Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security The Internet IT

Security Service Accidentally Makes Websites 60% Faster 81

EastDakota writes "CloudFlare was originally conceived by the team behind the open source community. Project Honey Pot as an easy way to protect any website from hackers and spammers. The concern from the beginning was that it would add latency. It was quite a surprise when the free service launched 8 months ago and ended up speeding up websites by 60%."
This discussion has been archived. No new comments can be posted.

Security Service Accidentally Makes Websites 60% Faster

Comments Filter:
  • slashvertisement (Score:4, Insightful)

    by Anonymous Coward on Tuesday June 07, 2011 @11:28PM (#36371340)

    The article about the anti-spam article looks itself to be astroturf spam.

  • Speed up summary (Score:5, Informative)

    by Anonymous Coward on Tuesday June 07, 2011 @11:42PM (#36371418)

    According to the article, the speed boost comes from two things: 1) CloudFlare sniffs your content and inline replaces sections of it with equivalent content all served via the same connection... so the speedup comes from only having to use a single connection to get the entire page and 2) They are a globally distributed content system with 12 global data centers, similar to Akamai but smaller in scale, allowing content to come from a location closer to the end user.

    • by wamatt ( 782485 ) *

      I still don't understand. If my site is hosted in a rack in Colo A, and users access it, it goes out via the same pipes.

      Are you talking specifically if I have 3rd party widgets embedded in your site? Because in the scenario above (Colo A), I don't see how it helps vs using a regular CDN.

      • It only helps versus a traditional CDN in the cost arena and versus some CDNs in that it provides protection against spam and hacking.

        The service works by you pointing your nameserver records to them, then use them as a dns provider. client -> dns lookup -> cloudflare Colo A

        Cloudflare acts as a reverse proxy cdn by replacing some dns records with their IPs instead of yours, so unless you tell them to not use their servers for a particular record the host is sent them, they check the hosts IP, if it
      • I worked for a now defunct company called Netli that did something like this. Not caching exactly, but putting proxies on either end of the path which would optimize TCP behavior. The speedups could be quite significant especially where latencies were high (long fat pipes), because your browser normally spends a lot of time waiting for entire round trips to occur as each new connection is opened and ramped up to speed. You can also "prefetch" content because you can determine which images the client will be
    • From what I've dug up, there are several sources of potential speedup:
      1) Acts as a CDN (with 5 data centers - 3 US, 1 Europe, 1 Asia) to cache static files (such as images, js, css) from a location on average nearer to most visitors, plus the cache servers are fast and well-connected. I read a claim somewhere that based on total traffic going through their system, they would be the 10th busiest site on the web (unverified).
      2) Filters out enough "bad" traffic, which it never sends on to the site's originatin

  • by Anonymous Coward

    Could you at least try and hide the money you take to post ads as articles?

    • Does Slashdot even need a kickback? The comments bitching about it are giving Slashdor more content to serve ads with.

    • by IICV ( 652597 )

      You know, this is in part your fault. If you'd written a more interesting blog post than this and submitted it, it might have been posted instead of this article. Instead, you didn't and they posted this.

  • The gist of it (Score:5, Informative)

    by Anubis IV ( 1279820 ) on Tuesday June 07, 2011 @11:56PM (#36371492)

    They offer a security product for websites, and in the process of designing it so that it didn't add much latency, they inadvertently made it into a CDN that speeds things up. There. Now we all know what the trick is.

    • Re:The gist of it (Score:5, Interesting)

      by enoz ( 1181117 ) on Wednesday June 08, 2011 @12:19AM (#36371568)

      In a strange synergy your comment is roughly 60% the size of TFS but contains 100% more information about the topic at hand.

    • by zonky ( 1153039 )
      How are they protecting anything if the bad people can still access the site directly if they can find it?

      If it works anything like Akamai, the site DNS points to cloudflare, which then relays it all back to the origin host.

      (Unless they're locking down the origin hosts to only accept requests from cloudflare networks, of course....)
      • Don't forget, it's bound to mess up your logs. Connections aren't coming from the user any more, they're coming from the CDN. Good luck doing your own filtering server-side from there. If they're caching parts of it, that means you have no prayer of seeing that request. You might get a Via header for some requests, but the cached requests? There won't even be a hit back to your server.

        I'd consider using them for a few things I do, but there are some problems. I don't kn

        • Seriously? For your own filtering use X-Forwarded-For (built in to apache) or mod_cloudflare. Logs and filtering are not an issue unless you are incompetent. Cloudflare also only caches static content such as css and images, so there is still a hit for the main request page that you can see in logs and filter against. As for security, use ssl. Sure, they have a solution for ssl too, but you can easily add a record and not run it through their system at all such as secure.website.com. If you are running your
          • In the article, they said that when Amazon's cloud went down, the sites continued to serve. That means they couldn't possibly be sending any hits back to the server (since it's down and all).

            It wouldn't matter at that point if you're logging X-Forwarded-For, or using SSL. Even with using SSL, that does nothing for you, if they have the key on their server to decrypt with.

            I've been doing a lot of packet analysis and logging lately. At the firewall and IDS leve

    • by colfer ( 619105 )

      It uses Javascript to obfuscate email addresses. That is helpful but not foolproof, contrary to the article. It stops most harvesters, at the cost of no-script users and the like. The chirpy article is less than trustworthy, so I would not assume the service is a CDN, or if it does cache that it will continue to maintain capacity. Or the speedup, if real, could be due to minifying html and serving small images in the Google News way, as inline data. The number of connections can be more important than speed

  • by Anonymous Coward

    CloudFlare is touted for intercepting and altering HTML to and from client sites. Isn't this a Bad Thing? Passwords, PII, etc. all being captured, inspected, possibly altered, and sent along. What a lovely way to capture and control information. And it's spread across 12 datacenters (and growing) so who knows how many copies of your SSN there are across CF. But at least it allows IT admins to not have to care or think about customer data security.

    • example.com -> cloudfire's CDN ssl.example.com -> example.com's authentication server.

      Duh.
  • I read the article and peaked at the site. $20 a month, for what is practically a CDN?

    I'm assuming they have some pretty heavy limits on the amount of traffic you can get for that amount... Bandwidth isn't free after all.

    That being said this seems like a cool service for smaller sites, especially when you don't want to do everything yourself.

    • by muphin ( 842524 )
      it isnt a CDN per-se its a DNS proxy that caches a static page of your site when it goes down, the data from this is insignificant than when every users loads an image.
      see How can CloudFlare afford to offer a free CDN? [cloudflare.com]
      • Which is interesting in that the response starts with "We built our network from the ground up for a single purpose: making any
        website faster and safer".

        Which seems to stand in stark contrast to the premise of the article, which is that they didn't intend to make web sites faster. So which is it?

        Further, I think that even if it prevents spam, it likely only delays it. In the article there is a quote that says: "“We challenged an engineer on our staff to sniff a packet of data to see if there was an

        • I've found that proxies that do javascript injection tend to break things.
    • I read the article and peaked at the site...

      ...and it was all downhill from there.

  • by Lazy Jones ( 8403 ) on Wednesday June 08, 2011 @02:32AM (#36372172) Homepage Journal
    While they can certainly protect a site from various threats better than the average programmer (XSS etc.), the downside is that all login and personal information also goes through their site, enabling them (or a rogue government) to collect it. Also, their concept is great for launching targeted attacks at specific users, i.e. sending them tailored content like trojans (of course such attacks by rogue governments are feasible without CF, but harder). The question is: should they be trusted more than your own employees and your ISP? Right now, here in Europe, I'd say: for important stuff, no.
    That said, here's an idea for a useful "app": automated A/B-testing for your site (build 2 versions of your website and let them decide who sees what, combine with Google Analytics or other stats => see which version works better for your users).
    • Just an FYI:
      google already provides a tool for A/B testing with google analytics: website optimizer [google.com].
      • I know, thanks ... But it requires 2 things to be handled by your web pages which CF could do more elegantly: a) put the Analytics JS on all pages, b) decide which version (A or B) to show a visitor and why (i.e. set a cookie so he still sees the same version when he comes back and all that) and modify the Analytics code accordingly. Putting that on the CF end would mean that even inexperienced people could set up 2 versions of their web site easily and benefit from Analytics A/B testing features (think wor
  • Bring on the marketing creatures.

  • and its the choice of a new generation.. :drinks pepsi:

I THINK THEY SHOULD CONTINUE the policy of not giving a Nobel Prize for paneling. -- Jack Handley, The New Mexican, 1988.

Working...