Cloudflare … A Great Service and Company

There’s not a lot of large IT companies that I fully respect for their approach to cybersecurity, but Cloudflare is an exception. They are a great company that is driven by technical people and who have strong beliefs around privacy and in improving the Web. I especially love their approach to improving cryptography, and they lead in quite a few areas.

And so, after trying to defend against bots and malicious activity on my site, I flipped the switch and moved my front-end security and content delivery to Cloudflare. With just the free service, it works like a dream, and there’s an instant improvement in the delivery of the content (which will come from a cache rather than from the Web site). But it is the security options, where Cloudflare really kicks in.

My main Web site is hosted in AWS, and I looked into creating a firewall within AWS, but it was just too expensive. I also run my DNS from the AWS Route 53 service. The way that Cloudflare works is that you hand over the DNS requests to them, and they will then proxy the connection, and examine the request. In this way, we use Cloudflare certificate for the connection, and then the normal connection onto the main site. The changes to the DNS settings were:

In Figure 1, Bob requests asecuritysite.com, and Cloudflare returns the address of their proxy. The connection made…