this post was submitted on 16 Feb 2026
237 points (96.5% liked)

Ask Lemmy

37932 readers
1176 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works
237
What do y’all think about Cloudflare? (fedioasis.cc)
submitted 3 days ago* (last edited 3 days ago) by Cantaloupe@fedioasis.cc to c/asklemmy@lemmy.world
90 comments fedilink hide all child comments
 

Both Lemmy.world and my server rely upon Cloudflare for SSL, DDOS protection, CDN services, etc. I use it to provide me with a Cloudflare tunnel to get around not being able to forward ports.

Outages have put this dependance to question, and the same with recent news about the US government obtaining data through subpoenas. It’s a free service that takes care of many of the difficulties when it comes to hosting your service online, but everyone knows that free is not free.

What do you all think about Cloudflare?

top 50 comments
sorted by: hot top controversial new old
[–] ___qwertz___@feddit.org 18 points 2 days ago (2 children)

Cloudflare is just your average, often free, TLS-terminating proxy everyone uses and definitely NOT a NSA operation for being able to read and control all internet traffic.

You should definitely use it, preferably with AWS or Azure (or both!) as the underlying server.

Also, pick US-East1 so you are down when everybody else is.

[–] rumba@lemmy.zip 2 points 1 day ago

You laugh about US-East-1, but honestly, if you're not geographically fault tolerant, your users are less likely to come for your head if all their other services are down too.

[–] Blackmist@feddit.uk 5 points 2 days ago (1 children)

I do wonder if everyone would be so comfortable with Cloudflare if they were a Russian or Chinese operation.

Wouldn't be surprised to find CF were also controlling some of the biggest DDOS botnets to remind people what happens when you don't let the Americans see all your traffic...

[–] rumba@lemmy.zip 1 points 1 day ago

I'd never use something like CF to handle sensitive information. Anything going over that tunnels and puppies and sunshine. I'm also relatively less worried about Russia and China collecting my data and locking me up over it because I don't live there.

[–] Bazoogle@lemmy.world 19 points 2 days ago (2 children)

This image is inaccurate, because it suggests Cloudflare is a small block. The original xkcd makes more sense, because it is a project run by a single person. To represent Cloudflare, it should be a huge block given it's a very large company with a market cap of $69 billion.

load more comments (2 replies)
[–] hexagonwin@lemmy.today 83 points 3 days ago

it's making the internet centralized and proprietary, i hate it. i do understand how it's a very easy option for website operators struggling against malicious bots though.

[–] Oberyn@lemmy.world 13 points 2 days ago (2 children)

Bane of my existence as obligate VPN user

load more comments (2 replies)
[–] CheeseNoodle@lemmy.world 5 points 2 days ago

Given that a lot of websites need cloudflare to shield them from getting DOSd by the infinite hord of web scrapers maybe cloudshare should be depicted as a shield blocking a broom from knocking the tower over? Probably both held by the same person...

[–] dparticiple@sh.itjust.works 44 points 3 days ago (2 children)

Dev here, building a public SaaS app. I'm aware of the centralization arguments, but CF seems to be the least worst of all the options in terms of alternatives. CAPTCHAs are awful, and I can't put up my own multi-Tbps DDOS buffer. I also regularly access my own resources from behind multiple VPNs; other than having to click the human button it doesn't consign me to an evening of identifying traffic lights.

[–] OwOarchist@pawb.social 27 points 3 days ago (4 children)

The ones that require traffic lights and shit never seem to work properly for me. They always make me do an endless repetition of them, going through dozens and dozens before it finally, maybe lets me see the website I was trying to get to.

Maybe I'm just not human enough?

[–] LwL@lemmy.world 6 points 3 days ago

I've found that clicking them slower (until the new image is fully faded in) can help for the ones that have images disappearing after clicking, and not actually clicking every square containing part of the traffic light (if it's only a tiny edge) helps with the ones that are one image of a thing. I guess being fast or noticing details isn't human enough. Having to wait is insanely annoying though.

load more comments (3 replies)
load more comments (1 replies)
[–] Zwuzelmaus@feddit.org 30 points 3 days ago (1 children)

Cloudflare is one of the secret ruling parties of the internet.

I don't understand why so many Americans like to use it, even the ones who tend to think liberal and go for self hosting.

[–] msage@programming.dev 10 points 3 days ago (7 children)

What are the alternatives?

[–] towerful@programming.dev 10 points 3 days ago (1 children)

And a VPS and any number of tunneling systems for the remote reverse proxy.
Rathole is my goto. But SSH forwarding, wireguard... There's plenty, even ones that will entirely manage the reverse proxy on the VPS.

[–] pressanykeynow@lemmy.world 2 points 2 days ago (1 children)

How will it help against ddos?

[–] towerful@programming.dev 2 points 2 days ago (1 children)

It doesn't.
Have you ever been ddos'd? I haven't.
I imagine if it happens, I'll just switch off the VM.
If it's actually a problem, then I'd see what the VM hosting company recommends. Ultimately they will have something in place so that if my VM gets targeted they can isolate it.
My sites get denied service. Oh well.

I've never had anything get so popular that I actually need the tooling that cloudflare offers. I've never had anything targeted in a way that cloudflare would protect against.

If that is actually a vector in your security and reliability analysis, then yeh. It's probably the right tool for it.
And there are other competitors than just cloudflare if you actually need the protection, which should each be considered.

[–] pressanykeynow@lemmy.world 1 points 1 day ago (1 children)

Have you ever been ddos'd?

Regularly.

[–] towerful@programming.dev 1 points 1 day ago

Great, use cloudflare or any number of other ddos mitigation services. Or get a larger peering connection and eat the ddos.

load more comments (6 replies)
[–] irelephant@lemmy.dbzer0.com 17 points 3 days ago

The modern Internet would be way worse without it, but it still sucks how centralized it is.

[–] Cantaloupe@fedioasis.cc 4 points 2 days ago

I haven't had my shit up for very long, and HOLY SHIT the unique visitors numbers are nuts. I think this is because of federation, but mainly the images being loaded across other instances.

I looked at deflect and it ain't gonna be cheap, the number will only go up, and I am the sole user of the site. Storing the shit in a media bucket or whatever would fix it, but I'd have to pay for that shit too.

[–] 7fb2adfb45bafcc01c80@lemmy.world 9 points 2 days ago

/rant on I think CloudFlare is the direct result of the enshitififcation of development work.

People write an insecure app in Express/Flask/whatever, deploy it to the internet, then bolt on Cloudflare as a WAF and add Datadog because they have no idea what's happening under the hood or limited themselves with their up-front choices.

This is marketed as progress. /rant off

But there are valid use cases like you mentioned. And it's the enshitifed sites that fund that free tier.

There's some irony about the Fediverse going through a centralized service, but I don't know of a better free answer. A cheap answer might be a VPS with Caddy and automatic Lets Encrypt, but it's not turnkey.

[–] naught101@lemmy.world 26 points 3 days ago (4 children)

Isn't Cloudflare more like the thin horizontal block above that one?

[–] gwl@lemmy.blahaj.zone 9 points 3 days ago

It fully is yes

load more comments (3 replies)
[–] Jack@lemmy.ca 13 points 3 days ago (1 children)

Lemmy.ca moving from Cloudflare to Deflect.ca.

[–] chicken@lemmy.dbzer0.com 12 points 3 days ago* (last edited 3 days ago)

It's a free way to get a reverse proxy for a self hosted website and not expose your home IP and avoid attacks, so kind of hard to pass up tbh.

[–] cows_are_underrated@feddit.org 10 points 3 days ago

Feddit.org uses Anubis

[–] greenbit@lemmy.zip 8 points 3 days ago (8 children)

In addition to the tech reasons mentioned, the click here checkbox is just a fucking infuriating interruption

load more comments (8 replies)
[–] joyjoy@lemmy.zip 14 points 3 days ago (2 children)

That and AWS US-East

load more comments (2 replies)
[–] Brkdncr@lemmy.world 14 points 3 days ago

It’s a great service and it works mostly well. The internet is a little bit better because of them.

It’s also optional and simple to transition away from since they don’t host your environment.

[–] panda_abyss@lemmy.ca 12 points 3 days ago

Decent idea, but too much power centralized to one company.

[–] MuttMutt@lemmy.world 5 points 3 days ago

I use it for a couple websites. I'm a geek and can make things work software wise but I'm absolutely not a programmer, I just don't really grasp a lot of it. Give me some hardware and I can build whatever but I digress. Cloudflare has prevented a bunch of attacks on my sites and the caching function is helping stave off switching to a VPS for now.

It can be a PITA if you don't have native IPv6 and use Hurricane Electric's IPv6 tunnel broker. A lot of sites that are hooked into cloudflare and some other similar services pop up captcha's every visit or just pain don't function correctly. I'm going to switch to Route64 as an alternative to HE, they only provide a /56 vs a /48 but it's not like I'm going to need that many /64's at this point.

[–] DeathByBigSad@sh.itjust.works 11 points 3 days ago (2 children)

Easy fix, just ban the act of DDoSsing... duh 🙄

/j

load more comments (2 replies)
load more comments
view more: next ›