The Internet is a dangerous place.
Performance is important, but security is a top-priority.
Cloudflare serves both purposes.
What is this ?
Cloudflare is difficult to define. According to Wikipedia:
Cloudflare, Inc. is an American web infrastructure and website security company, providing content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services
- my primarily DNS management tool
- my SSL traffic provider for all publicy exposed nodes
- my SSO login and access policies provider
- my static CDN of choice
- a terribly efficient optimization engine for static assets
Why did I do this ?
All my VMs and distributed application nodes are secured, granularly firewalled and heavily protected. But publicy exposed applications are vulnerable and need an extra layer of security.
I adopted Cloudflare to provide SSL, DDoS protection, visitor challenging, spam filtering and access control to all publicy exposed application.
How did I do this ?
Configuring CloudFlare requires the following steps:
- DNS management for CNAME and A records in order to address domains-to-nodes efficiently
- Firewall rules to restrict node access
- SSO provider configuration (login with Google, Facebook, email token, …)
- SSO Access policies on a per-application basis
- Fine tuning of CDN optimizations and assets delivery strategies
And a lot of battling with TXT records for domain verifications, DMARC, SPF and what not.
How would this be instrumental in a business environment ?
Security is a topic as critical as it is complex. I believe that providing this level of security to my personal applications gave me a lot in terms of web security knowledge, and this is something you can’t get for cheap.
It also gave me a lot of knowledge about networking in general. If you don’t already, I suggest you to follow CloudFlare blog which is a wonderful resource on the topic.
Can I test this?
I cannot grant access to my CloudFlare panel to anyone because of security reasons, but I will happily show and discuss it with you if you are interested. Write me an email for everything.