CDN Features w/ Cloudflare
The following content is a summary of the security features Cloudflare offers to help mediate web hosting risk.
Cloudflare is a Content Delivery Network that focuses on simplicity and ease of use. In order to setup, you create DNS records and follow a few incredibly easy steps. But what's this product give you that's so important? Piece of mind. Knowing at the very least even if my sites are interrupted the content is cached for use. The main use of CDNs awhile back was to just assist in uptime and distribute content to different location. This helped make more DDoS attacks a thing of the past and ever since this service was created the amount of features we've seen added into the space has grown tremendously. CDNs don't just protect anymore, they've expanded to offer a vast number of optimization methods as well. So let's see what each section offers us in terms of configuration within CF.
Analytics - Site statistics and traffic analysis. Often used to generate and/or build using geolocation.
DNS - Record management for your site. You can use CF as the primary DNS provider for your site(s). You can also add them as an NS record if you wish to enable for a few subdomains. This panel also allows you to set Customer Nameservers if you wish and enable DNSSEC. DNSSEC protects from forged DNS answers. DNSSEC zones are signed to ensure the DNS record received is identical to the one published by the domain owner.
Crypto - Cipher suite assignment and SSL cert offerings via Edge Certificates. Can also lock down https if your application doesn't have redirection on a server level and enable automatic rewrite rules to ensure it's use. HSTS is also here, this protects you from potential protocol downgrade attacks as well as cookie hijacking. In addition to these you can route traffic through onion (tor connections) and enable HTTP/2.
Firewall - Filtering on nearly any level you can think of is available on this screen. This includes awesome options such as geo filtering and are added as statements using AND/OR. 5 rules for free, additional paid.
Access - Filter port traffic to your site using permissions levels via users and groups within CF.
Speed - Auto Minify - Reduced file sizes to improve site speeds. Polish (Paid) - Improve image load times by optimizing images hosted on domain. WebP image codec can also be configured here. Railgun - Requires software installation on hosts but claims to increase the delivery of dynamic content types. Brotli - lossless compression algorithm. Mobile Redirect - If you have or want a mobile specific site you can redirect to the subdomain here.
Caching - Purging cache and setting the options for Always Online (Stores site within CF cache) are available here. You can also set your cache level and expiration timer.
Traffic - Load balancing rules and configuration are located here. If your site handles resource intensive work loads, this is something to consider.
Custom Pages - Configure IP/Country Block pages presented to black listed connections. WAF Block - If your site is attacked and CF detects the attack, a custom page can also be defined for presentation. You're also able to configure challenges which require user input if you'd like to authenticate genuine connections with clients.
Scrape Shield - Content protection for your site. You can enable Hotlink Protection (Doesn't allow others to use your hosted images) and Email address obfuscation (Prevents email list harvesting if you have emails listed).
All in all using something like a CDN allows for less overhead configuration of server level configurations. It's a solid solution that provides piece of mind and confidence that what you're hosting is just a little more protected. Hope you enjoyed this brief overview of features.
You can take CloudFlare for a spin free here: https://dash.cloudflare.com. One parent domain with unlimited subs in free. Any other added under the same account result in a subscription.