Cloudflare Review - Should You Use It?


Since i run lots of sites, things like performance, security, caching, stats are part of the daily routine of running them and of course of extreme importance, whats the point of having a kick ass site if its slow or insecure, so a couple of months ago i heard of cloudflare, basically its a proxy/caching system, but by using this caching system they provide caching for your dns, for site files, as well as intrusion detection, stats and a series of other niceties, this happens mostly because everytime anyone wants to visit a site that is using cloudflare it will pass through cloudflare servers before reaching the site.

At first it sounds like an awesome product, first of all the basic package is already extensive and free, but even the paid version seems to have even nicer features and at a very affordable price (it would be nicer if it was $5 each site, and not $20 the first and $5 the remaining), especially comparing to somewhat equivalent CDN and Security systems available online, also impressive is the control panel, very simple but with lots of features (comparing with something like google analytics, its way better at presenting a one page overview), so i decided to test cloudflare and see if it was a good fit for the S2R network.

The testing was done with 3 sites, that have different functions, frameworks, servers, performance and traffic, this way i could see how effective cloudflare is, i do this by doing a initial setup and testing and then having a couple of site monitoring services checking up on the site as well as me randomly visiting them and testing again.

Site 1 - The Simple Site

So the simple site was a domain hosted, blogspot powered site, basic template and its mostly a placeholder site while it isnt developed, so low traffic (about 30 uniques a day), low content, quick site.

Following cloudflare instructions and setup, change the dns and waited for it to change, it took about 5minutes for dns to refresh and the site showed first a nginx error (nginx is a webserver software), then after 5minutes a cloudflare logo saying that the cache was being made and after a total of about 15minutes the site was running on cloudflare, first of all this initial caching sucked, first errors, then cloudflare logos, the caching should be done in the background, start in offline mode and then turn itself on when it can cache so users should always see the site, although not too long, this was far from a transparent change, the site remained on cloudflare for around 3 weeks,

after about 2 weeks i got a site down warning, when i visited the site i got a topbar from cloudflare saying that the site was in offline mode (one of cloudflare features), after about 2 minutes of refreshing the site went back to normal, i dont think it was down at all, still what made me not so happy was putting cloudflare logo and links on that topbar.

Site 2 - The Heavy Duty but Simple Site

So the HDBSS is a domain hosted on a shared server that runs a simple image board software, it caches all the pages in html, so basically its html and pictures, still the site is popular and has higher traffic (about 3000 uniques a day), large but simple content, and because of all the images it is slower to load (altough we do use caching for a lot of things, but i turned them off during this trial).

Again the cloudflare setup, this time around i didnt see any cloudflare logos or problems and the site runned fine from what i could tell, however somethings didn't work, connecting to the backend (running php) was no problem, but the forms wouldnt work, my only doubt was that probably the captchas or ips were not matching (because of the proxy nature of cloudflare) and therefore the form wouldnt work, the strange thing is that other people could post, so on one part i was having some complains and could see that it wasnt working but posts still kept coming, i did try some workarounds like disabling the form captchas, disabling other settings, but that didnt work so the trial on site 2 was cut short to one day and a half, so after the dns change was complete, the site returned to normal, so the likely culprit was indeed cloudflare, so FAIL!

 Site 3 - The Complex Site

Well not that complex, but its a domain hosted on a server that runs 2 copies of wordpress (long story), its somewhat popular (about 1000 uniques a day), its a ecommerce site, with large dynamic content, in this case i left wordpress caching (w3 caching) and installed the wordpress plugin from cloudflare.

Setup run smooth, but this time around when dns kicked in i only saw the ngix error, i went to cloudflare help and there said it might be my firewall, so i checked, no, but i put the exceptions anyways and contacted the server host for them to check (later i received that they didnt blocked anything as well as my firewall and that the ips from cloudflare connected correctly), i waited for 30 minutes and then reverted the changes, so again a FAIL!


Conclusion
Humm this didnt went at all like i expected, i didn't do all of these at the same time, this was done randomly during about a 2 month period, so if there were problems on cloudflare side, then they were recurring, however there are 2 things that concern me regarding cloudflare,

First all the links and logos from them, anytime something is wrong they show their logo, i dont think that is userfriendly it should show the logo of the site in question or just a plain text warning from the site in question, showing cloudflare is confusing to any visitor, ohhh whats happening i thought i was going to vacationparadise.com, where is the site? what is this cloudflare??? is cloudflare there to catter to webmasters or to the general public? cause if i buy CDN from Akmai or Amazon they wont show their logo's in my site, now would they.

Second it seems too forceful, its make it or break it, if it runs at first it probably will run fine, if it doesn't, then it doesn't at all, also their system is purely proxying, so you have to install plugins to make it work fine and for example report links, its too easy to break your site, that risk just for some caching and some security is not a good tradeoff, better to optimize and use caching.

So my opinion of cloudflare is that its actually a pretty impressive product, especially their site, the features and customization even on a free product, but their caching seems limited, i didn't see any real performance boosts from my tests (even though their panel says its like twice as fast, real life tests from multiple sources didn't show me that, its more like a few ms and i think mostly cause i don't use gzip and cloudflare uses it) as well as all the links and logos to cloudflare are ridiculous in my view, from the offline mode and from the initial cache, and probably for the "question pages" as well, even tough i didn't get any, but i did have one my visitors complaint that the site was blocking him from visiting because he had javascript turned off (probably noscript or something), so that's a bit worrisome as well, i would say the service has good promise but for now it shouldn't be used by anyone that runs more than a hobbist site.

Update: I've done another updated review of cloudflare! check it out!

11 comments:

damon said...

Hi,

Thank you for the feedback & we're sorry you didn't have a great experience. A couple of quick things:

- The offline browsing message is a feature that can be turned off.
-The challenge pages are currently undergoing a redesign, one that will allow for some level of customization by site owners.
-It is really tough to troubleshoot some of the complaints mentioned because the sites aren't active (I also don't see any contacts in our customer service queue).

Please do feel free to contact me directly if I can help be of assistance. Again, I do apologize if your experience has been atypical to most CloudFlare customers.

fiend said...

ohh that was quick... monitoring the social stream are we ^^ thats cool

-yeah i know offline browser is a feature, that's why i turned it off on the other trials, so i cant really say if it works good or not, it is ugly.
-yeah customization or at least white-branding every aspect related with visitor interaction is a must.
-well i did try and troubleshoot with the forum and help sections, i did not contact support, maybe i should, but this was a test mostly for myself and should be taken as such, if a user with experience like me cant make it work, then it has some problems, whether is atypical or not, i speak only for myself and my experience.

fiend said...

as a side-note, i just checked the cloudflare forum and seems this kind of issues are not so atypical, for a moment there i thought maybe i was just having really bad luck, anyways, i will try again in a couple of months ^_^

SoftduitMedia said...

I've been trying out cloudflare on a few different sites. I definitely like the threat detection aspect of the service. I've only seen as much as about 1 second of increased load time at best on the sites I've run it on.

Some domains were non-starters right from go. Others seemed to create problems after the fact. I searched the forums and help sections for answers but came up short. (I felt like there might be answers there but could not find them)

I contacted support (and have even exchanged and email or two with someone named Damon) but there is no ticketing process so I can't follow up on outstanding issues or derivations as we move past one troubleshooting problem to a new one that may or may not be related.

All of my sites are WordPress sites, all run on hostgator which is supposed to be friendly to cloudflare (somehow). All my sites are on my own vps at hostgator. Right from go, my primary domain on that server, the domain that powers the server and the DNS names, was an immediate fail. That didn't work at all. I lost access to whm and cpanel on all domains.

I removed the primary domain from cloudflare and got access to whm back again. cpanel access has to go through direct.domainname.com/cpanel instead of domainname.com/cpanel which if everything else worked would be annoying the first time and ok after that.

But the big problem, I've found is that once I'm logged into wordpress itself, I'm getting 404 errors inside the wp-admin sometimes I can't login at all, other times, I login, but can't execute/write anything. I get a 404 error with the link followed by (port 80)

I'm running out of time to keep messing with this, but noticed in hostgator support the following article that basically says you cannot use dns for anything other than hostgator servers (that would make it seem that hostgator might not be so friendly for cloudflare after all unless hostgator's article is dated maybe)

http://support.hostgator.com/articles/cpanel/proxy-access-for-cpanel-whm-and-webmail-needed-to-bypass-firewalls

At the end of the day, I'm left wondering if there is some other service that can do threat detection / blocking alone. I hadn't found that elsewhere yet. Everything else I can do myself ala carte. the one stop shop was nice, but it just isn't working. :(

fiend said...

Probably its the same damon that posted here ^_^' hehehe

Anyways i can give you a bit more insight, i think hostgator is a "cloudflare partner host" only for hostgator shared hosting, not vps hosting, in vps its you who controls the settings, not hostgator, thats probably why it wasnt so smooth.

Also you should pay extra attention to your primary domain (the domain you are using for your hostname and main dns), cause using that with cloudflare might mess things up for other domains or for cpanel, you really don't want to do that.

And yes in the site that i had wordpress the same happen to me, maybe not that flagrant but some stuff stopped working at random times (probably cause wordpress admin needed something and cloudflare cache was giving something else... hence your 404 errors and in my case the image upload flash not loading or post automatic saves hanging).

The load times, is like i said, if you already have a good optimized site, by doing it right or just using mod_pagespeed on apache or w3 total cache on wordpress, much of the performance enhancements of cloudflare become mute.

Regarding the threat detection/blocking, well not too sure about that as well, one of the sites i tried is heavily abused by bots and spammers and cloudflare system didn't seem to make any effect (on the 3 weeks it was on), but well it could be like akismet and get better with time, also blocking is easy, there are 20 ways of doing it, now the detection/prevention that's the hard part, in case of cloudflare they use Project Honey Pot (were ppl submit bad ips and hostnames) and probably from submissions inside cloudflare to know what to block.

and yeah like i said above, cloudflare in my opinion is still in heavy beta and shouldn't be used in production sites, also i think 90% of cloudflare reviews online at this time haven't used the system long or hard enough to find the many flaws it still has.

ProGameR said...

Adsense and CloudFlare dont work well together, and they have a few issues other then just that to workout.

fiend said...

Reall?, im not protecting cloudflare, but unless you activate their minify+rocketlauncher thingys (that optimize javascript), then they dont touch the javascript at all and it would work just fine, also adsense is external javascript, not too sure if they even cache that... so problems with adsense seem a bit... oh wait, you might have a reason, cloudflare might hide the ips of your users to adsense, and adsense might freak out with that... yeah i see... adsense might be a problem with cloudflare hummm

ps: yes i dont edit anything i write... hehehe, thanks for the comment

ProGameR said...

I tested cloudflare on a site that I have that gets steady adsense profits each day, Once I activated cloudflare the profits just stopped.

fiend said...

yeah cause adsense only sees a couple of ips from cloudflare and not the ips from the visitors, thats probably why adsense stopped working, not too sure how you can get around that... maybe try and activating cloudflare rocket loader, since it changes the javascript, it might also give the correct ip to google's adsense javascript... maybe ^_^

tamsr said...

I came here because I activated cloudflare a few months back and my site disappeared. I was relatively new and thought it was just me. I did it again yesterday and the same thing happened to my homepage only this time. I'm not very happy. I'm going to change back right now. Tired of playing with a "could be" better while it's not helping me. Thanks for this article. I was here to look for solutions but it seems there may be more to the headache than I'm willing to invest at the time. :(

fiend said...

humm well its getting a bit better, i've done a new post about it, if thats happening to you, maybe your host/software is blocking cloudflare, there are issues, but thats the most common problem...

i now use about 5 sites (out of my 100+ sites) on cloudflare and 4 work fine, but one also keeps having problems with timeouts and nginx-clodflare page popping out pretty regularly, so yeah there are still some kinks >_<

also as a sidenote, you could try cloudflare's competition, using a cdn like amazon,rackspace,maxcdn or a proxy cdn like incapsula,blaze.io,torbit or google page speed service ^_^

Post a Comment