Will CloudFlare Help You?
What is CloudFlare and Will CloudFlare Help You?
CloudFlare is a Contende Delivery Network (CDN) that offers peformance and security service. On average a website can load faster from approximately 25%-60% and uses lesser bandwidth on your physical server.
CloudfFlare operates by hiding your physical server from the prying eyes while allowing good connections like spiders and crawler bots to continue accessing your website. It also offers compression and content caching on the fly and copies your static website contents across it’s 74 server clusters around the world.
CloudFlare can only proxy traffic going over the following ports listed below. If your traffic is on a different port, you should create a subdomain for that record and then add it as a record in your CloudFlare DNS zone file (gray cloud = no CloudFlare proxy or caching on a record).
For requests made via HTTP:
80, 8080, 8880, 2052, 2082, 2086, 2095
For requests made via HTTPS:
443, 2053, 2083, 2087, 2096, 8443
CloudFlare can hide your admin IP records, FTP access and real IP, Mobile access IP, Mail records and IP and more. While this is a great security and the best way to hide your server from attacks however this also causes problems and issues.
- CloudFlare only allows port 80 [HTTP] and port 443 [HTTPS]
- If you are using an MX monitoring tool to check your Mail settings, that tool will start to report a missing or wrong DNS configuration and even an invalid DNS MX record paired by an Invalid Reverse DNS PTR record.
- You can no longer open you FTP and SSH connections since your IP is hidden
- Due to the limited number of allowed ports, your control panel won’t be accessible anymore
Why did my control panel stop working after I signed up?
Control Panels usually use a nonstandard port and a good example is CentOS Webpanel that uses port 2030 as a default port. On the other hand, CloudFlare only allows the following port 2052, 2053, 2082, 2083, 2086, 2087, 2095, 2096, 8080, 8443 and 8880 which basically does not cover all major control panels that are available.
FTP, SSH, and Non-Web Protocols
You may wonder why the ports like 20, 21, 22 and 23 which support protocols like FTP, SSH, Telnet, etc. are closed. Unfortunately they can’t be supported on the CloudFlare network since the system reads the HOST header on each web request and these protocols are not using the HOST header. CloudFlare can see the traffic but have no way to proxy the connection to the Origin server (your physical server).
Quick Access Fix
People without a good concept of DNS will fail to solve this problem and issues with lost connection to a nonstandard port access, SSH, FTP and SFTP port access. The connection can be restored by using an IP address instead of the domain name [example: 192.168.0.1:2030] or the subdomain approach which is out of the scope for this post.
CloudFlare will help you on the following items
Speed up content loading by saving a copy of your static contents across the CloudFlare network and serve the static content from the nearest CloudFlare server. This will technically save you a few milliseconds of download time but will greatly help you if you are behind a congested server and will boost your loading speed if majority of your website contains static contents. On the bad side, dynamic website that appears like static contents due to rewrite rules will be greatly affected and may confuse the CloudFlare algorithm.
Secure your website from bot attacks by blocking suspicious access and giving the attacker a CAPTCHA challenge to solve.
Lower bandwidth usage by serving contents from the CDN network and compressing the contents automatically by minification.
Prevent unauthorized access to your SSH account and FTP server
CloudFlare won’t help much on the following item
You are serving from a dedicated server or a semi dedicated servers.
CloudFlare will also lessen it’s speed boost if you are operating from a cloud server and wont offer any lesser benefit if you are already catching your contents and compressing them via Gzip. Dedicated, semi dedicated and cloud servers usually have lesser users on them, have a bigger bandwidth and more processors on assumption that you are not getting the cheapest version available. Cloud servers also have SSD as a normal hard drive which aids more on page loads.
CloudFlare won’t help much if you have installed firewalls and configured them correctly. You can also install a log scanner and automatically block malicious attacks. On the other hand, CloudFlare can help you protect your site from DDOS attacks but that was from the paid CloudFlare services.
CloudFlare won’t also help you much when you have a bigger bandwidth allocation and serving cache images.
CloudFlare wont also help much if you disabled root access and change your SSH default port. It won’t also spell any difference if you drop FTP and change to SFTP with “caged” connections and an alternate port was used.