Cloudflare is a web performance and security company that provides a number of cloud-based services that protect and accelerate websites and applciations. The company’s offerings include CDN, application acceleration, security (WAF and DDoS mitigation), DNS, and analytics. The company was founded in 2009 and is based in San Francisco, California.
They are one of the fastest growing cloud providers on earth, and as of early 2015, the company was already valued at more than $1 billion. This makes them one of only a handful of CDNs to ever break the into the billion dollar club, and they are still growing at an incredible pace. They now have over 100 data centers around the world and have received financial backing from companies like Google, Microsoft, and Baidu. Their partnership with Baidu allowed them to enter the Chinese market, where they now have dozens of POPs.
The Cloudflare network has been expanding rapidly since 2009, due largely to huge capital infusions totaling nearly $200 million as well as meteoric customer adoption. After their partnership with China’s Baidu which added another 17 locations in mainland China, plus continuous new POP rollouts throughout 2016 they have now crossed 100 points of presence globally. The total network capacity now exceededs 10 Tbps, making them larger than most other CDNs on the market outside veterans like Akamai and AWS.
Pricing & Contract Terms
Cloudflare was one of the first, and arguably the most successful CDNs to offer flat-rate pricing plans that they share right on their website. The Free plan offers bare-bones functionality best for personal websites. The Pro and Business plans offer access to more features including WAF, advanced DDoS protection, website optimization, dedicated support, and a 100% uptime SLA. Enterprise plans give you full access to their entire feature set, 24/7/365 support, guaranteed uptime, and nearly unlimited scale. Enterprise plans start around $5,000/month.
Cloudflare’s robust security features sit on top of a massive global content delivery network that spans every corner of the globe. But security isn’t the only thing they serve from these data centers, they also offer a number of website optimization features:
Automatic HTTPS Rewrites: Eliminates mixed content issues while enhancing performance and security by rewriting insecure URLs dynamically from known hosts to their secure counterpart.
Accelerated Mobile Links: Accelerated Mobile Links, powered by AMP technology, activates AMP-enabled links across your entire website, loading them 3-5x faster than normal mobile pages.
HTTP/2: The latest version of HTTP speeds up content delivery with multiplexing, header compression, stream priority and more.
Server Push: HTTP/2 Server Push allows a server or edge network to send assets to the browser before it even asks for them.
Opportunistic Encryption: Provides HTTP-only domains the benefits of encryption and web optimization features only available when using TLS.
This is an impressive feature set, but security is where Cloudflare really excels. Their WAF and DDoS services are the most widely used on the internet for a reason.
Automatic WAF Updates: Cloudflare security engineers constantly monitor the Internet for new vulnerabilities. When we find threats that apply to a large portion of our users, we automatically apply WAF rules to protect their Internet properties.
Collective Intelligence: Cloudflare sees roughly 2.9 million requests every second, and our WAF is continually identifying and blocking new potential threats. If you’re using a web application firewall that doesn’t leverage the collective intelligence of other web properties, you need to supply all your own WAF rules from scratch, which means you need to monitor the entire Internet security landscape on your own.
OWASP, Application-Specific, and Custom Rules: Cloudflare’s WAF protects your web properties from the OWASP top 10 vulnerabilities by default. These OWASP rules are supplemented by 148 built-in WAF rules that you can apply with the click of a button. Business and Enterprise customers can also request custom WAF rules to filter out specific attack traffic.
Protection Against Zero-Day Vulnerabilities: Cloudflare security engineers have dealt with a lot of zero-day vulnerabilities over the years. Read our developer blog to learn how every website on our network benefits from their virtual patches.
Cloudflare’s rise to the top of the CDN ecosystem is due largely in part to the simplicity of their service, their industry leading security offering, and their transparent and cost effective pricing plans. In just a few years they have surpassed most of their competitors in the CDN/cloud security space, crossing 100 POPs, 10 Tbps capacity, and serving over 6 million websites. For those looking for a competitively priced CDN with a strong security offering, you’ll have a hard time finding a better option.