​CloudFlare and Baidu launch China service without HTTPS

Website owners who want their China-based users to have a faster experience can tap CloudFlare’s technology through Chinese search engine, Baidu, so long as encryption isn't required.

CloudFlare announced the new partnership on Monday, which extends its network of 45 points of presence to 62 through an additional 17 data centres across China that are owned and operated by Baidu.

The service is available to Chinese website operators under Baidu’s website accelerator brand Yunjiasu, while CloudFlare customers outside of China will soon have the option to enable its “China network” — delivered from Baidu infrastructure — to serve website visitors inside China.

The partnership extends the reach of CloudFlare’s existing services including a cloud delivered firewall, load balancing, WAN optimisation, DDoS protection, and content distribution network (CDN) and domain name service (DNS) services.

But as CloudFlare highlighted today, there’s one hoop that customers need to jump through before taking up the China service and one missing security feature missing that is available under its services for the rest of the world today.

The hoop comes from the fact that to host or cache content within mainland China, a website operator needs to have been granted an internet content provider (ICP) license number from the Chinese Ministry of Industry and Information Technology (MIIT). As CloudFlare notes in a support document, the number must be displayed on the website and lacking one can mean the government unilaterally decides to shut down the site.

Websites that haven’t been granted a license are still permitted through China’s Great Firewall, they just won’t be able to take advantage of speed improvements, which CloudFlate claims will cut latency by more than 200 milliseconds for China traffic and generally improve availability.

While China’s firewall blocks Google properties like its search page and Android app store, CloudFlare says 99 percent of its customers are available in to China’s 700 million internet users today and they stand to benefit if they have high volume traffic from China.

Besides physical infrastructure, government licensing is where Baidu’s value comes in for CloudFlare customers outside of China thanks to a system that allows the Chinese search firm to automatically submit applications to the government on CloudFlare customers’ behalf.

The missing security feature that may sideline some customers in the short term is support for Secure Sockets Layer (SSL) or HTTPS websites, which encrypt data in transit between the enduser and web server.

“For the moment the China network does not support HTTPS traffic (HTTP only). Support for SSL/TLS will be made available in the coming months,” CloudFlare notes on its China network page.

Presumably this is an issue for Baidu to resolve. CloudFlare doesn’t offer an explanation for why it’s not supporting HTTPS on the China network from the outset. It notes in a support page that sites that require HTTPS should not sign up to the Yanjiasu service.

Many of the top HTTPS domains blocked by China are owned by Google, according to Chinese anti-censorship group Great Fire.

CSO Australia has asked CloudFlare for comment and will update the story if it receives one.

There are nonetheless security benefits to the service, according to CloudFlare, which says the new China region makes it overall better able to stop DDoS attacks emanating from China.

“With a network inside China, CloudFlare is now better able to sinkhole attacks before they leave the country. This means that attack traffic originating inside China is less likely to cause disruptions for customers outside of the region,” CloudFlare said.

There’s also an separation between Baidu and CloudFlare that should benefit the security of both companies’ respective customers.

“No CloudFlare customer traffic will pass through the China network unless a customer explicitly opts-in to the service. A customer’s traffic and log data from outside of China is never sent into China. And, for customers that opt-in to serving content inside China, customer identifiable information such as email addresses, password hashes, and billing information is never stored in the China network or shared with our partner.”

CloudFlare added that customers who adopt the China network don’t need to store their private SSL keys within the China network.

“This allows any customer to receive the benefits of CloudFlare’s full suite of services, even if they elect to have their keys stored outside of China,” the company said.

Blast from the past?

Try our new Space Invaders inspired video game NOW.

What score can you get ?

Join the CSO newsletter!

Error: Please check your email address.

Tags ​CloudFlarebaiduChinese websiteChines NetworkpartnershipHTTPSYunjiasuSSL keysCSO Australia

More about CSOGoogleTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place