New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Route 53 is a DNS service. Period.
Well said. Took my words
Got it, is there any cheap alternative? Actually for one website, $20/mo is a bit higher for me.
@sktanmoy Cloudflare is free?
You are cut/pasting Cloudflare propaganda:
"Protect your website from a range of online threats from spammers to SQL injection to DDOS." Direct from their front page.
What exactly is it you're trying to do?
There really isn't a "pay $20/month and your site is magically protected from all threats" service.
I am highly skeptical that CloudFlare protects any site against all possible SQL Injection attacks. All it takes is one badly written script. How can CF protect against someone who feeds POST/GET directly to a query?
Take a look at naxsi (NGINX module) ?
This will help you a bit with the SQLi, not so much the others...
It's kinda like Apache's mod_security, but better (and for NGINX )
As I use SSL, CloudFlare isn't free for me
@raindog308, yes, copy-pasted, to avoid mistakes to express about their services!
You're 100% right, but actual aim is to protect my website from DDoS.
Get a BuyVM VPS + DDoS protected IP?
Already did but not sure if that would be really effective.
I've heard it can handle near 10Gbps before it becomes an issue (in which case your IP will be null-routed) and most DDoS attacks I've heard of have only been a few Gbps max. Also, I doubt cloudflare would take a 5Gbps+ attack for you.
They are that generous? I thought it was a lot less. But I am prob wrong.
They must have a few 10GBit NIC in them servers then!
When you use CloudFlare, you change your DNS servers to their server, and their DNS servers will return CloudFlare IPs when queried. This essentially means that all your traffic is routed through CloudFlare quite literally (and this is why it only works for HTTP/HTTPS), so they get to do with the traffic whatever they want, including caching (for Always Online) and running a WAF: http://en.wikipedia.org/wiki/Application_firewall#Cloud-based_web_application_firewalls
They can analyze all requests that are made to your site and filter out those that they believe to be harmful. As long as noone figures out the original server (or you configured it not to serve any requests that are not from CloudFlare), you should generally speaking be fine. Obviously CF isn't bulletproof and there will likely always be a way to circumvent it, but from what I heard they're doing a damn good job.
In my experience (disclaimer: this may have changed) CloudFlare had no issue dealing with a 5gbps DDoS, and it didn't route traffic directly to the server. Only when it became problematic for CloudFlare (nodes going down etc.) did they disable CloudFlare for my domain.
From the top of my head, they have 10gbit at every PoP. I'm not entirely sure though, and it may have changed by now.
I've only ever used the free service, by the way - it doesn't come with a WAF. It does provide the "DDoS mitigation" though, although it has to be noted that they're definitely not a 'DDoS protection provider', it just happens to be a useful side feature. If you're under any serious attack (in the range of tens of gigabits), you'll probably want to be looking at Prolexic.
If you have no personal experience, not commenting tends to be a better option than commenting with borrowed knowledge
CF is fine for smaller, burst attacks. They don't route traffic directly till it starts becoming an issue for them.
I had to remove my buyvm ddos protected ip from my uptime monitor, as I was sick of getting 50+ emails a day about it.
AFAIK the original pitch for CloudFlare was as a security thing, with the CDN being the useful side-effect rather than the other way around.
That is correct. If I recall correctly, they originally wanted to present it as a WAF kind of service (combined with Project Honeypot for keeping track of abusive IPs), and they had to figure out a way to make the added latency of proxying a request unnoticeable to the end user. While doing that they figured out that they could actually make it faster than when not having CloudFlare inbetween, and that's how it led to them being a CDN of sorts.
Wrong.
They help 'some' with that, but they're very quick to point the records back at you so you deal with the flood if it's of a decent size. There's no set limits that they go by, but from what they said on WHT, 'if you affect others, youre off the team'
Francisco
Could you expand this? What was the problem?
I'm thinking his IP might be getting thrown behind the SYN filtering. We've had a few people that have been getting pretty heavy SYN floods for their gameservers and it's making them lag as awknets SYN filtering isn't constant - it's 'dynamic'. It's good stuff, but for gameservers it'll derp for a second
For now i'm waiting to monitor the floods myself and will likely just have awknet ACL the ports they flood and hopefully put an end to that.
Francisco
I got good and bad news for some....
https://developers.google.com/speed/pagespeed/service
Google is going to pwn cloudflare
Doubt it.
CloudFlare is too far ahead for Google to catch up. At the rate the CF keeps hiring these engineers, Google will never catch up.
PageSpeed also doesn't do security. It's also much slower than CloudFlare's network. I've tested with various tools and browser experience.
Google is going to pwn cloudflare
ghs.google.com is blocked in China, so the Google one is nothing to me.
Really!!!
If I remember correctly, Cloudflare took a 20Gbit ddos for lulzsec on their free plan.
Could have ended up being on the FBI's dime given recent revelations..
Right but that's lulzsec, they got a crap load of publicity over that. Do you think the guy with his minecraft site is going to be so lucky?
Francisco
Good point, guess it just depends who you are and their decision at the time.