Yes, I know, this blog post title looks like ad. But it isn’t ad, because I use only Cloudflare free version and don’t have any contact with this company (excluding support for services). I decided to write this post, because I’ve used Cloudflare for many years and I’m very happy – please treat this like small review, and also maybe “tutorial”, how you can make your websites faster, provide better security and remove spam. Installation is very easy and you can also use free SSL – it can be great alternative to Let’s Encrypt. Let’s see, what Cloudflare offers.
What is Cloudflare?
First of all – what is Cloudflare? It’s DNS and proxy service for domains and websites. If you have your own domains, you use DNS for them – maybe domain registrator, maybe something else, but you use. Cloudflare is one of many DNS services, but also proxy – something between guests and your website server. If you think is similar to man-in-th-middle attack… your right, it’s the same. But… Cloudflare is big company and with extensive infrastructure for a lot of different services. I think choice is similar to “use cloud or not use cloud” – you can trust Cloudflare, or not. Benefits are big. There the most important advantages of using Cloudflare DNS:
Faster load times using CDN and minification
Brotli compression and AMP
Another advantage is Brotli algorithm support – it has been developed to replace gzip and deflate, with better results for ex. images. With that option we do not must change anything, just enable Brotli – cached data from our server will compressed using Brotli, saved on Cloudflare servers and then serve to visitors. With such DNS we can also use link to AMP (Accelerated Mobile Pages) automatically – if cloudflare detects links to websites with AMP support, will rewrite them to use AMP.
A lot of hosting providers offers dedicated IP for extra price, but only for IPv4. What about IPv6? It isn’t easy – many companies don’t offer such addresses for customers. Yes, of course, it’s still something exotical, something new, but if we can use IPv6, we should do that. Cloudflare offers also proxy/tunneling from IPv6 to IPv4. If our visitors use IPv6, they will be connected to Cloudflare servers, and these servers will transmit data to/from our server using IPv4 – again, it’s because of proxy.
Last, but also very, very important is security. Of course Cloudflare is DNS and as I wrote earlier, something like man-in-the-middle attack. But… there are also a lot of security features. Because it’s proxy, decentralized and also CDN with firewall, it’s very nice protection between DDoS attack. Many of websites started using Cloudflare AFTER big attacks and downtimes. Why not before? Another thing is antispam – proxy can “scan” visitors IPs and automatically blocks potential auto-spammers bots. It can also check uncertain users using captcha. You want to display your mail on website, but are afraid of spam? No problem, Cloudflare will also automatically obfuscates any mail addresses.
You can now (and should!) use free SSL certificates – not only for register or login pages, but also for all other. One option is Let’s Encrypt. Second – free, universal SSL from Cloudflare. Not perfect, because it’s use SNI, but it isn’t problem nowadays. You can also simply enable HSTS (very recommended), new TLS 1.3 encryption support and automatically rewriting and redirecting to HTTPS webpages. You can also generate origin certificates and use them between your server and Cloudflare to full encryption. The last thing – it’s proxy, so it hide your server real IP and it’s important.