undefined | Better HN

0 pointsgunapologist992y ago0 comments

Not that I stay up at night worrying about Cloudflare, but Cloudflare is literally the Man In The Middle between the user and the instances running at AWS, GCP, or Azure.

0 comments

sophacles2y ago

Unlike AWS, GCP or Azure themselves? You think the people who own the computers you use can't see whats happening on them?

gunapologist99OP2y ago

Isn't that the whole value proposition of Cloudflare?

Nearly all traffic (in terms of volume) gets swallowed by CloudFlare and never approaches most instances: DDoS attacks swallowed whole, WAF rules block illegitimate traffic (which is, in most cases, the vast majority of traffic to dynamic endpoints or, frequently, non-existent endpoints, if you've ever tailed webserver logs), and Cloudflare-caching handles most of the remainder for static and cacheable files -- leaving those servers with a mostly-sanitized and far lower volume of traffic. If you're using edge workers, even less traffic hits your servers.

But, yes, out of the remaining traffic that enters AWS/GCP/Azure's network, they certainly can see what's happening on those machines if they care to look.

SOLAR_FIELDS2y ago

Yeah, that is one of the main value props of Cloudflare. They just slap you with scale. Entire classes of problems like DDOS just become non issues when you front with them. Most people when talking about Cloudflare have few complaints about the actual services they offer. It’s way more often about how they are so good and widespread that you don’t have many other choices and how dangerous that is in the long term.

j / k navigate · click thread line to collapse