Since i run lots of sites, things like performance, security, caching, stats are part of the daily routine of running them and of course of extreme importance, whats the point of having a kick ass site if its slow or insecure, so a couple of months ago i heard of cloudflare, basically its a proxy/caching system, but by using this caching system they provide caching for your dns, for site files, as well as intrusion detection, stats and a series of other niceties, this happens mostly because every time anyone wants to visit a site that is using cloudflare it will pass through cloudflare servers before reaching the site.
At first it sounds like an awesome product, first of all the basic package is already extensive and free, but even the paid version seems to have even nicer features and at a very affordable price (it would be nicer if it was $5 each site, and not $20 the first and $5 the remaining), especially comparing to somewhat equivalent CDN and Security systems available online, also impressive is the control panel, very simple but with lots of features (comparing with something like google analytics, its way better at presenting a one page overview), so i decided to test cloudflare and see if it was a good fit for the S2R network.
The testing was done with 3 sites, that have different functions, frameworks, servers, performance and traffic, this way i could see how effective cloudflare is, i do this by doing a initial setup and testing and then having a couple of site monitoring services checking up on the site as well as me randomly visiting them and testing again.
So the simple site was a domain hosted, blogspot powered site, basic template and its mostly a placeholder site while it isnt developed, so low traffic (about 30 uniques a day), low content, quick site.
Following cloudflare instructions and setup, change the dns and waited for it to change, it took about 5minutes for dns to refresh and the site showed first a nginx error (nginx is a webserver software), then after 5minutes a cloudflare logo saying that the cache was being made and after a total of about 15minutes the site was running on cloudflare, first of all this initial caching sucked, first errors, then cloudflare logos, the caching should be done in the background, start in offline mode and then turn itself on when it can cache so users should always see the site, although not too long, this was far from a transparent change, the site remained on cloudflare for around 3 weeks,
after about 2 weeks i got a site down warning, when i visited the site i got a topbar from cloudflare saying that the site was in offline mode (one of cloudflare features), after about 2 minutes of refreshing the site went back to normal, i don’t think it was down at all, still what made me not so happy was putting cloudflare logo and links on that topbar.
Site 2 – The Heavy Duty but Simple Site
So the HDBSS is a domain hosted on a shared server that runs a simple image board software, it caches all the pages in html, so basically its html and pictures, still the site is popular and has higher traffic (about 3000 uniques a day), large but simple content, and because of all the images it is slower to load (altough we do use caching for a lot of things, but i turned them off during this trial).
Again the cloudflare setup, this time around i didnt see any cloudflare logos or problems and the site runned fine from what i could tell, however somethings didn’t work, connecting to the backend (running php) was no problem, but the forms wouldnt work, my only doubt was that probably the captchas or ips were not matching (because of the proxy nature of cloudflare) and therefore the form wouldnt work, the strange thing is that other people could post, so on one part i was having some complains and could see that it wasnt working but posts still kept coming, i did try some workarounds like disabling the form captchas, disabling other settings, but that didnt work so the trial on site 2 was cut short to one day and a half, so after the dns change was complete, the site returned to normal, so the likely culprit was indeed cloudflare, so FAIL!
Well not that complex, but its a domain hosted on a server that runs 2 copies of wordpress (long story), its somewhat popular (about 1000 uniques a day), its a ecommerce site, with large dynamic content, in this case i left wordpress caching (w3 caching) and installed the wordpress plugin from cloudflare.
Setup run smooth, but this time around when dns kicked in i only saw the ngix error, i went to cloudflare help and there said it might be my firewall, so i checked, no, but i put the exceptions anyways and contacted the server host for them to check (later i received that they didnt blocked anything as well as my firewall and that the ips from cloudflare connected correctly), i waited for 30 minutes and then reverted the changes, so again a FAIL!
Humm this didnt went at all like i expected, i didn’t do all of these at the same time, this was done randomly during about a 2 month period, so if there were problems on cloudflare side, then they were recurring, however there are 2 things that concern me regarding cloudflare,
First all the links and logos from them, anytime something is wrong they show their logo, i dont think that is userfriendly it should show the logo of the site in question or just a plain text warning from the site in question, showing cloudflare is confusing to any visitor, ohhh whats happening i thought i was going to vacationparadise.com, where is the site? what is this cloudflare??? is cloudflare there to catter to webmasters or to the general public? cause if i buy CDN from Akmai or Amazon they wont show their logo’s in my site, now would they.
Second it seems too forceful, its make it or break it, if it runs at first it probably will run fine, if it doesn’t, then it doesn’t at all, also their system is purely proxying, so you have to install plugins to make it work fine and for example report links, its too easy to break your site, that risk just for some caching and some security is not a good tradeoff, better to optimize and use caching.
Update: I’ve done another updated review of cloudflare! check it out!