Back
Why we love Cloudflare – and you will, too

Why we love Cloudflare – and you will, too

- - Articles

From time to time you find companies, products, or services you cannot help to fall in love with. As soon as you get used to them, you cannot imagine how you could work without them. Folks, no doubt Cloudflare is one of those.

Employed by over 10 million domains, chances are that you’re already using Cloudflare. But maybe you haven’t had the time to check everything they do to build a faster web and a more secure Internet. In this post I summarize some ways you can take advantage of their free plan to speed up and secure your websites.

A faster web

Cloudflare’s better known for offering an easy-to-set-up Content Delivery Network (CDN). Basically, Cloudflare’s DNS servers direct your website’s traffic to their own web servers. If they can deliver the requested content (cache hit), the request doesn’t have to reach your backend at all. Since Cloudflare owns 152 data centers around the world, most likely they can serve such request from a near-by server. So your web servers are offloaded and your website’s visitors usually receive your content faster – a win/win solution.

As described above, Cloudflare implements a so-called pull CDN. Contrary to a push CDN, the maintenance overhead is negligible because Cloudflare pulls your resources into their servers as they’re requested. This is, you don’t have to upload any resource to the CDN.

And the best of all is that they offer their global CDN for free. Really. I’m not sure if they were the first CDN provider offering their whole network for free – but they were the first ones I became aware of. It was kind of shocking in first place, since the CDN providers I was used to were far from free. But over time I realized they were really trying to build a better Internet, so giving away their CDN makes sense as part of their strategy.

A more secure Internet

Cloudflare’s CDN is fairly popular, but they’re also doing a lot to improve the security and privacy of communications throughout the Internet.

In first place, the websites that use Cloudflare’s CDN may get an edge TLS certficate for free. The caveat is that it’s a shared certificate that covers your website along with a bunch of other websites – but hey, it does the job in many cases. You can always buy a dedicated certificate if you want.

I bet the initiatives that have helped foster HTTPS the most are Google’s policies on the subject (e.g. decreasing the ranking of non-https websites in Google Search or regarding non-https websites as insecure in Chrome), Let’s Encrypt, and Cloudflare’s free edge certificates. Of course, these certs are published into Nimbus, the Certificate Transparency log run by Cloudflare.

In addition to that, as soon as you start using Cloudflare’s CDN you also get protection against DDoS attacks. Yes, also in their free plan – but you’ll have to upgrade to a paid plan in case you also want their Web Application Firewall (WAF).

Cloudflare also helps you enable DNSSEC for your domain easily. DNSSEC allows you to be sure that a DNS response is the one given by the corresponding authoritative name server. In other words, DNSSEC ensures the authenticity and integrity of DNS responses. To understand why this is relevant, think that a rogue DNS server might point your application users to a different server. We use DNSSEC at Moss so that our users can be sure that they’re taken to the right place when they log into their account 😀

dig moss.sh +dnssec
dig moss.sh +dnssec

For the former to hold true, users must use an appropriate DNS resolver. Fortunately most common resolvers (like Google’s 8.8.8.8) implement DNSSEC, including Cloudflare’s 1.1.1.1. In addition to being very fast, this resolver puts the focus on the user’s privacy. 1.1.1.1 doesn’t log your IP address and they guarantee they won’t ever do such a thing. So they won’t sell your data or use it to send you ads. Nice 🙂

And there’s more. This is 2018 Cloudflare’s Crypto Week – each day they’re announcing a free-to-use technology that uses cryptography to make the Internet more trustworthy. Check out their blog to keep an eye on them.

Company culture

Hopefully you now agree with me that Cloudflare is a great resource if you want to have performant and secure websites. They offer many wonderful features for free, and you can enjoy additional services if you buy a paid plan.

But in addition to that, I like the fact that Cloudflare takes transparency seriously. They publish a semi-annual report on the governmental requests they receive to disclose information about their customers. And when things go wrong, they don’t hide or blame others. They take responsibility and disclose the relevant information. Because shit happens everywhere – and when it does, I prefer to be working with people who disclose the problem, fix the issue, and implement the required policies to prevent the same thing from happening again. Don’t you think?

Lovely, don’t they?

Taking all this into account, it’s no surprise that Cloudflare is one of the most popular services among Moss’s customers. If you don’t have an account with them yet, I encourage you to create one.

You can leverage Moss and Cloudflare to improve the performance and security of your websites. In case you haven’t done it yet, remember that you can try Moss for free. I’ll keep blogging about how you can take the most out of these two products.

Don’t miss a post! Subscribe to the Moss Blog