Cloudflare Review
Basic security matters are handled automatically, although it can be bypassed easily by an attacker with knowledge of your main IP address.


Valuable Features

The most important feature is that they handle the basics of security matters automatically.

Improvements to My Organization

Honestly the product has not really improved the way of my organisation. I just let the product take care of my security in term of networking attacks, but this is not a magic product. You still have to take care of other security matters which are important in network administration.

Room for Improvement

The only thing that I think about is that CloudFlare supercharges your website, as your dedicated IP is covered behind their server. Then, if you are a target of a network attack, they will handle the traffic, and the load, then mitigate the attack. However, depending on how your network system is built if, by any chance, your main IP address is seen by attackers they can easily bypass Cloudflare and directly target your server. In that case, you need to add extra filtering directly onto your dedicated server to avoid breaches out of CloudFlare cover, or add extra anti-DDOS solutions directly onto your dedicated server.

Use of Solution

I've used this solution for one year. Unfortunately, I'll stop it this month as, rather than being unsatisfied, my needs have changed, and my website no has longer the same traffic. I think that I can (as a System Administrator) handle the security side without it for a while.

Deployment Issues

Yes I did at the beginning, since I did not understand properly how to install the solution on my NGINX servers. I guess it was a lack of knowledges, but also a problem of speed, since I had to implement the solution in a chaotic atmosphere, since I was under attack at the time and had never faced this before, so I was not prepared.

Stability Issues

I have not encountered any issues with CloudFlare so far. The solution has worked pretty well, but there are a couple of things which are linked to a webserver environment (NGINX in my case) that you have to be careful about when setting up. Otherwise, you may get some errors, but once the webserver is installed with CloudFlare, it should work like a charm.

Scalability Issues

Scalability is not a problem for CloudFlare since they are a cloud based solution. I think I had the biggest year for my service in 2014, in terms of traffic. My website was spread over two servers, with CloudFlare on top of them, and everything went well.

Customer Service and Technical Support

Customer Service:

9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.

Technical Support:

9/10. I did not really have the opportunity to use their service as a free user. However, when you are a paying user at CloudFlare, they will answer you very quickly, and with accurate answers. I did contact them on a few occasions, and they gave me good answers.

Previous Solutions

I did not, perhaps I had to, in order to be a little bit more objective about this kind of product, but since I implemented CloudFlare, I have been happy with them.

Initial Setup

I'll say that you have to be used to managed webservers such as Apache or NGINX. It's pretty straightforward, but you have to take care with some configuration details. If you do it incorrectly, it could make your website temporarily unavailable sometimes.

ROI

I first paid for the Business plan, which was 200$/month for the first month when I had those big issues with DDOS. Then I went to the 20$/month plan. In other words, I spent about 400$ more or less on the product. I have not had a DDOS attack, since, or at least not become unavailable due to DDOS which means my ROI is pretty good. I mean when your website is offline, you first lose money like daily revenue, around 400$ for us, but you also lose your customer loyalty, and there are many more issues. No matters what's going on (attacks or not) a website must be online at all time.

Pricing, Setup Cost and Licensing

In my opinion the Pro plan 20$/month is the best solution. It includes the core features of CloudFlare which is pretty much enough. If you do not have SSL, you can also use the free plan, which is almost exactly the same as Pro, just without the SSL support. The free plan has SSL support, but it does only support modern web browsers. This means that some of your customers may not reach your website if you are using SSL with a free plan.

Other Solutions Considered

I did not evaluate other options.

Other Advice

Prepare your implementation while making tests in a pre-production environment. Do not let CloudFlare take care of everything, you still have to take care of security matters for your services.

Disclosure: I am a real user, and this review is based on my own experience and opinions.

Add a Comment

Guest
Why do you like it?

Sign Up with Email