Project Honey Pot工作的工程師Matthew Prince、Lee Holloway和Michelle Zatlyn於2009年創立,最終在[2][3]2010年9月舉行的TechCrunch Disrupt大賽上首度公開出現。


2011年7月,Cloudflare宣佈來自恩頤投資文洛克創投英語Venrock珀利翁風投夥伴英語Pelion Venture Partners的新一輪風險融資已經完成,金額為2000萬美元[6][7]

2012年6月,Cloudflare與數家虛擬主機提供者(包括 HostPapa)建立合作夥伴關係,以實作其Railgun技術。

2012 年 6 月,黑客組織UGNazi英語UGNazi 利用Google帳號驗證程式的缺陷入侵Cloudflare CEO Matthew Prince的企業信箱,以此篡改著名社區網站4chan的Cloudflare帳號密碼並將它的DNS指向該組織的Twitter主頁。[8][9]

2012年12月,Cloudflare得到來自合廣投資英語Union Square Ventures及其他現有投資方的C輪融資,其金額為5000萬美元[10]

2014年2月,Cloudflare減緩了當時有記錄以來規模最大的DDoS攻擊,針對未揭露之客戶的攻擊流量最高達每秒400 Gbit。在2014年11月,Cloudflare報告了另一個大規模DDoS攻擊,該次攻擊對獨立媒體網站的流量為每秒500Gbit[11]



2014年6月下旬,佔領中環投票網站popvote.hk於2014年6月14日遭受DDoS攻擊,攻擊流量峰值達到300 Gbit/s,Cloudflare作為其內容傳遞網路服務的提供者,使用DNS沉洞緩解了此攻擊[14]

2019年9月6日,維基百科受到DDoS攻擊。歐洲用戶有幾個小時無法訪問維基百科[15]。在維基媒體網絡工程師使用Cloudflare的網絡和 DDoS 保護服務重新路由和過濾互聯網流量後,攻擊得到緩解[16]。使用的特定 Cloudflare 產品是 Magic Transit[17]



在2014年6月,Cloudflare併購了由Ryan Lackey所創立的CryptoSeal,意欲藉此交易延伸其Web用戶安全性服務。在2014年2月,它併購了StopTheHacker,這家公司提供惡意程式碼偵測、自動惡意程式碼移除,以及信譽與黑名單監視服務。在2016年12月,Cloudflare併購了Eager,並透過此次併購升級了Cloudflare的應用程式平台,以支援使用拖放方式將第三方應用程式安裝到使用Cloudflare服務的網站[18]。在2017年底,Cloudflare收購了Neumob,一間手機VPN初創企業。[19]在2022年2月,Cloudflare收購了Area 1 Security,並透過其技術保護企業免受基於電子郵件的安全威脅。[20]





Cloudflare為所有客戶提供「我正遭受攻擊模式(I'm Under Attack)」設置。Cloudflare宣稱這樣可要求用戶必須先通過JavaScript計算式查問的驗證才能存取網站,進而減輕進階第7層攻擊的影響。Cloudflare所提供的保護使得Spamhaus免於流量超過每秒300 Gbit的DDoS攻擊。Akamai的首席結構設計師將它稱為「有史以來互聯網上規模最大的公開DDoS攻擊」。據說Cloudflare當時吸收了峰值超過每秒400 Gbit的NTP校時服務放大攻擊(NTP Reflection Attack) [21]



Cloudflare預設可讓付費方案客戶使用Web應用程式防火牆;此防火牆具有OWASP ModSecurity核心規則集與Cloudflare自有規則集,以及常見Web應用程式規則集。[22]



Cloudflare為所有客戶提供具有任一傳播網絡的免費網域名稱伺服器(DNS)。根據W3Cook,Cloudflare的DNS服務目前所服務的對象超過受管理DNS網域的35%。SolveDNS發現Cloudflare能持續提供全球數一數二的 DNS 查閱速度,在2016年4月回報的查閱速度為8.66毫秒。[23]







Cloudflare的其中一個主要功能是他們扮演網頁流量的反向代理角色。Cloudflare支援新的網頁通訊協定,包括HTTP/2[25]HTTP/3[26]。此外,Cloudflare還提供針對HTTP/2 Server Push的支援。Cloudflare也支援Websocket的代理處理。[27]







Project Galileo


爲回應對藝術組織、人道救援機構和反政府組織等目標的攻擊,在2014年,Cloudflare推出了Project Galileo,希望可以透過其服務爲這些組織的網站提供網絡攻擊保護和效能提升,確保網站長期在線。




Cloudflare Access


2018年,Cloudflare宣佈提供Cloudflare Access服務,讓員工無需使用虛擬私人網絡(VPN)就能透過一次性密碼GitHubAzure Active DirectoryG SuiteSAML等登入,安全存取公司內部網絡。





Cloudflare因其為恐怖主義、網絡犯罪和仇恨言論提供遮蔽而面臨爭議,其中包括伊斯蘭國塔利班緬甸軍政府新納粹等極端組織,也包括群體槍擊案罪犯[34][35][36][37][38][39],它參照言論自由為自己辯護。[40][41] 許多有爭議的網站使用Cloudflare,包括The Daily Stormer8chan[42],Cloudflare因為其堅持網絡中立性的政策受到批評[43]



赫芬頓郵報記錄了Cloudflare為美國國務院指定[36][38]的 「至少7個恐怖組織」提供服務,包括塔利班索馬里青年黨阿克薩烈士旅哈馬斯巴勒斯坦聖城旅。Cloudflare至少從2012年起就知道了,但沒有採取任何行動。然而,據Cloudflare的行政總裁稱,沒有任何執法機構要求該公司停止這些服務[44]伊斯蘭國的兩個線上討論區以及近四十個網站都由Cloudflare遮蔽[44]



2019年,Cloudflare因向貼圖討論版8chan提供服務而受到批評,該板塊允許用戶發佈和討論任何內容,網站管理員幾乎不做干預。該留言板與美國的大規模槍擊事件和新西蘭基督城清真寺槍擊案有關[45][46][47][48]。此外,包括《華盛頓郵報》和《The Daily Dot》在內的一些新聞機構報道了兒童色情兒童性虐待討論板的存在[48][49][50]。 BBC援引Cloudflare代表的話稱,該平台「不託管所提及的網站,不能封鎖網站,也不從事隱藏寄存非法內容的公司的業務」。[51] 2019年埃爾帕索槍擊案發生後接受《衛報》採訪時,行政總裁Matthew Prince為Cloudflare對8chan的支援辯護,稱他有「道德義務」讓該網站保持線上。[52]之後迫於公眾和法律壓力,Cloudflare才終止了對8chan的服務。[52]





  • 在2015年2月的8th Annual Crunchies Awards(第8屆年度Crunchies獎)獲得TechCrunch的Best Enterprise Startup(最佳新創企業)獎。
  • 有兩年被《華爾街日報》譽為Most Innovative Network & Internet Technology Company(最佳創新網絡與互聯網技術公司)。
  • 在2012年,Cloudflare被World Economic Forum(世界經濟討論區)譽為Technology Pioneer(技術先鋒)。
  • 獲《Fast Company》選為全球十大創新公司。
  • 2016和2017年,Cloudflare名列Forbes Cloud 100(福布斯雲端 100)清單第11名。[56]


  1. ^ Traffic, Demographics and Competitors. Alexa Internet. [2021-08-09]. (原始內容存檔於2019-02-26) (美國英語). 
  2. ^ Our story. Cloudflare. [2011-08-15]. (原始內容存檔於2015-01-05) (美國英語). 
  3. ^ CloudFlare Beta. Project Honey Pot. [2011-08-15]. (原始內容存檔於2017-12-04) (美國英語). 
  4. ^ Henderson, Nicole. CloudFlare Gets an Unusual Endorsement from Hacker Group LulzSec. Webhost Industry Review. 2011-06-17 [2014-05-09]. (原始內容存檔於2017-09-09) (美國英語). 
  5. ^ Hesseldahl, Arik. Web Security Start-Up CloudFlare Gets Buzz, Courtesy of LulzSec Hackers. All Things Digital. 2011-06-10 [2011-08-15]. (原始內容存檔於2011-08-30) (美國英語). 
  6. ^ Hesseldahl, Arik. Web Security Start-Up CloudFlare Lands $20 Million Funding Round. AllThingsD. 2011-07-12 [2012-07-12]. (原始內容存檔於2012-06-23) (美國英語). 
  7. ^ Milian, Mark. Why a Fast-Growing Startup Tries to Keep Its Venture Funding Secret. Tech Deals. 彭博新聞社. 2012-12-18 [2013-01-01]. (原始內容存檔於2015-05-06) (美國英語). 
  8. ^ Simcoe, Luke. The 4chan breach: How hackers got a password through voicemail. Maclean's. 2012-06-14 [2012-07-12]. (原始內容存檔於2013-01-29) (美國英語). 
  9. ^ Ms. Smith. Hacktivists UGNazi attack 4chan, CloudFlare and Wounded Warrior Project. Privacy and Security Fanatic. NetworkWorld. 2012-06-03 [2012-07-12]. (原始內容存檔於2013-11-12) (美國英語). 
  10. ^ CloudFlare Reveals $50M Round From Union Square Ventures. TechCrunch. AOL. [2015-01-05]. (原始內容存檔於2015-01-03) (美國英語). 
  11. ^ The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites. 福布斯. [2017-08-21]. (原始內容存檔於2019-04-03) (美國英語). 
  12. ^ CloudFlare Acquires Anti-Malware Firm StopTheHacker. TechCrunch. AOL. [2015-01-05]. (原始內容存檔於2015-02-13) (美國英語). 
  13. ^ CloudFlare Acquires CryptoSeal. CloudFlare. [2014-06-18]. (原始內容存檔於2014-06-19) (美國英語). 
  14. ^ Most sophisticated DDoS' ever strikes Hong Kong democracy poll. The Register. 2014-06-20 [2016-06-25]. (原始內容存檔於2016-09-12) (英國英語). 
  15. ^ Rahim, Zamira. 'Malicious attack' on Wikipedia causes outage in several countries. 獨立報 (London). 2019-09-07 [2020-09-26]. (原始內容存檔於2021-10-10) (英國英語). 
  16. ^ Analyzing the Wikipedia DDoS Attack. Internet and Cloud Intelligence Blog. ThousandEyes. [2020-09-26]. (原始內容存檔於2021-04-14) (美國英語). 
  17. ^ Wikimedia Foundation. Cloudflare. [2020-09-26]. (原始內容存檔於2022-05-07). 
  18. ^ Cloudflare acquires app platform Eager, will sunset service in Q1 2017. VentureBeat. 2016-12-13 [2021-08-08]. (原始內容存檔於2017-08-21) (美國英語). 
  19. ^ Neumob acquisition gives Cloudflare missing mobile component. TechCrunch. [2019-05-06]. (原始內容存檔於2018-12-03) (美國英語). 
  20. ^ Graham-Cumming, John. Why we are acquiring Area 1. 24 February 2022 [24 February 2022]. (原始內容存檔於24 February 2022). 
  21. ^ Biggest DDoS ever aimed at Cloudflare’s content delivery network. Ars Technica. [2017-08-21]. (原始內容存檔於2014-03-07) (美國英語). 
  22. ^ Cloudflare Web Application Firewall Review. Fanatic Entrepreneur. [2017-08-21]. (原始內容存檔於2017-04-08) (美國英語). 
  23. ^ April 2016 DNS Speed Comparison Report. [2017-08-21]. (原始內容存檔於2017-08-21) (美國英語). 
  24. ^ 5 reasons Cloudflare's roll-out of has been a disaster. SQL Server with Mr. Denny. [2019-05-06]. (原始內容存檔於2018-04-26) (美國英語). 
  25. ^ HTTP/2 is here! Goodbye SPDY? Not quite yet. The Cloudflare Blog. 2015-12-03 [2022-02-08]. (原始內容存檔於2022-05-06) (英語). 
  26. ^ HTTP/3: the past, the present, and the future. The Cloudflare Blog. 2019-09-26 [2022-02-08]. (原始內容存檔於2022-05-01) (英語). 
  27. ^ CloudFlare figured out how to make the Web one second faster. ZDNet. 2016-04-28 [2021-08-08]. (原始內容存檔於2017-11-07) (美國英語). 
  28. ^ Internet Exchange Report. Hurricane Electric. [2017-08-21]. (原始內容存檔於2016-06-04) (美國英語). 
  29. ^ Cloudflare 中国网络. [2018-02-23]. (原始內容存檔於2018-02-23) (中文(中國大陸)). 
  30. ^ Gallagher, Sean. Cloudflare gets into registrar business with wholesale domains and free privacy. Ars Technica. 2018-09-28 [2019-05-06]. (原始內容存檔於2019-04-04) (美國英語). 
  31. ^ Cloudflare Access aims to replace corporate VPNs. TechCrunch. [2019-12-07] (美國英語). [失效連結]
  32. ^ Log every request to corporate apps, no code changes required. The Cloudflare Blog. 2019-11-17 [2019-12-07]. (原始內容存檔於2019-12-08) (英語). 
  33. ^ Cloudflare WARP 免費 VPN 全面開放,整合 DNS 推薦好友獲取流量. 免費資源網絡社群. 2019-09-27 [2020-06-22]. (原始內容存檔於2020-06-25) (中文(臺灣)). 
  34. ^ Controversial US infosec firm Cloudflare is providing potentially sanctions-busting services to Myanmar’s military junta. Bofa on Insecurity. [2021-06-06]. (原始內容存檔於2022-03-29) (美國英語). In what is a likely violation of current US Treasury sanctions, the Junta also appears to be using the services of controversial US security company Cloudflare to protect themselves from more leaks, with at least five government websites geo-blocked to make them inaccessible outside Myanmar. 
  35. ^ Wong, Julia Carrie. The far right is losing its ability to speak freely online. Should the left defend it?. 衛報 (London). 2017-08-28 [2019-08-22]. (原始內容存檔於2022-02-24) (美國英語). Matthew Prince had the power to kill the white supremacist hate site the Daily Stormer for years, but he didn’t choose to. 
  36. ^ 36.0 36.1 Jones, Rhett. Cloudflare Under Fire for Allegedly Providing DDoS Protection for Terrorist Websites. Gizmodo. 2018-12-14 [2019-08-05]. (原始內容存檔於2021-08-08) (美國英語). Cloudflare is facing accusations that it’s providing cybersecurity protection for at least seven terrorist organizations—a situation that some legal experts say could put it in legal jeopardy. 
  37. ^ Sankin, Aaron. The Dirty Business of Hosting Hate Online. Gizmodo. 2019-07-11 [2019-08-05]. (原始內容存檔於2022-01-07) (美國英語). The organizations we looked at run the gamut from white supremacists, neo-Nazis, and chapters of the Ku Klux Klan to groups dedicated to stripping the rights of immigrants and LGBT people. We found 151 tech companies currently offering services to the websites on this list. While the overwhelming majority of companies only worked with one or two sites, some names came up again and again. Cloudflare, which provides protection against distributed denial-of-service attacks, works with the second largest number of sites, 56. 
  38. ^ 38.0 38.1 Cook, Jesselyn. U.S. Tech Giant Cloudflare Provides Cybersecurity For At Least 7 Terror Groups: Among its customers are the Taliban, al-Shabab and Hamas.. 赫芬頓郵報. 2018-11-14 [2019-08-05]. (原始內容存檔於2021-12-06) (美國英語). Among Cloudflare’s customers are groups that are on the State Department’s list of foreign terrorist organizations, including al-Shabab, the Popular Front for the Liberation of Palestine, al-Quds Brigades, the Kurdistan Workers』 Party (PKK), al-Aqsa Martyrs Brigade and Hamas — as well as the Taliban, which, like the other groups, is sanctioned by the Treasury Department’s Office of Foreign Assets Control (OFAC). These organizations own and operate active websites that are protected by Cloudflare, according to four national security and counterextremism experts. In the United States, it’s a crime to knowingly provide tangible or intangible "material support" to a designated foreign terrorist organization or to provide service to an OFAC-sanctioned entity without special permission. Cloudflare, which is not authorized by the OFAC to do business with such organizations, has been informed on multiple occasions, dating back to at least 2012, that it is shielding terrorist groups behind its network, and it continues to do so. 
  39. ^ Schwencke, Ken. How One Major Internet Company Helps Serve Up Hate on the Web. ProPublica. 2017-05-07 [2021-06-06]. (原始內容存檔於2018-04-08) (美國英語). Cloudflare provides services to neo-Nazi sites like The Daily Stormer, including giving them personal information on people who complain about their content. The widespread use of Cloudflare’s services by racist groups is not an accident. Cloudflare has said it will not deny its services to even the most offensive purveyors of hate. "A website is speech. It is not a bomb," Cloudflare’s CEO Matthew Prince wrote. "There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain." Cloudflare also has an added appeal to sites such as The Daily Stormer. It turns over to the hate sites the personal information of people who criticize their content. 
  40. ^ Captain, Sean. Is Cloudflare a privacy champion or hate speech enabler? Depends who you ask. Fast Company. 2019-02-27 [2019-08-05]. (原始內容存檔於2021-08-08) (美國英語). Cloudflare is regularly shamed for enabling repulsive groups by helping them provide a better internet experience to their followers. In October 2018, Cloudflare stood out by continuing to support the chat platform Gab–infamous for racist chatter, including a post by Robert Bowers, who was charged with murdering 11 people in a Pittsburgh synagogue on October 27. Infrastructure companies like Joyent and GoDaddy dropped the site. But Cloudflare held on and continues to support Gab. 
  41. ^ Lee, Timothy B. Tech companies declare war on hate speech—and conservatives are worried. Ars Technica. 2017-08-31 [2019-08-06]. (原始內容存檔於2022-04-08) (美國英語). 
  42. ^ Kelly, Makena. Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks. The Verge. 2019-08-04 [2019-08-05]. (原始內容存檔於2019-08-05) (美國英語). Saturday’s shooting in El Paso, where at least 20 people were killed and two dozen injured, is the third mass shooting linked to both 8chan and white nationalist ideology this year. The first, in Christchurch, New Zealand, brought the fringe website into the mainstream discussion back in April, but Cloudflare declined to revoke its service. 
  43. ^ Peterson, Becky. Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet'. Business Insider. 2017-08-17 [2017-08-17]. (原始內容存檔於2018-03-30) (美國英語). While Cloudflare may have been The Daily Stormer's last line of defense, Prince's decision didn't actually take the company's site offline by itself. Earlier in the week, both GoDaddy and Google publicly announced they had dropped The Daily Stormer as a customer of their domain-hosting services. 
  44. ^ 44.0 44.1 Kohlmann, Evan F. Charlie Hebdo and the Jihadi Online Network: Assessing the Role of American Commercial Social Media Platforms (PDF). United States House of Representatives. 2015-10-27 [2019-08-22]. (原始內容 (PDF)存檔於2018-04-03) (美國英語). Prince continues to insist, 「We have never received a request to terminate the site in question from any law enforcement authority, let alone a valid order from a court.」 
  45. ^ Wong, Julia Carrie. 8chan: the far-right website linked to the rise in hate crimes. 衛報. 2019-08-04 [2019-08-05]. (原始內容存檔於2019-08-21) (英國英語). Protection from Cloudflare: 8chan would have difficultly operating if it didn’t receive protection from Cloudflare, a US-based company that provides internet infrastructure services to websites. Cloudflare faced renewed public pressure over its protection of 8chan in the wake of the Christchurch massacre. And in a phone interview with the Guardian on Saturday night, Prince reiterated his belief that Cloudflare should not cease to provide services to sites such as 8chan based on their content. 
  46. ^ Mezzofiore, Gianluca; O'Sullivan, Donie. El Paso shooting is at least the third atrocity linked to 8chan this year. 有線電視新聞網. 2019-08-05 [2019-08-05]. (原始內容存檔於2019-08-20) (美國英語). 
  47. ^ Roose, Kevin. 8chan Is a Megaphone for Gunmen. 'Shut the Site Down,' Says Its Creator.. The New York Times. 2019-08-04 [2019-08-05]. (原始內容存檔於2019-08-05). 
  48. ^ 48.0 48.1 O'Neill, Patrick Howell. 8chan, the central hive of Gamergate, is also an active pedophile network. The Daily Dot. 2014-11-07 [2019-08-05]. (原始內容存檔於2018-05-26) (英語). On numerous public forums, 8chan users share graphic images of children, plus links to hardcore child pornography. 
  49. ^ Machkovech, Sam. 8chan-hosted content disappears from Google searches: Domain-specific searches contain warning about "suspected child abuse content.". Ars Technica. 2015-08-17 [2019-08-05]. (原始內容存檔於2018-06-07) (美國英語). 
  50. ^ Dewey, Caitlin. This is what happens when you create an online community without any rules. 華盛頓郵報. 2015-01-13 [2019-08-22]. (原始內容存檔於2015-01-13) (美國英語). When a number of people reported 8chan’s active pedophilia boards to Cloudflare, the company that protects the site from malicious traffic, Brennan took screenshots of their names and e-mail addresses and tweeted them publicly. 
  51. ^ Cloudflare embroiled in child abuse row. 英國廣播公司. 2019-10-22 [2019-11-15]. (原始內容存檔於2021-10-10) (英國英語). Cloudflare helps websites host illegal content. The company insists it is powerless because it does not actually host the offending sites. Campaigners say Cloudflare's services make it easier for clients to avoid detection by "hiding" their locations. 
  52. ^ 52.0 52.1 Wong, Julia Carrie. 8chan: the far-right website linked to the rise in hate crimes. 衛報 (London). 2019-08-03 [2019-08-03]. (原始內容存檔於2019-08-21) (英國英語). Three attackers in six months allegedly posted their plans on the site in advance. 8chan would have difficultly operating if it didn’t receive protection from a company called Cloudflare. Cloudflare faced renewed public pressure over its protection of 8chan in the wake of the Christchurch massacre. CEO Matthew Prince explains his "moral obligation" to keep 8chan online and reiterated his belief that Cloudflare should not cease to provide services to sites such as 8chan based on their content. 
  53. ^ How we made our DNS stack 3x faster. The Cloudflare Blog. 2017-04-11 [2019-05-06]. (原始內容存檔於2019-04-02) (英語). 
  54. ^ Cloudflare – Making Your Website Fast, Safe, and Accessible Everywhere in the World. HostAdvice. 2016-12-22 [2019-05-06]. (原始內容存檔於2019-05-06) (美國英語). 
  55. ^ Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug. The Register. 2017-02-24 [2017-08-21]. (原始內容存檔於2017-02-24) (英國英語). 
  56. ^ Forbes Cloud 100. 福布斯. [2017-08-21]. (原始內容存檔於2017-08-23) (美國英語). 

