CloudFlare will protect you from DDoS attacks to an extent.
There are 2 kinds of DDoS attacks I know of (there are more but they're similar): bandwidth exhaustion and computer resource exhaustion.
Bandwidth exhaustion DDoS mitigation is difficult, because it requires you to have a fat inbound pipe to let all the bogus traffic through. Fat pipes are _expensive_, there are few hosting providers that allow you to have a dedicated line more than 1 Gbps.
Supposedly their Business plan ($200/month) protects against this, and their free plans protect much smaller amounts of traffic.
You can prevent against some common resource exhaustion attacks (SYN floods) by having a proper firewall setup.
CloudFlare has been known to let the attack traffic route to your server if it's big enough.