Cloudflare Reviews and Pricing

Co Founder at a tech services company with 51-200 employees

Jul 20, 2015

Basic security matters are handled automatically, although it can be bypassed easily by an attacker with knowledge of your main IP address.

What is most valuable?

The most important feature is that they handle the basics of security matters automatically.

How has it helped my organization?

Honestly the product has not really improved the way of my organisation. I just let the product take care of my security in term of networking attacks, but this is not a magic product. You still have to take care of other security matters which are important in network administration.

What needs improvement?

The only thing that I think about is that CloudFlare supercharges your website, as your dedicated IP is covered behind their server. Then, if you are a target of a network attack, they will handle the traffic, and the load, then mitigate the attack. However, depending on how your network system is built if, by any chance, your main IP address is seen by attackers they can easily bypass Cloudflare and directly target your server. In that case, you need to add extra filtering directly onto your dedicated server to avoid breaches out of CloudFlare cover, or add extra anti-DDOS solutions directly onto your dedicated server.

For how long have I used the solution?

I've used this solution for one year. Unfortunately, I'll stop it this month as, rather than being unsatisfied, my needs have changed, and my website no has longer the same traffic. I think that I can (as a System Administrator) handle the security side without it for a while.

Buyer's Guide

Cloudflare

June 2025

Free Report: Cloudflare Reviews and More

Learn what your peers think about Cloudflare. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.

DOWNLOAD NOW

857,028 professionals have used our research since 2012.

What was my experience with deployment of the solution?

Yes I did at the beginning, since I did not understand properly how to install the solution on my NGINX servers. I guess it was a lack of knowledges, but also a problem of speed, since I had to implement the solution in a chaotic atmosphere, since I was under attack at the time and had never faced this before, so I was not prepared.

What do I think about the stability of the solution?

I have not encountered any issues with CloudFlare so far. The solution has worked pretty well, but there are a couple of things which are linked to a webserver environment (NGINX in my case) that you have to be careful about when setting up. Otherwise, you may get some errors, but once the webserver is installed with CloudFlare, it should work like a charm.

What do I think about the scalability of the solution?

Scalability is not a problem for CloudFlare since they are a cloud based solution. I think I had the biggest year for my service in 2014, in terms of traffic. My website was spread over two servers, with CloudFlare on top of them, and everything went well.

How are customer service and support?

Customer Service:

9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.

Technical Support:

Which solution did I use previously and why did I switch?

I did not, perhaps I had to, in order to be a little bit more objective about this kind of product, but since I implemented CloudFlare, I have been happy with them.

How was the initial setup?

I'll say that you have to be used to managed webservers such as Apache or NGINX. It's pretty straightforward, but you have to take care with some configuration details. If you do it incorrectly, it could make your website temporarily unavailable sometimes.

What was our ROI?

I first paid for the Business plan, which was 200$/month for the first month when I had those big issues with DDOS. Then I went to the 20$/month plan. In other words, I spent about 400$ more or less on the product. I have not had a DDOS attack, since, or at least not become unavailable due to DDOS which means my ROI is pretty good. I mean when your website is offline, you first lose money like daily revenue, around 400$ for us, but you also lose your customer loyalty, and there are many more issues. No matters what's going on (attacks or not) a website must be online at all time.

What's my experience with pricing, setup cost, and licensing?

In my opinion the Pro plan 20$/month is the best solution. It includes the core features of CloudFlare which is pretty much enough. If you do not have SSL, you can also use the free plan, which is almost exactly the same as Pro, just without the SSL support. The free plan has SSL support, but it does only support modern web browsers. This means that some of your customers may not reach your website if you are using SSL with a free plan.

Which other solutions did I evaluate?

I did not evaluate other options.

What other advice do I have?

Prepare your implementation while making tests in a pre-production environment. Do not let CloudFlare take care of everything, you still have to take care of security matters for your services.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user253797

IT Consultant, Business Owner, Lecturer at a tech consulting company with 10,001+ employees

Jun 24, 2015

Download

It improved the speed of my site significantly, reducing the page loading times to appropriate levels, but there were a few times when some of their CDN nodes would fail.

What is most valuable?

CDN
Security

How has it helped my organization?

One of my projects, ancient-origins.net, gets 3 million views per month, so serving the page fast is an important element. Using the CDN of Cloudflare improved the speed significantly, reducing the page loading times to appropriate levels. Additionally their security features make sure to block attacks on our site.

What needs improvement?

Their CDN features, although good, still lack in speed in comparison to their competitors (e.g. Incapsula, MaxCDN, etc.).

For how long have I used the solution?

I've been using it for almost one year.

What was my experience with deployment of the solution?

No issues with the deployment. Their process is pretty simple and fast.

What do I think about the stability of the solution?

Yes, there were a few times when some of their CDN nodes would fail, creating serious speed issues with the site without any warning or notification from their side. Also, many times, even if our server is working properly, Cloudflare would report it as being down.

What do I think about the scalability of the solution?

No scalability issues so far.

How are customer service and technical support?

Customer Service:

I would give them a 9/10. They respond pretty fast to requests.

Technical Support:

I would give an 8/10 to their technical support. We haven’t had many issues, but when we do, it appears that sometimes they are not willing to look deeper into them to try and find a solution.

Which solution did I use previously and why did I switch?

We used MaxCDN, but we switched to Cloudflare because MaxCDN lacks security features.

How was the initial setup?

The initial setup is pretty straightforward and doesn’t require any technical knowledge, since everything is done on their site.

What about the implementation team?

The implementation was done in-house, since it is a simple process.

What was our ROI?

This is difficult to calculate; however, improving the page loading speed always impacts the traffic on a site positively.

What's my experience with pricing, setup cost, and licensing?

The original setup cost was zero, and the monthly cost is around $30 for three sites using the Business Cloudflare plan.

Which other solutions did I evaluate?

We evaluated MaxCDN and Incapsula.

What other advice do I have?

If your budget is low, then Cloudflare is the only cost effective solution, at least to begin with. The best combination of CDN and security features at a low price. At a slightly higher budget, Incapsula may be a better solution especially since they provide a faster CDN and better security features.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide

Cloudflare

June 2025

Free Report: Cloudflare Reviews and More

Learn what your peers think about Cloudflare. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.

DOWNLOAD NOW

857,028 professionals have used our research since 2012.

it_user242517

Information Security Consultant at a tech services company with 51-200 employees

May 21, 2015

It is an incredibly advanced content delivery network, however, it has the non-strict version of Full SSL.

CloudFlare is an incredibly advanced content delivery network (CDN) that offers boosts to the security and performance of your site. They act as a reverse proxy and shield your web server from exposure to the wider Internet. You get huge bandwidth savings and a reduction in the resources consumed on your server, so why have I just decided to 'go it alone'?

Introduction

CloudFlare launched their beta in June 2010 and very soon after they followed with their official launch in September of the same year. Their free accounts come with many of the great features they offer and their blog makes for some really interesting reading. This all sounds like a match made in heaven but I recently found myself faced with the tough decision of leaving CloudFlare and losing their support. This meant having my domain name resolve directly to the IP of my server. Whilst that may sound like a totally normal prospect for most, after you've enjoyed the protection and security of having someone act as your doorman, it's a slightly daunting prospect. Not only would I lose their security, but I'd also be subjecting my server to the full force of any traffic aimed at my domain name.

A Brief Overview

Because CloudFlare act as a reverse proxy, a user's browser connects to the CloudFlare servers which then request the content from the host server on behalf of the user. This puts CloudFlare directly between you and your visitors, allowing them to cache content and protect your server by not allowing users to connect directly to it. This is fine when the site is loading over http but when you want to start loading over https, it brings up a few problems. There isn't really a requirement as such for me to serve content over https, I don't have user logins and the site doesn't serve sensitive or confidential data. For me, it was mainly about the learning process and showing that it can be done for free. If you head over to StartSSL and pick up one of their free SSL/TLS certificates, it will bear your domain name. This immediately presents a problem when the browser is not connecting to your server when a user enters that domain name into the address bar. Now, CloudFlare offer different solutions to this problem depending on which type of account you have. Their free accounts do not support any form of SSL, you have to step up to at least a Pro account ($20 a month) to get SSL support. At the Pro level, the account I used to have, you can enable SSL support and take advantage of the benefits of CloudFlare but serve over https instead.

Flexible SSL

Once you're on a paid account plan, you can enable SSL on your site with a single click thanks to CloudFlare's Flexible SSL. The CloudFlare servers present their own SSL certificate to the user so that the transfer of information between them is encrypted. From here, as the data travels from CloudFlare to the hosting server, you can use your standard SSL certificate issued by a CA, a self signed certificate, or, worryingly, nothing.

Once I started investigating the upgrade to a paid plan so that I could get SSL support, I was startled at the prospect of Flexible SSL. Here, we have a solution that seems to break two of the key principles of implementing SSL/TLS. When we visit a site and see https in the address bar, I think it's fair to say there are some assumptions that we could generally make and should be able to make. The SSL certificate assures us that the site we are connected to is the site we typed in the address bar, and that our traffic is encrypted during transmission to that site. Flexible SSL seems to break both of these principles. The certificate that is issued belongs to CloudFlare and not the site you're trying to connect to, and traffic on the other side of CloudFlare between their network and the host site is not encrypted. There is of course the option to move to Full SSL, you can even use a self signed certificate between CloudFlare and the host, but I imagine there are sites out there that don't. The ability to present your site over https when the full route is not encrypted seems to be a breach of the trust that the user places on the indications their browser is giving them. There is the argument that encrypting part of the transport layer is better than encrypting none of it. Anyone between the user and their nearest CloudFlare server, like an attacker on a local network or even their ISP or government, wouldn't be able to access their traffic, but after the CloudFlare server it's back into the wild without any protection. Given that it's really easy to create your own self signed certificate, or you can get a free one from StartSSL, I just can't see the requirement for Flexible SSL. The benefits of encrypting the first leg of the transport layer are far outweighed by the detriment of giving false impressions on securely transmitting data. If you're on a shared hosting plan that would be costly to upgrade to SSL support, or don't know how or can't implement it on your server, Flexible SSL is nothing more than an illusion of security that you're presenting to your visitors.

Full SSL

If you want to ensure that data is always encrypted whilst it's being transported, you need to enable Full SSL, which requires SSL on the host server. As I've mentioned, you don't need to pay for a certificate as you can use a self signed certificate or get one from StartSSL. Once that's installed and you enable Full SSL, CloudFlare will only communicate with the host using a secure transport layer.

Now we're up and running, all traffic will be encrypted during transit. Problem solved, right? Well, even though I was using Full SSL, I still had my concerns. Whilst CloudFlare are a trusted party in all of this, I didn't feel comfortable with the idea of having a man in the middle of my secure transport layer. That, and the certificate being issued to the browser still carried someone else's name. For most users, when you connect to a site and see https in the address bar, I think it's fair to say there would be an expectation they were talking to me, directly. Not only that, but there is still a point in the transport layer where data isn't encrypted, inside CloudFlare. I think CloudFlare apps are a prime example of this, allowing the ability to inject Google Analytics code into your pages for example. I want to be clear that this isn't a criticism of CloudFlare, the services they offer are fantastic, I just have my reservations when it comes to running your secure transport layer through a third party. For a site that loads over http no one can have a realistic expectation that someone else hasn't seen or altered your traffic during transit. The other problem with this is that CloudFlare never used to validate the certificate between them and the host. It would accept any certificate and go with it.

Full SSL (Strict)

The lack of certificate validation has been recently resolved with a new feature announced by CloudFlare, Full SSL (Strict). This means CloudFlare will now validate the certificate presented by the host server. This came as quite a surprise to me as I was already using a valid certificate so just assumed that it was being validated and accepted by CloudFlare. As it turns out, I could have literally used just about any certificate I'd liked and it would have worked just fine. Not only that, but anyone could MiTM my perfectly valid SSL certificate, swap it out, and CloudFlare would have been just as happy. To me, their blog post should be more along the lines of 'we now do SSL properly' than 'hey we added a new feature'. Connecting to a host securely and then not validating the certificate means that you're not connecting to the host securely. If there was some way to pin a self signed cert in the CloudFlare control panel, this option would be perfectly acceptable, which is what I expected you should have to do if using a self signed certificate. As it turns out, there is no such option. Worryingly, the non-strict version of Full SSL will remain. CloudFlare are going to automatically switch everyone with a valid certificate to Full SSL (Strict), but for those that don't read the CloudFlare blog, I wonder if they will ever find out.

Business And Enterprise Accounts

It is possible to get around the issue of serving your visitors a CloudFlare issued SSL certificate by upgrading to a Business or even Enterprise account. Starting at $200 a month for the Business account, or an average $5,000 a month for Enterprise accounts, you can upload your own certificate and private key to CloudFlare. Whilst your visitors are now being served with your own SSL certificate, I can't see the benefit this brings. The user, much like with the Flexible SSL option, is now under the impression that they're communicating with you directly and securely. Even if they check the certificate, they will see that it is issued to your domain and have no reason to suspect that their traffic isn't travelling directly to the host before being decrypted. To set this up requires the disclosure of your private key, something that in itself should highlight the kind of breach to transport layer security this causes.

The Aftermath

One of my biggest concerns with coming out from behind CloudFlare was the impact it would have on my server. I'm currently using DigitalOcean (referral link) to host my blog and with the ability to rapidly scale the hardware capabilities of my VPS, I cautiously flipped the switch. Within the first hour it was immediately clear just how much of the demand on your resources CloudFlare can alleviate. I saw jumps in traffic at the network interface and CPU utilisation as soon as I hit the button. Whilst none of these increases were enough to cause any worries, it does provide evidence for the claims CloudFlare make about just how much they can save you in resource terms. At almost double the average daily bandwidth usage, I can say that CloudFlare were saving me about 45% of the bandwidth used by traffic hitting my site. This is from both their efforts in caching my content and serving it on my behalf, and traffic that they will have dropped and not allowed through based on it appearing malicious. I'm also seeing average CPU loads approaching double what they were, but still only falling well within the single digit range. As it turns out, my VPS is perfectly capable of handling the regular traffic my blog gets but I am still acutely aware of the greater exposure I now face. That being said, I feel the value of honouring the core principles of SSL/TLS to be worthwhile.

Conclusion

I know I mentioned it earlier, but I wanted to be clear that this isn't a complaint about CloudFlare. I still use CloudFlare to resolve my DNS queries as they run one of the fastest DNS services around. Thanks for that guys! Their free account offers an awful lot of functionality and savings alone, before you get on to the minimal $20 a month for a Pro account which comes with it's own great list of features. If you're hosting a site that serves content over http it's really a no brainer as to whether or not you should make use of a free CloudFlare account. If you're hosting a huge amount of content there's little reason not to use them. My only real problem comes with the introduction of SSL/TLS and the unavoidable requirement to have a man in the middle of your secure connection. If you truly have a requirement for a secure transport layer I have to question the sanity of breaking the chain of custody of your data.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user242514

Owner/Developer at a marketing services firm with 51-200 employees

May 21, 2015

I needed to do something differently because we were getting hacked often.

I’ve been with CloudFlare for a year and a half at the time of writing this post and realized that I never gave it a review of any kind. What kind of terrible person am I?

I worked for a couple a few years ago who was using a content management system called Joomla to build their clients’ sites. We would launch a site by simply pointing the DNS settings to our servers and calling it good.

Then we started getting hacked. A lot.

With the number of sites we had on our server, the exploits found in the plugins being used, as well as poor server practices, we had a huge target on our chest.

A while later I decided to leave to company to go on to do other things. One of those things was to open my own web development and hosting shop.

First things first: Get away from Joomla.

Next: Learn WordPress.

Now let’s get a server setup.

The first thing I did when I got my server setup was make sure that no one was allowed to host on my server unless we ran all of the DNS through CloudFlare. No exceptions.

A couple of things I noticed when I got all this in place:

My sites ran faster
My server load was lower

Most importantly: My sites never got hacked (fingers crossed).

I attribute the latter to a couple of things, but mostly I would like to think that CloudFlare had a huge part in that. If you don’t know what CloudFlare is, watch their promotional video.

Here’s some other cool stuff about this site from the last 30 days:

CloudFlare saved me more than 54,000 server requests
Cloudflare saved me more than 600 MB of bandwidth
Cloudflare blocked 50 threats to my site

And how much do I pay for CloudFlare? Nothing.

That’s pretty amazing stuff! I didn’t have to pay anything for better website security and reduced server load.

If you’re looking for the same, be sure to go get signed up at CloudFlare. It’s easy to setup and the results speak for themselves.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user241758

Systems Engineer at a tech services company with 51-200 employees

May 20, 2015

Download

It allows us to deploy websites using less hardware but more insight into analytics and threats would be a good.

What is most valuable?

The aggressive caching and DDOS mitigation are the most valuable features offered by Cloudflare. Website traffic analytics and threat insights are also very useful.

How has it helped my organization?

Utilizing Cloudflare allows us to deploy websites using less hardware due to their caching and helps us serve pages to our customers more quickly and efficiently.

What needs improvement?

More insight into analytics and threats would be a good place to start improving cloudflare. Also less 501 and 504 errors would be good too.

For how long have I used the solution?

I've used Cloudflare since 2012 and am currently using the latest version. I've utilized it with several different websites successfully.

What was my experience with deployment of the solution?

No issues encountered.

What do I think about the stability of the solution?

Only the occasional network issues, some in 2013, where all Cloudflare customers were affected, but much less lately.

What do I think about the scalability of the solution?

No issues encountered.

How are customer service and technical support?

Customer Service:

Good, as the few times I've required customer service, it was more technical but they were always helpful in directing me to the people I needed to speak to.

Technical Support:

Excellent. The representatives are knowledgeable and online documentation is great.

Which solution did I use previously and why did I switch?

Cloudflare was the first service of this type I've used.

How was the initial setup?

It was very easy to get setup on Cloudflare. They have made it even easier recently, and all that needs to be done is to enter your DNS records into their interface and the configuration is done.

What about the implementation team?

We implemented it in-house.

What's my experience with pricing, setup cost, and licensing?

Setup cost was zero and currently we are using the $20 a month plan. I've used the business tier in the past which costs $200 a month.

Which other solutions did I evaluate?

I don't know of other vendors who offer a comparable service.

What other advice do I have?

I would recommend that you use it. It has been very useful and well worth the cost to me over the last three years.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user158886

CEO with 51-200 employees

Nov 5, 2014

Download

Very fast, very secure and easy to work with

Valuable Features:

The speed improvements / CDN caching / Railgun.

Improvements to My Organization:

Because our website is blazing fast it improves our conversion rates.

Use of Solution:

More than one year

Stability Issues:

We experienced some downtime in the fall of 2013, causing us to switch to Incapsula. That was a bad decision, because Incapsula is much slower.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user69345

Owner at a tech services company with 51-200 employees

Nov 17, 2013

Does It Really Work?

I’ve been on a quest for the need for speed lately. I recently swapped to a new host Host Gator and that helped with the load speeds of the site increased (a bit). But it also gave me an opportunity to make the site even more lean and mean by going through the plugins I was using and removing the fluff. A big part of that though was deciding to add a CDN to help optimize and speed up the load times of the site. But like most bloggers on a budget I had to find something that not only worked but was in my price range – free! This is where CloudFlare comes into play. Read more to find out what a CDN is, and if CloudFlare is right for you!

Site Speed

Even if you have the greatest content in the world and a site that is designed right the one thing that will turn people away faster than anything else is a website that takes forever to load. Things like not optimizing your images, having too many WordPress plugins, and using too many java script all can affect your load times greatly. So when starting to optimize your own website that is where I would start. But after you have worked on fixing them what next?

CDN – Content Delivery Network

The next step to consider is to implement a CDN to take that final step to speeding up your website. A CDN will take all of your images, java script, and CSS (Cascading Style Sheets) and host them on to their network to quickly load them on your visitors browsers. Another benefit is that a CDN has a huge network of servers that are closer to your potential visitor ensuring that your site will load quickly wherever in the workd they are visiting. The downfall is that they can cost a lot to implement.

Cloud Flare

I happened to first seeCloudFlare from a fellow blogger’s site The Bad Blogger. I decided to do some research and found that they offered a FREE service! I thought there was some sort of catch or I would have to plaster their logo all over the place. But as it turns out not only was it simple to setup – there was not catch! It really is FREE. But not only do they offer their CDN services check out the other features they offer:

CDN

Well first they offer your basic CDN service. By caching things like your images, CSS, and javascript on their servers you are sure to have a site that will load quickly no matter where in the world visitors are checking out your site. Another cool feature of using a CDN? Say your host went down for whatever reason. You would still have a cached page instead of the dreaded 404 message people would usually get! I know it works… I inadvertently tested it while switching to a new host!

Optimization

CloudFlare offers for your pages to be further optimized before being loaded onto your visitors browser. I already mentioned some of them above! The other benefit of using a service like CloudFlare? It will save your bandwidth and the amounts of requests to your webhost!

Security

Add another layer of security from Spammers, SQL Injection attacks, and DDOS attacks from the script kiddies. By having to go through their CDN first it is just another layer of protection to keep your site and your visitors safe! It also offers services like obscuring email addresses and preventing hotlinking of your images.

Analytics

CloudFlare offers you some awesome stats to see how your site is performing. I take them with a grain of salt though. Although Google Analytics uses java script to track visitors, CloudFlare’s numbers will be greatly inflated showing you more of a “raw data” indicating almost 5-10x more traffic then you are actually receiving!

Applications

There are a slew of applications available that CloudFlare will implement on their end. Some are pretty frivolous to being really beneficial. You can add Google Analytics, PunchTab Rewards, and even experiment.ly!

Implementing Cloud Flare

So with a ton of forethought and planning (i.e. I’m full of crap) I decided to go for it. So how did I implement it? Seriously it was probably the easiest setup process I’ve ever gone through!

First I signed up for my CloudFlare account. After I received my confirmation email I then signed onto CloudFlare.
I then imported my DNS settings which CloudFlare exported and setup for me automatically. I do recommend doing some research to understand what you are looking at though.
After I had everything setup with CloudFlare I then went to my GoDaddy account and changed the DNS settings to point to CloudFlare instead of my webhost. This is the scary step as GoDaddy states this could take up to 24hrs for them to make the changes. For me it took 10 minutes for the changes to take place.
After all of that all I had to do was see if I could still see if the website was up and running and *poof* I had implemented CloudFlare onto my site.
When this is all completed you can go back into the CloudFlare dashboard and finish tweaking the settings by enabling applications or making any necessary changes to your DNS. (I had to manually add things like FTP and SSH that I had forgotten about.)

Do You Really See An Improvement?

Considering I had already tweaked this site? I can definitely say yes I do see an increase. Of course I would do your own testing first to see if I’m lying to you or not. I did a random test (as of this writing) to see how fast it loaded. Actual content of the site loaded fairly quickly with the added geegaws and doo hickeys loading a few seconds afterwards (i.e. ads, the sharebar, and my PunchTab toolbar at the bottom of the screen.) What this means is that the stuff you want to see – the images and text loaded really fast, and the rest of it kind of popped up a little bit afterwards. So I still have some work to do… *sigh*

Updates

I had a fellow blogger Bryan from www.thehobbyblogger.com ask about how the CDN refreshes the site if I make changes.

If you are going to implement small changes to your blog? They will take place ‘on the fly’. I have not had any issues performing basic site updates/maintenance. If you are doing extensive updates? You can either temporarily disable Cloud Flare through their control panel by clicking on the “Development” option. Or disable Cloud Flare altogether. I do recommend using the Development mode as that will only temporarily disable the service for a few hours.

Update #2

Lost Traffic?

People have told me horror stories about potential lost traffic or visitors getting blocked to their sites. I have done a short test with my own site and I can say I did not see any noticeable difference in traffic with the service off or on. I would suggest though that if you think you are losing traffic? You should conduct your own testing. This can be done by either:

A) Adjusting the Security settings from what you currently have it set at to a lower setting.

B) Disable Cloud Flare altogether and test to see if your traffic changes dramatically.

Also please note I do not have a huge traffic site. So your results may vary.

Is a CDN For You?

Well, that depends really. If you don’t get much traffic and if your site loads quick as it is? Then um, no? But if you want the added security and speed you get with a CDN then I say sure! I had a great test this past week with visitors averaging around 1500 – 2000 visitors (hey I hear you snickering!) and everything remained snappy even when I had 30 visitors hammering (OK, knocking softly) on the site!

For me the benefits outweigh any negatives using CloudFlare might bring.

And did I mention all of this is FREE already? For larger sites they do offer paid plans that offer additional functionality – but for most folks the free plan will definitely do the trick!

Other Resources/Additional Reading

I am suggesting that you read these two articles to help you make a decision as well. Why? Well I respect the sites and more importantly I want you to have a better overall opinion rather than some little blog you happened to run across while searching for information. Both will give you a more technical explanation and I found them interesting.

Conclusion

CloudFlare is a fantastic option for bloggers on a budget. From what I’ve researched on the web CloudFlare is considered “CDN-lite” by some folks. All I know is that it works! I might look into using a different CDN later on but for now CloudFlare is an awesome solution!

What are your thoughts on using a CDN? What service do you use if any? Leave a comment below with your experience with using a CDN or if you have any questions!

Disclosure: My company does not have a business relationship with this vendor other than being a customer.

it_user68490

CIO at a tech services company with 51-200 employees

Nov 7, 2013

Why we are canceling our CloudFlare Pro account and leaving the service

Appboy is going to cancel our Pro CloudFlare account and leave the service. CloudFlare has a great feature set, but their uptime track record has been awful.

I’ve been a big fan of CloudFlare’s since I heard of it: I was in the audience at TechCrunch Disrupt NYC 2011 where CloudFlare presented. I was so impressed that I immediately pulled out my laptop and moved all my personal websites to CloudFlare. My first Tweet ever was about how cool CloudFlare is.

I put Appboy on CloudFlare as soon as we brought our first servers online. Since then, my professional experience with CloudFlare has been suboptimal. The first major interruption was in early November. SSL randomly stopped working, which broke server-client communication in our iOS SDK product. When I logged in to troubleshoot, I couldn’t find the SSL settings page. In a frenzy, I thought that my account had been accidentally downgraded from Pro and that SSL options were no longer available. I sent in a support ticket, received a response that it was a known issue, and that I should disable the CloudFlare proxy in the meantime. The SSL options were quietly removed as part of the upgrade; seemingly no one was told. I repeatedly emailed in every few hours asking for status reports but never got a response. It was a serious issue for us. Fortunately, in November we were in limited testing on our production environment, but had it been live it would’ve caused a massive amount of damage to us. After submitting two tickets for someone to contact me, Michelle Zatlyn, a CloudFlare co-founder, gave me a call. I suggested things like proactive notifications about major maintenance, and was happy she listened, but I feel like nothing has changed since.

The last few weeks, it has seemed as if CloudFlare was being attacked constantly, taking our site down in the crossfire. I was home for the holidays having dinner when our monitors hit for 502s and SSL problems. 502 hit again in January due to attacks in Newark. Over the past few months, dozens of 502 errors have tripped up my monitors, woken me up overnight, and broken our site for some of our customers. Numerous support tickets led to no progress. I ended up ignoring 502 errors in our functional monitoring scripts. We get over 100,000 unique visitors a month. Downtime has major visibility for us.

The last two weeks have been exceptionally problematic. One of our customers emailed us that random links on our site was broken. The links made AJAX requests which were not returning. Sure enough, everyone in the office could reproduce. I sent in a support ticket. The one-line response: “Thanks for writing in. This is a known issue that we’re trying to tackle this week. Sorry for the inconvenience!” That was it. No additional info. Was it just with AJAX? Should I turn off the CloudFlare proxy on other sites? Should I look to @cloudflaresys for updates? The worst part was that CloudFlare didn’t notify me about the known issue! It wasn’t on the status page, I couldn’t find it on Twitter. I had to find out from one of our customers. Later, the support associate agreed that “[CloudFlare's] notification of what’s working and what’s not is a bit… lacking” and said that he’d notify me when he got an update. I have not received any further updates.

Last night was also really bad. CloudFlare released a new version of its DNS software and accidentally deleted their master database of domain records, which broke name resolution for all of Appboy’s servers. I couldn’t go to the main website, our client-server communication broke, my app servers couldn’t talk to the databases because they couldn’t resolve the hosts, etc. We were completely down due to a bad software release that was, again, completely unannounced.

Whenever there have been issues, the CloudFlare engineers have jumped to resolve it. And resolution time is usually fast. But that 100% of my site downtime the last 2 months has been caused by CloudFlare is unacceptable. Even if CloudFlare fixes the problems quickly, they’re breaking too many things too frequently.

Everyone here at Appboy thinks that CloudFlare is a great product. We want to use CloudFlare, but right now can’t take on the risk.

Do you have any suggestions for DNS service providers? Let us know what you use or recommend.

Disclosure: My company does not have a business relationship with this vendor other than being a customer.