What is CloudFlare?
CloudFlare, Inc. is an US based company with headquarters in San Francisco, California. CloudFlare also has offices in Singapore, Boston, Washington, London, Austin, San Jose, Champaign and Munich.
Along with content delivery network services, CloudFlare also provides DDoS mitigation, distributed domain name server services, and internet security. These services act as a reverse proxy for websites, as they come in between the visitor and the hosting provider of the CloudFlare user.
CloudFlare offers its services to about 12 million websites and reports have suggested that as of 2017, the company has been adding 20,000 new customers daily.
Matthew Prince, Lee Holloway and Michelle Zatlyn created CloudFlare in 2009. In September 2010, CloudFlare was officially launched at the TechCrunch Conference, but it actually gained popularity and media attention after providing sound security services to LulzSec.
Following this, CloudFlare also paired up with several web hosts, for example HostPapa and started implementing their “Railgun” technology. In June 2012, one of CloudFlare’s customers (name undisclosed) faced a huge DDoS attack which was at 400 Gbit/s and at that point this was the largest attack to be ever recorded.
CloudFlare managed to protect the website from this unprecedented attack and it did so again in November 2014 (the attack was peaking at 500 Gbit/s), this time against several independent media sites.
Over the years, after its rise to popularity, CloudFlare has managed to raise significant funds. For example, in November 2009, $2.1 million was raised in a Series A round from Pelion Venture Partners and Venrock by CloudFlare. Similarly, in July 2011, $20 million dollars were raised in a Series B round from New Enterprise Associates, Pelion Venture Partners, and Venrock, and in December 2012, in a Series C round $50 million was raised, from New Enterprise Associates, Venrock, Pelion Venture Partners, Union Square Ventures, and Greenspring Associates. Later in December 2014, CloudFlare managed to raise $110 million, this time from a Series D round which was led by Fidelity Investments, and was in participation with Qualcomm, Microsoft, Google Capital, and Baidu.
Again in March 2019, in a Series E round, CloudFlare raised $150 million. This time, it was led by Franklin Templeton Investments, with participation from New Enterprise Associates, Pelion Venture Partners, Union Square Ventures, CapitalG, Fidelity, Microsoft, Qualcomm, Venrock, Baidu and Greenspring Associates.
Services Provided by CloudFlare
Listed below are all the services that CloudFlare offers to its customers.
- DDoS Protection
At the time, this attack was described as the largest DDoS attack to be publicly announced in the history of the internet. Along with this, CloudFlare has managed to absorb several attacks peaking over 400 Gbit/s from an NTP Reflection attack.
- Content Delivery Network
Known to have the highest number of Internet Exchange Points, CloudFlare caches its content in edge locations. All requests are then reverse proxied and cached data is directly brought up from CloudFlare.
- Web application firewall
This firewall is equipped with OWASP ModSecurity Core Rule Set, rulesets for popular web applications, as well as Cloudflare’s own ruleset and is available on the different paid plans.
- Authoritative DNS
This service is provided to all customers who are on an anycast network and CloudFlare is known to have one of the fastest DNS lock-up speeds.
- Project Galileo
Cloudflare launched Project Galileo in 2014. This was done as a response to attacks against important artistic groups, humanitarian organizations, and the voices of political dissent which were vulnerable. Cloudflare then provided its Enterprise-class DDoS protection and ensured performance boosts to keep these websites online.
- Project Athenian
Cloudflare’s Project Athenian helps state and local government election websites have a very high level of security free of cost. This is done to ensure that all constituents are able to access information about the election and voter registration.
Cloudflare CDN is extremely fast and really secure, ensuring content delivery through a process that is not only dynamic but also ultra-fast static. The content delivery network improves agility and establishes complete control over caching of data and provides a built in unmetered protection feature against DDoS attacks, to all its customers.
CloudFlare CDN is global and its data centres are situated at various parts of the world, making the network a rather expansive one. There are several private backbone links on the network, through which data can be transferred at a very high speed and under absolutely safe circumstances.
The traffic on CloudFlare CDN is load balanced and this is done so by using proximity and network latency, over several different origins. Various domains are supported by this network and content requests are rapidly routed using CloudFlare’s feature “Argo Smart Routing”.
This content delivery network is API-first which means that due to the process of caching and purging data, customers can easily have their workflow automated with full control and even customize the cache in any way their applications require it to be done, using CloudFlare Workers.
Since data is cached on the CloudFlare CDN, there is no need for content to be sourced from the origin. This method saves a lot of extra expenses because when content is cached on CloudFlare CDN, the bandwidth consumption is reduced significantly and even if there is an attack, CloudFlare does not charge extra for bandwidth surge. Also, apart from this, those shared customers who are essentially of CloudFlare’s partners, using the CloudFlare CDN, will be eligible for discounts on the cloud egress fees with Bandwidth Alliance.
CloudFlare CDN also provides fast video delivery. The loading time for each video is reduced and no buffering is experienced. The delivery of videos is also optimized on the CloudFlare CDN and end-to-end latency is minimized.
The features of CloudFlare CDN are listed below:
- API Programmability
- Concurrent Streaming Acceleration
- ETag Header Support
- China Support
- Cache Tags
- Cache Control Header Extensions
- Wen Cache Deception Protection
- Fast Cache Purge
- Intelligent Traffic Routing (helps avoid any kind of congestion and reduces latency)
- Customizable Cache Expiration Period
- MPEG-DASH, HLS, and CMAF video files support.
CloudFlare provides security services to ensure that the performance of a website is not compromised, and it is capable of dealing with new and large scale DDoS attacks and denial-of-service attacks against its websites, applications and APIs.
The security systems of CloudFlare protect customer information from potential attacks on the traffic networks and application layers and prevent any harmful bots from causing damage through account takeover, content scraping or fraudulent checkouts.
The Anycast network of CloudFlare has 30 tbps capacity and with the 180 data centre, it can protect internet properties from volumetric attacks (including those above 500 gbps).
DDoS Protection by CloudFlare
CloudFlare is capable of protecting websites from sophisticated and advanced denial-of- service attacks which usually affect the application layer. If the attack does happen and is successful then the customer and the technical staff will have to deal with a lot of unnecessary costs and infrastructure damage. The DDoS Protection offered by CloudFlare takes care of any such attacks and provides a solution that maintains the website’s performance and availability while preventing any harm.
The network capacity that CloudFlare has is of 30 Tbps and it is 15x larger than the largest ever DDoS attack to be recorded. The IP reputation that CloudFlare has is able to identify any new attacks and take action against them on any of the 16 million websites on its network. All the services that CloudFlare offers, like CDN, site optimisation, smart routing and web standards are designed to maintain utmost security measures.
The most common types of DDoS attacks that CloudFlare offers protection from are:
- DNS Flood
This type of an attack usually disrupts the DNS resolution which makes the website unavailable or completely non-functional.
- UDP Amplification (Layers 3 and 4)
Amplified traffic requests are piled upon the target server or the network so that the size of the payload is larger than the original request and this causes a problem, interfering with the functionality of an open DNS or NTP resolver.
- HTTP Flood (Layer 7)
Here, very high volumes of HTTP, GET, or POST requests overwhelm the application layer. They come from various different sources simultaneously and degrade the services provided by the website.
To fight against such attacks, CloudFlare has a layered security system with various DDoS mitigation capabilities. These are combined together to prevent harmful traffic, and allow websites, APIs and applications to function normally.
SSL protection is necessary because all data or as much as possible should be encrypted to avoid theft of information. CloudFlare is the first company to offer SSL protection free of cost to keep their clients’ personal information and website content safe.
SSL or Secure Socket Layer is a security technology that maintains an encrypted link between the browser and the web server. This protects the data that is being transferred and keeps its secure. Apart from this, modern SSL sometimes boosts performance of the website and also boosts the search rankings since search engines tend to favour HTTPS websites. To improve performance, CloudFlare has implemented the cipher suite ChaCha20-Poly 1305 which is much faster than the AES-128-GCM, especially on mobiles.
SSL configuration on CloudFlare is extremely easy and it happens with just the click of a button. CloudFlare takes care of all SSL vulnerabilities and their customers need not worry about SSL certificates expiring.
Depending upon the level of security necessary and configuration, there are different modes that CloudFlare SSL operates in. here, traffic between the origin server and CloudFlare can be configured in various ways, but, the traffic to the end user will be encrypted.
The various pricing plans of CloudFlare offers Dedicated SSL certificates. These certificates ensure high level encryption and compatibility, and can easily be generated from the CloudFlare dashboard.
What is HTTPS?
HTTPS or Hypertext Transfer Protocol Secure is an extension of the Hypertext Transfer Protocol. It allows establishment of secure connection and communication using a computer network. Here, with the help of the Transport Layer Security (the Security Sockets Layer was used previously), an encryption is put on the communication protocol. Usually when the standard HTTP is used, the data is delivered without any encryption which makes it rather vulnerable. However, using HTTPS, problems like interception of data, wiretapping, stolen credit numbers can be avoided.
With CloudFlare, there is end-to-end encryption of traffic, not only between the visitors on the website and CloudFlare’s network, but also between CloudFlare’s network and the origin web server. This end-to-end encryption is ensured through two steps:
- A CloudFlare SSL certificate is chosen. It encrypts all visitor traffic to the CloudFlare domain.
- An SSL certificate is configured at the origin web server and the option appropriate for encryption is selected through the CloudFlare Crypto App.
How do I set up CloudFlare?
Given below are points that will help you to easily set up a CloudFlare account and add a domain.
- Go to CloudFlare’s official website. Type in your email and password and select the “Create Account” option. Your email is required so that the company can send you information about billing and any necessary services.
- On the top navigation bar, there is an option which says “Add Site”. Here you need to enter the root domain of your website.
- CloudFlare will automatically try to identify DNS records. This might take about a minute to finish.
- Click on the option “Next” and several level plans will be shown. You will need to choose the plan that you think is convenient for you and then click on “Confirm Plan”.
- You will have the chance to review your DNS records and check if they were correctly identified. If any problem arises, then you can manually add the records and also select which sub-domains you want to bypass CloudFlare or enable the security and performance features for.
- Click on “Continue” and the copy the two CloudFlare nameservers that come up before clicking on “Continue” again.
- Finally, change the nameservers of the domain to CloudFlare and this will activate your domain.
CloudFlare’s primary plan is free and it offers a lot of basic features which help in optimization of the website, DNS and also provide security to the site. Now, CloudFlare is not simply a content delivery network and therefore it’s free services help in boosting the performance of a website easily. There are a high number of CDN nodes placed under the network which ensure better service than any other such content delivery network which provides any free service and when a particular content is searched for, the data is shown from a nearby local node.
Now, the free plan offered by CloudFlare is ideal for personal websites or websites that do not have much use for any complex features and gets about a 100 visitors on each day and for e-commerce sites using this CloudFlare plan, it saves about one third of the bandwidth. When you use this particular plan by CloudFlare, the analytics of your website will be updated after every twenty four hours. The maximum limit of uploads is 100 MB and the cache size can go up to 512 MB, with edge cache of a minimum of two hours. This plan also includes the protection features to help avoid DDoS attacks.
However, this plan has certain terms and conditions due to which several other features are not included. Using this plan, you will not be able to manage your own data and run analytics of your website because the raw logs are not accessible.
There is no origin shield or secure token and cache dynamic content is not included. A custom SSL certificate will not be generated if you are using this plan and there are no push zones or wildcard subdomain. But, even without these additional features (you can add any extra feature you want to the plan by paying a fee every month), CloudFlare’s CDN works really well and your website’s performance will be better with pages loading faster for your visitors.
Given below are the prices of all the plans and a brief description of what each of these plans have to offer.
Offering great speed and assured boost in performance, this particular plan is ideal for those with personal websites. It includes basic optimization and security features and will be a good fit for you if you simply wish to explore and try out CloudFlare’s services.
This plan is faster than the previous one, but it will cost you $20 per month. CloudFlare claims that this plan is good for those with professional websites, blogs and online portfolios which need to be optimised for better performance (as latency is reduced considerably through location based access to the website from data centres that are situated in different parts of the world) and require security.
The Pro plan offers unmetered mitigation of DDoS, Web Application Firewall, and Shared SSL certificate. The images of your website will be optimised using “Polish” and there is an “I’m Under Attack” mode which helps protect against DDoS attacks. Other than this the plan also includes 20 page rules, and provides mobile acceleration using their “Mirage” feature.
At $200 per month, this particular plan offers a wider range of services that are far more complex than what is offered on the previous plans. Advanced security features, prioritized support and increased performance boost are primary services that the plan gives and therefore it is ideal for business websites.
In addition to unmetered mitigation of DDoS, secured data transfer after uploading custom SSL certificate, and Web Application Firewall, the Business plan also offers PCI compliance (maintaining the latest PCI standards) with the help of CloudFlare’s WAF and Modern TLS Only mode. Along with this, there are also features like “Polish” and “Mirage” for image optimizations and mobile optimizations, “Railgun” for acceleration of dynamic content delivery, prioritized support, a global content delivery network, the “I’m Under Attack” mode,50 page rules as well as a feature to bypass cache on cookie.
Certain companies need very specific services for their websites. For such companies, this Enterprise plan is the best option because here they can customise the features to ensure complete security and enhanced performance. Depending upon the features and applications chosen, CloudFlare will determine a price.
The plan includes round the clock support in case there is a need for troubleshooting or any other issues, sound technical solutions to help with on-boarding and optimisation, and prioritization of network through secured routes which ensures high performance speed, availability, and hassle free access. With this plan, every user will have a separate set of API keys, permissions and a two factor authentication.
Now, if there is downtime, then against the monthly fee, CloudFlare will give you 25x credit, which will be in proportion to the customer ratio that has been affected by the downtime and the respective disruption. Apart from all these services, the Enterprise plan also offers a few more services like, unmetered mitigation of DDoS attacks, network prioritization, image optimizations with “Polish”, Global CDN, mobile accelerations with “Mirage”, multiple SSL certificate uploads, access to China CDN points of presence, accelerated delivery of dynamic content with “Railgun”, “I’m Under Attack” mode, PCI compliance with Modern TLS Only mode and WAF, advanced web application firewall (WAF) with unlimited custom rulesets, and 100 page rules.
In addition to the plans, customers can also choose certain extra features which are listed below.
- Argo: It provides Smart Routing, Tunnel and Tiered Caching and is priced at $5 per month.
- Dedicated SSL Certificate: The certificate helps with encryption of data and high performance speed. SSL certificates can be automatically generated at a fee of $5 per month.
- CloudFlare Access: At $3 per month, this will provide security to all internal data and monitor the users accessing the resources.
- Load Balancing: Starting at $5 per month, this provides load balancing of local and global traffic, geographic routing and checks the server for any glitches.
- CloudFlare Stream: At $5 per month, this is very useful for streaming good quality videos.
- Rate Limiting: For every 10k good request, this costs $0.5 and protects against any attacks on the application layer.
- Web Optimizations
- Web Application Firewall
- Rocket Loader
- Load Balancing
- Argo Smart Routing
- Local Storage Cache
- DDoS Protection
- DNSSEC Protocol
CloudFlare Pros and Cons
- The security services provided by CloudFlare are extremely convenient in spite of not being
- parts of the world. very complex, especially for shared hosting.
- Using CloudFlare, one can easily restrict access and block any problematic IP addresses or ranges and even countries if necessary.
- CloudFlare is quite cost effective as the basic features are free (though there are certain terms and conditions applied) without any upsells.
- The process of setting up is very easy and hassle free.
- CloudFlare constantly serves cached versions of webpages which comes in handy in case a website malfunctions or goes down.
- Performance boost offered by CloudFlare is really good and it delivers cached images or data to the website’s visitors, not from the webserver but from one of CloudFlare’s data centres which are located in different
- Stats and analytics of CloudFlare are quite limited and are not very detailed. Traffic reports that are provided are also quite limited.
- The “Rocket Loader” while prioritising the content of the website, can essentially break a webpage like any other minification or asynchronous loading.
- The security provided is limited for dedicated servers which run integrated CSF or Mod Security.
CloudFlare Support offers basic information to help you navigate any problems that you might encounter. It provides details regarding setup, troubleshooting, billing and account management and even you to figure the best way to manage DNS settings or records. Other than these, CloudFlare Support has thorough information about analytics data, cache settings and the IP based firewall filter that is in effect. It answers questions about optimization, speed and the applications offered by CloudFlare. If you have any issues with copyright or trademark or have any other complaints, you can report them on CloudFlare Support. Apart from this, information about the management of page-rules (to bypass cache), redirecting visitors, customisation errors and every third-party software that CloudFlare partners with can be found on CloudFlare Support.
Is CloudFlare safe?
Being a content delivery network, CloudFlare will only establish contact with the host through a transport system that is completely secure. Now, there are also different servers in various locations, to which CloudFlare caches copies of the particular website , making it quite safe.
How does CloudFlare work?
The delivery of resources of a particular website for its visitors is optimized by CloudFlare and they serve the static resources of the website. The data centres of Cloudflare also ask for the dynamic content of the origin web server and visitors can find the website easily. To increase the speed and to ensure better connectivity, CloudFlare has servers at different exchange points known as Internet Exchange Points (IXPs). Various internet providers connect to these internet exchange points and provide access to each other to the traffic which is present in each of the networks. Now, these exchange points have high connectivity which allows delivery of data to happen at high speed.
What does CloudFlare do?
CloudFlare provides DDoS mitigation, along with the content delivery service through a secured network. It also provides internet security and domain name server services. These services are like a reverse proxy for various websites and come in between the hosting provider and the visitor.
Who uses CloudFlare?
Companies and developers like Lyft, Code Share, Rap Genius, and Lubert use CloudFlare in their tech stacks. There also many local websites, international blogs and Fortune 500 companies that use the services provided by CloudFlare as it speeds up and secures the their websites.
Why use CloudFlare?
CloudFlare’s performance is one of the main reasons why one should use this particular content delivery network. With the help of an edge server, CloudFlare gets a website’s content closer to its visitors very fast.
Use CloudFlare or not?
Since CloudFlare reduces latency considerably and easily increases the speed of a website, one can definitely choose this content delivery network. However, at times to protect a particular website, CloudFlare does restrict access and one will have to request access to get the site online again.