Cloudflare Threats and Opportunities

In this article, we will look at the threats and opportunities of Cloudflare. 

Cloudflare technology is a CDN (content delivery network) that offers more features than a standard CDN. Cloudflare provides additional protection against external attacks such as DDoS attacks, caches static resources and data on your website, speeds up website loading (though not always), and reduces the load on your web hosting.

It's a CDN that sits between your domain and your web host. But even Cloudflare has its threats and opportunities.

What Cloudflare does and how it works

Cloudflare allows (works like a conduit) all traffic reaching your server (your website) to pass through Cloudflare's filtering process. Then only verified traffic is sent to the hosting, so to speak, clean traffic. Cloudflare has different levels of security depending on the spammers and hackers you want to filter out before they even access the files on the hosting.

Keep in mind that this is still a commercial content delivery network with built-in distributed denial of service (DDoS) protection. It can act as a reverse proxy and domain name server for your site. It provides a useful IPv6 failover mechanism if your hosting provider does not provide its own, native IPv6. All in all, it sounds good. 

Cloudflare is also a content delivery network that acts as an intermediate layer (gateway) between your actual hosting and the website users see (through a browser) using your domain name. This is a free service with additional premium paid packages for sites with high traffic or other more demanding needs.

Cloudflare has many data centers around the world, so your visitors are served by the data center closest to them, allowing you to quickly change your web hosting without waiting for NS servers to be updated.

Usage of Cloudflare

You can use Cloudflare if you have limited bandwidth, too much spam, DDoS problems, or website hacking issues (threats or real attacks). Also, if your hosting is of poor quality and you have problems with website loading time or your website is disconnected too often. CloudFlare can store static data on your web page, such as images, JavaScript, and CSS, but not HTML. 

The content delivery network or CDN is different from Cloudflare. 

You can use an alternate (additional) CDN mirror link to transfer static content from the CDN. The CDN delivers content from the closest location from which the request is made, which speeds up the delivery of content. In this case, the browser does not need to send additional header information for static content, and you can reduce the size of the transmitted packet to speed up your site's load time. 

If you serve CDN content from the same domain or subdomain, the CDN can relieve your server of serving static content; it can serve content from the closest location to the end user; it allows browsers to pull content that is relevant to your site's content; and it increases the transfer of content to the user.

You can go to Cloudflare.com and sign up for a free account, add your domain and it will automatically detect the current servers and IP address of the current host. Simply select the security and caching settings you want and click "Next", then copy the NS servers provided by Cloudflare and add them to your domain name registrar's domain settings. Cloudflare will register a free account for you.

Benefits of utilizing Cloudflare

CloudFlare hides the source IP address of your web host so that not every hacker can organize an attack on the server; it caches some (or all) of your site's resources for fast loading and makes the real server less busy; it gives you the ability to block almost all DDoS attacks. 

Because CloudFlare is similar to a CDN, it can continue to serve cached data for most of your web pages even if your website is down. It also allows you to add multiple domains. You can block access to your site from certain regions or countries. And it also provides you with a free SSL certificate (HTTPS connection) that you can also use on your hosting. 

Cloudflare is free to use, while many other services have a CDN service that you have to pay for. Because your site is filtered and only good traffic is allowed through, your site can save hosting resources (such as bandwidth) and also increase the speed of your site due through caching.

You can filter out bad (dangerous or unreliable) traffic. The site is protected from automated bots and spammers. Not all traffic is routed through Cloudflare, so you'll save bandwidth that could be lost to spammers and hackers. Cloudflare statistics are more accurate than JavaScript-based statistics because they track all traffic statistics that JavaScript may miss due to blocked JavaScript content or pages that don't load.

Cloudflare blocks DDoS and DoS

A DDoS is an attack on a server to send numerous automated requests to a server from multiple locations in a short period of time in an attempt to bring it down. If your IP address is known to a hacker, Cloudflare can protect your server from DDoS if an attacker is targeting the IP directly.

CloudFlare is an intermediary 

between your server and your visitors, whose sensitive data passes through CloudFlare's server before it is delivered to the client. CloudFlare has the ability to monitor all your traffic, it can inject code into HTTP headers and into your web pages.

With Cloudflare, DNS changes are faster, 

because your DNS is controlled by Cloudflare. Cloudflare helps reduce unnecessary inbound traffic. Cloudflare offers free HTTPS, HTTP/2 and SPDY certificates for your domain, offers free (HSTS) HTTP Strict Transport Security for your site; it allows you to access your site through an IPV6 address even if your server has an IPV4 address; it can minimize CSS, Javascript and HTML.

Cloudflare can protect your API, 

by limiting the number of requests within a certain time frame. But this is a paid option that can be configured in the Cloudflare configuration page. Cloudflare penetrates the javascript code and modifies the page return code; it changes page titles, can block the website, and can monitor your visitors and collect information about them.

Cloudflare is very easy to set up and use. 

If you are using WordPress or Drupal CMS and have access to your domain name registrar (to change NS servers), the CDN will deliver cached images and other bits and pieces of your site (but not HTML) to your visitor from one or more Cloudflare data centers located around the world, rather than from your web server. This minimizes your HTML, Javascript, and CSS. The result is a tangible improvement in your site's performance.

What are the downsides of Cloudflare?

For a variety of reasons, CloudFlare may slow down page loading instead of speeding it up. It's normal to add a step (hop) between the server and the client, and since there are additional settings to be made on the CloudFlare website, incorrect configuration can lead to downtime and reduced traffic.

That's why it's not enough to just buy or set up CloudFlare yourself, it's also important to configure it correctly. Doing so will greatly reduce your chances of experiencing problems with the service. 

If your website does not have enough traffic and you need protection against spam and there is a threat of hacking or DDoS attacks, you should know that Cloudflare has had problems in the past with website owners being blocked due to problems with their websites. We recommend that you run a penetration test from Datami on a regular basis. 

If you are using shared hosting (or VPN), you may need to check if your hosting provider is Cloudflare enabled, as most hosting companies do not support Cloudflare. You cannot set up additional subdomains with Cloudflare. Insufficient information about the data being cached.

Cloudflare offers limited security policies.

Cloudflare's basic/general protection is great, but if you need additional custom rules for pages, then the service can be limited. If you are using shared web hosting, it is a good improvement, but if you are on a dedicated server with Mod_Security running and CSF integrated, it can severely limit your server's capabilities.

Cloudflare has limited statistics and analytics.

Threat and attack statistics are very limited in data. Daily traffic reports are also limited. Therefore, you need to additionally use, for example, Google Analytics, which becomes a bit problematic due to the processing of several analytics sources.

Cloudflare security, reliability, and openness

At one time, when Cloudflare first appeared, it was a great and bright tool. But a lot of time has passed, and today Cloudflare passes more than 30% of the world's Internet through its structure. The big question remains about the decentralization of the entire Internet and its traffic.

A year ago, on July 2, 2019, Cloudflare crashed

and a huge number of large-scale sites, applications, and entire servers were unavailable. In this situation, all affected customers of the service were in a hopeless situation. They had no way to redirect traffic bypassing Cloudflare's NS servers, and the only way to change NS servers to their own would take at least a day, and in some cases up to 3 days. The downtime lasted several hours, but during this time, all companies suffered direct losses and many seriously thought about the dependence of thousands of companies on one service provider.

Complications for the user when Cloudflare is active

is that if the service's algorithms identify you as a dishonest user, you will have great difficulty visiting a particular website. It's also important to know that Cloudflare decrypts data encrypted with your SSL certificate transmitted via HTTPS. That is, the service always works through MiTM (Man-in-the-middle).

In other words, Cloudflare exposes its SSL, decrypts the encrypted data transmitted from your server — and then encrypts the data with its SSL certificate.

In short, Cloudflare has access to all the data that your website transmits to the user without exception. Now, imagine a situation where attackers hack Cloudflar — then all the protected data will be available in an instant.

Also, don't forget that the special services of the country under whose jurisdiction the service is located can access all the information they need upon request. This raises the question of the expediency of an SSL certificate in general since information from it can be accessed by both intelligence agencies and hackers.

Censorship and Cloudflare

The censorship situation is also complicated. Consider the situation with the 8chan site, which the company simply refused to serve because it deemed the site's content immoral. That is, the provider simply decided that it would not serve the site because it did not conform to the rules of morality. This is one of the first warning signs of censorship on the Internet.

Therefore, we should all be aware that we should not put all our data in one place and trust one person; that a commercial company (whose goal is to make money) has access to 30% of the world's Internet traffic, including sensitive data, which is even less secure; and that the company can transfer this data to a third party - Cloudflare itself.

Datami offers a full range of information security services for businesses of all sizes. The most popular service is 24/7 website monitoring and protection. 

Your Datami.