
Ask HN: Thoughts on Cloudflare? - anondon
I use the free plan of Cloudflare for a personal site and find it useful for the CDN, analytics, SSL and DNS.<p>One thing that bothers me is the cost of these benefits: all traffic is decrypted at their servers. Is it something to be worried about for the average user? (Data stolen while passing through their servers)<p>Maybe I am paranoid, but is it a good option for sites that deal with payment data?
======
throwbsidbdk
I've always seen cloudflare as a panacea for horribly written websites that
need to handle high traffic. A good framework can crank out like 200k requests
per second on normal hardware. If you're using something like PHP for a high
load site you're asking for trouble and cloudflare might save you from a
rewrite.

Their core service is DDoS protection, but the reality is that these attacks
are rare and usually small. Most people using cloudflare could save money by
just running their own Nginx/varnish reverse proxy. Cloudflare for the most
part is just an http reverse proxy, and I've heard they just use nginx
internally to do it.

I worked at a software/IT consultancy and some of our clients ran
controversial political sites. Lots of them. They were surprising never
"attacked" with more than a few hundred requests per second. In fact, none of
the few hundred sites we ran was ever attacked while I was there. The only
ones that went down a lot were wordpress based sites that could only handle
like 7 requests per second past the cache. We ran cloudflare on some of these,
but only so it wasn't our fault when they inevitable crashed from xmlrpc bots
and other primitive garbage.

~~~
IcyApril
Hi; I work for Cloudflare so I just wanted to address some of these points.

We have sites of all platforms and types which are in need of caching services
for a variety of reasons. We have e-commerce sites wanting to cache anonymous
page views to improve conversion rates through improved speeds, through to
services wanting to accelerate dynamic content using our Railgun optimiser.

As a reverse proxy, we do offer an incredibly powerful DDOS mitigation
service. Over the past few months we have seen a dramatic increase in DDOS
attacks - including multiple DDOS attacks which are greater than 400Gbps.
Whilst not all sites will face such attacks, we do offer a service for those
who are in need of protection (either as a precaution or to mitigate an active
attack).

Our WAF can help protect against other such attacks from SQL Injection to XSS
and beyond, for example; we have a rule to protect against XML-RPC attacks.
We're constantly improving our feature set and adding more; one such product
we're particularly excited to reveal is our Traffic Control solution which can
help add extra layers of security to APIs and websites.

