When/Why/How did Cloudflare become such a critical/integral part of the Internet?
Presumably, my understanding of Cloudflare is too simple, too rudimentary, or even entirely lacking in some aspects.
As far as I understand it, the main feature is just faster and more reliable access to sites, right?
If I host a website on a server in New York, and someone tries to look at it in Tokyo ... that's a long distance and a lot of potential hops to retrieve the file(s) directly from the NY machine. Cloudflare provides closer-location mirrors of websites so there is less lag time, plus having multiple copies makes my website more readily/reliably available.
That's good, I get that, especially for big, professional business-critical-type sites/services.
But it's not actually essential, is it? Anyone, anywhere on Earth could still visit my NY website w/o the existence of Cloudflare.
Is there more to Cloudflare than this? I realize they are getting into a variety of 2ndary "value-added"-type features, like their own "are you a robot" tests and probably a bunch of other stuff I don't know about ... but fundamentally, are they actually necessary for the Internet?
Why is Cloudflare such a big deal?
Cloudflare can be used to mitigate DDoS attacks for "free". Without CloudFlare or another service anyone with 5 dollars can take a single server website down indefinitely.
Less than $5, go download LOIC or HOIC, Low/High Orbit Ion Cannon — yes, that's what it's called or was 10 years ago, and you could take down nearly any persons personal blog or site rather quickly.
Cloudflare also offers quick DNS management, usually when you update IP records or other DNS records it takes a few hours to set, Cloudflare is nearly instant.
Another reason is that they can cache most of your resources on their edge servers, which can radically reduce your bandwidth as it loads almost everything from there instead of your server — with the ability to easily have "always-on" capability, so if your server goes down it will serve a cached version.
And finally, the one that is the gateway drug, easy HTTPS certificates, click a single button and you have HTTPS, that's it. No provisioning, no management, no keys, one click turn on and off. Dead easy.
Plus, they have a ton of other things, such as direct free hosting for static and minimal dynamic sites, and the similar.
I don't think this is a big deal these days. All hosts offer this for free with instant one-click setup. And for your own VPS you can use certbot.
May not be a big deal these days, but up until about five years ago, it was still rather annoying and not easy to fully understand, and it was certainly what brought most of their core customers into the fold.
I use VPSes with certbot, and I don't mind it, personally, but it doesn't feel that close to "one-click setup" to me.
Also with the increase in people using things like S3 or auto scaling cloud services for hosting personal sites, not having something to reject ddos requests could leave you paying for them at uncapped cost.
Others have already covered most of the reasons Cloudflare is so appealing but to put it another way: They made themselves indispensable by offering dramatically better solutions than anyone else with a killer free tier that draws in all the tech people, who then influence what solutions their employers use.
The centralization and over-reliance are definitely concerns but right now there's little downside to using CF. The downside comes later when they start their enshittification process. We don't appear to have learned from every tech company that came before them.
Which is part of why I use them rarely. I do use their secure DNS for lookups on my devices because it's fast and has one of the best data retention policies of any DNS service.
If you're familiar with server tech there are equally good solutions for most of the problems CF solves. The problem is they all take time to setup and maintain. That's no problem for some, but if you're less familiar with the tech, you'll spend hours or days on setup and maintainence.
Like Amazon before them, they make it so cheap and easy that it almost doesn't make sense not to use them. For now.
I forgot about DDoS security when I originally posted; to whatever extent they have a "killer feature", I think that's it.
Other good answers, yeah, but I like yours best. The "Amazon" of websites.
Agreed about DDoS being on of their best features, but also real DDoS attacks are very rare unless you're enterprise level and a lot of server hosts these days include basic protection at no charge.
TBH, I think they might’ve been talking about AWS, which is literally literally the “Amazon” of websites. Sooo many companies and individuals have moved to their cloud offerings for data hosting instead of on-premise data centers, and pay accordingly, which may or may not be a good deal all things considered.
Dealing with hugs of death/DDoS were big ones. Caching and reducing bandwidth costs was another. Now they have their hand in all the pies. Email, serverless, auth, WAF... It's basically a one stop shop and their pricing is better than AWS for a lot of things, and the free tier is pretty generous. It's attractive to students/hobbyists who in turn grow to prefer/advocate for that ecosystem because it's what they know.
AWS has a history of insane bills when misconfigured, and Google has that "killed by Google" stigma that turns away the risk adverse. In comparison, Cloudflare is a tame alternative. Documentation isn't the best, but that's really my main gripe.
I’ve had Cloudflare quote $3k for data transfer volumes that competitors were asking $30-90k for.
Pricing seems to have an actual relationship to costs plus a reasonable profit margin, rather than being either an unsustainable bonfire of VC money, or naked profiteering on a dominant market position.
Beyond that I’ll echo what others have said: solid, well built, decently supported, genuinely fast and scalable infrastructure. The kind of tech you get from letting the actual techies drive, or at least something close enough to it while still making the compromises required to be a large and successful multinational business. They remind me of a pre-enshittification Google in a lot of ways.
I don’t like any organisation having the level of power that Cloudflare does, and I’m absolutely not naive enough to think they’re perfect now or that we’re safe to assume they won’t go down a much worse path later. But with a pure pragmatist’s hat on it’s hard to fault them too much from a tech or a business perspective so far - and that’s a pretty rare achievement!
We use and pay for Cloudflare Enterprise primarily to front our company's SaaS app, and occasionally trial out some of their solutions like WARP/Zero Trust if they can replace the company VPN. Their infrastructure is still some of the fastest from our POIs whenever we compare it with other solutions.
In the age of websites pulling in enormous amounts of JS frameworks and high time-to-first-byte, Cloudflare feels like one of those old-school companies that still take performance seriously. Their documentation is one large static site built with Hugo. It is very fast. They put their money where their mouth is. They don't have any glaring surprises compared to Azure's constant UI shifting and Microsoft's regular outages.
Performance is a hard metric for us. Our SaaS is our money maker. The faster people can do things in the app the sooner we close a transaction and get things billed right away. We absolutely cannot tolerate Microsoft's casual disregard on how they treat their infrastructure, so Azure is out.
We occasionally joke that if our app had an outage, we just have to look if Youtube and Gmail are working. Our whole tech stack from GKE to Cloudflare makes that work.