Cloudflare, what is it and why you need to use it?

Cloudflare is a DNS (Domain Name System) zone manager, which incorporates a reverse proxy to offer its CDN (Content Delivery Network) and web application security services.

Because its services are designed behind a proxy, Cloudflare acts as the first level of contact on the network when you access a website.

In this proxy, it stores a copy of your website at the static content level - Cascading Style Sheets (CSS), JavaScript (JS), HyperText Markup Language (HTML), images - which it then dispatches directly from around the world.

This means that if you visit the website from different parts of the world Cloudflare will deliver the static files from the location closest to your geographical location, speeding up the delivery of your website elements. This also translates into fewer requests to the server where your website is hosted.

That is the way Cloudflare works in broad strokes, although there are more options to discover, and above all to know if our web applications will really benefit from it, or if it can bring us some other problem.

Benefits of using Cloudflare

Since Cloudflare was conceived years ago, it has evolved enormously, becoming one of the most awarded and prized services in terms of technological innovation on the Internet.

Let's see the main benefits of using Cloudflare for our websites.

Accelerate your website

Cloudflare's CDN is simply fantastic, along with Akamai, their biggest competitor, they have the best content distribution network in the world, they are in almost every country and every month they add new points of presence around the globe.

By using their CDN you will speed up the loading of your website drastically, this is good both for the users who browse your site and for Google, who will reward you in their rankings if your website is fast.

Reduce the server load

No matter if you have a small site, or a large one, the server and the system administrators that manage it will thank you if you start dispatching static content from Cloudflare, this way you will reduce the number of requests dispatched from the server, it will be more stable and consume less CPU/memory resources and disk usage at the input/output (I/O) level.

Protect your website against bots

Cloudflare was originally born as "Project Honey Pot", a project to fight against bots and malicious threats from the web to act as a barrier before the request even reaches the target server. Today it is integrated and improved within the Cloudflare core and will help you prevent automated attacks on your website.

Protects against form spam

Another benefit of using Cloudflare is that it has native protection to prevent spammers (if you have a form without captcha) to reach your site and flood you with false data contact forms, user registration forms or comment systems of the most popular CMS like WordPress.

Anti-hotlinking protection

Cloudflare incorporates an anti-hotlinking mode that allows you to protect your images and other static resources to prevent requests to them from unknown websites, which saves you transfer and protects your content.

Free SSL (Secure Sockets Layer)

Universal SSL was the name given to Cloudflare's free SSL, today it is also known as Flexible SSL.

These are free certificates for your site and subdomains that can be activated with a couple of clicks, without verification or time-wasting like traditional SSL.

This is something very useful nowadays when Google Chrome and Mozilla are warning about dangerous sites when visiting a website that does not contain an SSL certificate.

Offline Mode

In the hypothetical case that your hosting provider fails, Cloudflare can alert your users that the site is temporarily offline and will soon be back online.

This will help your website not to be completely off and will communicate to visitors that there is a temporary failure.

Statistics System

Cloudflare has a very cool statistics system that informs you about the performance of the CDN, how many Kilobytes (KB/s) or megabytes (MB/s) you have saved in transfer, where they have been dispatched from, as well as attack protection statistics against your website.

Disadvantages of using Cloudflare

Cloudflare looks like something out of a fairy tale, they offer all this and for free?

In reality, not everything is as rosy as it seems.

What we have told you above is all true, but there are several things to keep in mind about its limitations or disadvantages that you should evaluate before activating this service.

Internet Protocol sharing

You will be sharing an IP with hundreds or thousands of websites that use the same IP as Cloudflare's servers. These include malware, phishing and warez sites, among others, which use it to protect the source IP. This can bring you some complications in the future.

Impact on SEO

Although Cloudflare has said otherwise on several occasions, and even claims that SEO with them can improve, it is reasonable to have doubts about the possible effects of sharing the same IP and DNS with hundreds of disreputable sites.

There are many cases and reports that have shown significant losses of visits after starting to use Cloudflare's CDN directly on their websites.

And no wonder, when you activate Cloudflare directly on a site it takes full control of the HTTP headers, and even how you perform 301 redirects.

So if you want to take care of your SEO, don’t try it, there are ways to benefit from this CDN without taking risks.

Cloudflare can crash

This is something that can also affect you negatively because all your server infrastructure with your hosting provider can be online and working perfectly. However, if Cloudflare goes down, your site can be offline too, a router can fail, or have a performance degradation due to massive DDOS attacks to the area where you are hosting (something that happens very often).

SSL is not so secure

Cloudflare's free SSL is called Flexible SSL, and it is not a secure SSL because it does not encrypt the information completely, it only encrypts it from the proxy to the visitor, but not to the site running on the backend, it has many differences with traditional SSL or even with Let's Encrypt SSL.

So beware of using it on sites we have in production, only use it on temporary or development sites.

Lost control again

Having most of your web infrastructure dependent upon a single service is not good, in the hypothetical case that something happens to Cloudflare's network (which happens from time to time), you would not only lose control of their DNS records but also of the SSL certificates, and of course the availability of your website.

Everything Cloudflare offers in terms of security (except DDOS protection) can be done natively on your servers or clouds, without having to resort to them so much.

You will gain independence and you will have control over aspects that only Cloudflare handles.

Do my sites need to use Cloudflare?

Every site needs to improve speed (even more so because Google loves fast sites) and increase security that translates into greater usability for users, a better browsing experience and allows you to win their confidence.

However, as with everything in life, there must be a balance. That's why you should only use it when strictly necessary.

What Cloudflare does with its proxy is to cache the static content of our website, and dispatch it quickly from your CDN, right?

Well, one way to take advantage of this without having to expose our domain completely is to move our static content to an exclusive domain for it, or to a subdomain. 

If you think it's not worth having a domain registered for it, then simply create a classic subdomain, this way when you add your site to Cloudflare, you will activate the CDN only for that particular subdomain. After all, the biggest benefit in terms of performance is when we make use of your CDN.

Improve Security

And as for security, if we do things right from our servers we can protect ourselves against hotlinking, bot attacks with a Web Application Firewall (WAF), or using captcha forms; for those things, you do not need Cloudflare.

What if there is a distributed denial-of-service attack against my site?

Because of the nature of DDOS attacks and massive floods, the reality is that your hosting provider will be able to help you stop small and medium-sized attacks, but not gigantic ones. 99% of the time you should resort to specialized services such as Cloudflare or Incapsula.

It is also worth clarifying that DDOS attacks don’t happen every day and, unless you have a popular website subject to constant attack, you will not need constant protection.

If there is a DDOS against your site that the Datacenter where you are hosted cannot mitigate (since you already have the site added to Cloudflare) ideally you will be to activate it for your entire website and activate the I'm under attack mode as well as make several tweaks that will increase protection.