Configure identity-based policies in Cloudflare Gateway

Configure identity-based policies in Cloudflare Gateway
Configure identity-based policies in Cloudflare Gateway

During Zero Trust Week in October, we released HTTP filtering in Cloudflare Gateway, which expands protection beyond DNS threats to those at the HTTP layer as well. With this feature, Cloudflare WARP proxies all Internet traffic from an enrolled device to a data center in our network. Once there, Cloudflare Gateway enforces organization-wide rules to prevent data loss and protect team members.

However, rules are not one-size-fits-all. Corporate policies can vary between groups or even single users. For example, we heard from customers who want to stop users from uploading files to cloud storage services except for a specific department that works with partners. Beyond filtering, security teams asked for the ability to audit logs on a user-specific basis. If a user account was compromised, they needed to know what happened during that incident.

We’re excited to announce the ability for administrators to create policies based on a user’s identity and correlate that identity to activity in the Gateway HTTP logs. Your team can reuse the same identity provider integration configured in Cloudflare Access and start building policies tailored to your organization today.

Fine-grained rule enforcement

Until today, organizations could protect their users' Internet-bound traffic by configuring DNS and HTTP Continue reading

How Ansible Configuration Parsing Made Me Pull My Hair Out

Yesterday I wrote a frustrated tweet after wasting an hour trying to figure out why a combination of OSPF and IS-IS routing worked on Cisco IOS but not on Nexus OS. Having to wait for a minute (after Vagrant told me SSH on Nexus 9300v was ready) for NX-OS to “boot” its Ethernet module did’t improve my mood either, and the inconsistencies in NX-OS interface naming (Ethernet1/1 is uppercase while loopback0 and mgmt0 are lowercase) were just the cherry on top of the pile of ****. Anyway, here’s what I wrote:

Can’t tell you how much I hate Ansible’s lame attempts to do idempotent device configuration changes. Wasted an hour trying to figure out what’s wrong with my Nexus OS config… only to find out that “interface X” cannot appear twice in the configuration you want to push.

Not unexpectedly, I got a few (polite and diplomatic) replies from engineers who felt addressed by that tweet, and less enthusiastic response from the product manager (no surprise there), so it’s only fair to document exactly what made me so angry.

Update 2020-12-23: In the meantime, Ganesh Nalawade already implemented a fix that solves my problem. Thanks you, awesome job!

Continue reading

How Ansible Configuration Parsing Made Me Pull My Hair Out

Yesterday I wrote a frustrated tweet after wasting an hour trying to figure out why a combination of OSPF and IS-IS routing worked on Cisco IOS but not on Nexus OS. Having to wait for a minute (after Vagrant told me SSH on Nexus 9300v was ready) for NX-OS to “boot” its Ethernet module did’t improve my mood either, and the inconsistencies in NX-OS interface naming (Ethernet1/1 is uppercase while loopback0 and mgmt0 are lowercase) were just the cherry on top of the pile of ****. Anyway, here’s what I wrote:

Can’t tell you how much I hate Ansible’s lame attempts to do idempotent device configuration changes. Wasted an hour trying to figure out what’s wrong with my Nexus OS config… only to find out that “interface X” cannot appear twice in the configuration you want to push.

Not unexpectedly, I got a few (polite and diplomatic) replies from engineers who felt addressed by that tweet, so it’s only fair to document exactly what made me so angry.

Read more …

Goodbye 2020… and never come back!

As we approach the end of the year, we can finally say goodbye to 2020. Goodbye 2020… and never come back! But, it is also time to look back at 2020 and try to see what the year 2021 promises us. So, in 2020…   COVID-19! The first thing that comes to mind when we talk about this year, and I think this will be the case for a long time, is the COVID-19! Who could have foreseen at the beginning of January that the entire world would be masked…

The post Goodbye 2020… and never come back! appeared first on AboutNetworks.net.

Developing NetBox Plugin – Part 2 – Adding web UI pages

Welcome to part 2 of my tutorial walking you through process of developing NetBox plugin. In part 1 we set up our development environment and built base version of Bgp Peering plugin. Here we will continue work on the plugin by adding UI pages allowing us to list, view and add, Bgp Peering objects.

Developing NetBox Plugin tutorial series

Contents

Disclaimer

Original version of this post contained views that Continue reading

Add Font Awesome 5 to a Rails 6 App

Font Awesome is a collection of great looking icons that we can use to spice up the look of our app. Software The following software versions were used in this post. Rails - 6.0.3.4 Font Awesome (Free) - 5.15.1 Installation Firstly add the fontawesome-free package via yarn. Next,...

Stuff The Internet Says On Scalability For December 19th, 2020

Hey, it's HighScalability time once again!

 

NASA

 

Do you like this sort of Stuff? Without your support on Patreon this Stuff won't happen. 

 

Know someone who could benefit from becoming one with the cloud? I wrote Explain the Cloud Like I'm 10 just for them. On Amazon it has 212 mostly 5 star reviews. Here's a load-balanced and fault-tolerant review:

Number Stuff:

Don't miss all that the Internet has to say on Scalability, click below and become eventually consistent with all scalability knowledge (which means this post has many more items to read so please keep on reading)...

Add Bootstrap 5 to a Rails 6 App

In this post I will show you how to add the Bootstrap CSS framework to your Rails 6 application. Bootstrap is a solid CSS framework that allows us to make our app look really nice and work across a multitude of device types and browsers without having to get bogged down in the...

Declare Your Application State with Tanzu Service Mesh

YES! You can declare your application resiliency state and keep it like that with a combination of Kubernetes and the new application resiliency capabilities in Tanzu Service Mesh.

First things first: what is Tanzu Service Mesh?

Tanzu Service Mesh allows you to create and isolate a logical structure in a Kubernetes cluster, or across different clusters, to achieve an application layer 7 networking and security fabric that you can add values on top of. Just by connecting the dots, we get service discovery, observability, security, and encrypted connectivity for all objects in that global namespace structure. More about TSM global namespaces in excellent blogs here and here.

In this blog, I focus on a new feature that (in my opinion) is a real game-changer for the way we operate and manage application resiliency. As background, I used to work on the customer side for most of my technical career, in operations and infrastructure roles, and the thing I was mostly concerned with was the application and user experience. We had multiple application monitoring solutions that continuously tested user experience via methods such as synthetic transactions (not real user ones) or tap the transaction to get the live experience. Once we Continue reading

An Introduction to WebSockets with Ballerina

Ballerina language to demonstrate how you can effectively use WebSocket features. The Dynamic Web: Looking Back Anjana Fernando Anjana is Director of Developer Relations at WSO2. His latest venture is his role in the Ballerina project, where he has been involved extensively in the design and implementation of the language and its runtime, and now primarily works on its ecosystem engineering and evangelism activities. HTTP is commonly used for a typical request/response scenario. Using JavaScript, the Fetch API help send requests from the client to servers in the background. This allows us to execute data operations without refreshing or loading another web page. However, this doesn’t support the need for server push scenarios, where requests are initiated from the server and sent to the client. So people came up with workarounds to make Continue reading

Don’t Institutionalize the Internet

This opinion piece was originally published by the International Institute for Sustainable Development.

As the United Nations turned 75, UN Secretary-General Antonio Guterres opened the General Assembly by calling for a New Global Deal to ensure that political and economic systems deliver on critical global public goods. “Today, that is simply not happening,” he said. “We have huge gaps in governance structures and ethical frameworks. To close these gaps, we need to ensure that power, wealth and opportunities are broadly and fairly shared.” 

At the Internet Society, we couldn’t agree more. But just what will this ‘New Global Deal’ and its governance structures look like with regards to digital cooperation? Let’s make sure that traditional, top-down governance of the Internet is not the answer.

The COVID-19 pandemic has underscored just how much we depend on the Internet and its distributed governance model. Because the Internet is a network of networks, its resilience is largely due to the planning, swift action, and cooperation of its interconnected participants.

And we are just at the beginning of the journey, with only 51% of the world’s population currently able to access the Internet. To get the remaining, unconnected half online, we need collaborative bottom-up Continue reading

? Docker Hub Experimental CLI tool

We are excited to let you know that we have released a new experimental tool. We would love to get your feedback on it. Today we have released an experimental Docker Hub CLI tool, the hub-tool. The new Hub CLI tool lets you explore, inspect and manage your content on Docker Hub as well as work with your teams and manage your account. 

The new tool is available as of today for Docker Desktop for Mac and Windows users and we will be releasing this for Linux in early 2021.

The hub-tool is designed to map as closely to the top level features we know people are using in Docker Hub and provide a new way for people to start interacting with and managing their content. Let’s start by taking a look at the top level options we have. 

What you can do

We can see that we have the ability to jump into your account, your content, your orgs and your personal access tokens.

From here I can dive into one of my repos

And from here I can then decide to list the tags in one of those repos. This also now lets me see when Continue reading

Trying out Istio’s DNS Proxy

Tetrate sponsored this post. Nick Nellis Nick is a software engineer at Tetrate, the enterprise service mesh company. He is a DevOps expert on Istio, public cloud architecture, and infrastructure automation. You may have heard that DNS functionality was added in Istio 1.8, but you might not have thought about the impact it has. It solves some key issues that exist within Istio and allows you to expand your mesh architecture to include multiple clusters and virtual machines. An excellent explanation of the features can be found on the What’s new in Istio 1.8 (DNS Proxy). Enabling Istio’s DNS Proxy This feature is currently in Alpha but can be enabled in the IstioOperator config. View the code on

Weekend Reads 121820

This is a rather oversized edition of the weekend reads… because I seem to have saved up a lot more links than usual.

There comes a time in every developer’s life (or daily routine, we’re not here to judge) where they have to go and fix a bug. Back in the days when I used to be a developer, I distinctly remember how each time I would go face to face with a bug, my favorite method to fix it was to add log lines. I mean, why not, right?

Cybersecurity researchers on Thursday disclosed details of a previously undiscovered in-memory Windows backdoor developed by a hacker-for-hire operation that can execute remotely malicious code and steal sensitive information from its targets in Asia, Europe, and the US.

The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn’t look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad Continue reading

Setting Boundaries Before You’re Swamped

We’re at the tail end of 2020 and things are hopeful for 2021. People are looking at the way IT has pulled together to enable working from anywhere and moving resources to the cloud and enabling users to get their jobs done. It’s a testament to the resilience of a group of sanitation workers behind the scenes whose job it is to clean up after management and sales and do the jobs no one else wants to do.

The cynic in me is worried about what the future is going to hold now that we’ve managed to transform the way we work. I couldn’t quite put my finger on it until I was checking out this Reddit thread from last week. The top rant had an interesting perspective on the way that 2021 is going to go for workers and I couldn’t agree more. My dread has a name, and it’s Overwork.

Harder, Not Smarter

If anything, 2020 proved that we can do amazing things with the right motivation. The superhero mentality of IT paid off handsomely as we stood up remote access servers and found ways to get access to resources for people that couldn’t come into the office Continue reading

1 831 832 833 834 835 3,849