Cloudflare One Reviews

Cloudflare DDoS protects against bots and DDoS attacks. I'm using the free version for my personal website. 

The best feature is rate limiting. If I'm expecting 500 visits per hour, Cloudflare will limit the requests if I suddenly get 50,000. 

The free plan has limitations. For example, I can only set up three rules, and the application firewall is unavailable. 

I have used Cloudflare DDoS for about a year.

The initial setup isn't difficult. When a user signs up for a Cloudflare account and adds domains, it automatically deploys basic protection.

I rate Cloudflare DDoS 10 out of 10. Before you opt for Cloudflare DDoS, you should understand that every cloud provider includes DDoS. If you are hosting your services in AWS, Google Cloud, or Microsoft Azure, you already have DDoS, so secondary protection isn't necessary. 

I'm just using the bare minimum amount of DDoS Protection out of the tier we use. We're a pretty small company, so we haven't been the target of any major DDoS attacks yet. That's why so far the basic DDoS is all we need.

If your company uses Cloudflare, then everyone in your environment inherits DDoS protection.

There is no such thing as maintaining this solution — everything is baked into it. Unless of course, you want to pay for the enterprise tier. Then maybe you could gain access to extra DDoS Protection.

In the case of an attack, Cloudflare provides an extra layer of security in front of our application server. It will take the blow rather than our applications should an attack occur. That's the whole idea. They protect us with this extra cushion.

We mostly use Cloudflare WAF, and gets basic Cloudflaire DDoS, caching as extra bonus . We like the factor these features are all integrated into 1 console, simple to manage. They work flawlessly in the background, nearly invisible to us. 

The initial onboarding was causing us some confusion. Who's going to do what and what steps need to be taken? Once we got through it once, it became a no-brainer. At this point, I'm pretty happy with Cloudflare. Everything is straightforward once you've figured it out initially. It's just the very first day that can be a little confusing. 

I recently sent some feedback to the company. There are thousands of rules in their WAF product, and I just wish I could have better insight. Right now, it's very superficial. You turn a radio button on or off for their rules, but when there's troubleshooting going on, it's very hard to figure out what's causing the rules to get triggered. With each rule, there may be hundreds to thousands of rules underneath it that are enabling the blocking.

Luckily for me, so far it hasn't occurred enough that it has required me to dig deep to figure out why or how to bypass it, but I could see this occurring a lot in a complex environment. It only happened to us three times, and I was always able to figure out a way to get through it. 

I have been using Cloudflare DDoS for roughly six months.

It's been very stable. Before we brought our server on behind Cloudflare, there was a reported outage which made us extremely concerned. However, since we've been onboarded, we have not noticed any downtime with Cloudflare. 

It's extremely scalable. That's the whole reason we use Cloudflare.

Support has been good so far. Just the initial headache of onboarding. After onboarding, there was some tuning involved. We worked closely with support to get through that. Once we got the gist of it, we didn't really require support anymore. It's become very low maintenance.

We are using AWS — that's our infrastructure. The only thing we compared on paper was the native AWS DDoS Protection. The reason we selected Cloudflare, is because it provides us with an extra security layer in front of our applications. It has all the security features built into one platform rather than managing different pieces. With AWS-native tools, I have to select AWS Web or AWS DDoS Protection. There are individual components I have to install and manage. With Cloudflare, because it's an all-in-one platform, everything is much easier. 

At this point, considering the size of our company and the traffic we have seen, there is no need for us to pay extra for the enterprise tier. That's our current state. Things could change; we'll have to wait and see. As our company grows and as we become more successful, it may attract more attacks.

If you were to just use a native AWS tool, it may be a little bit cheaper. But considering the headache of spending more time to figure out how to install and manage the individual pieces, cost-wise, I think Cloudflare would be the cheaper option.  

Before implementing this solution, consider the size of the individual company: their cost budget, their budget range, and their specific needs. What are they looking for? If you're looking for an all-in-one security tool with DDoS, WAF, and rate control, all in one package for a low price, Cloudflare seems to fit pretty well. It really depends on the individual company — what their application is based on.

Take TikTok for example. TikTok has heavy traffic laws, so their security needs will be very different from my company's needs. We're low profile, we don't generate tons of traffic. So, it really depends on your environment, your budget, all of those things.

Overall, on a scale from one to ten, I would give this solution a rating of nine.

We use the product for DNS security and DDoS. 

Cloudflare DDoS is better than its competitors for its security, deployment, and scalability. 

The tool should provide on-premise versions. Currently, all versions are cloud-based. 

I have been using the solution for six months. 

Cloudflare is a customer-oriented company and offers solid support. 

Positive

The tool's deployment is complex. I rate it a three out of ten. 

I rate the tool an eight out of ten. 

Cloudflare DDoS mitigates DDoS attacks.

Cloudflare DDoS mitigates DDoS attacks mostly by distributing the attacks through their network, which means many of their PoPs will hit your servers. When you have a huge DDoS attack, Cloudflare DDoS will stop the attack after some time. Until then, it will just register the DDoS attack through their network because they have a huge network, and then all those PoPs will hit your servers.

Cloudflare DDoS has poor technical support.

I have been using Cloudflare DDoS for five years.

More than 10,000 users are using Cloudflare DDoS in our company.

I previously used F5.

The solution's pricing lacks transparency. You never know what you're paying for, and even their team sometimes cannot give you a correct answer on how they calculate something.

Overall, I rate Cloudflare DDoS a seven out of ten.