CloudFlare review

Out of date content ahead!

This post is from 2011 and is now very out of date.

CloudFlare is free service which claims to enhance the security of a website and boost performance at the same time.

I’ve been using it for a few months on another website as well as using it on this one. This is what I think of it so far.

Setup

The setup process is very simple and guides you through it all the way. The hardest thing you will need to do is change nameservers on the domain you plan to use CloudFlare on. The rest is simple and with the great control panel, very easy to do!

Performance

CouldFlare can act as a CDN for your site which offers a great boost in performance for you website and not only that, it can also minify your sites HTML, CSS & JS giving even better performance!

I did, however, have one problem with the performance of CloudFlare. The problem was when I used Pingdom and similar tools to check the websites speed, although most resources would load VERY fast, one or two resources would take ages and cause the overall load time to go up by 6-7 seconds, making the load time slower with CloudFlare!

After a bit of searching on Google I found a few other people who have had the same problem with CloudFlare. From what I’ve read CloudFlare claims the results were just problems with how Pingdom tests websites speed and in real world tests CloudFlare should boost performance.

To show what I mean I’ve tested this page with Pingdom.

Pingdom Results

As you can see most of the page loads within 1.25 seconds, but a few bits take a lot longer and push overall load time up to 4.32 seconds!

I managed to fix the problem on the other website by reducing the number of resources the site was using by combining them. I have to agree that in my own real world tests the website did seem to load faster, but I would definitely want to do more testing if I hadn’t managed to fix it on that site.

Features

One of the best features is Always Online. If for any reason your server goes down, CloudFlare can show it’s own cache of your static web pages enabling people to still get the information. Great if you’re likely to be Slashdoted.

CloudFlare also offers redundant DNS which is better than what a lot of hosts provide! The DNS has a simple but great control panel with plenty of options for most people.

Another really good feature of CloudFlare is that it’s great at stopping spam! On the other website I’m using CloudFlare on, I noticed a huge reduction in spam. The website used to use Bad Behaviour to help reduce spam which got it down to around 20 messages a day (down from about 300). With CloudFlare though, that’s gone down to just 1 or less a day! A massive improvement!

Security

I’m not completely convinced about the security aspect of CloudFlare. It should stop most script kiddies and bots but if someone dose managed to get your servers real IP address, then they can attack it as if you weren’t using CloudFlare. Worse still, CouldFlare defaults to directing direct.yourdomain.tld to your server without going through CloudFlare, so it’s very simple to get your servers IP. Because of that bots and tools could easily be setup to detect CloudFlare and use direct.yourdomain.tld to get around it.

One way to fix the problem of people getting your servers IP and attacking it directly, would be to set up your servers firewall to block all IPs apart from CloudFlares IPs from connecting to it.

Overall while CloudFlare shouldn’t replace you’re current server security, it should make your security logs much smaller and easier to handle. Hopefully making it easier to spot and stop any attacks.

Price

It’s free! What more can you want? The paid option for just one website is a bit pricey for small websites, at $20pm. If you have a few websites though, it is much more reasonable at $5pm for each additional website.

Overall

Setup: 10/10. Can’t fault it.
Performance: 9/10. Only problem was with Pingdom and similar testing tools.
Features: 10/10.
Security: 7/10. Good as a first line of defence but definitely not a replacement for current security.
Price: 10/10. It’s free! Although the paid option is expensive for just one site.
Overall rating: 9/10.

I think it’s a great service and definitely worth a try. It’s free after all!

If you think I’ve missed anything or got something wrong, please let me know in the comments.

You need JavaScript enabled to see comments.