My self-hosted website (along with my photos site and others) are now proxied behind Cloudflare. I know that one or two followers have complained bitterly before about other sites using Cloudflare, mainly because Cloudflare acts as a man-in-the-middle, by intercepting the SSL between a viewer’s browser and the final site, but my reasons are really as follows:
- Cloudflare as an organisation is not a major threat in this instance, as all the data served on my sites is really publicly accessible information. There is no login or password used by users to access my sites.
- Cloudflare offers the benefit to me of providing better page load times and performance for viewers.
- Cloudflare also obscures the actual IP address of my site, which makes it less easy for automated bots to easily gain the IP address and hammer the site. One of my domain names anyway maps to a dynamically changing IP address.
- Although I have Fail2Ban and WordFence Security and similar apps protecting my sites, Cloudflare offers an additional layer of protection against attacks. But when rare attacks have happened in the past, it has made it difficult for me to get access into my own site when the CPU hits 100%, and RAM is all full, for a period of time. I can also now remotely activate the “I’m under attack” status for my sites if they end up being attacked. This all improves availability and performance of the site for viewers.
- Over 99% of visitors to my site either have cookies and tracking disabled, as they show up as non-returning new visitors. Most visitors just want a quick performance on a page load that they want to view.
- There is SSL encryption still to Cloudflare, and again between Cloudflare and my sites. I do have the option to also turn off the proxying per site, so can default back to plain DNS resolution with end-to-end SSL, so I’ll see how this goes.