> you must use (paid services) in order to serve video and other large files via the CDN
But what is a "large" file? 10mb? 100mb? Are there any actual specifications that I can read or is this just "use it and hope for the best, till you get a notification from Cloudflare sales team"?
My POV as customer for 5 years, doing mostly Video and Binary transfers and asked to move to enterprise few times (and still on the Pro plan, never had any interruption):
They will NEVER says specifics bytes or anything like that (any cloud provider that has any abuse prevention clausule will not too)!
If you says that a "large" file is 100mb people will just gamble and split the files in 100mb chunks. Same for any value here. The idea is mostly about pattern recognition (any abuse detection algorithm) and how much do you pay and how much you are costing.
Bandwidth is cheap for CF but they dont want anyone gaming the system, i will upgrade for enterprise at some point mostly because the SLA, but at the time im writing here, i pay $20 month for a service traffic that cost (to me) hundreds `per day` on AWS or GCP...
People here talk like they multi million dollar project will be blocked because some user downloads a 10mb file on a free plan. But if you really have a critical product you can get enterprise plans starting at $1500 dollars, hardly more than 3K. The enterprise plan is mostly about the SLA than actually services; Thats not the reality of mostly of the people. The basics plans are very good for almost everyone IMHO.
My rule of thumb of any cloud service / provider: You will for sure get deals that will cost very little to you, that is 10x/20x cheaper, but once you "savings" are on the 100x range you may find someone on the other side trying to make you to pay more. I have a friend that was banned from GCP for that reason (long story).
Another example: Hetzner - You can do a lot with the "free" 20TB bandwidth... But do not think that just because theres a number here theres no "catch" for some "creative flow", we got blocked once, was a mistake and is resolved but anything free has abuse protection rules (sometimes not writen) and will find you.
Yes there’s products on CF that cost a lot of money. Like Argo. So… just don’t use that kind of product? All prices are clear. We are discussing the “free” CDN services. You will never get a random bill for that.
except the free tier? isn't that what people writing here about? never knowing when the free ride ends? up until now even the content type was not clear...
as other comments mentioned, CF is more like a "hey we noticed ..." kind of company and dont go around raising bills willy nilly, very different from AWS, etc.
Was computed related, but he find a loop role on his business contract. He was right by the legal team os the service, but they used a another term that make they right to not work with us anyway. His document ID was banned (he cant create accounts with his name/id anymore).
I dont remember the details, but was related to the free limits per account. And if my memory serves, he was in the plan that he can create how many parent accounts he wants for free. That plan does not exists anymore.
My feeling on this would be: they're probably fine shipping the static media assets for my site like the logo, CSS, JS, banner image, etc. Those are trivially cached with long lifetimes. I'm guessing what they don't want is an Imgur-like site where there's a lot of user-generated media content for free.
The new section says:
Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.
To me, that's reasonably clear. If you're a blog that's content with some images between the logo and maybe a picture or two in an article, that's probably fine. That seems "proportionate" - in a similar proportion to most sites on the web. If you're Imgur where you're basically just serving media assets to people or if you're trying to make the next TikTok, that's disproportionate - beyond the normal proportion of media assets of most websites. Likewise, you can't run an NPM clone or download server for Linux ISOs off Cloudflare - that would be disproportionate. And if you're uploading podcasts to your website, those large audio files don't get a free ride.
How much exactly is disproportionate? Of course they're going to have to leave that a tiny bit vague so that people don't game the system. To me, it feels reasonably clear. If you're building an average site, don't worry about traffic to it. Your regular old blog is fine. If you're building something that leans heavily on serving images, audio, or video, you can't do that. Your podcasts should go into R2, your video should go into Cloudflare Stream, etc. or not be served via Cloudflare's CDN.
AFAI am aware, "use it and hope for the best" is kinda the way CloudFlare usage in all the "self-serve" tiers has always worked. You have service until you make them unhappy for any of a variety of reasons, at which point you'll be prodded to start paying [EDIT: or paying more].
They're not actually giving away service that others charge thousands of dollars a month for, for free. If they were, most of those others would be out of business. Their free and self-serve tiers are nice and can even be good deals (you really get a lot out of that top-tier self-serve plan, for the money—watch out, some of the lower ones didn't have any SLA at all, last I checked) but if you're pushing serious bits, you're gonna end up pushed to a thousands-a-month enterprise plan.
TL;DR unless you've got an enterprise plan with them, yeah, "use it and hope for the best, 'till you get a notification from CloudFlare" is pretty much how their plans work.
> They're not actually giving away service that others charge thousands of dollars a month for, for free
Sure, I'm fine with that. The problem is that I don't know how much it'll cost if I fall out of their free tier.
If I go with Bunny.net, I can get bandwidth for $0.005/GB (on their volume tier with 10 PoPs) or $0.01/GB (on their standard tier with 114 PoPs). $1,000 will buy me 200TB of bandwidth on their volume tier. If I'm using 200TB on Cloudflare, what is that going to cost me? $500? $10,000? Fastly's list price is $0.12/GB for the first 10TB + $0.08/GB after that so their price would be $16,400. And I'm sure that at 200TB/mo, I wouldn't be paying Fastly's list price, but at least I have an upper bound on the pricing. With Cloudflare, I really don't know.
> "use it and hope for the best, 'till you get a notification from CloudFlare"
I'd be fine with this if there were a 30-day migration window that I'd get (or something like that). The problem is that there have been a few stories of Cloudflare moving very quickly against a customer's usage.
Cloudflare's enterprise pricing is, irritatingly, of the "contact us" variety (FYI typically starts around $5k, last I checked, and at least for us they weren't interested in reducing that by cutting all the shit we didn't need, such that they were effectively really expensive on a per-TB basis) but, to be fair, if you're doing any kind of real volume you're going to want to contact sales at those other places, too. Odds are sticker price is just an anchor for negotiations anyway.
[EDIT] However, you're right that the lack of even limited pricing transparency makes relying on CloudFlare at lower levels risky because it's hard to know what kind of expenses you might, later, be exposed to.
> They're not actually giving away service that others charge thousands of dollars a month for, for free. If they were, most of those others would be out of business.
Well, It’s just that at a certain scale and business seriousness you will pay to guarantee certain levels of service which is why CF isn’t putting everything out of business. But CF’s “unguaranteed tier” is still high tier services for free.
It's not just "guarantee levels of service", it's permission to sling lots of bits (and of any "type" you like) without being deliberately cut off. It's not like you're just paying for more 9s at other CDNs (or at CloudFlare).
Yes, the free tier is in fact pretty amazing if you have mid-traffic-or-lower site and are mostly serving HTML pages and basic images, js, and css for those pages, and the stakes for availability are pretty low. Which describes quite a bit of the Web.
> removed an old restriction on benchmarking–we’re confident in the performance of our network and services, unlike some of our competitors.
Lots of your competitors never had such a clause. It's good that you're joining them, but this swipe at unnamed competitors, in the announcement that you have finally left that group, feels a bit misplaced.
I maintain a list of tunneling solutions[0]. One of the main reasons people choose not to use Cloudflare Tunnel for selfhosting is because technically hosting non-HTML content has been against their ToS. Anyone know if this change affects tunnels?
Apparently, there are no "service-specific terms" for Cloudflare Tunnel, so the only ToS for that service would be the "main" terms (i.e. the Self-Serve Subscription Agreement)[0].
Therefore, as long as you comply with it (especially the sections 2.2.1 and 2.7), you'd be fine. There are no explicit constraints regarding content type, just on what the content itself is or represents (e.g. illegal stuff).
I believe the customer mentioned in the article could also be related to Rasmus[0] as this discussion had the CTO of Cloudflare replying https://github.com/rsms/inter/discussions/549
They emailed him, but I have the same problem. I get so much email that's not really important that none of it gets looked at.
I think it would be nice if there were a way to configure an alternate email address for notifications about things that are extremely important. Things like account throttling, termination of service, terms of use violations, etc. are all abnormal, so it's hard to build email filters that are going to catch them.
Those are also things that need immediate attention, so it would be a huge improvement if I could have them going to a shared mailbox where multiple people have prominent notifications configured.
Basic filtering only works until "account termination" spam starts bubbling up and frustrating everyone. Direct mail to an unpublished email address would be so much better.
In our case, "CDN" is basically all traffic. The majority of our (enterprise agreement) Cloudflare usage falls under "CDN", even though 90%+ of our usage is non-cacheable API requests.
I knew a guy who served tens of terabytes of uncached content per month using Cloudflare's free plan. Cloudflare reps tried to call him for meetings "to discuss his usage and satisfaction with cloudflare" multiple times and he avoided them for years. He stopped for other reasons but afaik they never banned him.
I expect these rules are a formality to ban users like him.
tens of TB a month is not that bad in all respects. They already did this for super egregious customers, see this user that pushed 10TB/day through the network and was officially asked to upgrade to the $200/mo business plan: https://community.cloudflare.com/t/the-way-you-handle-bandwi...
I also know some users who do >5tb/day of images and get away with sitting on the legacy "pro for all your domains" $20/mo plan. The abuse team is definitely very sympathetic to customers, and I imagine limits are raised if a site is particularly advantageous to have for other abuse protection purposes (like aiding in gathering network intelligence by having tons of unique users).
Having done community support in the Cloudflare Community / Forum, there are a lot of consulting/hosting firms that provide "all in one" domain management, and that typically involves putting all of your customers on one Cloudflare account, with many users revealing thousands upon thousands of websites managed under their account.
I wonder if a better partner program would help with that kind of thing. The blog post for their self server partner program [1] looked really awesome in terms of customers owning their accounts. Pushing people towards solutions like that are better, especially if the customer can also have a direct billing relationship with Cloudflare.
However, I won't trust it.. The blog post started with:
> We’ve heard from many of you that you enjoy working with Cloudflare, but cannot support some minimums for our Enterprise partner programs. This program is built to help you get started, with no upfront commitments for qualified partners.
And the enrollment page [2] says:
> Unlike our Enterprise program, our agency path requires no upfront commitments and includes volume discounts on all self-serve customer spend.
But the enrollment page FAQ says:
> There is no fee during the open beta. As we move to early and general access in 2023, there will be $1000/year annual program fee required for platform access and onboarding.
How is a required "annual fee" not an "upfront commitment"?
I've always been bullish on Cloudflare because I thought they saw value in serving under-served markets. However, every year they seem to trend towards the attitude every other tech company has lately. They only care about big, rich customers.
I tell a lot of people to move their DNS to Cloudflare since it's reliable and opens the door to other services that can be useful, but I'm not paying $1k / year to onboard potential customers for them.
That very likely already fell afoul of their long-standing content rules—I doubt it was tens of TB a month of "webpage content". Usually takes mass-scale image hosting, video hosting, binary file hosting, et c., to hit those kinds of numbers, and that was already not allowed.
TL;DR: The section 2.8 they talk about removing is still in effect[1], unless you use their other services such as R2 or Pages.
> Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid services to serve video or a disproportionate percentage of pictures, audio files, or other large files.
Whenever you're confused about a vague term, just think - does my usage cost the service provider more than they earn from me? That will be your answer.
It's not really about the specifics of what the bytes represent, it's whether the transportation and processing of those bytes makes Cloudflare money. Either now, or a likelyhood of future earnings.
The Services are offered primarily as a platform to cache and serve web pages and websites. Unless explicitly included as part of a Paid Service purchased by you, you agree to use the Services solely for the purpose of (i) serving web pages as viewed through a web browser or other functionally equivalent applications, including rendering Hypertext Markup Language (HTML) or other functional equivalents, and (ii) serving web APIs subject to the restrictions set forth in this Section 2.8. Use of the Services for serving video or a disproportionate percentage of pictures, audio files, or other non-HTML content is prohibited, unless purchased separately as part of a Paid Service or expressly allowed under our Supplemental Terms for a specific Service. If we determine you have breached this Section 2.8, we may immediately suspend or restrict your use of the Services, or limit End User access to certain of your resources through the Services.
The new section [1]:
Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.
Previously, (technically) it was not allowed to host anything that wasn’t HTML on Cloudflare, even though they have products specifically made for hosting non-HTML stuff (Stream, R2, etc…)
This has now been changed and the rule now only applies to Cloudflare CDN. So, if your content is hosted outside of Cloudflare and is being cached by Cloudflare, that’s banned, but if you’re hosting your content on R2, Stream, etc… then it’s allowed now.
You already couldn't do that on the self-serve plans (well, you might get away with a little bit of it, but it was a gamble). This change explicitly allows it if you're hosting the video on a CloudFlare service of some sort, other than just the CDN.
But what is a "large" file? 10mb? 100mb? Are there any actual specifications that I can read or is this just "use it and hope for the best, till you get a notification from Cloudflare sales team"?