Why We Moved To Cloudflare

Ensuring our infrastructure is running smoothly and a few other concerns are always on the back of our minds here at protoxin.net.

2016 was a big year for the ProToxin.net team and me; we launched this site and a it's just been a fun adventure since. During this time, we've been harassed and DDoS'd many times. Due to this, we transitioned our systems to [redacted] to try and offload DDoS as well as do some moderate content caching, as they also provided CDN capabilities.

$20USD/month was [redacted]'s price. Not bad, really. Unfortunately, we came into a problem almost instantly. Due to our former provider's pricing model, it turned out to be $20USD/month/subdomain. While friends and I run all these things, I personally absorb all operating costs; not to mention we have 10 subdomains currently (more are expected). $200USD/month was a bit steep for me. But hey, if your WordPress gets infected, [redacted] will clean it up for you, they also act as a WAF. On top of the steep pricing model, it came down to a point where we did not see added value other than acting as a bandaid for DDoS. Maybe the free SSL? We/I am not an enterprise, however, that does not mean we should write-off some performance and additional security.

Don't get me wrong, our former service provider was very professional and their support was wonderful to work with.

In comes Cloudflare. I was a free-tier customer with Cloudflare a few years ago, however, never really had a chance to use the service. I decided to check out Cloudflare's pro package ($20USD/month), as it was the same price point I was paying for protoxin.net on [redacted]'s service. I transitioned our DNS to Cloudflare's and migrated zone info. This process was relatively painless. What instantly stuck out to me was the fact that I was free to add whatever subdomain I wanted and was also given the choice to either route through Cloudflare or directly to the host. Awesome.

Once hosts were setup, setting up headers and SSL was way too easy. :-) While learning more about Cloudflare's platform, I stumbled upon Cloudflare's Page Rules section. Honestly, this is probably the best part of Cloudflare. While their service provides some WAF, Anti-DDoS, and CDN capabilities, Page Rules allow you to fine tune how their service works with your pages/servers on a granular level.

For example, I can control the TTL for Cloudflare's Edge Cache for this site while specifying how long a client browser will cache for. Besides cache, Page Rules allow you to customize other components such as setting Browser Integrity Check, disabling performance, bypassing cache, alter SSL settings, and more. Again, to truly get the most out of Cloudflare, you need to check out their Page Rules section.

Here's a screenshot from when I was playing with Page Rules:

Now that it's been a few months, I'm happy to say we'll be sticking with Cloudflare for some time. Their support has been pretty great and they are constantly engaged in the security community; something I love to see from them.

So, to any employees of Cloudflare... if you ever see this blog, I'd like to thank Cloudflare for helping us save money while providing a more valuable service/product. I'd love to talk more with Cloudflare about what they do and where they see themselves in the future.

Until next time,
ProToxin

Join EFF!