Cloudflare – Potentially Mindblowing e-Commerce CDN Solution

I first heard about Cloudflare when they presented at Techcrunch Disrupt. I am not writing about every startup that presented there, just a couple that caught my eye as something that I think will have a significant impact for my readers.

Cloudflare is a distributed DNS, website security, & distributed Nginx powered reverse proxy (for static content) & caching proxy with content delivery network with some additional tracking and reporting ability.

That is a whole load of technology but what this means to you is:-

On average, a website on CloudFlare …
… loads 30% faster
… uses 60% less bandwidth
… has 65% fewer requests
… is way more secure
All for free!

This is how your website is normally exposed on the web.
Cloudflare Illustration

You are in direct line of fire for everything that can possibly be thrown at it.

With Cloudshare you have an intelligent doorman in the way, only allowing through certain requests. Some high volume menial tasks such as answering the door to the postman and deliveries of groceries get handled by the caching proxy/cdn – unlike a normal CDN the URL for any file doesn’t have to change so it is very much like you set up a reverse proxy with Nginx or Squid yourself and assigned the traffic to a media server.

cloudflare illustration 2

Simple Setup

The basic setup is fairly straight forward and only requires changing your nameservers. It is only as complicated as your initial setup, so if you have a little bit more going on… Google Apps, domain keys etc, though it looks more complicated those actually get bypassed.

CloudFlare (Private Beta) - DNS Settings

There are also some extended settings

CloudFlare (Private Beta) - CloudFlare Settings

I haven’t explored these too much, but there are some things to be careful about with a blog. As an example some services such as feed readers often pull images directly and thus might be blocked by any hot linking prevention.

There are some interesting options for identifying geolocation and content obfuscation from certain types of visitors, though that doesn’t mean they are designed for cloaking content from search engines.

This is also where you assign security level with the recommendation being to use high security. You could look on the security as being a little similar to Bad Behavior, though with a CAPTCHA. I wonder if they have thought of monetizing the CAPTCHAs?

Security

The threat control is pretty interesting in that it can block web spammers, botnet zombies and exploit attackers of various types, and that is just with the free version.
The team has a lot of pedigree in this area as they were behind Project Honeypot. With the CAPTCHA and I believe also a message facility, there is also a very effective safety net in case of false positives which do happen, though some bots won’t fill in CAPTCHAs is caught by mistake such as Googlebot. I noticed today some discussion about Google’s sitemap crawler being blocked, and some suggestion of lower crawl by Google resulting from this.

CloudFlare (Private Beta) - Threat control

In many ways Cloudflare could be looked on as an extension or next generation Project Honeypot, with the additional bribe of actually providing active protection and a huge bribe by caching content.

Analytics

The analytics features look quite interesting as an aggregate view.

CloudFlare (Private Beta) - Analytics

They mention why the numbers might seem so much higher than javascript stats though don’t mention browsers pre-fetching content which is fairly standard these days.

Cloudflare seem to (or claim to) have knocked a second off my load time, though from what I have read that is based on the load time of the home page from another server in various locations.
Overall performance and relative performance will depend on what other optimization you are using.

I am currently using:-

W3 Total Cache Enhanced static page cache to disk
W3 Total Cache Database Cache using APC
W3 Total Cache Object Cache using APC
Autoptimize for combining/minification of CSS/jscript
Header & Footer – I discovered this gets added after Autoptimize has done it’s thing, so useful for adding things that I don’t necessarily want cached such as tracking stuff I am testing.
Cloudflare effectively as my only CDN (though I have a Amazon Cloudfront/S3 and a few other alternatives)

I could possibly improve performance a bit by locally caching lots of javascript, combining/minifying and then having it loaded from the CDN, but there is a lot of bug checking.

I don’t use APC for page caching as I found, at least on my Liquid Web Storm On Demand server that that was a lot slower for time to first byte.

Advanced Setup

You will initially hit problems with IP referrals and your server logs – the ideal solution is to to install “mod_cloudflare” on your server.

There is also this alternative (one of 2) for dealing with just the referrer within WordPress, but this won’t fix your server logs.
You would add this to wp-config.php

if ( isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) )
{
$X_FORWARDED_FOR=explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$_SERVER['REMOTE_ADDR']=trim($X_FORWARDED_FOR[0]); //take the first element in the array
}

Security For Premium Content

This isn’t a secure solution for paid membership sites – you might be better using a real CDN which can either domain lock or generate one time links.

I haven’t actually tried it with video yet.

Mindblowing for e-Commerce

If you are using an e-Commerce platform such as Volusion or BigCommerce which charges you a fortune for bandwidth, but you have control of your Nameservers and DNS this is the most amazing product / solution you will ever find.

Ideally you would go for the pro version with better security and performance which for most e-Commerce stores would likely be just $20/month. The savings for many store owners would be $80+ per month.
Then without messing around with remote hosted image hosting you can have CDN performance and a massive reduction in bandwidth excess fees.

This isn’t the only reason people face extra fees on services such as Volusion and BigCommerce, but it is a major one, and the extra performance and killing the bots makes it a best in class solution.

For further reading I came across this great post comparing the performance of various technology blogs earlier while doing some testing.
TechCrunch: The slowest tech blog, or one of the fastest? Turns out, it’s both.

p.s. I get to use Cloudflare for free, but everyone can – no barter deals for links & currently they don’t have an affiliate program.

Note: This is beta – there seems to be soe problems with some bots currently – most notably Googlebot seems to be having a few problems with this service and my crawl rate dropped by 90% and time to index a page more than doubled – I have currently switched back to my normal nameservers, and a conventional CDN

Liked this post? Follow this blog to get more. Follow