Cloudflare Reviews

I had one design that I did, and it was related to Cloudflare API Gateway. Anything that comes in the front-end URL was basically something to deal with Cloudflare API gateway. Based on separations required in Cloudflare DNS, I set the traffic manager and then manage areas, like configuration, DDoS, and all such related areas. The aforementioned area helps manage the traffic that comes in, the load of the application, how you want to secure access and authentication, and then have the authorization.

In Cloudflare DNS, I use all the service modules the tool offers. The use cases attached to the solution can be related to areas like performance checks, protection, security modules, scalability, and allocation frequency of checking DNS.

The most valuable features of the solution are performance and security.

Cloudflare DNS is still a new tool in the market. I haven't come across any issues with the product. I did two designs with the help of Apigee and Cloudflare. I had done one design with the help of Apigee, while the other one was done with Cloudflare. In a lot of organizations, when it comes to the area of design, companies don't understand the broader perspective of what I try to do, how I try to do it or try to understand the right configuration needed. Areas like how assessment, discovery, and payload are dealt with and how it all comes into your organization can be considered when trying to make suggestions to Cloudflare for improvements. The improvements to be made in the tool can be based on your thought process instead of trying to bring up something that is over-prescribed or over-allocated by others, which won't make sense. Based on the functional requirements of every user of the tool, improvements need to be made to the product.

I have experience with Cloudflare DNS.

Initially, I used to use Apigee. Cloudflare DNS was chosen since management made a business decision to deal with the security requirements. Cloudflare DNS has a lot of different compliances and regulations, and related areas, like authentication and authorization, are introduced in the tool. Things change constantly in the product.

When it comes to the product's initial setup phase, I have dealt with a lot of complexity when it comes to different applications, especially with the ones where I had to deal with AWS. Users need to bundle their applications, especially when there are critical applications, which may range from platinum, gold, silver, or bronze applications. Users need a landing zone, and they need to put everything in one particular landing zone, making it one of the Year's good use cases of the product to which a lot of people don't pay much attention; because of this, I feel it is my vision related to the product. I feel the companies need to see what the product can offer rather than just using the tool straight out of the box.

In every organization, there is a security component involved, and as long as the tool meets the requirements of the security layers in an environment, the product's setup phase is somewhat straightforward, but I am sure you could do a lot of different stuff with the tool. I don't think the setup process is complex, considering just a single source when it comes to the product, which revolves around the area of security. Based on the workload, users can make the setup process complex. I don't like straightforward processes, especially when dealing with critical applications that need to be designed in a particular way and could be totally different from the other applications in an environment. I am the type of person who likes to make the setup process more complicated and unique. When it comes to the setup process, users can choose different avenues to ensure that the resource separation is consistent in the setup phase.

Cloudflare is designed to offer API Gateway, Traffic Acceleration, and DNS. Based on your pages and URL performance, Apigee is a solution you can use, and you could tie that in either AWS, Google, or Azure, or if you are making a SaaS application going through a front-end web component and have a pass-through gateway.

Cloudflare DNS is a pretty solid product as it is not tied to any cloud environment.

I rate the overall tool around seven or eight out of ten.

We launched the application on the WLP engine. Our website hosts various images, media files, and other external files. We use Cloudflare to ensure faster website delivery.

Google page scripts contribute to the size of web pages. Cloudflare optimizes these scripts and other page elements to improve performance. Techniques like minification and image compression reduce the size of assets, leading to better performance and faster user load times.

It can improve the central time, performance, and SEO schema. 

Cloudflare performs well with static content. However, there are some performance considerations when it comes to dynamic content that involves fetching data from databases or using APIs.

We are not currently using Cloudflare for an e-commerce website. Still, if we were to add an e-commerce site on a platform with region-specific pricing and content, Cloudflare's service might need improvements in handling these dynamic requirements.

I have been using Cloudflare for two years.

I rate the solution’s stability an eight out of ten.

I rate the solution’s scalability an eight out of ten.

The initial setup is easy.

The tool's pricing is moderate.

I rate the product’s pricing a five out of ten, where one is cheap, and ten is expensive.

I recommend the solution.

Overall, I rate the solution a six out of ten.

In Cloudflare, we utilize their DNS and DDoS protection services. All incoming traffic to our server passes through the Cloudflare network. However, we face challenges when it comes to handling legitimate DDoS attacks. These attacks are well-crafted and mimic genuine requests to our publicly facing web pages. Despite Cloudflare's scoring mechanism, there are concerns about the effectiveness in blocking such attacks, as the traffic still reaches our infrastructure directly. Cloudflare recently introduced a new solution for Captcha, but enabling it poses challenges. Some customers are unhappy with Captcha, and modern AI-based DDoS tools can even bypass Captcha, further complicating the situation.

We have been utilizing Cloudflare's solution for over a year, to be precise, between one and two years. Currently, we are using their SaaS product, Cloudflare, for DDoS and DNS.

In general, the product is stable, and Cloudflare excels in DNS services. However, for DDoS protection, I would not recommend Cloudflare. While an on-prem router might be suitable, I would advise considering alternative cloud-based scrubbing solutions. We are currently exploring new options, and F5 is one of the products under consideration.

Cloudflare's technical support in this region, specifically in Bangladesh, is acceptable. However, since there is no local office here, I primarily interact with their offices in India and Singapore, which manage this territory. Unfortunately, obtaining support from them can be challenging at times. Specifically, Cloudflare should work on providing support aligned with our time zone, and in the case of DDoS scenarios, having a Security Operations Center (SOC) or similar services with a hotline number for immediate contact would be beneficial. This would help us address issues promptly, especially during unforeseen events like DDoS attacks.

Neutral

The implementation in our environment is a challenge. Since it's a SaaS product, we handle the implementation ourselves, but we also enlist Cloudflare's assistance through their implementation service. Given that the portal is on Cloudflare's side, we rely on their guidance to implement the solution. We follow Cloudflare's configuration methodologies and adhere to their shared workarounds during the implementation process.The implementation doesn't take much time, typically one to two months. However, ongoing tuning is required, especially when there are changes in my web applications. 

One challenge lies in the limited configurations, particularly in rule customization. For instance, if I have a generic rule based on my web UI, it may not be suitable for specific aspects of my infrastructure. A specific challenge involves rate limiting, where, for example, my organization's name is bikash.com, but I need to configure rate limits for bikash.com/campaign and bikash.com/contactus separately. The traffic patterns for these segments differ, with higher traffic during campaigns and lower traffic for contact us. Configuring rate limits in Cloudflare becomes challenging in such scenarios, especially when dealing with varying traffic patterns.

The pricing for the service is reasonable, neither excessively cheap nor prohibitively expensive. It aligns well with the value of their solution.

Overall, I would rate it 5 out of 10. 

For the free and Pro plans, they could use a simple bot to provide information to users. This would improve support, especially for less advanced users who utilize the free components.

We had a couple of back-and-forth communication with the Cloudflare team. The support team's responses are comparatively slow and not as optimized as they could be. So, it leads to a couple of delays.  The communication process is a bit linear, which can be frustrating.

Smaller businesses have seen great ROI due to the low investment and strong performance. 

Many regional e-commerce websites and information-based pan-India websites like WordPress. These sites were facing tech challenges, particularly with WordPress. It's one of the most popular content management systems, but it needs robust support because it's inherently vulnerable. 

WordPress security can be tricky, and that's where Cloudflare can be absolutely helpful for small businesses. They utilize its security features to combat those pesky DDoS attacks and other threats, significantly improving their website stability. It can be a pretty satisfying and decent experience.  

Cloudflare's biggest plan for initial businesses is $200 per month, and if you're an enterprise, you'll likely exceed that on either AWS or Cloudflare itself. 

For comparison, Akamai's minimum billing starts at a couple of thousand dollars. That's where Cloudflare shines for smaller businesses – it's ten times cheaper than Akamai.

Interestingly, even their enterprise solution is cheaper than other platforms like Akamai and Amazon CloudFront.

For Cloudflare, I recommend it heavily for small businesses with revenue under a couple of million dollars. Onboarding is easy, and they even have a free plan. This makes it simple for businesses in the $100,000-$500,000 range to try it out and see its value, allowing them to scale up their infrastructure as needed.

Many small businesses lack the budget for solutions like AWS and rely on GoDaddy, hosting, or even Versal plans for their initial setup. At that level, Cloudflare is the best option, even though it's not as powerful as Amazon CloudFront or Akamai. Those are built for different services, while Cloudflare caters specifically to smaller teams that eventually scale up.

For smaller businesses, they're the absolute best, so I'd give Cloudflare a nine out of ten. 

For larger businesses, it depends on the budget. Even for them, I'd rate it a seven out of ten.

I use Cloudflare for legacy websites that I need to protect because they're very vulnerable or to secure a client's critical websites. We will implement it after a review or if the website has gotten a poor grade on one of those online checks to see if the security meets the minimum requirements. 

Usually, after I show them their website is vulnerable, I get them to sign up immediately. For me, it's more of a delta suspender as a security measure. I find that many web developers do a poor job of updating their websites and keeping all the security modules.

Cloudflare has a server, and you point your DNS there. From there, you either enable the passthrough or use their full proxy. When you use their full proxy, you get all the features. If you're only doing the DNS, it's just a basic DNS server. Most people don't use it just for DNS; they use it for proxying their websites. You can proxy other services as well, but I've only used it for web applications on different ports.

Many websites require an SSL certificate because they sell stuff and want SSL. Cloudflare comes with an SSL certificate built in. It's automatic. You sign yourself up for Cloudflare, and an SSL certificate automatically protects your website. If you have a connection between your website and your host, the server, Cloudflare, and the host, you don't necessarily need a certificate, okay?

It should be easier to collect the logs with companies like Sumo. However, based on my discussions with the salespeople, I understand that's how they make their money. With the enterprise product, they want people doing those kinds of enterprise features to do the logging. They want them to pay a lot of money, and that's where I have an issue with them. That should be a default. You should be able to get the log no matter what. The logging should be universal. 

I have been using Cloudflare for several years.

Cloudflare is highly stable.

Cloudflare is highly scalable. Cloudflare is a system with a web portal that the end users like me see. It's a console where we can adjust the DNS, caching, and security features all in that console. Cloudflare owns thousands of servers across the world that cache the data. It's a powerful solution. When clients sign up for Cloudflare, they're getting this monster content delivery network, security, and a web application firewall in one. It's all rolled into one, and it's massive.

Unless you have your website hosted on a massive hosting provider, there's no way that you can deliver the amount of data that Cloudflare can provide to the end users. If you have static content, there's no way that you can ever match what Cloudflare can do. Obviously, there are competitors to Cloudflare that do the same, but I'm saying other types of solutions.

Let's say you go with F5. Great, that's on-prem. That's in your colo. You can't deliver as much data to the internet as you can with a CDN. You don't have to spend $20,000 on a net scaler, F5, or whatever Cisco's selling now. You don't have to buy that. You pay them $50 a month or $150 a month. It's totally worth it because even in five years, you'll never get the performance value, not just the actual ROI. You have to consider how much throughput you can get with Cloudflare.

It depends on the level of support. Basic Cloudflare support is average. Enterprise support is amazing. It's 10 out of 10. However, if you're paying $20, you get email-based support. 

Cloudflare is effortless to set up because you point the DNS to it, and it's working. You enable the proxy and SSL. The website is protected within 10 or 15 minutes. The biggest wait is for the internet to see that the DNS has changed. I always do the initial setup myself and then give it to one of my web guys to manage. There's a reason behind I do it that way. When ordering a client, I generally manage their DNS, email, and other services. I don't want to let the web developer mess it up.

The web developers know how to do it but don't have a stake in it like I do. If they flip a switch and forget to update the FPF or TXT records, and other essential documents start to break, it's a problem. I don't trust them to do the setup. Other than that, I let them have access. I let the web developers have access because they need to make changes. They're going to add host entries, etc., and they may want to adjust some of the features in Cloudflare.

I'm not a web expert. I have expertise in infrastructure, server planning, and SQL. I can support the whole picture, but I'm not a web expert. You don't need a web expert to do it. You can get a generalist like me, and I have many specific skills. However, I don't do that every day, and you don't have to touch it daily. In a lot of ways, it's a set-it-and-forget-it kind of deal.

The solution requires some primary care and feeding for performance problems and functionality issues, like if something doesn't work because it's a bad link. I engage with the web developer to determine if it's a problem with caching, the code, filter configuration, etc. We look at all the different features. That may require some effort. However, if you don't make any changes to the website, you might only touch it twice a year after it's configured. 

I have some clients whose sites don't do anything. It's like a virtual business card. For those sites, I give them the lowest common denominator of Cloudflare set up for that domain. The website is protected and much less likely to get hacked.

However, if I have a company that has online sales and sends out many newsletters, then they need to have a CDN. That way, if a thousand people get that email and click it at once, it will not kill their server. That's the value of having Cloudflare or something similar. It's different if a thousand people click on a server farm in one location. 

Even at AWS, you have to have this auto-scaling, and the configuration is significant. I would get paid thousands of dollars to set that up. That costs a fortune in monthly payments. I don't know of any of these different companies that host servers. I just put the website on Cloudflare, and they don't spend much money on my time. Maybe I should be smarter and push the AWS, so I get paid more.

It could range from free to $1,500 a month. I put all my clients on Cloudflare, so it's around 20 or 30 customers. One of my clients has more than two dozen domains on Cloudflare, so they pay $20 times 20 domains. He's paying $400 a month. It isn't cheap, but it's totally worth it.

I rate CloudFlare 10 out of 10. I couldn't recommend it more strongly. If you have a website, you need to use Cloudflare or something like it. Don't leave your website unprotected. That's my advice. I set up Cloudflare for every client that wants to host a website because it protects their site and makes it easier for me to manage the DNS. 

I get them to pay the $20 for it. That's the bare minimum. If you want something that can enhance the security of your website, just do Cloudflare. I always do it. I mean, I'm always going to add to my Cloudflare base. I'm never going to shrink unless I find something better. But I don't know of any other solutions that.

You can do a self-sign. That's a couple hundred dollars a year that you don't have to spend, and you don't have to manage that. You can lock down your security on your website so that only the Cloudflare data centers can access your web server. You're limiting a lot of risks.

Let's say you're hosting your site on GoDaddy. GoDaddy's server is unprotected. It's just a server out there. They have enterprise IDS and all that other stuff, but for the most part, they're vulnerable. People attack them all the time. You can limit that by only allowing access to your website from Cloudflare servers. Cloudflare stands in front of your servers as a firewall. That increases performance and security. It limits a lot of access to your servers. 

There are so many benefits here. You don't need SSL on your site, which is excellent, because you don't have to pay for that certificate. That makes it a lot easier. Troubleshooting your site for problems and not having SSL enabled between you and Cloudflare is huge. 

In my company, Cloudflare's PoC phase is going on, and so it is not an active contract we have had with them, but just basic experience is what I have with DDoS protection. I basically use Cloudflare for DDoS protection. My company recently tested the tool for its DDoS protection capabilities.

In terms of the tool's advantages, I would say that it can be highly automated and is very quick when it comes to propagation. The tool is user-friendly. The product's reporting capabilities are great. We need to do a bit of customization in the tool, but most of it is automated. The tool has a lot of artificial intelligence and machine learning. The solution has been able to compare it to the market, and I think the product has taken great strides in automating quite a bit of things, and they use a lot of AI.

I have not extensively worked with it, so I can't think of any improvements that are needed in the tool at the moment.

It is a foolproof solution. The support is great. I don't think that I can come up with any cons about the tool at the moment.

The integration of LLMs on the dashboard is something that is needed in the tool. What Cloudflare is doing internally is that it is stepping ahead in areas like detection and protection. The tool should integrate LLMs on the dashboards and assist you with policy creation.

I have been using Cloudflare for about six months. My company has a partnership with the solution.

We did not face any stability issues in the solution.

Scalability is one of the added advantages of Cloudflare as it is used across the world. It is a SaaS tool, but the fact that they have workloads deployed across the world proves that it is a highly scalable tool.

I have primarily worked not with the tool's customer support but with the product's sales engineers and technical sales engineers, who seem to know their stuff.

I have used Imperva. Compared to Imperva, I feel Cloudflare has better support and a straightforward licensing model. Cloudflare gives you a free trial for an extended period of time. The number of services Cloudflare offers in one package is also quite a lot. The number of folks Cloudflare has is more widespread compared to Imperva, so you can redirect the traffic to wherever you want and continuously do health checks, which PoP is up. If there is a PoP that is down, Cloudflare automatically reroutes you to it.

Imperva is better than Cloudflare in the area of bot protection. Imperva offers advanced bot protection, specifically in terms of the detection and protection for advanced bots it provides. Imperva is able to detect dangerous bots in a more efficient manner, making it better than Cloudflare. There are more ways to bypass Cloudflare than there are on Imperva.

The product's initial setup phase is straightforward.

One person can manage the product's installation phase.

The solution is a SaaS tool, so there is no maintenance required from the user's end.

The solution can be deployed in half an hour.

The tool is a premium product, so it is very expensive.

Cloudflare's CDN performance enhancements work in a lightning fast manner. The good thing is that there are PoPs all across the world, and I think that it is minimally required.

I saw quite a number of integration opportunities with Cloudflare. Cloudflare has a lot of capability to integrate with different tools, teams, or across on-premises or cloud networks.

I rate the tool a nine out of ten.

We used the solution mostly as a DNS registry. I was the director of IT, and we had dozens of web assets, websites, and domain names. Instead of hosting the domain names with our content host, I would redirect pretty much all of them through Cloudflare to mitigate DDoS attacks and provide some resiliency. Our content host was largely WordPress based and backed by AWS. It was my go-to DNS registry for domain name verification or email security because we didn't run one on-premise. So Cloudflare was my DNS registry in effect.

DNS proxy was very valuable to me. The solution automatically detects and responds to certain types of traffic based on geolocation. In my previous organization, our main website experienced up to two million visits in a year. 

There was a four-month curling tournament from the fall to the spring season. It became important to distinguish legitimate viewers and fan traffic where they would want to go and visit our website for information on tournaments to buy tickets and merchandise and to view scores of our major national tournaments. It was important to protect legitimate traffic from illegitimate group-force traffic. 

Though Canada was not a major target for the DDoS attack, it was important that we protect our website through Cloudflare. If we saw a lot of traffic that we wouldn’t usually get, like from Russia, China, or any bot-like behavior, the product would filter it out. We did not have to think about a cyber strategy because the product did it for us. Cloudflare is one of the pioneers of cybersecurity software.

I think the solution is for users at the level of enterprise hosting. It is not meant for small or medium business users or sysadmins. The solution could be more user-friendly.

I would like to see Cloudflare take on more of the advocacy and lobbying role for internet security because they're the leaders in it.

I used the solution in October 2022 in my previous organization.

I have never had a website go down while using the product.

The solution is scalable. The sky is the limit.

The initial setup was pretty easy.

The deployment process is just as simple as knowing your A records. Other than adding or updating new records, I never really had to maintain the product.

A free version of the solution is available. I have never needed anything more than free DNS.

We explored and spoke to a sales representative about one of our flagship CRMs. We were thinking about taking advantage of more of the product's features. We did not go with it because it was a cost reckoning at that point. If we had more scale, it would start to look a little bit more lucrative.

As the geopolitical situation develops, we have to be mindful of cyber threats, even in the small and medium business spheres. People should be more mindful and aware of the tools available. The tool needs to be holistic. It must help users to protect and strengthen their passwords through multifactor authentication. The tool must also protect online businesses.

Entrepreneurs need to be sure that their whole web ecosystem is projected end to end. Cloudflare offers APIs for event logging and analysis. Even if you're using an assembly of tools in your cyber protection toolkit, you can monitor what Cloudflare is detecting and mitigating and report on it holistically. The solution providers are very rigorous about their documentation and learning resources. They're invested in raising general awareness.

A lot of people don't understand DNS security, the routes that web traffic takes around the world, as being very important, but it is important. Data sovereignty is important, and the more that you secure your exchange points within your country and are mindful of the hops that your data takes and how it might be intercepted, the better everyone's awareness will be because people don't think about that stuff.

Sometimes even our websites and web applications were hosted across multiple different providers. A redundant and distributed DNS provider on the cloud, independent of our host, became almost necessary. A lot of people think that it is over-complicating and over-distributing for the web ecosystem. However, I see the security merit of a ubiquitous third-party DNS record host like Cloudflare. If one hosting service goes down, we will still have that redundancy through Cloudflare.

CIRA and .ca domain providers are the only ones advocating for data sovereignty, internet affordability, and accessibility, starting with offering free Canadian Shield DNS registration and partnering with various exchange providers. No one else is advocating for domain name security. Canada does not have any homegrown DNS providers. Everyone defaults to whoever their host is, which may or may not be inside the country.

The only hiccups we've ever had had less to do with Cloudflare and more with one of our other service providers messing around with our domain records. If you were in a situation where you had to adhere to domestic sovereignty and compliance laws, be mindful of where most of your users and traffic are coming from, and then make your decision to buy the product.

Overall, I rate the solution a nine out of ten.

When I was in Singapore, I used Cloudflare for DNS management, but when I started at Yoma Bank, I started using the application gateway routing and firewall features. 

I like Cloudflare's application gateway and DDoS protection. 

I would like Cloudflare to offer a dedicated account manager for large enterprise clients like us.

I have used Cloudflare DNS management for around seven years, but I have only used the firewall features for four years. 

I rate Cloudflare eight out of 10 for stability.

I rate Cloudflare eight out of 10 for scalability. 

I rate Cloudflare support seven out of 10. The technical support is mostly fine, but the response times could be better, and we'd like a dedicated account manager. 

Neutral

Before Cloudflare, we relied on on-prem hardware and software solutions.

I rate Cloudflare eight out of 10. The basic setup is straightforward, but you may need to configure some advanced settings in some cases. We finished the setup in under an hour. However, we need to do some regular maintenance. 

I rate Cloudflare eight out of 10 for overall value. It's cost-effective, but I think they should have a custom pricing model for enterprise customers based on the features you use. That's why I think it would be helpful to have a dedicated account manager to periodically review and address our usage. 

I rate Cloudflare seven out of 10. It isn't bad overall, but it's difficult to use in this country.