My primary use for the Cloudflare service is for load balancing. I also use the product to manage the connection to my web server's backend.
Technical Engineer at a tech services company with 11-50 employees
My servers used to have a lot of traffic, we put it on the public settings and now there is no downtime
Pros and Cons
- "The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution."
- "If they improve on the placement of their data centers, it would be better. I'm living in a remote area. I would like to connect to them without any kind of lag."
What is our primary use case?
How has it helped my organization?
Cloudflare improved my organization because my servers used to have a lot of traffic. We put it on the public settings and now it's quite nice because there is no downtime, if there is a slow connection or a lot of web traffic.
What is most valuable?
The most valuable feature of Cloudflare is that it has a free version. They give us the free version with the anti-DDoS features and also the load balancing solution.
For how long have I used the solution?
Three to five years.
Buyer's Guide
Cloudflare
November 2024
Learn what your peers think about Cloudflare. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
815,854 professionals have used our research since 2012.
What do I think about the stability of the solution?
Compared to other products, Cloudflare is very stable.
What do I think about the scalability of the solution?
For our websites, it is only around 100 to 1000 visitors per day. For the deployment and maintenance of Cloudflare, just one person is required for maintenance.
How are customer service and support?
The customer support at Cloudflare is fairly straightforward. For technical support, I give Cloudflare a thumbs up for their documentation. We didn't have to ask their technicians or their support in order to finish up the setup. It was easy to troubleshoot our installation.
Which solution did I use previously and why did I switch?
We used a previous combination of CloudFlare and a manual router with a load balancer. The solution that would be most comparable with CloudFlare based on my experience would be physical load balancing and cloud-based load balancing.
How was the initial setup?
Cloudflare is not complicated to set up. It is fairly straightforward. Deployment times depend on the website. Because I already read the documentation before the first setup, it actually took no more than 10 minutes. I did it all by myself.
What's my experience with pricing, setup cost, and licensing?
We are still using the free version of Cloudflare. It is a yearly based plan.
What other advice do I have?
In my experience, Cloudflare is a great solution. If they improve on the placement of their data centers, it would be better. I'm living in a remote area. I would like to connect to them without any kind of lag.
I believe that Cloudflare is okay as it is now because they are partnering with Google. Cloudflare improves performance on my websites. It is a great partner for cloud infrastructure for anyone who wants to use the security service and other features.
I would rate Cloudflare with an eight out of ten. I know they are constantly improving.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Service Manager at a tech services company with 1-10 employees
Allows us to self-host services like Rocket.Chat and Node-RED, in HA mode
Pros and Cons
- "Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations."
What is our primary use case?
In addition to a reliable and easy to use a DNS service, Cloudflare enables us to host websites on hardware in-house, by protecting us against DDoS attacks as well as from our slightly unreliable ISP.
How has it helped my organization?
Cloudflare allows us to self-host services such as Rocket.Chat and Node-RED, in high-availability mode, thanks to round robin DNS which allows us to share one hostname between our two locations.
What is most valuable?
- DNS
- Round robin DNS
- Load balancing
- DDOS protection
to protect us from botnets and attackers, as we are hosting sites in-house.
What needs improvement?
Cloudflare is one service that has been absent of any frustration when setting up or using. Perhaps I would ask that they improve the Free plan and allow us to use it with any TLD (certain ones are not allowed).
For how long have I used the solution?
More than five years.
What do I think about the stability of the solution?
No
What do I think about the scalability of the solution?
No
How was the initial setup?
Very straightforward, we were set up in minutes.
What other advice do I have?
I'd rate it a 10 out of 10. There is no service as mature as Cloudflare that is also as easy to use, reliable, and hosted from excellent infrastructure.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Cloudflare
November 2024
Learn what your peers think about Cloudflare. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
815,854 professionals have used our research since 2012.
Online Marketing & Development Manager at a engineering company with 501-1,000 employees
It offers single-point DNS management for all of the company’s domains that might be registered with different registrars.
What is most valuable?
DNS Management is the most valuable feature of the product on the free plan, and the CDN options are robust on the business plan.
How has it helped my organization?
It offers single-point DNS management for all of the company’s domains that might be registered with different registrars.
Refreshing the site cache is very fast and easy, and the developers mode is also a great feature.
What needs improvement?
With CDN loads, sometimes we get an error that the host server is unavailable when the connection between CloudFlare and the server timed out. But now, we get the always online page, so the customer hardly notices a problem.
For how long have I used the solution?
I have been using it for at least four years.
What was my experience with deployment of the solution?
no issues, very fast to deploy. a simple change of the domain's NS records.
What do I think about the stability of the solution?
on the free plan we used to receive from time to time "website not available" but since we switched to the business plan, we encounter no problems.
What do I think about the scalability of the solution?
No problems with scalability; we moved from free to pro to business with no problem.
How are customer service and technical support?
Technical support is 10/10 – very good.
Which solution did I use previously and why did I switch?
We are simultaneously using Akamai, which is sometimes too robust for us, much harder to configure and costs a lot more. CloudFlare is very user friendly, UX-wise and price-wise.
How was the initial setup?
Initial setup is very straightforward.
What about the implementation team?
We implemented through an in-house implementer.
What's my experience with pricing, setup cost, and licensing?
If you are mid-size company, go straight to the business plan. great ROI.
Which other solutions did I evaluate?
We are also using AKAMAI, see my previous comment on that.
What other advice do I have?
CloudFlare provides an answer to a variety of issues, so it gives you very high value for your money.
If you are not sure, take it for a test run; it’s free.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Consultant at a tech services company with 51-200 employees
It is an incredibly advanced content delivery network, however, it has the non-strict version of Full SSL.
CloudFlare is an incredibly advanced content delivery network (CDN) that offers boosts to the security and performance of your site. They act as a reverse proxy and shield your web server from exposure to the wider Internet. You get huge bandwidth savings and a reduction in the resources consumed on your server, so why have I just decided to 'go it alone'?
Introduction
CloudFlare launched their beta in June 2010 and very soon after they followed with their official launch in September of the same year. Their free accounts come with many of the great features they offer and their blog makes for some really interesting reading. This all sounds like a match made in heaven but I recently found myself faced with the tough decision of leaving CloudFlare and losing their support. This meant having my domain name resolve directly to the IP of my server. Whilst that may sound like a totally normal prospect for most, after you've enjoyed the protection and security of having someone act as your doorman, it's a slightly daunting prospect. Not only would I lose their security, but I'd also be subjecting my server to the full force of any traffic aimed at my domain name.
A Brief Overview
Because CloudFlare act as a reverse proxy, a user's browser connects to the CloudFlare servers which then request the content from the host server on behalf of the user. This puts CloudFlare directly between you and your visitors, allowing them to cache content and protect your server by not allowing users to connect directly to it. This is fine when the site is loading over http but when you want to start loading over https, it brings up a few problems. There isn't really a requirement as such for me to serve content over https, I don't have user logins and the site doesn't serve sensitive or confidential data. For me, it was mainly about the learning process and showing that it can be done for free. If you head over to StartSSL and pick up one of their free SSL/TLS certificates, it will bear your domain name. This immediately presents a problem when the browser is not connecting to your server when a user enters that domain name into the address bar. Now, CloudFlare offer different solutions to this problem depending on which type of account you have. Their free accounts do not support any form of SSL, you have to step up to at least a Pro account ($20 a month) to get SSL support. At the Pro level, the account I used to have, you can enable SSL support and take advantage of the benefits of CloudFlare but serve over https instead.
Flexible SSL
Once you're on a paid account plan, you can enable SSL on your site with a single click thanks to CloudFlare's Flexible SSL. The CloudFlare servers present their own SSL certificate to the user so that the transfer of information between them is encrypted. From here, as the data travels from CloudFlare to the hosting server, you can use your standard SSL certificate issued by a CA, a self signed certificate, or, worryingly, nothing.
Once I started investigating the upgrade to a paid plan so that I could get SSL support, I was startled at the prospect of Flexible SSL. Here, we have a solution that seems to break two of the key principles of implementing SSL/TLS. When we visit a site and see https in the address bar, I think it's fair to say there are some assumptions that we could generally make and should be able to make. The SSL certificate assures us that the site we are connected to is the site we typed in the address bar, and that our traffic is encrypted during transmission to that site. Flexible SSL seems to break both of these principles. The certificate that is issued belongs to CloudFlare and not the site you're trying to connect to, and traffic on the other side of CloudFlare between their network and the host site is not encrypted. There is of course the option to move to Full SSL, you can even use a self signed certificate between CloudFlare and the host, but I imagine there are sites out there that don't. The ability to present your site over https when the full route is not encrypted seems to be a breach of the trust that the user places on the indications their browser is giving them. There is the argument that encrypting part of the transport layer is better than encrypting none of it. Anyone between the user and their nearest CloudFlare server, like an attacker on a local network or even their ISP or government, wouldn't be able to access their traffic, but after the CloudFlare server it's back into the wild without any protection. Given that it's really easy to create your own self signed certificate, or you can get a free one from StartSSL, I just can't see the requirement for Flexible SSL. The benefits of encrypting the first leg of the transport layer are far outweighed by the detriment of giving false impressions on securely transmitting data. If you're on a shared hosting plan that would be costly to upgrade to SSL support, or don't know how or can't implement it on your server, Flexible SSL is nothing more than an illusion of security that you're presenting to your visitors.
Full SSL
If you want to ensure that data is always encrypted whilst it's being transported, you need to enable Full SSL, which requires SSL on the host server. As I've mentioned, you don't need to pay for a certificate as you can use a self signed certificate or get one from StartSSL. Once that's installed and you enable Full SSL, CloudFlare will only communicate with the host using a secure transport layer.
Now we're up and running, all traffic will be encrypted during transit. Problem solved, right? Well, even though I was using Full SSL, I still had my concerns. Whilst CloudFlare are a trusted party in all of this, I didn't feel comfortable with the idea of having a man in the middle of my secure transport layer. That, and the certificate being issued to the browser still carried someone else's name. For most users, when you connect to a site and see https in the address bar, I think it's fair to say there would be an expectation they were talking to me, directly. Not only that, but there is still a point in the transport layer where data isn't encrypted, inside CloudFlare. I think CloudFlare apps are a prime example of this, allowing the ability to inject Google Analytics code into your pages for example. I want to be clear that this isn't a criticism of CloudFlare, the services they offer are fantastic, I just have my reservations when it comes to running your secure transport layer through a third party. For a site that loads over http no one can have a realistic expectation that someone else hasn't seen or altered your traffic during transit. The other problem with this is that CloudFlare never used to validate the certificate between them and the host. It would accept any certificate and go with it.
Full SSL (Strict)
The lack of certificate validation has been recently resolved with a new feature announced by CloudFlare, Full SSL (Strict). This means CloudFlare will now validate the certificate presented by the host server. This came as quite a surprise to me as I was already using a valid certificate so just assumed that it was being validated and accepted by CloudFlare. As it turns out, I could have literally used just about any certificate I'd liked and it would have worked just fine. Not only that, but anyone could MiTM my perfectly valid SSL certificate, swap it out, and CloudFlare would have been just as happy. To me, their blog post should be more along the lines of 'we now do SSL properly' than 'hey we added a new feature'. Connecting to a host securely and then not validating the certificate means that you're not connecting to the host securely. If there was some way to pin a self signed cert in the CloudFlare control panel, this option would be perfectly acceptable, which is what I expected you should have to do if using a self signed certificate. As it turns out, there is no such option. Worryingly, the non-strict version of Full SSL will remain. CloudFlare are going to automatically switch everyone with a valid certificate to Full SSL (Strict), but for those that don't read the CloudFlare blog, I wonder if they will ever find out.
Business And Enterprise Accounts
It is possible to get around the issue of serving your visitors a CloudFlare issued SSL certificate by upgrading to a Business or even Enterprise account. Starting at $200 a month for the Business account, or an average $5,000 a month for Enterprise accounts, you can upload your own certificate and private key to CloudFlare. Whilst your visitors are now being served with your own SSL certificate, I can't see the benefit this brings. The user, much like with the Flexible SSL option, is now under the impression that they're communicating with you directly and securely. Even if they check the certificate, they will see that it is issued to your domain and have no reason to suspect that their traffic isn't travelling directly to the host before being decrypted. To set this up requires the disclosure of your private key, something that in itself should highlight the kind of breach to transport layer security this causes.
The Aftermath
One of my biggest concerns with coming out from behind CloudFlare was the impact it would have on my server. I'm currently using DigitalOcean (referral link) to host my blog and with the ability to rapidly scale the hardware capabilities of my VPS, I cautiously flipped the switch. Within the first hour it was immediately clear just how much of the demand on your resources CloudFlare can alleviate. I saw jumps in traffic at the network interface and CPU utilisation as soon as I hit the button. Whilst none of these increases were enough to cause any worries, it does provide evidence for the claims CloudFlare make about just how much they can save you in resource terms. At almost double the average daily bandwidth usage, I can say that CloudFlare were saving me about 45% of the bandwidth used by traffic hitting my site. This is from both their efforts in caching my content and serving it on my behalf, and traffic that they will have dropped and not allowed through based on it appearing malicious. I'm also seeing average CPU loads approaching double what they were, but still only falling well within the single digit range. As it turns out, my VPS is perfectly capable of handling the regular traffic my blog gets but I am still acutely aware of the greater exposure I now face. That being said, I feel the value of honouring the core principles of SSL/TLS to be worthwhile.
Conclusion
I know I mentioned it earlier, but I wanted to be clear that this isn't a complaint about CloudFlare. I still use CloudFlare to resolve my DNS queries as they run one of the fastest DNS services around. Thanks for that guys! Their free account offers an awful lot of functionality and savings alone, before you get on to the minimal $20 a month for a Pro account which comes with it's own great list of features. If you're hosting a site that serves content over http it's really a no brainer as to whether or not you should make use of a free CloudFlare account. If you're hosting a huge amount of content there's little reason not to use them. My only real problem comes with the introduction of SSL/TLS and the unavoidable requirement to have a man in the middle of your secure connection. If you truly have a requirement for a secure transport layer I have to question the sanity of breaking the chain of custody of your data.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at QROK GmbH
Easy to use, good documentation, reasonably priced, and they have good support
Pros and Cons
- "It's very user-friendly."
- "There are some issues with the CDN services."
What is most valuable?
It's very user-friendly. A user who doesn't completely know how everything works can easily sign up and have an account.
It is very clear and the information is very useful.
There is a very good reporting system for statistics.
What needs improvement?
There are some issues with the CDN services.
Also, the connection could be improved.
What do I think about the stability of the solution?
There are some issues with stability. We have connection issues.
How are customer service and technical support?
We are satisfied with technical support.
What's my experience with pricing, setup cost, and licensing?
We don't have any issues with the price.
What other advice do I have?
I would rate Cloudflare an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Security Engineer at a computer software company with 201-500 employees
Great at mitigating threats with good stability and very good scalability
Pros and Cons
- "The solution is very good at mitigating threats."
- "The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful."
What is our primary use case?
We primarily provide the solution to our clients.
It offers DDoS protection, WAF is available, and CDN services are there. You can log the IP address countrywide and it optimizes the content for you.
What is most valuable?
The solution is very good at mitigating threats.
What needs improvement?
The product is already being developed out quite well. I don't see any room for improvement in terms of features.
The solution could use more analytics on the backend to give us more insights into everything. More reports would be helpful.
If they could offer more filters, that would be very useful for our organization.
For how long have I used the solution?
I've been using the solution for three years.
What do I think about the stability of the solution?
The stability is good. We haven't witnessed crashes, bugs, or glitches. It's a reliable product.
What do I think about the scalability of the solution?
The solution is easy to scale. A company shouldn't have any issues with expansion if they need to.
How are customer service and technical support?
We've reached out to technical support in the past and we've found hem to be very good. We're satisfied with the level of service they provide.
How was the initial setup?
The initial setup is extremely easy. There's absolutely no complexity.
Deployment times will depend on the customer due to the fact that we will need to change the authoritative main servers and customer domain. We can typically do this in one day. It totally depends on the customer and their requirements and processes.
There is no downtime involved in the deployment.
What's my experience with pricing, setup cost, and licensing?
I'm not sure what the licensing costs are. I'm not sure if we pay monthly or yearly.
What other advice do I have?
We're partners with Cloudflare.
This solution is the best product. It does not charge you for any kind of attack on your traffic. It charges you only for any good traffic. It can mitigate up to 30 TBPS of DDoS attacks. If the attack happens and if there is a surge in the traffic, it will only charge you for the good traffic.
I'd rate the solution nine out of ten.
I'd rate it higher, however, I believe they are still building out their product. There are still items that could be added that will make it even better in the future.
Which deployment model are you using for this solution?
Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Principal at a tech services company with 51-200 employees
Why I moved from CloudFlare to PageSpeed
Yes, I’m obsessive about Webpage load speed. Only in the past year or so has Website speed become an SEO (Search Engine Optimization) factor however I’ve always spent an inordinate amount of time and energy trying to speed up my Website (as well as find ways to speed up all Websites I build for clients). Until a few short years back, besides using state of the art software and hardware (NGINX, Ubuntu Server, reverse HTTP proxies etc.) in addition to a CDN (Content Delivery Network) such as Amazon Web Services CloudFront, there really wasn’t any simple means of speeding up WordPress Websites.
How times have changed in a few short years! We now have super awesome services such as CloudFlare and the Google PageSpeed Service (PageSpeed service isn’t widely available yet but should be soon). CloudFlare is a freemium service and their free offering is probably much more than most Websites need. As for Google PageSpeed Service, pricing hasn’t been provided as yet and is being used free on an invite only basis at present (thanks Google for the invite you sent me ).
Just over two months ago I started using the PageSpeed service for three of my other Websites. Around the same time I started using CloudFlare Pro (a paid-for service) for this Website, OrganicWeb.com.au. Here are my findings.
Using WordPress on CloudFlare
How the CloudFlare free plan can remain free is quite simply amazing. The benefits, from free use of a leading CDN, free high-performance DNS hosting to security and more is awesome. The majority of users won’t need to upgrade to the Pro plan which has a monthly cost and offers further performance and security enhancements.
I used the Pro plan for a couple of months but I actually moved my Website from CloudFlare to PageSpeed a few weeks back as there were problems when people were leaving comments on Posts (I use the JetPack Plugin to manage commenting). I believe that Blog commenting is important and no matter what configuration I did, I just couldn’t correct the commenting problem when on CloudFlare so moved to PageSpeed (and the commenting problem no longer seems to occur). In fairness to CloudFlare I believe that the problem may well have been with the JetPack Plugin.
Just because my WordPress Site had problems on CloudFlare doesn’t mean that yours will. In fact, I recommend CloudFlare over PageSpeed for users that want a very simple to setup service that works well. CloudFlare have done a great job in making the setup super simple; just install and activate the WordPress CloudFlare Plugin, add necessary data to CloudFlare and your WordPress Site will be secured and delivered by CloudFlare in just a few minutes.
Using WordPress on Google PageSpeed Service
Oh … My … Goodness. Google PageSpeed ROCKS! A little more complicated to setup than CloudFlare but wow is this service great for delivering WordPress content mighty fast. PageSpeed does clever stuff such as convert images, where beneficial, to base64 as well as write CSS and JavaScript inline into the HTML in order to reduce round trip times. Like CloudFlare, once PageSpeed has been setup then it just works.
The Google PageSpeed Service may be a bit too technical for those wanting something very simple to setup. Whilst CloudFlare provides top-class and very fast DNS hosting, Google PageSpeed doesn’t provide this. I prefer having a separate DNS hosting provider and use AWS Route 53 so PageSpeed is preferable for me.
Security versus Speed
The biggest selling point for most people however will likely be the security provided by CloudFlare. I’m really not sure if PageSpeed provides any security and whether the security provided by CloudFlare is any good. Security is often a perception and CloudFlare beats PageSpeed completely where the perception of security matters.
My advise for most people is to use CloudFlare. For more advanced users, and those that are confident managing their own security, the Google PageSpeed Service is the way to go.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Initial setup is straightforward and guided by Cloudflare
Pros and Cons
- "Easier http to https redirect using page rules"
- "DNS Management."
What is most valuable?
- DNS Management
- CDN
- Page rules
How has it helped my organization?
- Easier DNS management via API
- Easier http to https redirect using page rules
What needs improvement?
Several features that I think is essential is not available in the free and business package. One of them is multi users. Multi users and multi API key is important for organizations in any size.
For how long have I used the solution?
2-3 years
How was the initial setup?
Initial setup is straightforward and guided by Cloudflare. NS changes for new site is easy. For existing NS migrated to Cloudflare, user must recheck current DNS records to ensure all records already available in Cloudflare.
What's my experience with pricing, setup cost, and licensing?
So far I use free tier and happy with it. You can subscribe to business package if needed.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Cloudflare Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Distributed Denial of Service (DDOS) Protection CDN Managed DNS Cloud Security Posture Management (CSPM)Popular Comparisons
CrowdStrike Falcon
Cisco Umbrella
Quad9
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Darktrace
Zscaler Internet Access
Microsoft Azure Application Gateway
Azure Front Door
Akamai Connected Cloud (Linode)
AWS WAF
Tenable Security Center
Palo Alto Networks WildFire
F5 BIG-IP Local Traffic Manager (LTM)
Buyer's Guide
Download our free Cloudflare Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- We are looking at managed DNS providers and want to know what others are using
- Which product would you choose: A10 Thunder TPS, Cloudflare or Corero?
- Which would you choose - Cloudflare DNS or Quad9?
- We are looking at managed DNS providers and want to know what others are using
- Prolexic vs. Arbor Networks: How do they compare?
- Which is the best DDoS protection solution for a big ISP for monitoring and mitigating?
- How does a WAF help to protect against DDoS attacks?
- DDoS solutions: Any other solutions to consider aside from Radware DefensePro and F5 Silverline DDoS Protection?
- Which is the best DDoS solution and why?
- What is the difference between denial of service and distributed denial of service?
Very good review, I agree with all the topics. Do you know why does my site appear to be hosted elsewhere using CloudFlare?