commentBlock = $("#comment_post_32868").find('.comment-blocks'); commentBlock.find('.loading').hide(); commentBlock.find('.see-all-comments').hide(); commentBlock.html("
<\/a>
\"it_user350283<\/a>
it_user350283<\/a>Regional Account Manager - Technology Evangelist at a tech vendor with 51-200 employees<\/span><\/div>
<\/span>Vendor<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Devon, thank you for the great insight and facts.<\/p>\n\n

-MG<\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user69348<\/a>
it_user69348<\/a>Partner at a tech services company with 51-200 employees<\/span><\/div>
<\/span>Consultant<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

1) Yes, the domain name for your website will resolve to a CloudFlare IP, just like any other CDN. This is not the same as changing the IP of your server. Two very different things.<\/p>\n\n

2) I trust CloudFlare because I\'ve met with, and had in depth technical discussions with their founders and many of their senior technical staff. I\'ve also used them successfully to protect and speed up websites that run billions of dollars of eCommerce per year. Similar to how people trust Akamai, Apple, or anyone else. You can get some more info (admittedly high level, they aren\'t giving away their secrets publicly...) here - https://www.cloudflare.com/ddos<\/p>\n\n

I doesn\'t matter how great a firewall you have, Cisco, F5, etc... or how amazing your firewall rules and IDS/IPS tools are, if your upstream internet connection is saturated by the attacking traffic. CloudFlare\'s ability to mitigate large scale DDOS attacks cannot be matched by iptables or Cisco firewalls unless you\'re attached to multiple 10 GB dedicated providers... <\/p>\n\n

3) Correct. This is also true of every CDN. This isn\'t nefarious, this is how CDNs work. Also by protecting the origin IP, that prevents people from trying to attack your Origin, going around the CDN. <\/p>\n\n

4) Can you provide details or a source for this? Did your friend engage CloudFlare and get assistance or an explanation? Right now this is just an unverifiable anecdote. Whereas CloudFlare successfully mitigating the worlds largest DDOS is verifiable and written about many places, including here - https://support.cloudflare.com/hc/en-us/articles/200170216-How-large-of-a-DDoS-attack-can-CloudFlare-handle-<\/p>\n\n

What website do you run without a CDN, solely protected by iptables, with no CDN performance gains? <\/p><\/div>

<\/i>Like<\/span>(1<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user239358<\/a>
it_user239358<\/a>Business process Advisor for RTP at a energy/utilities company with 10,001+ employees<\/span><\/div>
<\/span>Real User<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

1. New IP for your server:\n
if someone or somethings pings any of your domain name that uses cloudflare, he will get an IP from cloudflare not the IP of your server. <\/p>\n\n

2. this part of your sentence is just an assumption: \"they provide all the performance and security features\". They don\'t describe their techniques to protect websites. On the other hand, with Firewall, it is always possible to explain how you protect the server, For instance, if we get 500 pings in less than 1 minute we then discard the packet from this particular IP for 30 minutes. It is the kind of lines that we can code in any linux based servers easily. \n
\n
I am surprised that people trust cloudflare from their marketing communications only. Would you trust me if i tell you that i protect your house without telling you how i am going to protect your house? <\/p>\n\n

3. Hiding behind cloudflare:\n
Since cloudflare is also a DNS service, we only see the DNS records provided by cloudflare. They all point to an IP from Cloudflare. Cloudflare acts as an umbrella. The real IP server is never displayed. <\/p>\n\n

4 and most important. \n
I know the case of a website that have been taken down as i said. I guess the webmaster thought his website was well protected by behind cloudflare. Unfortunately for him, the Ddos was so fierce that the web hosting company asked him to move his website out of the web server. Using cloudflare gives a false sense of protection. <\/p>\n\n

IT leads, your network admin team should be solely accountable for the security of your servers. Don\'t delegate that to anyone. they should learn Iptable, sysctl, firewalld, Microsoft firewall... <\/p><\/div>

<\/i>Like<\/span>(0<\/span>)<\/a><\/i>Reply<\/span><\/a><\/div>
<\/div><\/div>
<\/a>
\"it_user69348<\/a>
it_user69348<\/a>Partner at a tech services company with 51-200 employees<\/span><\/div>
<\/span>Consultant<\/span><\/div>
<\/i><\/div>
<\/i>Report as inappropriate<\/a><\/div><\/div><\/div>

Unfortunately this review is misleading and wrong in several instances. <\/p>\n\n

You do NOT get a new IP address for your server. Your server stays the same, and fully under your control. CloudFlare is essentially a CDN, just like Akamai or LimeLight. You point the DNS for your website to CloudFlare, and they provide all the performance and security features, and pull content from the Origin (your server). It\'s the same as every major CDN, which are used by every major website. It\'s not weird or scary, and you don\'t change your server IPs. You don\'t even have to change your name servers (with Business and above) you can just change your website\'s record to be a CNAME to a CloudFlare hostname. <\/p>\n\n

The idea that people are using CloudFlare in order to hide their server IP is pretty silly. To hide it from malicious attacks maybe (that\'s why CloudFlare\'s security services are so valuable), but CloudFlare is a US company and subject to all lawful subpoenas, just like every other US based service provider. I don\'t speak Russian, so I can\'t respond to the article linked to.<\/p>\n\n

The rest of the \"negatives\" are true for ANY CDN provider. The benefits far outweigh the risks for most websites. CDN performance gains, FEO features, DDOS protection, app integration, etc... are very valuable. <\/p>\n\n

CloudFlare DDOS protection is quite good, and I believe still holds the world record for successfully absorbing the highest traffic DDOS attack on record. CloudFlare started out as a security firm, and their security and DDOS features are top notch. Saying you should mitigate DDOS yourself is just silly. Very few companies have the available bandwidth to handle and mitigate a full-scale DDOS attack.<\/p>\n\n

I don\'t work for CloudFlare but this review appears to be full of inaccuracies and FUD.<\/p><\/div>