Cloudflare has developed a new NGINX module called ROFL (Response Overseer for FL) as a replacement for cf-html, one of the oldest and least-known components of the company.
ROFL is written in Rust and incorporates a more efficient response body parsing and rewriting framework called lol-html. The old NGINX module was written in C, making it susceptible to memory corruption issues, leading to a security breach in 2017 called Cloudbleed.
The new module is faster, more efficient, and safer, allowing teams at Cloudflare to write features that need to parse and rewrite response body data without the threat of causing massive security issues.
The NGINX module was written in Rust, using Bindgen to build the FFI bindings, and weaved in with NGINX using dynamic modules. The order of modules is critical and must be set correctly to ensure proper operation. The new Rust library, ROFL, is now running in production on millions of responses per second and it seems to provide robust functionality.
Give a Pawfive to this post!
Share with your friends and followers
Start writing about what excites you in tech — connect with developers, grow your voice, and get rewarded.
Join other developers and claim your FAUN.dev() account now!
