Virtual Curiosities

Cloudflare

Share

What is Cloudflare?

Cloudflare [cloudflare.com] is a freemium reverse proxy service used by a large portion of the websites on the Internet.

How Cloudflare Works?

Normally, in order to access a website your computer connects directly to the web server where the website's files are hosted. However, if a website is on Cloudflare or a similar reverse proxy service, your computer connects to Cloudflare's servers instead, and Cloudflare either serves a webpage that it has in cache or fetches the webpage from the actual website's server (called the "origin").

There are a few reasons to use a reverse proxy like Cloudflare.

First and foremost, Cloudflare provides protection against Distributed Denial of Service (DDoS) attacks. These are attacks that occur when thousands of computers controlled by a hacker connect to the same server simultaneously, overwhelming that server's resources and preventing it from serving legitimate connections to real users. Cloudflare's technology can detect when a DDoS is occurring and automatically take steps to prevent it.

Additionally, it's important to understand that websites are hosted on a variety of hosting providers with all sorts of payment plans. For example, you could pay $X amount per month for a fixed amount of X resources, so if they are exhausted by a DDoS, you would need to contact the host to acquire more resources. Another scheme is to have a budget of $X that is supposed to cover several months. This whole budget can be exhausted in a day by a DDoS attack, specially if it's a smaller website with a smaller budget. Lastly, there are services to deploy "to the cloud" like Amazon's AWS that are designed "to scale," meaning that when the website gets more usage, AWS simply automatically provides more hardware to handle the added usage. This automatic process happens instantly with no manual intervention. The hardware already exists on Amazon, it's just a matter of creating a copy of the program running the web server from one server to another. When a website hosted on a service that automatically scales suffers a DDoS attack, the hosting starts charging the owner in proportion to the scale of the attack. The cost to serve the DDoS can become prohibitive, specially if it's a website hosted by an individual or a small company on a tight budget. This is also known as a Denial of Wallet (DoW) attack.

Besides the automatic DDoS protection, Cloudflare also provides a sophisticated Web Application Firewall (WAF) that lets the webmaster forbid access to its website in all sorts of manners. This could be implemented on the web server itself, but Cloudflare's solution is generally better at this. For example, if a webpage such as a login page is usually targeted by bots, it's trivial to set up a firewall rule to give the user accessing a "challenge" to prove that they aren't a bot. Cloudflare's entire business is about protecting websites from bot attacks, so their solution will be much more robust than something the average webmaster could deploy on their own.

Nowadays, most websites have content that is generated dynamically when a user accesses a URL. For example, instead of an article being a simple HTML file stored somewhere, it's generated by a Content Management System (CMS) such as WordPress when someone tries to read it. One benefit of this approach is that changes that must be applied to all webpages on the website, such as adding a sidebar or a link in the footer, can be instantly propagated through the whole website, since the actual webpage is generated only when someone actually accesses it, not when the change to the layout template is made. On the other hand, this also means that every time someone accesses the website, a program has to run in order to generate this template, and if this programs fetches data from a database, and this database is in a separate server, you end up with all sorts of factors that make rendering the webpage take a long time. A solution to this is caching, which can be done on the web server itself, and that reverse proxies also support. A simple implementation is assuming that a webpage can only change once per hour, for example, so if someone accesses it, we save the result in a file, and if that file isn't older than an hour, we simply serve the file instead of re-rendering it. Cloudflare has servers all around the world. This fact, combined with the caching technique, means that it's possible for a user to access a website's content from a Cloudflare server in their own country that has the entire website in its cache, which is hundreds of milliseconds faster than accessing the origin. It also means that, because all data is in Cloudflare's servers, the origin server's programs never need to be executed. This can both improve performance and save costs if Cloudflare's infrastructure is sufficiently optimized to serve static files that ot can do this for cheaper than the origin's web host charges to run the web server programs.

Written by Noel Santos.

About the Author

I'm a self-taught Brazilian programmer graduated in IT from a FATEC. In a world of increasingly complex and essential computers, I decided to use my technical expertise in hardware, desktop applications, and web technologies to create an informative resource to make PC's easier to understand.

View Comments