We primarily provide the solution to our clients.
It offers DDoS protection, WAF is available, and CDN services are there. You can log the IP address countrywide and it optimizes the content for you.
Download the Distributed Denial of Service (DDOS) Protection Buyer's Guide including reviews and more. Updated: July 2022
Cloudflare is the leading performance and security company helping to build a better Internet. Today the company runs one of the world’s largest networks that powers more than 9 million Internet applications. More than 10 trillion Internet requests flow through Cloudflare’s network each month, accounting for nearly 10% of all Internet requests globally.
Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare have all web traffic routed through its intelligent global network, which gets smarter with each new site added. As a result, they see significant improvement in performance and a decrease in spam and other attacks.
Trusted by over 9,000,000 Internet Applications and APIs, including Nasdaq, Zendesk, Crunchbase, Steve Madden, OkCupid, Cisco, Quizlet, Discord and more.
We primarily provide the solution to our clients.
It offers DDoS protection, WAF is available, and CDN services are there. You can log the IP address countrywide and it optimizes the content for you.
The solution is very good at mitigating threats.
The product is already being developed out quite well. I don't see any room for improvement in terms of features.
The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful.
If they could offer more filters, that would be very useful for our organization.
I've been using the solution for three years.
The stability is good. We haven't witnessed crashes, bugs, or glitches. It's a reliable product.
The solution is easy to scale. A company shouldn't have any issues with expansion if they need to.
We've reached out to technical support in the past and we've found hem to be very good. We're satisfied with the level of service they provide.
The initial setup is extremely easy. There's absolutely no complexity.
Deployment times will depend on the customer due to the fact that we will need to change the authoritative main servers and customer domain. We can typically do this in one day. It totally depends on the customer and their requirements and processes.
There is no downtime involved in the deployment.
I'm not sure what the licensing costs are. I'm not sure if we pay monthly or yearly.
We're partners with Cloudflare.
This solution is the best product. It does not charge you for any kind of attack on your traffic. It charges you only for any good traffic. It can mitigate up to 30 TBPS of DDoS attacks. If the attack happens and if there is a surge in the traffic, it will only charge you for the good traffic.
I'd rate the solution nine out of ten.
I'd rate it higher, however, I believe they are still building out their product. There are still items that could be added that will make it even better in the future.
We are a reseller of CDN solutions and this is one of the products that we implement for our customers.
I also use Cloudflare for various websites. It is a content delivery platform.
The most valuable feature is the web application firewall.
The dashboard is very easy to use. It is simple to explain and a layperson can achieve good results.
The performance is good.
There should be a specific price list for enterprise-level customers.
Another problem with this product, as a reseller, is that your customer needs to give you access to all of the features before you can help them. This is different than with other vendors, where you have insight into the customer's contract. Unless the customer gives me access to their dashboard, I am totally blind and cannot really support them. The problem is that it makes it difficult to give them support. There should at least be a read-only view of the data so that resellers can properly support the clients.
Essentially, the dashboard is not well set up for resellers. Resellers need to have a dashboard view of all of their accounts.
I have been working with Cloudflare for about two years.
It has had some flaws in the past. For example, I think that they had two outages last year and they had a dashboard outage this year, but apart from these instances, it's quite stable.
The scalability is great. They're expanding and have enough resources worldwide.
Our customers are typically enterprise-level organizations.
The technical support team is very good and they know what they're doing.
I am also familiar with Akamai and Fastly. Cloudflare is easier to manage than the solutions provided by these vendors. The user experience is much more straightforward and appeals to a lot of developers.
Akamai, however, is the largest and most popular CDN. It's a very sturdy solution. They basically made this industry, 20 years ago, paving the way for newest vendors such as Cloudflare.
The initial setup is very straightforward. You need to know something about DNS domains and so forth, but if you're familiar with setting up a website then it's straightforward. The deployment takes about 15 minutes.
My customers generally have three or four in-house people to handle the deployment.
There seems to be no official pricelist for enterprise-level customers and it is more of a trial-and-error estimation. The cost primarily depends on the size of the organization.
We have some customers who cannot afford to have a downtime of an hour, so the customer has to choose. We give them other options, such as Akamai CDN, who provide a 100% SLA and they haven't failed in 17 years. That's a different clientele. Younger startups sometimes break things by pushing out new applications and they're used to having a more fragile environment.
This product is well-developed and they are expanding into other spaces.
I would rate this solution a seven out of ten.
It is easier to configure and develop documentation to see how we have configured firewalls. It's also more automated. You can have a website injected with SQL command. We put in an SQL injection and Cloudflare rejects it.
It should have easier documentation for the configuration. It's very technical and people who aren't technical should also be able to do the configuration.
I have been using it for three months.
It's stable but we have to finetune it. We need to adjust the configuration more to meet the requirements for our website.
It is scalable. My company deploys it for end-users and in the meantime, I deployed it on my own website.
I haven't contacted technical support.
The initial setup was quite straightforward. There is a button with an explanation. We deployed it within minutes. It has an SQL database and it only took minutes to apply it on the website.
Try to deploy it on your website and test it on your site to see how it works.
I would rate it an eight out of ten.
It already has a good feature set, I don't think it needs anything else. To make it a ten, the documentation should be simplified.
We use this solution for security.
This solution has improved the security of our organization.
The most valuable feature is the access limiter. It allows you to control the number of request per minute.
The product support needs to be accessible from more places, a wider area of coverage. For example, there is no support in Taiwan.
My impression is that this product is stable.
The technical support is good.
The setup was ok, but the deployment took a long time.
I have a lot of people on my team.
The licensing costs for this solution are on a yearly basis. There are no additional costs beyond the standard licensing fees.
We evaluated products from Capsula, and some security products in China.
I would rate this solution an eight out of ten.
My primary use for the Cloudflare service is for load balancing. I also use the product to manage the connection to my web server's backend.
Cloudflare improved my organization because my servers used to have a lot of traffic. We put it on the public settings and now it's quite nice because there is no downtime, if there is a slow connection or a lot of web traffic.
The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution.
Compared to other products, Cloudflare is very stable.
For our websites, it is only around 100 to 1000 visitors per day. For the deployment and maintenance of Cloudflare, just one person is required for maintenance.
The customer support at Cloudflare is fairly straightforward. For technical support, I give Cloudflare a thumbs up for their documentation. We didn't have to ask their technicians or their support in order to finish up the setup. It was easy to troubleshoot our installation.
We used a previous combination of CloudFlare and a manual router with a load balancer. The solution that would be most comparable with CloudFlare based on my experience would be physical load balancing and cloud-based load balancing.
Cloudflare is not complicated to set up. It is fairly straightforward. Deployment times depend on the website. Because I already read the documentation before the first setup, it actually took no more than 10 minutes. I did it all by myself.
We are still using the free version of Cloudflare. It is a yearly based plan.
In my experience, Cloudflare is a great solution. If they improve on the placement of their data centers, it would be better. I'm living in a remote area. I would like to connect to them without any kind of lag.
I believe that Cloudflare is okay as it is now because they are partnering with Google. Cloudflare improves performance on my websites. It is a great partner for cloud infrastructure for anyone who wants to use the security service and other features.
I would rate Cloudflare with an eight out of ten. I know they are constantly improving.
Cloudflare has made management of my website much easier by combining various functions in one platform without compromising quality. There are also less dark UX patterns than other vendors, so I have peace of mind knowing they aren't trying to trick me or make complicated procedures to attempt to lock me into their service. That is very refreshing!
The dashboard is very well thought out, giving useful information and providing easy access to useful functionality I wasn't aware of.
This is a very minor thing since I can't think of many ways for them to improve: It looks like they don't support as many TLDs as other registrars, but since they are very new as a registrar, I expect this may improve soon. For example, there are many TLDs in this list, but /co is missing: https://www.cloudflare.com/tld...
This solution has been stable so far, and monitoring of Cloudflare has shown them to be reliable.
So far, scalability has done well, but I am not a heavy user.
I haven't contacted support which indicates a good self-serve product. The tools to answer your own questions are there, so support is built-in without ever needing to reach a person.
I switched to Cloudflare from GoDaddy because Cloudflare promoted "at cost" domains.
The initial setup was very straightforward.
Less cost for domains and more satisfaction which is hard to put a dollar value to.
Cost for all services I have researched in Cloudflare is straightforward, and they don't include hidden fees. I'm not a heavy CDN user since I don't get much traffic, so I can't speak too much about the value for their CDN.
I've used various solutions like full hosting companies (Bluehost, iPage, etc.) and most recently GoDaddy. I also looked at Google domains and Namecheap.
I encourage anyone interested in holistic internet service delivery solutions to check out Cloudflare. They have nice simple solutions that work well together, are easy to set up, and their UI/UX is intuitive.
In addition to a reliable and easy to use a DNS service, Cloudflare enables us to host websites on hardware in-house, by protecting us against DDoS attacks as well as from our slightly unreliable ISP.
to protect us from botnets and attackers, as we are hosting sites in-house.
Cloudflare is one service that has been absent of any frustration when setting up or using. Perhaps I would ask that they improve the Free plan and allow us to use it with any TLD (certain ones are not allowed).
Very straightforward, we were set up in minutes.
I'd rate it a 10 out of 10. There is no service as mature as Cloudflare that is also as easy to use, reliable, and hosted from excellent infrastructure.
I use this for DNS for many of my former clients and personal sites. When using services like Heroku, Cloudflare is very useful for CNAME flattening. I also use it for their end-to-end SSL with TLS authentication on nginx for securing servers.
The second major use case is as a CDN where I will push logic to the edge for caching and redirects.
I have not used it at my current organization, but in the past I have used it to bring enterprise-grade features to my small business clients at low or no cost.
Centralized, full-featured DNS.
They also lack a good way to manage DNS as a company, since everything is relegated to single account logins until you get to the higher levels. They have come out with a paid feature to remedy this, but I have not had a chance to fully review it yet to know if it fixes the access problem.
There has been some downtime over the years, but it was usually handled well.
I have only scaled this to a few million viewers with a couple TB of traffic, but I didn’t see any issues.
I have mainly been on their lower accounts which don’t really come with support.
I have used a couple of different solutions like Incapsula, CloudFront, and Akamai, but for different projects, not before or after.
It is very easy for someone who knows DNS. It is somewhat opinionated and pushes you into higher tiers, but overall it is easy.
You can get a lot out of the lower accounts.
I have used several in the space and I still use, Route 53, DynDNS, etc.
This product is good for simple things, but you may need other tools for more fine-grained control of specific portions.
I work as the Senior SEO Strategist on a very small in-house team of digital marketers for Lakeview Health, a drug and alcohol rehab. Upon starting my role, one of my first tasks was migrating our websites to a new web hosting provider so that we could take ownership of them. With all our sites developed in WordPress, I decided on hosting with WP Engine which recommended Cloudflare in the setup process.
In the past, I worked in environments where the developers and IT team managed the websites, so I admit that there are gaps of knowledge in my understanding of how the internet works. Using Cloudflare made the process of migrating much easier and gave me the satisfaction of knowing we’d receive enhanced security features, alongside a reputable CDN, simple DNS hosting, and the many other solutions Cloudflare offers.
I manage these websites independently within my organization and, with exception of a third-party vendor, I am the only one that has access to our Cloudflare account. It helps me ensure the sites are running optimally and securely.
The simplicity of the overall dashboard makes it a great product for a user like me who has less understanding of the internet than a developer or other more technical people. It gives me peace of mind. I also love the easy customization of the Page Rules.
I will say, in the years I have used Cloudflare, one thing I love is the constant improvements and developments being made.
One area of improvement is in the Access Rules. Hypothetically, if we wanted to block or challenge traffic outside of the United States, the only way to currently do that (as far as I know) is to enter every single country outside of the United States. That could be a labor intensive job. A solution could be to enable users to create a rule where traffic is only allowed within a certain country.
I would rate Cloudflare a nine out of 10. I haven’t used any other solutions that might compete with Cloudflare, so I am a bit biased, but for ease of use, features, and cost effectiveness, I think it’s a great solution.
For DDOS mitigation.
Provides peace of mind. We do not have to do things over and over, or double check their work, or worry about what could have happened due to a potential DDOS attack, if we didn't have protection.
Ease of deployment
I think the APIs are a little bit hard for us to work with. The APIs could be more open so that we could integrate better with our SolarWinds or our monitoring solution.
Also, the reporting can definitely be improved to offer a lot more explanation on something that may have happened or has actually happened.
We have not encountered any stability issues.
I can't say, since we actually just deployed it. Our organization has already grown. For now, it serves our needs and manages are our expansion.
I'm quite comfortable with them so I don't see a big issue. We get fairly good support. The earlier issues that we had, some minor issues here and there, we got them resolved. They resolve our issues in a timely manner.
I think any DDOS solution is going to be complex. But we could actually follow the process and implement the solution. So it was not that complex, in that sense. And the tech support was there to provide feedback and support.
We didn't get any training other than you reading up materials and working with tech support.
I think the pricing is competitive.
I think as far as licensing is concerned it's pretty straightforward because it's based on domain. It's just that sometimes domains could be tricky with some customers.
We did review a couple of options, Tenable and a couple of others. We settled on Cloudflare because of price, support, and of course comfort in dealing with a vendor that was supporting us.
My advice would be to review exactly what you need and talk to different people to understand the potential advantages and pitfalls of implementing these kinds of solutions. Then identify the right product to meet your requirements.
From a solution perspective and from a product perspective I would give Cloudflare an eight out of 10. It's a reasonably priced solution that meets customers' needs and it's not too difficult to deploy.
- DNS Management
- Page rules
- Easier DNS management via API
- Easier http to https redirect using page rules
Several features that I think is essential is not available in the free and business package. One of them is multi users. Multi users and multi API key is important for organizations in any size.
Initial setup is straightforward and guided by Cloudflare. NS changes for new site is easy. For existing NS migrated to Cloudflare, user must recheck current DNS records to ensure all records already available in Cloudflare.
So far I use free tier and happy with it. You can subscribe to business package if needed.
The API gives us the ability to remote control our DNS settings. With many platforms, such as PF-Sense integrating with CloudFlare, it’s an invaluable tool for things such as Dynamic DNS, Let’s Encrypt DNS-01 Challenge, or even as a rapid counter-measure when traffic diversion is needed.
The speed of everything CloudFlare is extreme. The UI is fast, responsive, and updates seem to be pretty much instant. But the biggest benefit, when mentioning speed, is that you can teach anyone in less than 20 minutes how to use it. This even includes your drunken janitor. Try that with AWS.
The Simplicity. When I mention the simplicity, it’s because of the limited information you are presented with at every screen. Although I hate the endless scrolling when searching for a function, I fully understand that less tech-savvy individuals probably have an easier time dealing with less information being thrown at them as they sift through the pile of setting CloudFlare offers. The features, functions, and terminology are also very well and clearly explained, if not almost cut out in cardboard for the reader to understand.
CloudFlare made it easier for us to manage our client’s DNS. With their outstanding UI, we have been able to reduce human errors and get a better overview of our DNS and security.
I have used CloudFlare for some twenty months.
We did have stability issues a few times, but it’s hard to tell. They don’t always seem open about disclosing it.
We never had scalability issues.
I rate technical support quite badly. The support person had a hard time understanding my issue.
But to be fair, we gave up on support from major enterprises a long time ago.
Now we don’t even bother. It simply takes too long time to get escalated to Level-1 support where you can have a meaningful conversation.
We had many previous solutions and that’s why we switched.
The setup was super simple, and it still is.
We don’t have advice, since we mostly rely on their free services such as DNS hosting. In general, their pricing is fair, but the price scaling is way too steep. For example, to go from 200 to 5000 dollars does not make any sense at all.
I believe I reviewed Radware for scrubbing and GratisDNS for DNS.
CloudFlare's caching brings the load speed down from 4.32 seconds to 2.45 seconds.
The Always Online feature has room for improvement. It seems to work sometimes and not others even with the pro version.
The feature shows a cached version of your live site if your host is offline. When your site is offline CloudFlare shows this:
We moved our DNS to CloudFlare about three years ago.
I have not encountered any stability issues; the platform is rock solid.
I have not encountered any scalability issues; moving to the pro version was a simple as a click.
Technical support is 10/10. Our one call about a caching issue was easily fixed and it turned out to be a problem we caused, not CloudFlare.
We used our own name servers and Snort. We switched due to simplicity of the CloudFlare interface.
Initial setup was straightforward. CloudFlare's setup wizards made it easy.
Start with the free plan and move up as needed. It was easy to upgrade and downgrade.
We looked at GoDaddy DNS and Amazon DNS services. After reading the reviews online, we jumped to CloudFlare.
Give it a shot. The setup was easy and you can see the results right away.
For DDoS protection and website downtime, it would be nice to have a feature to provide email/SMS alerts that can be implemented like Pingdom and other solutions.
I implemented these solutions in 2013.
I did not encounter any stability issues.
I have not yet encountered any scalability issues.
Until now, I didn’t require much technical support. I try to find any help by myself through the interface.
I did not use any previous solution. In fact, I searched for a few and selected CloudFlare.
The product is very straightforward and simple to implement. Those are the main reasons for using it.
I haven’t gone through the other pricing plans. For the services I am using, it is a bit expensive. It is worth the price when you weight it against time and cost.
Before selecting CloudFlare, we looked at Amazon products. Although AWS provides a range of services and is a standardized platform, I found CloudFlare to be a much easier and faster solution for websites.
If someone is looking for a secure and optimized wrapper over an open website, I would suggest CloudFlare services. It will instantly help you to secure and optimize websites/web pages or blogs. It is quick, easy to use, and simple to implement.
Easy cache management for pages on a high traffic Drupal site, due to seasonal performance spikes. This service is helpful for our small technical team.
We have specific high-visibility "campaigns" that are scheduled about every six weeks, and the rest of the time our site is quieter. We've used Cloudflare to handle the ability to post dynamic, timebound content as well as more static content delivery.
I think it would be more helpful to have either user-submitted or Cloudflare-produced documentation, samples, or examples of situations. We had to do a lot of digging and back-and-forth with technical support for specific use cases, and it might be helpful to have more screencasts or screenshots for common situations.
I have used the solution for two years.
We have not encountered any stability issues.
We have not encountered any scalability issues in the paid version.
Answers to all our questions were available when needed.
The initial setup is extremely easy but will require access to your Domain Name Servers.
The solution is a good choice for sites that require multiple types of users and multiple types of content (e.g. Drupal sites) with thousands, or tens of thousands of users or more.
They have a few introductory screencasts for people just getting started, which is helpful. I've now implemented CloudFlare on three new projects, so for most common cases it is solid and straightforward.
These are some of the valuable features:
Once a domain's name servers have been pointed to CloudFlare, you never have to worry about DNS propagation. This would be the case, for example, if you wanted to point a domain to a different EC2/digital ocean instance.
In that sense, it's marketing that could use some improvement. It is hard to call your own product a "necessity", but I truly believe that it, or something like it, is a necessity. Without it, you are risking higher costs, more spam, more failures, and less satisfied customers. They need to convince non-technical people why it's so awesome.
CloudFlare solves a lot of problems that many non-technical people don't even know exist. In addition to the obvious ones, like SSL security, spam protection, edge caching across a CDN, you have an easy way for clients to point their domains and DNS management over to CloudFlare.
Here are some scenarios:
Another reason it's awesome is that you don't need your server to handle every request. Most of the traffic is to static resources and will be served by CloudFlare. This provides incredible peace of mind for higher traffic sites.
If your site has almost no static content, and is configured to auto-scale server instances based on demand, CloudFlare is still a relief because you will know that you are not paying for bad traffic.
Without CloudFlare, if some bot decides to send spam requests every day to your site, you'd likely pay for that traffic in one way or another.
We have used this solution for about two years.
We did not encounter any issues with stability.
We did not encounter any issues with scalability.
The installation was complex until I learned what I had to learn. Once you learn about domains, DNS, name servers, propagation, and web server management, CloudFlare is simple. Before you learn, it's quite hard to understand and debug DNS and configuration issues.
For example, I was once trying to SSH into the domain instead of an instance's IP address. It took me forever to understand why it was not going to work.
I recommend the free plan for most users.
Ask for guidance from someone who has done it before.
CloudFlare offers some of the most amazing features when it comes to optimizing websites & for its security for free, and all at the domain level. They were able to truly disrupt the market because prior to them, only enterprises had access to such features. They offer free CDN to all websites.
These are the following features that I use all the time:
As mentioned, it helps me manage DNS records for more than 100 domains with ease. It helps in web page optimization & helps keep the website secure. If it was not for CloudFlare, I would have to hire a dedicated resource to manage all this for me. However, not even couple of hours a week on CloudFlare helps me offer fast & secure websites to my clients mostly for free or at a very minimal cost.
CloudFlare is an innovative company and certainly the thought leaders in their industry. They're constantly improving their product, releasing new features, partnering with various service providers to offer add-ons. Personally, I think they're ahead of the competition and keep it that way by improving faster than the competition too.
However, what I still fail to understand is that why aren't they offering domains themselves. I'd love to buy the domain name directly from them rather than buying it from other registrars and then connecting them through CloudFlare.
I have used it since 2010; that's about 6 years. They were named as best startup at TechCrunch Disrupt and since then, I've been a user.
They've always informed me in advance about any maintenance and, personally, I haven't seen anything going wrong.
I have not encountered any scalability issues at all.
I’ve never had a reason to get in touch with their technical support.
I was using MaxCDN for content delivery network services, but have never looked back as CloudFlare offers the same feature for free.
CloudFlare is very intuitive and the setup has been straightforward from the beginning.
Most small businesses should be good with their free plan. However, as website traffic & business grows, I think one should invest in their paid plans. It's worth every single penny.
Before choosing this product, I did not evaluate other options.
Use the page rules and flexible SSL, for sure. If you have an e-commerce portal, then implement the full SSL support.
DNS Management is the most valuable feature of the product on the free plan, and the CDN options are robust on the business plan.
It offers single-point DNS management for all of the company’s domains that might be registered with different registrars.
Refreshing the site cache is very fast and easy, and the developers mode is also a great feature.
With CDN loads, sometimes we get an error that the host server is unavailable when the connection between CloudFlare and the server timed out. But now, we get the always online page, so the customer hardly notices a problem.
I have been using it for at least four years.
no issues, very fast to deploy. a simple change of the domain's NS records.
on the free plan we used to receive from time to time "website not available" but since we switched to the business plan, we encounter no problems.
No problems with scalability; we moved from free to pro to business with no problem.
Technical support is 10/10 – very good.
We are simultaneously using Akamai, which is sometimes too robust for us, much harder to configure and costs a lot more. CloudFlare is very user friendly, UX-wise and price-wise.
Initial setup is very straightforward.
We implemented through an in-house implementer.
If you are mid-size company, go straight to the business plan. great ROI.
We are also using AKAMAI, see my previous comment on that.
CloudFlare provides an answer to a variety of issues, so it gives you very high value for your money.
If you are not sure, take it for a test run; it’s free.
The setup and configuration is also easy to perform and their support is excellent.
This product has kept the site up while under an attack.
None that I can think of at this point. Their enterprise-level DDoS mitigation plans are costly but they are cost effective compared to any on-premises/distributed solutions that can go upwards of high six figures to implement. If a company like Sony can be taken offline for a week due to an attack, then there is not much that can be done by midsized/startups to prevent these attacks. For these companies, CloudFlare is ideal.
I have used it for five years.
I have not encountered any stability issues.
I have not encountered any scalability issues. You can move up to bigger packages if you are under a heavy DDoS attack.
Technical support is excellent.
I did not previously use a different solution. This was the first CDN company I have used.
Initial setup was simple enough for novices. They have plenty of documentation on their site.
Start off with their free plan. However, major DDoS protection is only provided with their paid plans. I would start with the free plan to test or to simply move DNS off your local server to them to free up resources.
Before choosing this product, I did not evaluate other options. They are an industry leader in CDN.
If you need your website accessible at all times, consider going with them.
I have used the cache feature of CloudFlare CDN.
CloudFlare is very easy to set up for my site domain.
It is very easy to maintain.
CloudFlare flushes the cache immediately, which is not supported by some of the other CDN networks such as Akamai and Amazon CloudFront. These CDNs take some time that can vary between 5-15 minutes (minimum).
No comments, because I am using it only for creating a cache flushing tool that will work on Adobe Experience Manger (AEM).
There are some features missing or might not be visible to me as I am using its free website plan. These features are:
I have used it for the last 10 months.
I have not encountered any stability issues.
I have not encountered any scalability issues.
I don't need any technical supports because there are a number of blogs with solutions for most of the problems. Because of these blogs, I haven’t used this feature until now, so I’m not able to rate this feature.
Before using CloudFlare, I used Amazon CloudFront and Akamai.
I used CloudFlare because I was creating a cache flushing tool for Adobe Experience Manager (AEM). This tool will be responsible for flushing the cache from different CDN networks, such as Akamai, CloudFront, and CloudFlare.
Initial setup is straightforward and easily configurable, even if a person doesn't have any knowledge of CloudFlare. He/she can easily set up CloudFlare.
I’m not able to comment on this because I am using the free website plan.
Before choosing this product, I did not evaluate other options.
In my opinion, CloudFlare is one of the best CDN networks I have ever used. It provides a quick flushing feature that is not supported in some of other popular CDN networks such as Akamai and CloudFront. CloudFlare is a very easy-to-use CDN as compared to others.
DDoS protection is this product’s most valuable feature. Even if it can’t handle very large-scale attacks, protection is easier having CloudFlare as a primary shield.
If you choose to do so, you can use their DNS servers. Because DNS amplification is also a vector of attack, this is one more optional feature you can delegate to CloudFlare at no additional cost.
It allows us to have a backup in case Incapsula has issues.
I would like to not need a separate server for non-www redirection under the CNAME setup option. With Incapsula, they simply tell me to point the non-www records to the servers they tell me and they take care of the non-www redirection. In CloudFlare's case, I need to get an external server, set up the redirection there using Apache or NGINX and put my own SSL certificates there.
I have used it for one year.
I have not encountered any stability issues.
I have not encountered any scalability issues.
Technical support is 10/10.
We previously used pretty much all solutions. In some cases, Incapsula is better; in others, CloudFlare is.
We were used to the CNAME setup. Initially, this was not offered but now it is. The only issue is handling the non-www redirections that, with CNAME setup, requires us to use an external server. (Incapsula does not.)
Pricing and licensing is standard when compared to its competitors.
Don’t hesitate to contact support; they answer very quickly.
Subscribing to Cloudflare (from its website) means changing your nameserver IPs and your web server IPs.
Many people don't understand issues related to using the Cloudflare service:
Those people who want to hide:
In fact, Cloudflare is used by many people who want to hide the IP of their web servers from local authorities, governments or customers. That's why the Russian government threatens to block all the websites hosted on Cloudflare. Cloudflare at some point didn't cooperate with the Russian authorities and refused to provide the real web servers IP behind Cloudflare who violated the Russian law.
As governments become more and more efficient at blocking websites, we may see in the future this kind of issue coming back in other parts of the world. I will not talk about the moral aspect of it but from an IT decision maker point of view. If you have a clean website on one IP from Cloudflare you may suffer from a government decision to block the Cloudflare IP ranges which are public on the Cloudflare website.
Subscribing to the free Cloudflare service means getting a new IP address for your server. It is very much like migrating your website to a shared hosting website since many other websites that use Cloudflare also use the same IP address than you. Since the Cloudflare service is open to everybody several of those websites can be spammy. In SEO, this is what we call bad neighborhood.
You grant all powers to Cloudflare:
Since you use the nameserver from Cloudflare and a Proxy IP from Cloudflare, Cloudflare is the almighty who can do everything. They can stop access to your website. They can slow down access to your website too. They can inject code inside the code of your webpage thanks to the proxy. By the past, the app. smarterrors was a feature that was on when subscribing to Cloudflare. This feature replaced your 404 page by Cloudflare 404 page. So, in this case, it was the crème de la crème in terms of power delegation. They replaced your own pages with their own pages.
Also, they can spy on everything that the visitors send in clear to your web server. At the end, it is worth than giving your house keys to the NSA.
One more weak point:
if for some reasons the Cloudflare service is down, your website is also down. Are Cloudflare benefits offsetting this plausible scenario? From time to time, you may see an error 522 issued from Cloudflare when your website isn't available. In this case, you aren't able to know whether the issue come from Cloudflare or whether it comes from your web server.
Even if the downtime is short, on a yearly basis downtimes related to Cloudflare can be significant for online businesses.
Unfortunately, the DDoS protection service of Cloudflare is unclear. It is only a drop down menu defining the level of protection but it does not say anything. On the other hand, there are Anti DDoS techniques that are published and used to face DDoS attacks from a firewall. By the way, and unfortunately, i have seen a website that has been taken down with a DDoS attack even if they used Cloudflare.
From a technical point of view, Cloudflare is the best CDN. The IP addresses from their network have very good reputation. They are considered generic for Google rather than country specific. Also, their free service is pretty reliable for a free proxy.
It is also a DNS server free service:
Since Cloudflare is also DNS free service, it is possible to minimize the pressure on your own DNS server and use cloudflare as a DNS server since it is possible to put the cloudflare nameservers on behalf of your nameservers.
Even if they provide good services from a technical point of view, the different issues related to the Cloudflare network model highlight that it may be better to stay free and have a longer ping & handling your DDoS protection yourself rather than giving everything to Cloudflare.
Highly-configurable caching options is what sells this product. Having CloudFlare properly render every page has reduced load times, bandwidth usage, and, most importantly, our server's load. Reducing the load meant we were able to get rid of several PHP/Apache caching modules that consumed a great deal of resources that do the same, if not, a less efficient job.
CloudFlare has positively improved my site's speed, performance and security. Also, having servers with data centers located in Germany and the Netherlands, it worked great for our EU customers. However, we couldn't exactly deliver the same load times for clients located outside of EU, for example in Asia. Having our websites cached with CloudFlare's servers all over the world, this is no longer an issue.
I have found CloudFlare's support to be unresponsive at times, and not very helpful with providing technical details for issues that we have reported over the years.
We've been using it for around two years with its cPanel plugin.
Luckily, we haven't encountered any issues with stability so far. In fact, it has increased our uptime since it wasn't unusual for us to deal with DoS/DDoS attacks on a weekly basis.
Since we are on the same plan since the first day we started with CloudFlare, we haven't had much experience with scalability.
Since customer service goes hand in hand with technical support, I'm afraid we haven't experienced their representatives going above and beyond in terms of:
I have found CloudFlare's support to be unresponsive at times, and not very helpful with providing technical details for issues that we reported over the years.
We haven't used CDN networks, but we experimented with Varnish, xCache, Gzip, eAccelerator and other PHP/Apache caching solutions. Since they weren't very configurable (except for Varnish), CloudFlare has provided a much better solution, allowing us to move away from running multiple caching instances on our local servers.
With every service out there, there will be hiccups every now, and then but as far as the deployment goes Cloudflare is extremely simple to implement. It is a low-risk solution since we can manipulate which DNS zones get cached and which don't. In case there's any trouble, we can disable CloudFlare, and switch to our local DNS in less than a couple of minutes.
Setting up CloudFlare is an easy gig. The only issue you might encounter is having your domain registered through a vendor that doesn't allow direct name-server manipulation.
For example, Enom resellers are known to have their domain control interface completely locked, so you have to rely on their support to handle this for you. If their support team has an issue with handling requests within the SLA - you have a problem.
Fortunately, we implemented this directly through CloudFlare as we like to avoid third party resellers whenever possible.
Having several sites that sell products, our primary concern is:
Since CloudFlare provided a solution for all the above, which indirectly affects and improves our business, our ROI has greatly increased.
The fact that CloudFlare offers a free solution, which is more than enough if you're running a low-medium traffic is just amazing. As far the pricing goes, although it's a bit pricey, it offers great value if you're running your entire business online. Content optimization and delivery is key, and CloudFlare does a great job on providing that.
CloudFlare was the first CDN we used, and luckily, we haven't been given a reason to use another solution. In the past, we used server-based software, caching modules, etc.
Since it's a low-risk implementation, I encourage all users that have issues with their response times, occasional DOS attacks and page rendering to give CloudFlare a go.
The most important feature is that they handle the basics of security matters automatically.
Honestly the product has not really improved the way of my organisation. I just let the product take care of my security in term of networking attacks, but this is not a magic product. You still have to take care of other security matters which are important in network administration.
The only thing that I think about is that CloudFlare supercharges your website, as your dedicated IP is covered behind their server. Then, if you are a target of a network attack, they will handle the traffic, and the load, then mitigate the attack. However, depending on how your network system is built if, by any chance, your main IP address is seen by attackers they can easily bypass Cloudflare and directly target your server. In that case, you need to add extra filtering directly onto your dedicated server to avoid breaches out of CloudFlare cover, or add extra anti-DDOS solutions directly onto your dedicated server.
I've used this solution for one year. Unfortunately, I'll stop it this month as, rather than being unsatisfied, my needs have changed, and my website no has longer the same traffic. I think that I can (as a System Administrator) handle the security side without it for a while.
Yes I did at the beginning, since I did not understand properly how to install the solution on my NGINX servers. I guess it was a lack of knowledges, but also a problem of speed, since I had to implement the solution in a chaotic atmosphere, since I was under attack at the time and had never faced this before, so I was not prepared.
I have not encountered any issues with CloudFlare so far. The solution has worked pretty well, but there are a couple of things which are linked to a webserver environment (NGINX in my case) that you have to be careful about when setting up. Otherwise, you may get some errors, but once the webserver is installed with CloudFlare, it should work like a charm.
Scalability is not a problem for CloudFlare since they are a cloud based solution. I think I had the biggest year for my service in 2014, in terms of traffic. My website was spread over two servers, with CloudFlare on top of them, and everything went well.
9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.Technical Support:
9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.
I did not, perhaps I had to, in order to be a little bit more objective about this kind of product, but since I implemented CloudFlare, I have been happy with them.
I'll say that you have to be used to managed webservers such as Apache or NGINX. It's pretty straightforward, but you have to take care with some configuration details. If you do it incorrectly, it could make your website temporarily unavailable sometimes.
I first paid for the Business plan, which was 200$/month for the first month when I had those big issues with DDOS. Then I went to the 20$/month plan. In other words, I spent about 400$ more or less on the product. I have not had a DDOS attack, since, or at least not become unavailable due to DDOS which means my ROI is pretty good. I mean when your website is offline, you first lose money like daily revenue, around 400$ for us, but you also lose your customer loyalty, and there are many more issues. No matters what's going on (attacks or not) a website must be online at all time.
In my opinion the Pro plan 20$/month is the best solution. It includes the core features of CloudFlare which is pretty much enough. If you do not have SSL, you can also use the free plan, which is almost exactly the same as Pro, just without the SSL support. The free plan has SSL support, but it does only support modern web browsers. This means that some of your customers may not reach your website if you are using SSL with a free plan.
I did not evaluate other options.
Prepare your implementation while making tests in a pre-production environment. Do not let CloudFlare take care of everything, you still have to take care of security matters for your services.
One of my projects, ancient-origins.net, gets 3 million views per month, so serving the page fast is an important element. Using the CDN of Cloudflare improved the speed significantly, reducing the page loading times to appropriate levels. Additionally their security features make sure to block attacks on our site.
Their CDN features, although good, still lack in speed in comparison to their competitors (e.g. Incapsula, MaxCDN, etc.).
I've been using it for almost one year.
No issues with the deployment. Their process is pretty simple and fast.
Yes, there were a few times when some of their CDN nodes would fail, creating serious speed issues with the site without any warning or notification from their side. Also, many times, even if our server is working properly, Cloudflare would report it as being down.
No scalability issues so far.
I would give them a 9/10. They respond pretty fast to requests.Technical Support:
I would give an 8/10 to their technical support. We haven’t had many issues, but when we do, it appears that sometimes they are not willing to look deeper into them to try and find a solution.
We used MaxCDN, but we switched to Cloudflare because MaxCDN lacks security features.
The initial setup is pretty straightforward and doesn’t require any technical knowledge, since everything is done on their site.
The implementation was done in-house, since it is a simple process.
This is difficult to calculate; however, improving the page loading speed always impacts the traffic on a site positively.
The original setup cost was zero, and the monthly cost is around $30 for three sites using the Business Cloudflare plan.
We evaluated MaxCDN and Incapsula.
If your budget is low, then Cloudflare is the only cost effective solution, at least to begin with. The best combination of CDN and security features at a low price. At a slightly higher budget, Incapsula may be a better solution especially since they provide a faster CDN and better security features.
CloudFlare is an incredibly advanced content delivery network (CDN) that offers boosts to the security and performance of your site. They act as a reverse proxy and shield your web server from exposure to the wider Internet. You get huge bandwidth savings and a reduction in the resources consumed on your server, so why have I just decided to 'go it alone'?
CloudFlare launched their beta in June 2010 and very soon after they followed with their official launch in September of the same year. Their free accounts come with many of the great features they offer and their blog makes for some really interesting reading. This all sounds like a match made in heaven but I recently found myself faced with the tough decision of leaving CloudFlare and losing their support. This meant having my domain name resolve directly to the IP of my server. Whilst that may sound like a totally normal prospect for most, after you've enjoyed the protection and security of having someone act as your doorman, it's a slightly daunting prospect. Not only would I lose their security, but I'd also be subjecting my server to the full force of any traffic aimed at my domain name.
Because CloudFlare act as a reverse proxy, a user's browser connects to the CloudFlare servers which then request the content from the host server on behalf of the user. This puts CloudFlare directly between you and your visitors, allowing them to cache content and protect your server by not allowing users to connect directly to it. This is fine when the site is loading over http but when you want to start loading over https, it brings up a few problems. There isn't really a requirement as such for me to serve content over https, I don't have user logins and the site doesn't serve sensitive or confidential data. For me, it was mainly about the learning process and showing that it can be done for free. If you head over to StartSSL and pick up one of their free SSL/TLS certificates, it will bear your domain name. This immediately presents a problem when the browser is not connecting to your server when a user enters that domain name into the address bar. Now, CloudFlare offer different solutions to this problem depending on which type of account you have. Their free accounts do not support any form of SSL, you have to step up to at least a Pro account ($20 a month) to get SSL support. At the Pro level, the account I used to have, you can enable SSL support and take advantage of the benefits of CloudFlare but serve over https instead.
Once you're on a paid account plan, you can enable SSL on your site with a single click thanks to CloudFlare's Flexible SSL. The CloudFlare servers present their own SSL certificate to the user so that the transfer of information between them is encrypted. From here, as the data travels from CloudFlare to the hosting server, you can use your standard SSL certificate issued by a CA, a self signed certificate, or, worryingly, nothing.
Once I started investigating the upgrade to a paid plan so that I could get SSL support, I was startled at the prospect of Flexible SSL. Here, we have a solution that seems to break two of the key principles of implementing SSL/TLS. When we visit a site and see https in the address bar, I think it's fair to say there are some assumptions that we could generally make and should be able to make. The SSL certificate assures us that the site we are connected to is the site we typed in the address bar, and that our traffic is encrypted during transmission to that site. Flexible SSL seems to break both of these principles. The certificate that is issued belongs to CloudFlare and not the site you're trying to connect to, and traffic on the other side of CloudFlare between their network and the host site is not encrypted. There is of course the option to move to Full SSL, you can even use a self signed certificate between CloudFlare and the host, but I imagine there are sites out there that don't. The ability to present your site over https when the full route is not encrypted seems to be a breach of the trust that the user places on the indications their browser is giving them. There is the argument that encrypting part of the transport layer is better than encrypting none of it. Anyone between the user and their nearest CloudFlare server, like an attacker on a local network or even their ISP or government, wouldn't be able to access their traffic, but after the CloudFlare server it's back into the wild without any protection. Given that it's really easy to create your own self signed certificate, or you can get a free one from StartSSL, I just can't see the requirement for Flexible SSL. The benefits of encrypting the first leg of the transport layer are far outweighed by the detriment of giving false impressions on securely transmitting data. If you're on a shared hosting plan that would be costly to upgrade to SSL support, or don't know how or can't implement it on your server, Flexible SSL is nothing more than an illusion of security that you're presenting to your visitors.
If you want to ensure that data is always encrypted whilst it's being transported, you need to enable Full SSL, which requires SSL on the host server. As I've mentioned, you don't need to pay for a certificate as you can use a self signed certificate or get one from StartSSL. Once that's installed and you enable Full SSL, CloudFlare will only communicate with the host using a secure transport layer.
Now we're up and running, all traffic will be encrypted during transit. Problem solved, right? Well, even though I was using Full SSL, I still had my concerns. Whilst CloudFlare are a trusted party in all of this, I didn't feel comfortable with the idea of having a man in the middle of my secure transport layer. That, and the certificate being issued to the browser still carried someone else's name. For most users, when you connect to a site and see https in the address bar, I think it's fair to say there would be an expectation they were talking to me, directly. Not only that, but there is still a point in the transport layer where data isn't encrypted, inside CloudFlare. I think CloudFlare apps are a prime example of this, allowing the ability to inject Google Analytics code into your pages for example. I want to be clear that this isn't a criticism of CloudFlare, the services they offer are fantastic, I just have my reservations when it comes to running your secure transport layer through a third party. For a site that loads over http no one can have a realistic expectation that someone else hasn't seen or altered your traffic during transit. The other problem with this is that CloudFlare never used to validate the certificate between them and the host. It would accept any certificate and go with it.
The lack of certificate validation has been recently resolved with a new feature announced by CloudFlare, Full SSL (Strict). This means CloudFlare will now validate the certificate presented by the host server. This came as quite a surprise to me as I was already using a valid certificate so just assumed that it was being validated and accepted by CloudFlare. As it turns out, I could have literally used just about any certificate I'd liked and it would have worked just fine. Not only that, but anyone could MiTM my perfectly valid SSL certificate, swap it out, and CloudFlare would have been just as happy. To me, their blog post should be more along the lines of 'we now do SSL properly' than 'hey we added a new feature'. Connecting to a host securely and then not validating the certificate means that you're not connecting to the host securely. If there was some way to pin a self signed cert in the CloudFlare control panel, this option would be perfectly acceptable, which is what I expected you should have to do if using a self signed certificate. As it turns out, there is no such option. Worryingly, the non-strict version of Full SSL will remain. CloudFlare are going to automatically switch everyone with a valid certificate to Full SSL (Strict), but for those that don't read the CloudFlare blog, I wonder if they will ever find out.
It is possible to get around the issue of serving your visitors a CloudFlare issued SSL certificate by upgrading to a Business or even Enterprise account. Starting at $200 a month for the Business account, or an average $5,000 a month for Enterprise accounts, you can upload your own certificate and private key to CloudFlare. Whilst your visitors are now being served with your own SSL certificate, I can't see the benefit this brings. The user, much like with the Flexible SSL option, is now under the impression that they're communicating with you directly and securely. Even if they check the certificate, they will see that it is issued to your domain and have no reason to suspect that their traffic isn't travelling directly to the host before being decrypted. To set this up requires the disclosure of your private key, something that in itself should highlight the kind of breach to transport layer security this causes.
One of my biggest concerns with coming out from behind CloudFlare was the impact it would have on my server. I'm currently using DigitalOcean (referral link) to host my blog and with the ability to rapidly scale the hardware capabilities of my VPS, I cautiously flipped the switch. Within the first hour it was immediately clear just how much of the demand on your resources CloudFlare can alleviate. I saw jumps in traffic at the network interface and CPU utilisation as soon as I hit the button. Whilst none of these increases were enough to cause any worries, it does provide evidence for the claims CloudFlare make about just how much they can save you in resource terms. At almost double the average daily bandwidth usage, I can say that CloudFlare were saving me about 45% of the bandwidth used by traffic hitting my site. This is from both their efforts in caching my content and serving it on my behalf, and traffic that they will have dropped and not allowed through based on it appearing malicious. I'm also seeing average CPU loads approaching double what they were, but still only falling well within the single digit range. As it turns out, my VPS is perfectly capable of handling the regular traffic my blog gets but I am still acutely aware of the greater exposure I now face. That being said, I feel the value of honouring the core principles of SSL/TLS to be worthwhile.
I know I mentioned it earlier, but I wanted to be clear that this isn't a complaint about CloudFlare. I still use CloudFlare to resolve my DNS queries as they run one of the fastest DNS services around. Thanks for that guys! Their free account offers an awful lot of functionality and savings alone, before you get on to the minimal $20 a month for a Pro account which comes with it's own great list of features. If you're hosting a site that serves content over http it's really a no brainer as to whether or not you should make use of a free CloudFlare account. If you're hosting a huge amount of content there's little reason not to use them. My only real problem comes with the introduction of SSL/TLS and the unavoidable requirement to have a man in the middle of your secure connection. If you truly have a requirement for a secure transport layer I have to question the sanity of breaking the chain of custody of your data.
I’ve been with CloudFlare for a year and a half at the time of writing this post and realized that I never gave it a review of any kind. What kind of terrible person am I?
I worked for a couple a few years ago who was using a content management system called Joomla to build their clients’ sites. We would launch a site by simply pointing the DNS settings to our servers and calling it good.
Then we started getting hacked. A lot.
With the number of sites we had on our server, the exploits found in the plugins being used, as well as poor server practices, we had a huge target on our chest.
A while later I decided to leave to company to go on to do other things. One of those things was to open my own web development and hosting shop.
First things first: Get away from Joomla.
Next: Learn WordPress.
Now let’s get a server setup.
The first thing I did when I got my server setup was make sure that no one was allowed to host on my server unless we ran all of the DNS through CloudFlare. No exceptions.
A couple of things I noticed when I got all this in place:
Most importantly: My sites never got hacked (fingers crossed).
I attribute the latter to a couple of things, but mostly I would like to think that CloudFlare had a huge part in that. If you don’t know what CloudFlare is, watch their promotional video.
Here’s some other cool stuff about this site from the last 30 days:
That’s pretty amazing stuff! I didn’t have to pay anything for better website security and reduced server load.
If you’re looking for the same, be sure to go get signed up at CloudFlare. It’s easy to setup and the results speak for themselves.
The aggressive caching and DDOS mitigation are the most valuable features offered by Cloudflare. Website traffic analytics and threat insights are also very useful.
Utilizing Cloudflare allows us to deploy websites using less hardware due to their caching and helps us serve pages to our customers more quickly and efficiently.
More insight into analytics and threats would be a good place to start improving cloudflare. Also less 501 and 504 errors would be good too.
I've used Cloudflare since 2012 and am currently using the latest version. I've utilized it with several different websites successfully.
No issues encountered.
Only the occasional network issues, some in 2013, where all Cloudflare customers were affected, but much less lately.
No issues encountered.
Good, as the few times I've required customer service, it was more technical but they were always helpful in directing me to the people I needed to speak to.Technical Support:
Excellent. The representatives are knowledgeable and online documentation is great.
Cloudflare was the first service of this type I've used.
It was very easy to get setup on Cloudflare. They have made it even easier recently, and all that needs to be done is to enter your DNS records into their interface and the configuration is done.
We implemented it in-house.
Setup cost was zero and currently we are using the $20 a month plan. I've used the business tier in the past which costs $200 a month.
I don't know of other vendors who offer a comparable service.
I would recommend that you use it. It has been very useful and well worth the cost to me over the last three years.
The speed improvements / CDN caching / Railgun.
Because our website is blazing fast it improves our conversion rates.
More than one year
We experienced some downtime in the fall of 2013, causing us to switch to Incapsula. That was a bad decision, because Incapsula is much slower.
I’ve been on a quest for the need for speed lately. I recently swapped to a new host Host Gator and that helped with the load speeds of the site increased (a bit). But it also gave me an opportunity to make the site even more lean and mean by going through the plugins I was using and removing the fluff. A big part of that though was deciding to add a CDN to help optimize and speed up the load times of the site. But like most bloggers on a budget I had to find something that not only worked but was in my price range – free! This is where CloudFlare comes into play. Read more to find out what a CDN is, and if CloudFlare is right for you!
Even if you have the greatest content in the world and a site that is designed right the one thing that will turn people away faster than anything else is a website that takes forever to load. Things like not optimizing your images, having too many WordPress plugins, and using too many java script all can affect your load times greatly. So when starting to optimize your own website that is where I would start. But after you have worked on fixing them what next?
The next step to consider is to implement a CDN to take that final step to speeding up your website. A CDN will take all of your images, java script, and CSS (Cascading Style Sheets) and host them on to their network to quickly load them on your visitors browsers. Another benefit is that a CDN has a huge network of servers that are closer to your potential visitor ensuring that your site will load quickly wherever in the workd they are visiting. The downfall is that they can cost a lot to implement.
I happened to first seeCloudFlare from a fellow blogger’s site The Bad Blogger. I decided to do some research and found that they offered a FREE service! I thought there was some sort of catch or I would have to plaster their logo all over the place. But as it turns out not only was it simple to setup – there was not catch! It really is FREE. But not only do they offer their CDN services check out the other features they offer:
CloudFlare offers for your pages to be further optimized before being loaded onto your visitors browser. I already mentioned some of them above! The other benefit of using a service like CloudFlare? It will save your bandwidth and the amounts of requests to your webhost!
Add another layer of security from Spammers, SQL Injection attacks, and DDOS attacks from the script kiddies. By having to go through their CDN first it is just another layer of protection to keep your site and your visitors safe! It also offers services like obscuring email addresses and preventing hotlinking of your images.
CloudFlare offers you some awesome stats to see how your site is performing. I take them with a grain of salt though. Although Google Analytics uses java script to track visitors, CloudFlare’s numbers will be greatly inflated showing you more of a “raw data” indicating almost 5-10x more traffic then you are actually receiving!
There are a slew of applications available that CloudFlare will implement on their end. Some are pretty frivolous to being really beneficial. You can add Google Analytics, PunchTab Rewards, and even experiment.ly!
So with a ton of forethought and planning (i.e. I’m full of crap) I decided to go for it. So how did I implement it? Seriously it was probably the easiest setup process I’ve ever gone through!
Considering I had already tweaked this site? I can definitely say yes I do see an increase. Of course I would do your own testing first to see if I’m lying to you or not. I did a random test (as of this writing) to see how fast it loaded. Actual content of the site loaded fairly quickly with the added geegaws and doo hickeys loading a few seconds afterwards (i.e. ads, the sharebar, and my PunchTab toolbar at the bottom of the screen.) What this means is that the stuff you want to see – the images and text loaded really fast, and the rest of it kind of popped up a little bit afterwards. So I still have some work to do… *sigh*
I had a fellow blogger Bryan from www.thehobbyblogger.com ask about how the CDN refreshes the site if I make changes.
If you are going to implement small changes to your blog? They will take place ‘on the fly’. I have not had any issues performing basic site updates/maintenance. If you are doing extensive updates? You can either temporarily disable Cloud Flare through their control panel by clicking on the “Development” option. Or disable Cloud Flare altogether. I do recommend using the Development mode as that will only temporarily disable the service for a few hours.
People have told me horror stories about potential lost traffic or visitors getting blocked to their sites. I have done a short test with my own site and I can say I did not see any noticeable difference in traffic with the service off or on. I would suggest though that if you think you are losing traffic? You should conduct your own testing. This can be done by either:
A) Adjusting the Security settings from what you currently have it set at to a lower setting.
B) Disable Cloud Flare altogether and test to see if your traffic changes dramatically.
Also please note I do not have a huge traffic site. So your results may vary.
Well, that depends really. If you don’t get much traffic and if your site loads quick as it is? Then um, no? But if you want the added security and speed you get with a CDN then I say sure! I had a great test this past week with visitors averaging around 1500 – 2000 visitors (hey I hear you snickering!) and everything remained snappy even when I had 30 visitors hammering (OK, knocking softly) on the site!
For me the benefits outweigh any negatives using CloudFlare might bring.
And did I mention all of this is FREE already? For larger sites they do offer paid plans that offer additional functionality – but for most folks the free plan will definitely do the trick!
I am suggesting that you read these two articles to help you make a decision as well. Why? Well I respect the sites and more importantly I want you to have a better overall opinion rather than some little blog you happened to run across while searching for information. Both will give you a more technical explanation and I found them interesting.
CloudFlare is a fantastic option for bloggers on a budget. From what I’ve researched on the web CloudFlare is considered “CDN-lite” by some folks. All I know is that it works! I might look into using a different CDN later on but for now CloudFlare is an awesome solution!
What are your thoughts on using a CDN? What service do you use if any? Leave a comment below with your experience with using a CDN or if you have any questions!
Appboy is going to cancel our Pro CloudFlare account and leave the service. CloudFlare has a great feature set, but their uptime track record has been awful.
I’ve been a big fan of CloudFlare’s since I heard of it: I was in the audience at TechCrunch Disrupt NYC 2011 where CloudFlare presented. I was so impressed that I immediately pulled out my laptop and moved all my personal websites to CloudFlare. My first Tweet ever was about how cool CloudFlare is.
I put Appboy on CloudFlare as soon as we brought our first servers online. Since then, my professional experience with CloudFlare has been suboptimal. The first major interruption was in early November. SSL randomly stopped working, which broke server-client communication in our iOS SDK product. When I logged in to troubleshoot, I couldn’t find the SSL settings page. In a frenzy, I thought that my account had been accidentally downgraded from Pro and that SSL options were no longer available. I sent in a support ticket, received a response that it was a known issue, and that I should disable the CloudFlare proxy in the meantime. The SSL options were quietly removed as part of the upgrade; seemingly no one was told. I repeatedly emailed in every few hours asking for status reports but never got a response. It was a serious issue for us. Fortunately, in November we were in limited testing on our production environment, but had it been live it would’ve caused a massive amount of damage to us. After submitting two tickets for someone to contact me, Michelle Zatlyn, a CloudFlare co-founder, gave me a call. I suggested things like proactive notifications about major maintenance, and was happy she listened, but I feel like nothing has changed since.
The last few weeks, it has seemed as if CloudFlare was being attacked constantly, taking our site down in the crossfire. I was home for the holidays having dinner when our monitors hit for 502s and SSL problems. 502 hit again in January due to attacks in Newark. Over the past few months, dozens of 502 errors have tripped up my monitors, woken me up overnight, and broken our site for some of our customers. Numerous support tickets led to no progress. I ended up ignoring 502 errors in our functional monitoring scripts. We get over 100,000 unique visitors a month. Downtime has major visibility for us.
The last two weeks have been exceptionally problematic. One of our customers emailed us that random links on our site was broken. The links made AJAX requests which were not returning. Sure enough, everyone in the office could reproduce. I sent in a support ticket. The one-line response: “Thanks for writing in. This is a known issue that we’re trying to tackle this week. Sorry for the inconvenience!” That was it. No additional info. Was it just with AJAX? Should I turn off the CloudFlare proxy on other sites? Should I look to @cloudflaresys for updates? The worst part was that CloudFlare didn’t notify me about the known issue! It wasn’t on the status page, I couldn’t find it on Twitter. I had to find out from one of our customers. Later, the support associate agreed that “[CloudFlare's] notification of what’s working and what’s not is a bit… lacking” and said that he’d notify me when he got an update. I have not received any further updates.
Last night was also really bad. CloudFlare released a new version of its DNS software and accidentally deleted their master database of domain records, which broke name resolution for all of Appboy’s servers. I couldn’t go to the main website, our client-server communication broke, my app servers couldn’t talk to the databases because they couldn’t resolve the hosts, etc. We were completely down due to a bad software release that was, again, completely unannounced.
Whenever there have been issues, the CloudFlare engineers have jumped to resolve it. And resolution time is usually fast. But that 100% of my site downtime the last 2 months has been caused by CloudFlare is unacceptable. Even if CloudFlare fixes the problems quickly, they’re breaking too many things too frequently.
Everyone here at Appboy thinks that CloudFlare is a great product. We want to use CloudFlare, but right now can’t take on the risk.
Do you have any suggestions for DNS service providers? Let us know what you use or recommend.
I am a paid Cloudflare customer. The service has been wonderful. As in
all services, there is a setup that is required and a learning curve.
One of the biggest reasons for me to implement it was to reduce server load. My forums keep growing and to reduce the need to keep upgrading, we tried Cloudflare.
It has reduced my bandwidth and server load immensely. For example, my bandwidth dropped from 45GB/month to 10GB/month. Server hits went from 3.5 million/month to 600 thousand/month.
Cloudflare is setup if the server does not respond timely, then your users will see an error message. This is an indication of a slow server versus a Cloudflare issue.
Who's the culprit- Cloudflare or hosting?
When I have seen the CloudFlare error screen for site is unavailable,
it has always been due to slow response on the webserver. (validated
by using a series of http responders hitting CloudFlare and the
webserver directly over a 60 day period.)
One of the keys is to make sure your hosting provider is using the CloudFlare extension and they have listed all the CloudFlare servers within your firewall settings. All your traffic will come from only a couple of IPs. If your server and firewalls are not setup to support this concept, they will trip DDOS or Flooding rules.
Yes, I’m obsessive about Webpage load speed. Only in the past year or so has Website speed become an SEO (Search Engine Optimization) factor however I’ve always spent an inordinate amount of time and energy trying to speed up my Website (as well as find ways to speed up all Websites I build for clients). Until a few short years back, besides using state of the art software and hardware (NGINX, Ubuntu Server, reverse HTTP proxies etc.) in addition to a CDN (Content Delivery Network) such as Amazon Web Services CloudFront, there really wasn’t any simple means of speeding up WordPress Websites.
How times have changed in a few short years! We now have super awesome services such as CloudFlare and the Google PageSpeed Service (PageSpeed service isn’t widely available yet but should be soon). CloudFlare is a freemium service and their free offering is probably much more than most Websites need. As for Google PageSpeed Service, pricing hasn’t been provided as yet and is being used free on an invite only basis at present (thanks Google for the invite you sent me ).
Just over two months ago I started using the PageSpeed service for three of my other Websites. Around the same time I started using CloudFlare Pro (a paid-for service) for this Website, OrganicWeb.com.au. Here are my findings.
How the CloudFlare free plan can remain free is quite simply amazing. The benefits, from free use of a leading CDN, free high-performance DNS hosting to security and more is awesome. The majority of users won’t need to upgrade to the Pro plan which has a monthly cost and offers further performance and security enhancements.
I used the Pro plan for a couple of months but I actually moved my Website from CloudFlare to PageSpeed a few weeks back as there were problems when people were leaving comments on Posts (I use the JetPack Plugin to manage commenting). I believe that Blog commenting is important and no matter what configuration I did, I just couldn’t correct the commenting problem when on CloudFlare so moved to PageSpeed (and the commenting problem no longer seems to occur). In fairness to CloudFlare I believe that the problem may well have been with the JetPack Plugin.
Just because my WordPress Site had problems on CloudFlare doesn’t mean that yours will. In fact, I recommend CloudFlare over PageSpeed for users that want a very simple to setup service that works well. CloudFlare have done a great job in making the setup super simple; just install and activate the WordPress CloudFlare Plugin, add necessary data to CloudFlare and your WordPress Site will be secured and delivered by CloudFlare in just a few minutes.
The Google PageSpeed Service may be a bit too technical for those wanting something very simple to setup. Whilst CloudFlare provides top-class and very fast DNS hosting, Google PageSpeed doesn’t provide this. I prefer having a separate DNS hosting provider and use AWS Route 53 so PageSpeed is preferable for me.
The biggest selling point for most people however will likely be the security provided by CloudFlare. I’m really not sure if PageSpeed provides any security and whether the security provided by CloudFlare is any good. Security is often a perception and CloudFlare beats PageSpeed completely where the perception of security matters.
My advise for most people is to use CloudFlare. For more advanced users, and those that are confident managing their own security, the Google PageSpeed Service is the way to go.