New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Cloudflare ate my potatoes.
We gotta sue them.
I have a CF account with a few domains and the certs aren't shared between them. WRT nameservers, the ones you're assigned when adding a domain are just to verify the domains are yours (in case someone else also tries to add it, they know whose it really is). You're able to change to any of their nameservers after it's added to your account. I have a list of several thousands of their nameserver, tried and tested it.
Besides, those fingerprints aren't a bad thing wrt ranking. If you were doing artificial link building and those sites had those fingerprints, then sure, but this isn't a symptom of simply using cloudflare's CDN for one site.
I have seen a moderate slow-down using CF versus direct from provider.
I still use them for DNS - and I have the domain set to "paused" to bypass all CDN and security features unless I need them for some reason or if I expect a surge in traffic.
Just manage your server, setup compression, expire headers, and use caching when available. You're better off that way.
Cloudflare makes me wait everytime I visit lowendtalk.com due to DDoS protection. meh...
What hurts most users most is the lack of knowledge and understanding. CloudF$"%& simply scams off a nice profit of that lack.
A typical example is the frequent question whether a given CDN provider protects well against DDOS. Sorry, but that's simply not the task of a CDN. But of course most CDN providers will gladly tell you about their bandwidth and how many million packets per second they can "process" (and I don't mean to criticize most of them. After all, they are asked for that, but CloudF#$%§ pretty much does DDOS-fear based marketing. That's a difference).
Another example is how many, even "professionals", don't properly understand CDN and DDOS. There are, for example people running highly dynamic sites who seriously expect a CDN to somehow (magically?) make their site faster.
Afaic I make a big difference between companies like @BunnySpeed, who simply offer a good CDN service (incl. advice from what I hear) and CloudF$#&% who pro-actively and knowingly mislead people and abuse the lack of their tech knowledge.
Does CF hurt your websites performance? Of bloody course it often (probably even in most cases) does! Plus, it adds crap like "security screens" (like "click on all images with a traffic light") which is guaranteed to brutally slow down Time to First Paint ("user seeing some result on the screen") of your web site. In professional wording: security and performance theater - at quite a price on one level or another.
Clear example: Adding - at the (rare) very best - a - at the (rare) very best- internet-geographically nearby hop can not easily be compensated for, let alone increase performance.
Oh, and a word for all the "CF free package" fans: There is no "free", certainly not with a large corporation. If it's free then YOU are the product.
It doesn't seem to me that there is a clear fingerprint. It isn't at cert level, as far as I can tell. Some people say SOA resource record but you don't have to set one. I don't see what other way there is to link all CF sites to an account owner. I'd be interested to know more.
Their DNS is pretty performant. I'm coming to the same conclusion: if your server is optimized then CF won't bring much to you in most cases, and they'll MITM your traffic. Full cache with pagerules is interesting because it's free, "normal mode" is good to hide your server, not much more.
Paid CF might be a totally different beast, but it's pretty expensive.
Side note:
Guys, how come many lament how LET gets less and less significant, fun, useful - while at the same time a group of people, partly even the same, "joke" LET to death?
Don't get me wrong, I like a little joking now and then just like everybody. And I confess that I'm sometimes guilty of not resisting to making a sarcastic (or plain dumb) remark myself.
But please, let's make up our mind. What do we want? Do we want a good, useful, interesting LET that is a good market place, both for providers and us (potential) clients, too - or do we want an everything-goes dump?
As far as I'm concerned, it's the useful and interesting community (with a good dose of fun).
That's probably the case, but how do they monetize this, other than expecting some people to go with an (expensive) CF solution when they'll have bigger needs or becoming volunteer CF salesperson when they meet someone looking for a paid "CDN"?
Bandwidth might be cheaper per Gbs as they buy more as well, it's difficult to really know what free users cost them.
SEEMS LIKE CF IS EVIL!
You can't "joke" anything to death.
Without a little trolling here and there this forum would be even more dead.
Resistance is futile.
It doesn't matter what we want.
Everything will run it's course anyway.
With unsocial media on the rise forums will die slowly.
You see it everywhere.
Sure.
Is it not?
EDIT2:
Cloudflare took my common sense.
The free riders are helping with marketing, yes. But most importantly: if lots of traffic for thousands and thousands of web sites goes through CF then that's lots and lots of - very valuable - meta data, and quite a lot of data and access to data, too, which btw is also very valuable for advertising (profiling). Think: CF is one of the not very many places where a massive part of internet traffic is available/accessible unencrypted.
Right. And now they can harvest DNS data as well, with their "non logging" resolver.
But if they can, does that mean that they do? AFAIK they don't sell user profiles like advertising companies and "social media" do. But maybe they do.
What do you think, what happens to all that data, that gets scanned while breaking the end to end encryption?
Must be truly a free, privacy service.
The same thing that happens to all data.
It ends up in Utah.
You're right. CF took 1-2 seconds of my life everytime I open LET home page on a new connection and fresh browser. Let's say today, I visit this website 10 times, that's 20 seconds of your life per day you will never get back. That might not be a huge impact but if you collect that 20 seconds x 1 week = 2.3 minutes, that's more than enough to ejaculate while watching shooshtime.
Edit: TL;DR no CF for me.. be it free or $200 enterprise.
for me, 5 secs waiting time before CF redirect to LET. sometimes, they show ddos protection page twice. so, based on your calculation, its nearly a minute or more time wasted everyday.
Don't blame CF for that one since it's optional, tell admin to turn off "I'm Under Attack!" mode and get a real DDoS protection.
Hmm, I'm using 3 x $200 plans for 3 important websites. And hundreds of websites on free plan. And I see all of them have great performance boost, especially for users from slow-internet regions
I think the problem is half the thread is about their DDOS protection, and half about their CDN.
I am a huge fan of CF, for what they have built. Like the idea and system design for scale.
But, I too have encountered some issues with CF. I am pretty sure that they did not see these coming.
CF uses ECMP to route traffic within the datacenter. I am not sure how the server decides which server to contact to get cached contents and apply page rules for that site. I think they set some cookie which decides where to go for subsequent requests. This internal process may have slowed down.
May be CF has hit a scaling limit. I moved to paid version, and stripped off several firewall rules, but still find site slow by 1-2seconds.
I am seriously considering to move out CF. Is bunnycdn any better?
Hopefully with akamai acquisition, they will start churning out free plans, and make paid plans better.
Thanks for your answer, @bountysite . I did further testing and honestly, CF is pretty good: their free plan is really decent for the price. Sure, there are some drawbacks, and SSL MITM is probably the main one, but this allows to avoid to add an extra DNS resolution, which adds a few ms. In practice, for non-sensitive stuff, this MITM probably isn't such a big deal.
To answer you, BunnyCDN is pretty good, better than CF Free from some places, like Brazil. I can't compare with CF paid plans as I didn't try those yet. If you store your assets on their systems, stuff loads pretty fast from every locations, even for the first visit. If it's hosted externally, it can take some time until the cache has your data and having less locations would be better for that: in my opinion they have too many locations, that's good for marketing but doesn't necessarily make sense for real world use. For example, SG/JP/AU in asia/oceania, 2 in EU, 1 or two in Africa, 3 or 4 in NA and 1 or 2 in south america would be enough: a user from Barcelona can fetch an asset in UK with no trouble... and cache would warm up faster! If you don't often change your static assets, that's not a problem though.
CF is probably better used with full page caching, giving you the ability to serve all the content from the edge servers. If you don't cache the page you add an extra useless hop and your site would probably load as quickly or better using BunnyCDN or no CDN at all (you have to take into account the extra DNS lookup, depending where your target audience is if you already use http/2 a CDN can make your site slightly slower, for almost all your visitors, and only faster for those really far. My advice would be to try to serve the full page from CF before ditching them if that's something that can work with your setup, as it could fix the "slowness" you are experiencing.
Good luck!
I don't like Cloudflare because due to privacy concerns. They are effectively a man in the middle between websites and visitors.
Cloudflare impregnated my goats.
Yeah DNS speed is definite plus for free.
Do you have to route traffic through BunnyCDN or use CDN url for static?
Ok! I already removed firewall rules, to increase speed by 500ms(rough). I am figuring out what more can be done.
I used to love what MaxCDN was offering. Not used though, but liked their features. Now with acquisition of stackpath, not sure how this works. I think you have to buy stackpath services.
Not sure anyone is offering PageRules, equivalent of CF.
The easiest is to use them for static content, as a subdomain. You can route all traffic through BunnyCDN if you want but if you need "page rules", it's going to be more complicated than with CF. Really easy (and fast if you push your pages to their storage) for a static website!
FYI, heads up Cloudflare now official supports speak HTTPS TLS 1.3 on origin backend connections so can save up to 1-RTT on connections between Cloudflare edge servers and your origin servers if you're using Cloudflare Strict SSL with origins supporting HTTPS TLS 1.3 on origin web servers https://community.centminmod.com/threads/cloudflare-enables-https-tls-1-3-backend-origin-communication.16795/
Nice, thanks! Btw thank you for your detailed benchmarks on your website, these are a great read!
As you seem to have a strong focus on performance, and appear to be a big CF user, did you ever notice a slowdown caused by CF from some locations? (Because of their network, not because of the few ms lost in the extra hop)
The "IP pool is bad for SEO" thing is total misinformation which has been said a few times. Cloudflare is a CDN... domain's belong to a large swathe of Cloudflare's IPs. It has nothing to do with 'neighbours'. The only time search engines have cared about neighbours is when there's an IP or range that hosts many, many poor sites with no value to end users (as the search engine decides), so they feel their crawling budget is better allocated to other sites/pages.
No search engine in their right mind is going to penalise 7 million websites because there's a few low quality sites hosted behind Cloudflare.
If there were to be a single problem with Cloudflare wrt search engines, it'd be any rate limiting of the crawling speed of your site, purely because crawlers have to be mindful of the rate they crawl from particular networks. Cloudflare hosts something like 7 million domains, the average site has about 10 pages, so that'd be 70 million requests a month purely to visit one page per month.
Cloudflare does mention the rate limiting potential on their site.
I am a self confessed performance and page speed addict - a bit OCD when it comes to performance - example https://community.centminmod.com/threads/community-centminmod-com-journey-for-speed.3/ and tools I build just to be able to automate page load/speed testing https://github.com/centminmod/google-insights-api-tools I monitor my page load speeds every 1-15 mins from ~10+ geographical locations which also has a bonus effect of pre-warming CF edge caches too ^_^
With that said yes CF does have hiccups from some geographical locations sometimes and I have various tools to figure out which location it is https://community.cloudflare.com/t/dns-analytics-extended-to-page-speed-analytics/330/5. But long term overall, you're benefiting more with CF than without CF, especially if you know how to fully optimise and utilise all that CF offers feature wise and how to pair that with origin server optimisations at server level and web application level Some of my Centmin Mod LEMP stack users combined with CF and are handling up to 1 million unique visitors/day and over 55+ million requests/day with almost 600GB/day bandwidth consumed with 85% CF cache hit rate - that's just mind blowing amazing !
Cloudflare slowdowns can come from 3 places
CF end user knowledge/setup
CF side issues/configurations
With all that said though, there's one geographical location that seems aren't that optimal and that is India. I have seen alot of folks report Indian visitors being directed to Singapore CF datacenters. In fact, I don't think I have read anyone report Indian visitors hitting CF's mumbia edges at all.
Some folks cite Australian visitors some don't hit CF Aussie servers - but being in Australia, I am seeing alot of Sydney and Brisbane visitors hitting CF Sydney and Brisbane servers including my own connections for both CF free, pro and business plans as I setup extensive nginx logging of CF requests on my origin backends so I can analyse where traffic is coming from etc. Though some still report hitting Singapore.
With that all said though, disclaimer since October 2018, I have been an official Cloudflare MVP - it's a new program and I am one of the first invitees so I get more opportunities to use existing and preview future CF products and provide my own feedback and suggestions. But I have been using Cloudflare for years prior anyway and I also use CF competing products from Sucuri and Incapsula as well for years too.
My AUD$0.02
Thanks a lot for your detailed answer!
What do you use to automatically monitor your page load speeds from several locations? That's a great idea!
From my own testing (not as deep as yours!) Australia is well served by CF, while in India CF didn't help compared to an optimized setup in EU - but it didn't bring any noticeable drawback.
It's hard to take into account each parameter (including visitor own connection to CF) but it seems to me so far that, if setup correctly, CF can bring a good benefit, even using their free plan. I'll do more testing.
Congrats for becoming an official CF MVP, keep up the good work!