Cloudflare use cases

Dubbed Navigator

Adherent
Joined
Jul 22, 2014
Messages
351
So I've seen multiple threads mentioning and including cloudflare, but none that actually advocate the use of it for a perticular reason.

I ask this as I use it, but implementated it perhaps a little hastily.

Reason 1 was the "keep alive" feature.

Reason 2 was the CDN, after my site started accepting direct image posting.

Now I've had a few issues recently with visitors being presented with 403s and 400s, not necessarily associated with cloudflare, but it has prompted me to have a tune and tidy up all round.

Looking around at use cases, I came across the below site


Makes an interesting point for me. I didn't need cloudflare for the reasons it suggests, I wanted it as an improvement.

It also means I had to modify my DNS for emails, and have to target my IP directly for FTP. There's definitely the possibility I've done it wrong and made it more difficult for myself, and that in itself strengthens the case of not bothering.

Worth noting the vast majority of my traffic comes from central Europe, with the server being based in UK.

Why did you choose cloudflare?
Why didn't you?
Is it worth me ditching it in favour of a paid CDN and making DNS simpler.
 

Pigoo

Enthusiast
Joined
Aug 20, 2018
Messages
226
Is it worth me ditching it in favour of a paid CDN and making DNS simpler.
You didn't mention if you're getting Cloudflare directly from Cloudflare...or via your website host. Also didn't mention if you have a Cloudflare paid plan or Cloudflare's free plan.

Big difference between free & paid plans.
 

Dubbed Navigator

Adherent
Joined
Jul 22, 2014
Messages
351
You didn't mention if you're getting Cloudflare directly from Cloudflare...or via your website host. Also didn't mention if you have a Cloudflare paid plan or Cloudflare's free plan.

Big difference between free & paid plans.

Its directly from CF. The free plan.
 

Pigoo

Enthusiast
Joined
Aug 20, 2018
Messages
226
Thanks for the extra details. What you get with the Cloudflare free plan is very minimal. In my opinion...you really don't "have" Cloudflare until you have one of their paid plans. Since what you get with their free plan you can get at other places for free as well. To really have the benefits of a service like Cloudflare...you need to have a paid plan (if you feel you need it).

As far as "Is it worth me ditching it in favour of a paid CDN and making DNS simpler". I think with many of these services (free or paid)...you need to do some DNS modifying. It's one of those things that's a pain in the butt initially...but once setup it should be mostly hassle free.
 

zappaDPJ

Administrator
Joined
Aug 26, 2010
Messages
7,368
I don't use Cloudflare or any CDN. I don't believe they would benefit my sites but obviously every case is different. I tend to take a rather minimalist approach and prefer to keep things simple.
 

eva2000

Habitué
Joined
Jan 11, 2004
Messages
1,782
So I've seen multiple threads mentioning and including cloudflare, but none that actually advocate the use of it for a perticular reason.
I use Cloudflare for years now for my forums https://community.centminmod.com/ and my Wordpress blog https://servermanager.guide/

Reasons why

1. performance & page speed from Cloudflare CDN caching and Cloudflare's network level optimisations
2. scalability - being able to handle alot of concurrent traffic
3. security - DDOS mitigation at layer 3/4 and 7 for network and application level security

Disclaimer, since end of 2018 I am an official Cloudflare MVP (not employee) but you could say Cloudflare Community advocate of sorts and do get extra perks. But I've been a paying Cloudflare user for 9+ years. My forums started on CF free plan, then pro, then business and now on enterprise plan while blog started on CF free plan but now moved to business plan.

Naturally, the next question I usually get asked is what is difference between plans ? This question gets asked alot my both my paying clients and Centmin Mod users as well as folks on various forums I visit. My usual reply on Cloudflare Business vs Pro from my perspective in terms of performance, security and features
:)

  1. CF Business allows full page HTML guest caching via bypass cache on cookie page rule - Caching Anonymous Page Views so think of Varnish Cache guest full HTML cache but on CF Edge servers CDN'd.
  2. Cloudflare Business has Railgun which allows accelerating non-cacheable requests like dynamic HTML generated from PHP like on this forum for logged in members.
  3. Both bypass cache on cookie + railgun combined allow Cloudflare to accelerate guest + logged in members. In terms of page load speed, this is the biggest benefit of Cloudflare Business plan, having access to bypass cache on cookie page rule and Cloudflare Railgun.
  4. Cloudflare Business also gets 50 page rules to play with for much finer grain control per url/directory/asset cache configurations
  5. Cloudflare Analytics views on Business plans can have lower periods other than 24hrs like 30min to 12hrs views.
  6. Cloudflare Business get more CF Firewall rules at 100 versus 20 for Pro and 5 for free so you can have finer grain control over your security firewall rules for your web apps i.e. specific rules for your registration/login urls etc.
  7. Cloudflare max upload file limits vary on plan too https://support.cloudflare.com/hc/en-us/articles/200172516#h_51422705-42d0-450d-8eb1-5321dcadb5bc. Business get max 200MB, Free & Pro get 100MB and Enterprise 500MB
As to Cloudflare Pro vs Free plans, Cloudflare Pro plan is beneficial for higher quotas or page rules, firewall rules, firewall ip/rule limits, rate limiting rules, user agent blocking rules and mirage/polish webp, enhanced HTTP/2 priorization, TCP Turbo etc which free plan won't have and/or has less quota limits for.
:)
All these additional quota/features allow you to better make use of Cloudflare for security and performance.

Then there's Cloudflare Enterprise plans have a few unique features too - one I like most is CDN cache prefetch which allows you to pre-warm up your CDN cache for all 200+ CF datacenters :)
  • Min Cache TTL Expiry - can be set to much lower values
  • Client Max Upload Size (MB) at 500MB instead of 100MB of free/Pro, 200MB on Biz plan
  • Cache Purge - By Tag - set a cache header tag for specific url/requests and only purge those https://support.cloudflare.com/hc/en-us/articles/200169246-Purging-cached-resources-from-Cloudflare
  • Cache Purge - By Host - purge by hostname/subdomain so you do not need to purge all domain/subdomains on your zone
  • Custom Cache Keys - https://support.cloudflare.com/hc/en-us/articles/115004290387-Creating-Cache-Keys
  • Prioritized IP Ranges
  • Prefetching URLs <-- love this one
  • Tiered Caching <-- love this too = part of Argo features but is free on Enterprise plan for higher cache hit rate and less fetching from origin servers
  • Page Rules <-- more extension options and up to 100 page rules on Enterprise plan
  • CNAME Setup
  • Subdomain Zones (LTZ) curious how this would work for existing subdomains proxied
  • Header Rewrites
  • Image Resizing
  • Enterprise DDoS Mitigation
  • True Client IP Header
  • Argo Tunnel
  • Wildcard DNS Record Proxy
  • Secondary DNS
  • Role-based Access Control
  • Read-only User Access
  • Multi-Org Setup
  • SSO Support
  • Site Analytics (resolution) down to minutes
  • DNS Analytics (historical time)
  • Audit Logs
  • Request Logs <-- being able to parse and process and view your CF edge server logs is very handy when I want to drill down into specific error codes at CF edge server :)
  • Custom SSL cipher preferences for HTTPS
  • Custom Authenticated Origin Pull certs
  • Bot Management https://blog.cloudflare.com/cloudflare-bot-management-machine-learning-and-more/
More differences you can see in Cloudflare pricing plan comparison at https://www.cloudflare.com/plans/ which has a link to view and compare all features on that page.

An example for Cloudflare Enterprise log parsing

Code:
pzcat /home/cfcmm-logs/*/*.log.gz  | jq -r '.CacheCacheStatus' | sort -n | uniq -c | sort -rn

127105220 hit
1962679 unknown
1825693 miss
731270 expired
473685 revalidated
  87908 updating
   1447 stale
      5 bypass
breakdown my CF CDN cache response codes - i can take it further for example to just list all url requests which gave 522 CF HTTP status code etc
Code:
pzcat /home/cfcmm-logs/*/*.log.gz | jq -r '.CacheResponseStatus' | sort -n | uniq -c | sort -rn                                                                   
7001896 200
  60924 304
  22608 0
  19237 503
  17119 307
  15050 301
   7707 303
   5093 302
   4666 206
   4573 404
   2777 403
    112 524
     68 520
     66 522
     48 405
     34 416
     25 502
      7 400
      2 521
CF Enterprise Firewall rules also allow log/simulate only actions as well so you can do dry runs first etc

1596478844292.png

1596478807891.png
 
Last edited:

DigNap15

Adherent
Joined
Sep 14, 2019
Messages
340
A great topic.
I am interested in getting Cloudfare just so that i can block many countries.
I have a New Zeaand based forum and I am only interested in traffic from 5 or 6 countries.
If I could block all the robots useless traffic from those other countries I might be able to use less bandwidth and have less potential scammers etc
 

SGT Oddball

Aspirant
Joined
Feb 24, 2010
Messages
32
I really wish I'd moved over to Cloudflare earlier, just blocking a few countries and ASN's from registering and the contact us has dropped spam to virtually nothing, and the firewall logs show just how often I was getting attacked and allowed me to block or add challenges to the ASN's of the datacenters that were the worst offenders.

That coupled with CF caching 50+% of my requests make it well worth $20/mo.
 

Dubbed Navigator

Adherent
Joined
Jul 22, 2014
Messages
351
I really wish I'd moved over to Cloudflare earlier, just blocking a few countries and ASN's from registering and the contact us has dropped spam to virtually nothing, and the firewall logs show just how often I was getting attacked and allowed me to block or add challenges to the ASN's of the datacenters that were the worst offenders.
Must say that SPAM on my forum has dropped to very little indeed. Looking at CF firewall, it wouldn't be unreasonable to think it was responsible for at least some of that.
 

Alpha1

Administrator
Joined
May 28, 2007
Messages
4,002
The client max upload is a full showstopper for some projects. Forget about using CloudFlare for a starting video upload site. Short video's are easily 200mb. Other videos are often well over 500mb. I was quite surprised that cloudflare completely blocks this and I had to remove CF on a new project.
 

arn

Aspirant
Joined
Oct 1, 2012
Messages
18
The client max upload is a full showstopper for some projects. Forget about using CloudFlare for a starting video upload site. Short video's are easily 200mb. Other videos are often well over 500mb. I was quite surprised that cloudflare completely blocks this and I had to remove CF on a new project.
for XenForo at least, you should be able to use this to get around it

 

Paul M

Limeade Addict
Joined
Jun 26, 2006
Messages
3,933
I don't use Cloudflare or any CDN. I don't believe they would benefit my sites but obviously every case is different. I tend to take a rather minimalist approach and prefer to keep things simple.
Ditto.
I have zero need for them.
 

Alpha1

Administrator
Joined
May 28, 2007
Messages
4,002
for XenForo at least, you should be able to use this to get around it

Interesting. I will check if a plugin from a reliable author is available for WordPress.
 
Top