The Internet is a dangerous place.

Performance is important, but security is a top-priority.

Cloudflare serves both purposes.

What is this ?

Cloudflare is difficult to define. According to Wikipedia:

Cloudflare, Inc. is an American web infrastructure and website security company, providing content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services

Cloudflare is

  • my primarily DNS management tool
  • my SSL traffic provider for all publicy exposed nodes
  • my SSO login and access policies provider
  • my static CDN of choice
  • my SPA Javascript worker host
  • a terribly efficient optimization engine for static assets

and more.

Why did I do this ?

All my VMs and distributed application nodes are secured, granularly firewalled and heavily protected. But publicy exposed applications are vulnerable and need an extra layer of security.

I adopted Cloudflare to provide SSL, DDoS protection, visitor challenging, spam filtering and access control to all publicy exposed application.

How did I do this ?

Configuring CloudFlare requires the following steps:

  • DNS management for CNAME and A records in order to address domains-to-nodes efficiently
  • Firewall rules to restrict node access
  • SSO provider configuration (login with Google, Facebook, email token, …)
  • SSO Access policies on a per-application basis
  • Fine tuning of CDN optimizations and assets delivery strategies

And a lot of battling with TXT records for domain verifications, DMARC, SPF and what not.

How would this be instrumental in a business environment ?

Security is a topic as critical as it is complex. I believe that providing this level of security to my personal applications gave me a lot in terms of web security knowledge, and this is something you can’t get for cheap.

It also gave me a lot of knowledge about networking in general. If you don’t already, I suggest you to follow CloudFlare blog which is a wonderful resource on the topic.

Can I test this?

I cannot grant access to my CloudFlare panel to anyone because of security reasons, but I will happily show and discuss it with you if you are interested. Write me an email for everything.