Do cloudflare really help?

rvZA

rvZA

Honorary Master
Joined
Jan 3, 2021
Messages
25,277
Reaction score
25,153
Just out of interest, do Cloudfare really help in speeding up websites, blocking malicious traffic, etc? Is it worth spending $20 a month for a pro account?
 
Fulcrum29 said:
Yes, but it isn't set up and go. The optimal values have to be set.
Click to expand...

Thanks, yes, I see there are a lot of settings that can, and probably needs to be changed. I do not think I will need to change many.

Out of interest, the Firewall, would it be sufficient to use their own settings they created and recommend?
 
Cloudflare is a treasure. The free tier is amazing, as are their paid ones. But it's important to use what you actually need from them.

Most websites are not going to benefit from a CDN unless visitors are spread out geographically or your server is located far from your audience (or Russia is targeting you for cyber attacks). Even the free tier includes very good DDoS protection, and you should have a server-level Web Application Firewall and other security optimisations outside of Cloudflare.

If you're considering a setup for a basic site, then the free tier is more than sufficient for your needs. Just proxy the IPs that point to your server, ensure security is set to 'strict', that SSL is enforced, that you're not minifying CSS or JavaScript within Cloudflare, and you should be golden.

And if it's basic performance optimisation you're after, Cloudflare isn't necessary to handle that. Just use something like ShortPixel Adaptive Images to serve images via CDN in a resized, compressed state. And ensure that CSS and JS is minified but not combined. If you're using WordPress, my favourite optimisation plugin is Asset CleanUp Pro.
 
rvZA said:
Thanks, yes, I see there are a lot of settings that can, and probably needs to be changed. I do not think I will need to change many.

Out of interest, the Firewall, would it be sufficient to use their own settings they created and recommend?
Click to expand...

It entirely depends on your requirements. There website is rich in blogs and guides,

- https://developers.cloudflare.com/firewall/
- https://blog.cloudflare.com/how-we-made-firewall-rules/

it is not question that can be answered without understanding your ecosystem.
 
Bryn said:
Cloudflare is a treasure. The free tier is amazing, as are their paid ones. But it's important to use what you actually need from them.

Most websites are not going to benefit from a CDN unless visitors are spread out geographically or your server is located far from your audience (or Russia is targeting you for cyber attacks). Even the free tier includes very good DDoS protection, and you should have a server-level Web Application Firewall and other security optimisations outside of Cloudflare.

If you're considering a setup for a basic site, then the free tier is more than sufficient for your needs. Just proxy the IPs that point to your server, ensure security is set to 'strict', that SSL is enforced, that you're not minifying CSS or JavaScript within Cloudflare, and you should be golden.

And if it's basic performance optimisation you're after, Cloudflare isn't necessary to handle that. Just use something like ShortPixel Adaptive Images to serve images via CDN in a resized, compressed state. And ensure that CSS and JS is minified but not combined. If you're using WordPress, my favourite optimisation plugin is Asset CleanUp Pro.
Click to expand...

Thanks for this. My problems is a bit more complex than that of a small website. I do have a dedicated server running on 4 1TB SSDs, 64GB Ram and do have visitors across the globe. I do have some millions page views a month and data usage of around 500-700GB. One continuous problem I face, often to a point where my site runs extremely slow is bots cralwing my public pages (when I block the heavy data hogs, speeds normalize again). I also do get a lot of hacking (sql injection) attempts. Unfortunately, I do have some large .js and .css files that load on page loads. So, precisely what you mentioned above, I was wondering if it has not become time to consider using Cloudflare.
 
rvZA said:
Thanks for this. My problems is a bit more complex than that of a small website. I do have a dedicated server running on 4 1TB SSDs, 64GB Ram and do have visitors across the globe. I do have some millions page views a month and data usage of around 500-700GB. One continuous problem I face, often to a point where my site runs extremely slow is bots cralwing my public pages (when I block the heavy data hogs, speeds normalize again). I also do get a lot of hacking (sql injection) attempts. Unfortunately, I do have some large .js and .css files that load on page loads. So, precisely what you mentioned above, I was wondering if it has not become time to consider using Cloudflare.
Click to expand...
There is still a lot of info needed in order to determine an ideal setup for this scenario. You should get a professional consultant to discuss a solution with you.

From my experience, 90+% of dedi boxes are garbage. Old, secondhand hardware with low clocks in a crappy data centre with high server response times. Raw specs tell the least of the story. For a site with millions of views a month, what you typically want is scalability and reliability. A dedi is the opposite of that.

My personal recommendation would be shifting entirely over to AWS. Compute-optimised EC2, Cloudfront CDN, Route 53 DNS, SES for mail, S3 for media etc.

Many of your issues will stem from the web development side. Why are there large CSS and JS payloads? These days, they're typically tiny. Issues like this are not solved with a firewall or CDN.

Can you share a bit more info about how this site was developed and how the server is currently managed?
 
rvZA said:
Thanks for this. My problems is a bit more complex than that of a small website. I do have a dedicated server running on 4 1TB SSDs, 64GB Ram and do have visitors across the globe. I do have some millions page views a month and data usage of around 500-700GB. One continuous problem I face, often to a point where my site runs extremely slow is bots cralwing my public pages (when I block the heavy data hogs, speeds normalize again). I also do get a lot of hacking (sql injection) attempts. Unfortunately, I do have some large .js and .css files that load on page loads. So, precisely what you mentioned above, I was wondering if it has not become time to consider using Cloudflare.
Click to expand...
https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker or the apache equivalent.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X