[wombarly]

Because without CloudFlare we would: Pay thousands in bandwidth costs per month; Double or triple our servers to handle peaks (they cache and serve the HTML for us); Be down constantly because of DDOS attacks.

[grishka]

Is DDOS such a frequent occurrence that you would be down "constantly"?

[wombarly]

Yea our sites used to be DDOSed daily for 2 months. We're now getting a DDOS once or twice a week.

Edit: Some numbers, most of them are between 2k-5k requests per second. But we had some with 20k-30k rps.

[busymom0]

Do you solve it using the "Under Attack" mode on CF where it shows the "redirecting in 5 seconds" msg? I am curious how CF takes care of the DDOS.

[wombarly]

Cloudflare detects the DDOS and will block it, notifying you by email. We almost never use the Under Attack Mode unless it's actually affecting us.

The biggest thing we do to help ourselves when we're under attack is making sure that the pages being ddosed (homepage, etc) is being cached by them. There will always be some requests that CF doesnt block, so the cache ensures they get served by them.

[busymom0]

> The biggest thing we do to help ourselves when we're under attack is making sure that the pages being ddosed (homepage, etc) is being cached by them.

What about pages which can't be cached? For example an updated comment feed? How would you deal with dynamic data?

[wombarly]

People who DDOS sites usually attack the homepage.

If they attack a dynamic page, check if you can cache them for 30 or 60 seconds. Pretty close to real time.

If you have cookie based authentication for those pages, its going to be difficult to cache them at all though. Which is where SPAs come in useful since auth is client side.

[busymom0]

For those curious, I am reading more about it here:

https://www.cloudflare.com/en-ca/learning/cdn/caching-static...

[scrollaway]

DDOS gets more frequent when it becomes effective. Then it's just a matter of keeping you down.

[MrStonedOne]

Yes

[rhizome]

Demand wouldn't drive bandwidth prices down?

[netr0ute]

If you're lucky, bandwidth is free.

[akagusu]

Do you have numbers to show us your point or are you just repeating marketing BS?

[wombarly]

What kind of numbers do you want? Last month we used 200TB+ in bandwidth across all our sites, no bandwidth charges from CF.

120TB of that is our CDN backed by a Cloud provider, we had to only pay them for 3TB in bandwidth charges.

During peak traffic they serve 35% of our pages because of their cache, with some site improvements we will be able to up that to 60% soon.

Edit: I must add that we are on the Pro plan and do use multiple paid features like Workers and Load Balancers.

[lucb1e]

So mainly you're happy that other customers are paying for your pushing 200TB+ in bandwidth?

[wombarly]

Why would we care how CloudFlare handles that behind the scenes? They offer an amazing product for the value. Why shouldn't we take them up on it?

Besides its not like we're not paying them anything, our monthly bill with them is $1k+

[busymom0]

By that logic, every one who bought Teslas in the beginning helped pay for the later customers. That's just how almost all industries work - insurance companies being a big one.