A Deeper Look at the Curious Case of Cloudflare

Cloudflare is a great company that has been innovating and challenging the cloud providers that be. Here is an overview of their products and why you should care.

Cloud Security Tools: Cloudflare Turnstile For Bot Prevention

Instead of Google Captcha, where to prove you are not a bot, a user would need to select all the buses or cars, Cloudflare has made waves with its free alternative to bot prevention: Cloudflare Turnstile. Released in 2022, but already seeing major adoption, you probably have seen it before. One of the great things about this product is that it does not cause as many users to get frustrated and leave.

R2: A Cloud Storage Alternative to S3

AWS, GCP, and Azure all charge egress fees per gigabyte - usually in the range of .05$ to .09 $ per GB. This has led to a lot of caching of the objects, and generally, has slowed innovation surrounding video and VPN products on these clouds.

When coupled with Cloudflare CDN, this product can be very powerful. It is ideal for web content delivery, video streaming, static site hosting, and applications that benefit from low egress costs and edge delivery.

Cloud Security Solutions: Adaptive DDoS protection

One of Cloudflare’s earliest successful products was its DDOS protection. One can imagine that a company that routes 20% of all internet traffic, can have very advanced security tools. The CEO tells a story of how they protected Eurovision from DDOS attacks, and

Cloudflare's DDoS protection is often considered superior to other solutions for several reasons. Here are the key factors that contribute to its effectiveness and popularity:

Cloudflare’s Web Application Firewall (WAF)

Web Application Firewalls that Cloudflare provides have proved to be highly useful for securing public APIs. They can set IP-based throttle limits, and protect against malicious payloads. One of the great things about this cloud security tool is that it is easy to set up and has so much power. From my experience, the first time I noticed it was when I was using a public API for stock history. I was being throttled after 25 calls on my IP address.

1. Cloudflare managed rules

2. Core OWASP rules (Top 10 exploit patterns)

3. Advanced rate limiting

   
   

In the modern world, data is key. There are so many companies (ChatGPT) that scrape the web consistently by using bots. While in the competitive cyberspace, bots will often adapt and find a way, for the majority of naive scraping tools, Cloudflare is able to block them.

Conclusion

At the end of the day, we all assume that the major clouds have ‘figured it out’. From my software development experience in Big Tech, there is a lot of misguided designs and principles. All of us have grown up on the internet, have seen it change human dialogue, the way we think about the world, and has entertained us for years. The most shocking thing about Cloudflare is that they don’t discriminate or judge their customers and they don’t overcharge their customers.

If you would like to follow me for more, here is my Cloud security substack, cheers!