Naar navigatie springen Naar zoeken springen
CloudFlare is a service for CDN (Content Delivery Network), but also as front-end proxy fore security. I have some mixed feelings about it.
This article is about using CloudFlare for security - Maybe what's called Web Application Firewall (WAF)?
- Blocking visitors from choosen countries or even continents
- Defense against DDOS
- An extra defense layer
- It doesn't take resources from the actual webserver, as it is a front-end proxy.
- It seems to generate errors: At times, visitors see a CloudFlare error page in stead of the site
- Inconvenient that DNS entries are now administrated somewhere else
- Issues with Klaviyo (email marketing): Some extra DNS-related settings were needed
Some remarkable negative views - halfway the page. They might be all correct, but how significant are these criticisms?
- by using cloudflare, you add a point of failure between web server and visitors
- Cloudflare may not speed up your pageload
- Cloudflare may get your website penalized by Google.
- Cloudflare inject code into your HTTP headers
- Cloudflare may deliver the wrong version of a page
- Cloudflare makes you believe that it protects your server against bots. In fact, a clever bot can start many handshakes with your servers and crash your server even behind cloudflare. (Syn DDOS attack)
- Cloudflare may modify your code and you didn’t want Cloudflare to modify your code. (HTML minify, removing comments, adding JS lines)
- Using cloudflare is like handing over your house keys to someone. You get dependent on cloudflare to deliver your content.
- Cloudflare can spy on your data and the data of your website visitors since their servers stand in the middle between two HTTPS chains.
- Cloudflare can decide to shut down the connectivity to your web server.