Cloudflare Review

Basic security matters are handled automatically, although it can be bypassed easily by an attacker with knowledge of your main IP address.

What is most valuable?

The most important feature is that they handle the basics of security matters automatically.

How has it helped my organization?

Honestly the product has not really improved the way of my organisation. I just let the product take care of my security in term of networking attacks, but this is not a magic product. You still have to take care of other security matters which are important in network administration.

What needs improvement?

The only thing that I think about is that CloudFlare supercharges your website, as your dedicated IP is covered behind their server. Then, if you are a target of a network attack, they will handle the traffic, and the load, then mitigate the attack. However, depending on how your network system is built if, by any chance, your main IP address is seen by attackers they can easily bypass Cloudflare and directly target your server. In that case, you need to add extra filtering directly onto your dedicated server to avoid breaches out of CloudFlare cover, or add extra anti-DDOS solutions directly onto your dedicated server.

For how long have I used the solution?

I've used this solution for one year. Unfortunately, I'll stop it this month as, rather than being unsatisfied, my needs have changed, and my website no has longer the same traffic. I think that I can (as a System Administrator) handle the security side without it for a while.

What was my experience with deployment of the solution?

Yes I did at the beginning, since I did not understand properly how to install the solution on my NGINX servers. I guess it was a lack of knowledges, but also a problem of speed, since I had to implement the solution in a chaotic atmosphere, since I was under attack at the time and had never faced this before, so I was not prepared.

What do I think about the stability of the solution?

I have not encountered any issues with CloudFlare so far. The solution has worked pretty well, but there are a couple of things which are linked to a webserver environment (NGINX in my case) that you have to be careful about when setting up. Otherwise, you may get some errors, but once the webserver is installed with CloudFlare, it should work like a charm.

What do I think about the scalability of the solution?

Scalability is not a problem for CloudFlare since they are a cloud based solution. I think I had the biggest year for my service in 2014, in terms of traffic. My website was spread over two servers, with CloudFlare on top of them, and everything went well.

How are customer service and technical support?

Customer Service:

9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.

Technical Support:

9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.

Which solution did I use previously and why did I switch?

I did not, perhaps I had to, in order to be a little bit more objective about this kind of product, but since I implemented CloudFlare, I have been happy with them.

How was the initial setup?

I'll say that you have to be used to managed webservers such as Apache or NGINX. It's pretty straightforward, but you have to take care with some configuration details. If you do it incorrectly, it could make your website temporarily unavailable sometimes.

What was our ROI?

I first paid for the Business plan, which was 200$/month for the first month when I had those big issues with DDOS. Then I went to the 20$/month plan. In other words, I spent about 400$ more or less on the product. I have not had a DDOS attack, since, or at least not become unavailable due to DDOS which means my ROI is pretty good. I mean when your website is offline, you first lose money like daily revenue, around 400$ for us, but you also lose your customer loyalty, and there are many more issues. No matters what's going on (attacks or not) a website must be online at all time.

What's my experience with pricing, setup cost, and licensing?

In my opinion the Pro plan 20$/month is the best solution. It includes the core features of CloudFlare which is pretty much enough. If you do not have SSL, you can also use the free plan, which is almost exactly the same as Pro, just without the SSL support. The free plan has SSL support, but it does only support modern web browsers. This means that some of your customers may not reach your website if you are using SSL with a free plan.

Which other solutions did I evaluate?

I did not evaluate other options.

What other advice do I have?

Prepare your implementation while making tests in a pre-production environment. Do not let CloudFlare take care of everything, you still have to take care of security matters for your services.

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Cloudflare reviews from users
...who work at a Energy/Utilities Company
...who compared it with Akamai
Find out what your peers are saying about Cloudflare, Imperva, Sucuri Security and others in Distributed Denial of Service (DDOS) Protection. Updated: June 2021.
521,637 professionals have used our research since 2012.
Add a Comment
ITCS user