What is Cloudflare ? How does it help webmasters ?

digitalpoint

Well-known member
Yeah, try that on a big board with hundreds of thousands of members.
Right... like I said... not worth it. Honestly I'd rethink the plan of trying to whitelist all users/IPs, etc... that becomes an impossible task real quick. Imagine if Facebook was trying to setup whitelists for it's users trying to access facebook.com Just not realistic even if it was easily configurable (the overhead of checking a whitelist containing millions of entries for every HTTP request becomes a resource impossibility).

Both XF and CF have an API so maybe a solution can be built. I know that when I was using Stackpath they were able to fetch the XF cookie to get the userID.
CF blocking legitimate XF members is the most common reason I hear why XF webmasters do not want to use CF.
CloudFlare is pretty good at blocking DDoS attacks even if you set the Security Level to "Essentially Off". You'd be better off using the CloudFlare API to switch it to something else based on the load your servers were experiencing. No one wants to get challenge responses... are you actually having issues where you need the challenge response system on for your users?
 

D.O.A.

Well-known member
They should reconsider their business model. Sensitive content from millions of Cloudflare websites available. Bug details.

The whole thing is more like snake oil.
Really? :sneaky: that's a ragel bug they created from two years ago. And fixed.
 

Tealk

Well-known member
Really? :sneaky: that's a ragel bug they created from two years ago. And fixed.
It's about the problem of how much data is stored and therefore could be stolen.
The whole service certainly has nothing to do with data protection.
 

Arty

Well-known member
It's about the problem of how much data is stored and therefore could be stolen.
The whole service certainly has nothing to do with data protection.
That's nonsense. All Clouflare really is is a proxy server. It stores files from your server on its edge servers to serve it faster to visitors. It doesn't have sensitive data, unless you enable optional features that store that data.

If you are worried about data protection, don't enable some optional services. Cloudflare with default options is as safe as any proxy server, probably even safer considering that they do take issues seriously and fix them quickly.
 

Tealk

Well-known member
If you are worried about data protection, don't enable some optional services. Cloudflare with default options is as safe as any proxy server, probably even safer considering that they do take issues seriously and fix them quickly.
Or I just don't use such an untrustworthy service at all.
 

Tealk

Well-known member
What's untrustworthy about it?
I do not entrust any external service with my entire data stream. I have no way of knowing what is being done with it.
Just the fact that it is offered "for free" means that all possible data will be fished and used and/or sold.
 

Arty

Well-known member
I do not entrust any external service with my entire data stream. I have no way of knowing what is being done with it.
Just the fact that it is offered "for free" means that all possible data will be fished and used and/or sold.
Then you shouldn't be on internet at all. If you want data to be private, don't put it on public internet.

As for their free offer, it is free, but they do sell extra features. For example, I'm using free service for my project, but paying $10/month for SSL. I have multiple origin servers located in different parts of world, so they offer load balancing service to deliver content from nearest server, which also costs money (but I'm not using it, instead I'm using Route53 latency routing to point CloudFlare to nearest origin server, which is much much cheaper and has same effect). That's core of their "free" service - sell additional features.
 

Tealk

Well-known member
Then you shouldn't be on internet at all. If you want data to be private, don't put it on public internet.
It's not about my data, it's about my users. I want to protect them.
Besides, it's a security issue. They deliver your website data and you don't know if it has been changed or not.
 
Last edited:

duderuud

Well-known member
I agree with @Arty . Cloudflare is a well known service, around for years with a pretty good reputation.

The users you talk about use their internet provider (duh), iOS or Android and Facebook/Twitter/etc.
If you are so worried about security that you don't want to use Cloudflare, you and your users should stop using computers and mobiles entirely.

You do know that big companies like DigitalOcean, Zendesk, LogMeIn and Adguard use Cloudflare right? Stop using their services too then...
 

Tealk

Well-known member
You do know that big companies like DigitalOcean, Zendesk, LogMeIn and Adguard use Cloudflare right? Stop using their services too then...
I don't use them like Facebook, Google, Twitter etc.
All IP addresses of these services are blacklisted in my PiHole.

Also Cloudflare blocks users who use the Tor browser which I find very annoying.
 

Kruzya

Active member
I want to protect them.
Then build datacenter, buy and install servers, and hire people for securing and maintenance.

I don't know, why, but i'm sure, you use server(-s) which you rent from another company. They can take away server with users data and sell them. And in this case, you can't protect your users.
 

Tealk

Well-known member
@Kruzya this deviates now very strongly from the topic however.
In addition, the provider will have a hard time getting data from encrypted hard drives
 
Top