They get shit on a lot here. Why? What do they do and how is that different from other companies that offer similar services?

What I know of them: they offer DDS brute force/spam protection for websites.

  • slazer2au
    link
    English
    14510 months ago

    I wouldn’t call it hate, just concern.

    Cloudflare acts as a front door to many sites and as such your TLS session is terminated at Cloudflare, then CF makes a additional session from themselves to the target site.
    This is concerning as that means CF can see all of your data.

    • @kn33
      link
      English
      3910 months ago

      It’s worth mentioning the advantage of why they do this. There are several reasons, but the two most common are:

      • Seeing the data means they can do a better job at detecting attacks and fending them off.

      • They can issue certificates with longer lives from their private CA which simplifies certificate management for their customers.

      • slazer2au
        link
        English
        4010 months ago

        considering they are a US company they are bound by US warrantless wiretapping laws.

      • lemmyng
        link
        fedilink
        English
        2110 months ago

        Plus other capabilities like injecting banners, caching, etc

        • gregorum
          link
          fedilink
          English
          20
          edit-2
          10 months ago

          you say, “caching,” CF says, “ca-ching!”

      • Snot Flickerman
        link
        fedilink
        English
        17
        edit-2
        10 months ago

        While true, and I am not a hater of Cloudflare:

        Keyless SSL is only available to Enterprise customers that maintain their own SSL certificate purchased from a valid Certificate Authority. Cloudflare does not supply any certificates for use with Keyless SSL.

        I’m not part of any Enterprise organization and I’m too poor to sign up for Enterprise level service, and so I am unable to use their Keyless SSL.

        Just for example. Sometimes it’s not that we don’t want to but can’t afford to, especially if we’re just Joe Schmoe running a handful of services on a server box.

        Once again, I have no issues with Cloudflare myself, and personally have a decent amount of respect for them.

        I’m just saying getting access to the Keyless SSL is less easy than you made it sound.

        • @[email protected]
          link
          fedilink
          210 months ago

          I get that. If you’re not paying for a service, there’s still a price. There are no companies out there doing you any favors, only those that make you believe they do.

          Clouflare is okay. Don’t trust anything apparently free ever

      • ISometimesAdmin
        link
        fedilink
        110 months ago

        Right?? To let your website be susceptible to that kind of act by anyone means that you probably didn’t really care about security in the first place, so much as just getting the magic lock icon happy.

        • zeluko
          link
          fedilink
          310 months ago

          Magic lock icon is easy, hard is it to block attacks and being able to do very little about it.
          Spoofed packets, server providers not caring what their customers do, many abuse email adresses dont even work.
          Keyless SSL would be nice and i’d use it. I have my own keys, but its for Enterprise customers only.

          I am not using Cloudflare as i dont like them handling like 80% of all traffic. But as website owner i can understand why someone would still choose them…