Disadvantages and Advantages of using CloudFlare

Disadvantages:

CloudFlare benefits from a good reputation. However, we noticed major issues related to using CloudFlare.

  • Security:  CloudFlare is a middleman between your server and your visitors. Sensitive data also go through the CloudFlare server when they are delivered to a client. CloudFlare has the ability to monitor all your traffic.
  • Power: Cloudflare can inject code into your HTTP headers and your web pages and it can have any consequences.
  • Slow: For some reasons, we have noticed that CloudFlare can slow down the page load rather than speeding it up. It is normal as a step (a hop) is added between your server and a client.
  • Misconfiguration: Since additional settings should be made on the CloudFlare website, a misconfiguration can lead to downtimes and traffic drops. Here a case study of a Google traffic drop related to Cloudflare.
  • Dependency: By choosing to point your nameservers to another server that you don’t control, it means you accept to hand over a part of your website reachability to CloudFlare. If the CloudFlare server goes down, your website gets inaccessible even if your web server works fine. In other words, you had a point of failure by using CloudFlare.

Advantages:

  • DDOS attacks: Cloudflare mitigates DDOS attacks.
  • Firewall: Cloudflare helps to reduce useless incoming traffic. Here is the list of opened ports when using CloudFlare. For HTTP: 80, 8080, 8880, 2052, 2082, 2086, 2095.  For HTTPS: 443, 2053, 2083, 2087, 2096, 8443. You can also whitelist or blacklist IP addresses. There is also an interesting option called “challenge IP” which prompts for a captcha when requests come from an IP address.
  • HTTPS, HTTP/2: Cloudflare provides free HTTPS, HTTP/2 and SPDY certificates for your domain.
  • HSTS: Cloudflare provides free HTTP Strict Transport Security for your website.
  • IPV6 reachability:  Cloudflare allows your website to be accessed through an IPV6 address even if your server has an IPV4 address.
  • Minify: It can minify CSS, Javascript, and HTML
  • Rate limiting:  Cloudflare can protect your API by limiting the number of requests for a given time using a rule. It is a paid option and it is very easy to setup from the Cloudflare configuration page.
  • Jurisdiction: CloudFlare is located in the USA. Consequently, this makes believe that your website is located in the USA. Your website is likely to benefit from the US jurisdiction.
  • Freedom of speech: By hiding the IP of the server, you can express yourself since you can rely on the 1st amendment of the United States of America which allows a website to express almost all opinions without being prosecuted.