I, along with several of my customers, gave Cloudflare (both free and paid services) a shot for several months. In the end, we all decided to stop using it as it created more harm than it helped.
For those who are not familiar, Cloudflare is a DNS service that speeds up your site by use of intelligent caching. When users go to request your site, say,
IANA — Example domains, the DNS request is routed to Cloudflare's servers. Once there, it then determines where the user is located in the world and then routes them to a Cloudflare server that is closest to the user. Finally, after performing various metrics, Cloudflare will then determine if the user is safe to visit your site or not. If they are safe, Cloudflare will proxy your site to the end user (also making a cache of your site on that Cloudflare server). Repeat visits, will result in the user loading the page directly from Cloudflare (no proxy at all) unless the page has changed (in which, chances are it has) and it will proxy the changes accordingly.
The benefit to Cloudflare is, as mentioned, it can drastically speed up site performance since only new requests go to your server (repeat requests are served from Cloudflare's servers). This reduces load as well. Further, using their crowd sourced metrics, it can determine whether or not the user is safe to visit your site (and will stop them if they are not)... and that is where we ran into problems.
First, the metrics that they use are crowd sourced (meaning that they watch various non Cloudflare owned points on the internet to determine whether certain communication is safe as opposed to running a proprietary Cloudflare owned system to determine this). While crowd sourcing has its benefits, it can also lead to a bunch of false positives and, in many cases, outdated data (something being reported as true one day and never being reported as false later on). While we did notice performance increases (when setup correctly, of course), we also noticed huge drops in legitimate viewership because they were being blocked from viewing by Cloudflare.
Another issue that we ran into (another huge drawback) is that their crowd sourcing is not just for web traffic... it's for ALL traffic. This is because in order to use Cloudflare, you have to point your domain name's nameservers to their systems. Now, grant it, I do not get a ton of email spam, thanks to Gmail, so email protection wasn't something that I was looking for. However, you end up getting that as well (since they are controlling your DNS). What did end up happening was I started to get legitimate people calling stating that their emails being sent to me were bouncing back stating that it was refusing their communication. I could email out, but they could not send me a return email. Further investigate showed that Cloudflare was blocking their email servers from performing MX record lookups because it thought their systems were untrusted. This became an even bigger problem due to the fact that you cannot control their metrics for blocking. Also, due to the nature of my work, I get a lot of emails from people I do not know or have ever met. Thus, when they are blocked, I have no way of knowing and they have no way of letting me know otherwise.
Finally (and this was probably the biggest issue that we ran into), Cloudflare's system was not reliable. For legitimate traffic, we ran into issues in which one day, we could access the sites and on others, we couldn't. And this time, the reason for not being able to access was not because we were blocked, but because the Cloudflare system that I was being routed to at the time was down. This is one of the real drawbacks and dangers of any CDN type product. If the system closest to you goes down and their systems do not reroute you to the next closest system (or if that rerouting system also goes down), then for parts of your users, they can no longer access your site, even though it is available elsewhere in the world.
So, in the end, we all decided to let Cloudflare grow for another couple of years and then come back to it when more kinks have been worked out.
Bookmarks