- Joined
- Jul 22, 2005
- Location
- New York, NY, United States
Hello everyone,
Tonight, we implemented CloudFlare, which uses its own content delivery network and content processing. Were the site to go down, content would continue to be available for a number of days, even if our servers that process that data goes down. This is not the first time that we have implemented CloudFlare as a solution, but it was abandoned due to too many spam false positives several years ago, during the month of December 2010.
We rejoin CloudFlare, in combination MaxCDN, in an effort to speed up page loading. The great part is that we are no longer hosting DNS locally, and we have two solutions working interconnected. The finalization of this change involved the compilation and addition of mod_cloudflare to our main web server.
Do you host your own website? At this time, with the basic CloudFlare service being free, if you host a website, we actually encourage you to adopt this service at this time. This is not a paid endorsement at all, but a security and performance enhancement suggestion.
With CloudFlare, we have implemented the CDN + Full implementation option, all image optimization options (including lazy load - where site images won't be loaded until you actually scroll down to it), and SPDY: a next generation transfer protocol that makes webpages load faster on supported browsers.
We are using aggressive caching. This means we attempt to have the global content delivery network catch everything on the site. We will continue to auto minify CSS, JavaScript, and HTML. We have also enabled website preloading. The preloader will try to download the most popular content on the website and should start working to it fullest efficiency within the next 48 hours by quantifying this data.
Important Security Feedback Needed
An executive decision was made to implement CloudFlare today, due to the record-breaking distributed denial of service attack (DDoS) on Spamhaus.
See:
Like many responsible sites, we use Spamhaus to prevent spambots, spam networks, scammers, and spammers, from accessing our services. Spamhaus was attacked with at least 300Gbps (300 billion bits per second) worth of invalid/garbage packets. Spamhaus survived the attack by using CloudFlare. This is because CloudFlare's major advantage is that it operates on the DNS level.
While the application level can often be inferior in protecting systems, it may also be critical. As seen, the entire Internet would fall apart without the root DNS servers (although his is a hotly contested statement):
If you are trying to get on our site, a small minority of members might get a screen that offers a challenge to view the site. This is a CloudFlare feature. We are monitoring how many people are seeing the site, but have it on a very flexible setting that can be modified (and even disabled finally) at any time. However, if there are too many false positives, we will remove it entirely. We need your feedback to know if this challenge page is appearing on healthy systems for many visitors.
For a further example:
We are looking at installing Railgun at the earliest possible convenience to even further speed up performance:
Railgun | CloudFlare | The web performance & security company
We are considering adding a CDN access point in Tokyo with MaxCDN, as well as several other locations, depending on the cost.
Thanks for viewing this post - and please provide any feedback indicating any problems or improvements you may have noticed during this transition.
Tonight, we implemented CloudFlare, which uses its own content delivery network and content processing. Were the site to go down, content would continue to be available for a number of days, even if our servers that process that data goes down. This is not the first time that we have implemented CloudFlare as a solution, but it was abandoned due to too many spam false positives several years ago, during the month of December 2010.
We rejoin CloudFlare, in combination MaxCDN, in an effort to speed up page loading. The great part is that we are no longer hosting DNS locally, and we have two solutions working interconnected. The finalization of this change involved the compilation and addition of mod_cloudflare to our main web server.
Do you host your own website? At this time, with the basic CloudFlare service being free, if you host a website, we actually encourage you to adopt this service at this time. This is not a paid endorsement at all, but a security and performance enhancement suggestion.
With CloudFlare, we have implemented the CDN + Full implementation option, all image optimization options (including lazy load - where site images won't be loaded until you actually scroll down to it), and SPDY: a next generation transfer protocol that makes webpages load faster on supported browsers.
We are using aggressive caching. This means we attempt to have the global content delivery network catch everything on the site. We will continue to auto minify CSS, JavaScript, and HTML. We have also enabled website preloading. The preloader will try to download the most popular content on the website and should start working to it fullest efficiency within the next 48 hours by quantifying this data.
Important Security Feedback Needed
An executive decision was made to implement CloudFlare today, due to the record-breaking distributed denial of service attack (DDoS) on Spamhaus.
See:
- Attacks Used the Internet Against Itself to Clog Traffic - New York Times
- Spamhaus Hit With 'Largest Publicly Announced DDoS Attack' Ever, Affecting Internet Users Worldwide - Huffington Post
- What is Spamhaus? - Wikipedia
Like many responsible sites, we use Spamhaus to prevent spambots, spam networks, scammers, and spammers, from accessing our services. Spamhaus was attacked with at least 300Gbps (300 billion bits per second) worth of invalid/garbage packets. Spamhaus survived the attack by using CloudFlare. This is because CloudFlare's major advantage is that it operates on the DNS level.
While the application level can often be inferior in protecting systems, it may also be critical. As seen, the entire Internet would fall apart without the root DNS servers (although his is a hotly contested statement):
If you are trying to get on our site, a small minority of members might get a screen that offers a challenge to view the site. This is a CloudFlare feature. We are monitoring how many people are seeing the site, but have it on a very flexible setting that can be modified (and even disabled finally) at any time. However, if there are too many false positives, we will remove it entirely. We need your feedback to know if this challenge page is appearing on healthy systems for many visitors.
For a further example:
We are looking at installing Railgun at the earliest possible convenience to even further speed up performance:
Railgun | CloudFlare | The web performance & security company
We are considering adding a CDN access point in Tokyo with MaxCDN, as well as several other locations, depending on the cost.
Thanks for viewing this post - and please provide any feedback indicating any problems or improvements you may have noticed during this transition.
Last edited by a moderator:
