First Class Security Without a Platinum Price Tag

When it comes to managing websites, most companies have more than enough on their plate trying to handle their website. Between customer service, security, training, optimization, and more, most companies already overloaded with tasks related to the administration of their websites.

Features Of CloudFlare

Fortunately, a service called CloudFlare provides reasonably priced packages to help website owners secure and optimize their websites. A few of the key features include:  CDN/Caching capabilities, code & script optimization, threat recognition via community intelligence (which helps protect against zero day exploits), streamlined and easy to understand analytics, and an easy to use app system to add additional functionality as needed.

CloudFlare comes in free and professional editions, with an enterprise edition currently in development. For this article, I did my testing using the free edition of CloudFlare, and despite not having the professional capabilities, the service performed very well and compared to many other vendors which nickel and dime clients, I did not feel constrained while using the free plan. Overall the service has an excellent interface which is powerful enough for an IT professional like myself, but it also has helpful tooltips next to virtually every setting so less technical users can have guidance while using the software.

In addition, CloudFlare receives extra praise from me for not plastering the user with ads and banners to upgrade to the professional edition. Unlike the Zynga model of freemium which involves constantly bombarding the user with ads for paid upgrades (I only mention Zynga here as they are known for their in-game ads. I do not mean to compare the services of each), in CloudFlare professional features simply have a “pro” icon next to them, with a upgrade page shown if the user clicks for more information.

Going back to my review, overall, CloudFlare passed my tests with flying colors despite my initial hesitance to use the service on my primary sites owing to my skepticism. The initial configuration simply involved updating my nameservers to the CloudFlare servers. From there, the service automatically recognized my domain settings and asked for confirmation. After that, I simply continued on with my work and checked the control panel 24 hours to see how the service worked.

While there are many features to mention, this review only covers the key features which are applicable to most users.

CloudFlare Analytics

Overall the analytics platform is as easy to use as Google Analytics. Listing key statistics such as threats, bandwidth saved, page requests, search engine crawl stats, and more all on one page, and it allows you to see which areas require the most attention when you first review the data. In addition, CloudFlare classifies the types of threats which were blocked, for example:  spammers, brute force attacks, injections, harvesters, and more all have their own categories so the user can easily differentiate between the severities of the threats.

CloudFlare Security

Moving on to the security capabilities,  CloudFlare acts as a firewall between general traffic and your server via a crowd sourced threat database to help detect traditional threats and zero-day exploits which have not been addressed by traditional security patches. The service also provides website owners an option to inform visitors that their computers are infected, by displaying an error page with a CAPTCHA to access the website as usual and also general information about the situation. In my initial testing on my sites, CloudFlare effectively replaced my usual spam filters with 99.9% accuracy and it also blocked a few suspicious crawlers from indexing parts of my site.

In addition to the added security, CloudFlare also improves site performance through caching and script/code optimization. Essentially “the poor man’s Akami,” CloudFlare markets itself as an alternative to traditional CDNs by caching your publicly available websites across their 13 data centers serving your content from the data center closest to your visitors. In addition, when using the service, your HTML and scripts are compressed using aggressive GZIP compression to improve load times.

As far as scalability goes, while I was skeptical of a free or $20/month service handling high amounts of traffic, a recent case study from CloudFlare discusses how website 2011BlackFridayAds successfully used CloudFlare since September 2011 through the November Black Friday rush by cutting the number of server requests by half a billion, and  saving about 29.3TB of bandwidth. While the study is worth a read, one key point to note is that as CloudFlare currently handles five times the amounts of traffic as Amazon.com, you can be fairly sure that scalability is likely not an issue with CloudFlare.

 

We at DCT would love to hear from you. Do let us know what you think.

Share on TwitterSubmit to StumbleUpon