Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

https://www.cloudflare.com/plans/

Look at the "Advanced security" section.

I also used Siege to flood a site behind Cloudflare's free plan and brought it down.



There's the option for free plans: Basic DDOS protection with the following blurb:

Built-in security measures automatically protect your website against DDoS attacks. CloudFlare's service allows your legitimate traffic to reach your website, while stopping illegitimate traffic at the edge, before it hits your server.

So Cloudflare promises least a minimal protection for free plans.

As for Siege, I assume Cloudflare is optimized to protect from botnets. A single machine running Siege is not a realistic test case. Perhaps it also depends whether your website is mostly static, then Cloudflare can do a lot of caching.


That page argues against your point, even the basic plan does quite a bit to fend of DDOS. In particular, the most common and effective type of DDOS, which is volumetric and based on reflected UDP traffic, is defended against, even on their free tier.

Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible. Cloudflare, or any other service, can't magically make a site scale.


> That page argues against your point, even the basic plan does quite a bit to fend of DDOS. In particular, the most common and effective type of DDOS, which is volumetric and based on reflected UDP traffic, is defended against, even on their free tier.

Maybe I'm missing something here, where does it mention that the free plan protects against UDP floods?

> Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible.

Flooding a site using Siege from a single IP falls under the layer 7 attack (correct me if I'm wrong), which is protected against in the Business plan.

> Cloudflare, or any other service, can't magically make a site scale.

Where did I mention that I expect Cloudflare to magically scale a site? A POST or GET flood falls under layer 7 protection, which Cloudflare offers in paid plans.

If it was not clear, the point was that layer 7 protection is offered in the paid plans(Business and Enterprise), but not in the free plan.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: