CloudFlare benefits from a good reputation. However, we noticed major issues related to using CloudFlare.
- Security: CloudFlare is a proxy between your server and your visitors. Sensitive data also go through the CloudFlare server when they are delivered to a client. CloudFlare has the ability to monitor all your traffic and your content.
- Control: Cloudflare can inject code into your HTTP headers and your web pages and it can have any consequences.
- Availability: a Cloudflare web server may crash and your website may become unavailable for a user.
- Misconfiguration: Since additional settings should be made on the CloudFlare website, a misconfiguration can lead to downtimes and traffic drops. Here a case study of a Google traffic drop related to Cloudflare. Misconfiguration of DNS records in Cloudflare may impact your website accessibility.
- Dependency: By choosing to point your nameservers to another server that you don’t control, it means you accept to hand over a part of your website reachability to CloudFlare. If the CloudFlare server goes down, your website gets inaccessible even if your web server works fine. In other words, you decide to add a point of failure by using CloudFlare.
- Blocked Ports: Numerous ports are blocked by Cloudflare. It is not possible to use a domain hosted on Cloudflare to use a mail server or an FTP server. See the list of open ports in the advantages section.
- Speed: For those who have an international audience, this helps to get a stable page load time wherever your visitors are located on earth.
- DDOS attacks: Cloudflare mitigates DDOS attacks.
- Firewall: Cloudflare helps to reduce useless incoming traffic. Here is the list of opened ports when using CloudFlare. For HTTP: 80, 8080, 8880, 2052, 2082, 2086, 2095. For HTTPS: 443, 2053, 2083, 2087, 2096, 8443. You can also whitelist or blacklist IP addresses. There is also an interesting option called “challenge IP” which prompts for a captcha when requests come from an IP address.
- HTTPS, HTTP/2: Cloudflare provides free HTTPS, HTTP/2 and SPDY certificates for your domain.
- HSTS: Cloudflare provides free HTTP Strict Transport Security for your website.
- IPV6 reachability: Cloudflare allows your website to be accessed through an IPV6 address even if your server has an IPV4 address.
- Rate limiting: Cloudflare can protect your API by limiting the number of requests for a given time using a rule. It is a paid option and it is very easy to set up from the Cloudflare configuration page.
- Jurisdiction: CloudFlare is located in the USA. Consequently, this makes believe that your website is located in the USA. Your website is likely to benefit from the US jurisdiction and its freedom of speech.
My opinion about Cloudflare:
Cloudflare has the ability to be nasty with its customers as we explained in the disadvantages. Cloudflare has decided to terminate the account of Daily Stormer.
It is up to you.