Cloudflare, Inc. is an American web infrastructure and website security company, providing content delivery network services, DDoS mitigation, Internet security, and distributed DNS service.
At Overloop, we use Cloudflare:
  • As a primary DNS server for all our applications
  • As a reverse proxy providing TLS termination to protect our servers (without having to handle all the certificates and config)
  • As a Web Application Firewall (WAF)
  • As a Content Delivery Network (CDN)
Everything is configured from their web interface:
Cloudflare | Web Performance & Security

DNS server

As a DNS server, cloudflare allows us to define a set of record to instruct how to resolve the domains.
This includes:
  • A / AAAA records to make a domain name point to an IP (v4 / v6)
  • CNAME records to make aliases
  • MX to link with mail servers
  • TXT to store generic text and configurations

TLS termination

Cloudflare is also used as a reverse proxy to enable TLS on our website.

Web Application Firewall

With the Web Application Firewall (WAF), Cloudflare can analyze the content of the request made to our website, and automatically detect intrusions (from well known blacklisted IP addresses or browsers, from their content, ...).
Good news, since Cloudflare is used to terminate our TLS connections, it has access to the full content of the data that we send to our servers.

Content Delivery Network

At Prospect, we also use Cloudflare as a content delivery network, which is, a system to serve our static assets (file images, fonts, ...).
Thanks to a big set of optimization options, cloudflare allows us to serve this content faster that what we could get from serving it from our own servers (using advanced compression, replication, and many other techniques).