What Is Cloudflare: A Quick Explanation

By Eric Hamilton
— Last Updated:
2018-11-30T07:42:59+00:00


Here at CommQueR.com, we have a affinity for discussing cybersecurity. If, like us, you’re a cybersecurity buff, you may have already heard about Cloudflare. It is a network and content delivery provider on the leading edge, but Cloudflare offers more than that, though.

Everyday denizens of the internet may not understand what Cloudflare is, unlike those who use its services. Many choose it to power their websites or blogs, and you’ve likely encountered its network while browsing the web, as it claims to handle around 10 percent of internet traffic. You just might not have known it.

It may be the biggest internet company you’ve never heard of, so we’re here to tell you what Cloudflare is. The company was given life thanks to a project designed to eliminate email spam, and, in a few short years, has become a massive security-as-a-service provider, content delivery network and an important part of the internet’s infrastructure.

What Is Cloudflare?

Cloudflare

Cloudflare was created in 2009 by former members of Project Honey Pot, a web-based, open source architecture that allows websites to collect information from IP addresses harvesting email addresses. Project Honey Pot was intended as a way to fight spam email and fraud.

In 2010, Project Honey Pot gave way to Cloudflare, and it was officially announced at the TechCrunch Disrupt conference that year. Cloudflare was born out of the desire to not only track the malicious behavior of cybercrime — as is the case with the Project Honey Pot network — but to stop or prevent it altogether.

Its vision was to secure websites against threats, but to do so without adding undo latency. As such, it began experimenting with ways to lower latency in its system by adding advanced caching processes and removing bad traffic, such as bots, from customers’ websites. You can learn more about the dangers of bots in our what is a botnet guide.

That gave way to Cloudflare’s vision of building a better internet. It started to offer CDN services, its proprietary Railgun network optimizer and more products aimed at security, reducing page loading times and enhancing user experience.

How it Works

Cloudflare acts as an intermediary between a client and a server, using a reverse proxy to mirror and cache websites. By storing web content for delivery on the closest edge server, it is able to optimize loading times. That also allows it to modify content, such as images and rich text, for better performance.

This intermediary design is also how Cloudflare offers a level of filtration for security. By sitting between the client and the hosting server, it can detect malicious traffic, intercept distributed denial-of-service attacks, deflect attacks from bots, remove bot traffic and limit spam.

Cloudflare Services

Cloudflare is a content delivery network. CDNs are an increasingly popular model across the internet because they solve an important problem: latency. They, at least in Cloudflare’s case, provide what’s known as an edge network. In short, an edge network creates a much closer entry point for data, rather than bouncing it between servers across the globe.

With 155 data centers around the world, Cloudflare works by caching a version of a customer’s website and any static resources, then delivering it to visitors based on their location.

That ensures the least amount of distance between a visitor and a website, which reduces latency, bandwidth and page load times. By moving the content and computational work closer, Cloudflare-powered websites can work faster.

The company’s DNS services use the same network of data centers. Cloudflare offers authoritative DNS and public DNS resolver services. Both are offered as privacy and speed-first alternatives to internet service provider DNS servers. In 2018, Cloudflare launched its free 1.1.1.1 DNS service, which is compatible with any device.

In addition to content delivery and DNS services, Cloudflare provides security as a service with DDoS protection, email obfuscation, web application firewall access and threat blocking. By sitting between a client and host, it can also filter traffic, reducing bot traffic and spam.

Protecting the online presence of public interest groups and political election websites is yet another service offered by Cloudflare — for free, at that. Project Galileo and the Athenian Project deliver its highest level of protection to organizations or state and local governments.  

Why You Should Use Cloudflare

Cloudflare Protection

Using a network like Cloudflare is worth considering for a few reasons, the most obvious being the potential for faster content load times. That could be a blog, WordPress website or an e-commerce website built with Shopify (read our beginner’s guide to Shopify).

Speed is everything. No one wants to wait on a webpage to load. Besides, the paradigm of edge computing — bringing information and content closer to devices or consumers — is only growing.

You also get enhanced security and protection. Cloudflare can reduce bot activity, mitigate a DDoS attack and prevent comment spam. It can protect your online presence and uptime in the event of a DDoS attack thanks to the way that it separates good traffic from bad. You can learn more about that in our guide on DDoS attacks.

By going with an edge provider, you reduce server load and bandwidth, both of which are good things. Having a CDN in front of your website also helps process large volumes of traffic, reducing the risk of your website crashing during peak hours or traffic spikes.

Even if you’re not looking to get a website or blog off the ground and into the ether, Cloudflare’s DNS services provide another third-party option. Third-party DNS services are usually more focused on security and performance, and they can prevent ISP snooping, tracking and targeted ads.

A third-party DNS service provides some of the features of a virtual private network’s security, but you should still use a VPN to maximize that security. We’ve mentioned DNS a few times. If you’re unsure what that is, you can read our what are DNS records guide to learn more.

How To Get Cloudflare

Activating Cloudflare is simple. There’s nothing that needs to change at a hardware or code level. All you have to do is create an account and select a plan. The service offers a basic plan for free, as well as paid plans aimed at enterprises. From there, you choose which websites you want to protect by updating their DNS to point to it.

Many web hosts, such as HostPapa and DreamHost, integrate with Cloudflare for free. Read our DreamHost review to learn more about that integration. Those hosts have Cloudflare options built in, so it’s just a matter of enabling them.

In fact, many of our best web hosting providers have options for Cloudflare. Providers such as A2, which is one of our picks for the best web hosting with cPanel, have options in the cPanel for it. Read our A2 Hosting review for an example of how that works.

For those among you who have WordPress websites, blogs or portfolios, you may remember we recommended SiteGround for WordPress hosting in our best web hosting for WordPress guide. As you can read in our SiteGround review, it also integrates with Cloudflare. Bluehost is also a good choice here, as you can read in our Bluehost review.

If you’re new to web hosting and want to launch a WordPress website, make sure to take a look at the other security measures outlined in our beginner’s guide to using WordPress, too.

If you’re using one of our best website builders, such as Wix, your mileage with Cloudflare may vary. For instance, Wix websites are hosted exclusively on Wix servers, and getting Cloudflare and Wix to cooperate can be tricky at best. Be sure to read our Wix review for the service’s good qualities, though. 

Security Issues and Criticisms

Cloudflare Security

Most internet companies don’t climb the ladder without controversy and criticism, and Cloudflare is no exception. It’s somewhat ironic when a security-focused company becomes the victim of a security breach, but sometimes that’s how more secure products and services are built. We’re not talking Facebook levels of controversy, but it’s still notable.  

Cloudflare suffered from a major bug dubbed Cloudbleed in 2017. It was rooted in the HTML parser Cloudflare uses to mirror sites. An error caused what’s known as a buffer overrun, which means data was stored on corrupted memory. That data was then leaked into other traffic flowing through Cloudflare’s servers.

To make matters worse, the data was then indexed and cached by search engines, such as Bing and Google, perpetuating the problem. Up to 150 customers were affected, with Discord and Patreon being a couple of the big names on the list.

In 2012, hacker group UGNazi hijacked 4chan’s domain, redirecting users to one of the group’s Twitter pages. The attack was carried out by exploiting Google’s authentication systems, which enabled the attackers to get Cloudflare CEO Matthew Prince’s email address. From there, they were able to access the Cloudflare DNS and redirect traffic away from the hosted website.

Cloudflare has also come under fire in net neutrality debates for its stance on absolute neutrality in regards to free speech and content created by its customers. That was highlighted when it took down the infamous hate speech website Daily Stormer, if only after being pressured by outraged customers to do so.

Afterward, Prince detailed why the Daily Stormer’s account was terminated in a blog post. In the same post, he also outlined why internet infrastructure companies shouldn’t be in the censorship business.

Final Thoughts

Using a CDN is a great way to accelerate your web content. Whether that be a local blog or an e-commerce website, CDNs, such as Cloudflare, can help improve the performance and accessibility of your website. Cloudflare is unique in that it can also enhance your security.

Cloudflare isn’t the only CDN available, but it’s one of the most prominent. It is consistently ranked among the Forbes Cloud 100 and has become one of the most popular CDNs in the world. It continues to be a prime example of how edge computing and networking is changing the internet.  

Sign up for our newsletter
to get the latest on new releases and more.

In some ways, a CDN can be thought of as a VPN for your website. On that note, if you haven’t checked out our best VPN providers of 2018, now is as good a time as any. We’re going to spoil it a bit and let you know that ExpressVPN ranks first, though (read our ExpressVPN review).

We hope we’ve helped you understand what Cloudflare is and what CDNs are in general. If you’ve used Cloudflare or a CDN before, let us know about your experience in the comments below or tweet at us.