CloudFlare was revolutionary in web hosting when it first appeared because it allowed anyone to connect a professional Content Delivery Network (CDN) to their site, save traffic, accelerate loading of static files, and protect against DDoS attacks.



This service was previously only available to large companies. Today, CloudFlare proxies a third of the Internet through its framework, which has created new problems. In this post, we will examine how CloudFlare's monopoly status threatens the normal operation of the Internet, prevents ordinary people from accessing websites, and has access to encrypted traffic.


On July 4, 2020, CloudFlare broke as a result of a bug, rendering all services that somehow use its network unavailable. This affected not only sites, but also games, mobile applications, terminals, etc. Even those services that do not use CloudFlare directly experienced problems due to third-party APIs that became unreachable. When customers point their domains to CloudFlare's DNS servers, they become trapped because they are then unable to redirect their domains around the CloudFlare network during such an eventuality. The only way out is to delegate the domain to their own DNS servers, but such an update could take more than a day. The incident exposed an obvious problem that had only been discussed in theory: if one company controls such a large portion of the Internet, at some point everything can break.

If a user is deemed unworthy by CloudFlare's algorithms for detecting malicious traffic, they may have to pass a captcha on every fifth site they visit. This can turn web surfing into torment, and users may be disconnected from a large part of the Internet if CloudFlare does not like them, or if there is erroneous detection. This puts personal usage of services under threat and affects ordinary people.


It is important to understand that the very concept of the Internet implies decentralization and resistance to such errors. When one company controls such a large portion of the traffic, the network becomes vulnerable to its mistakes and unscrupulous actions for profit. CloudFlare's monopoly status threatens the sustainability of the network both technically and economically.

CloudFlare operates in a MiTM (Man-in-the-middle) mode to cache and filter content, which requires its servers to see decrypted HTTP traffic. Even with a valid SSL certificate on the client side, CloudFlare can still access transmitted data, discrediting the purpose of SSL. In case of errors or hаcking, attackers can access all confidential traffic. Additionally, security services can request access to decrypted traffic, even if the server is located in another jurisdiction, undermining the idea of SSL.


Initially, CloudFlare promised not to censor content resources unless required by legal requirements. However, later, they denied service to 8chan based on morality without any formal reasons or court decisions. This raises concerns about whether providers should decide which services are worthy of being served on their framework.


CloudFlare's dangerous growth and potential monopoly status threaten the stability of the entire Internet. Relying solely on one company is unsafe, as it can be hаcked, make errors, or act dishonestly. A commercial company's primary interest is making money, and if key internet nodes are captured by one company, it can monopolize control over service prices, destroy competitors, and dictate its own rules. Furthermore, SSL no longer protects data from third parties, as all encrypted data transmitted over CloudFlare's network is accessible to CloudFlare, providing them with unlimited access to sensitive data of millions of users.


This post aims to describe the potential threats that rapid growth and influence of CloudFlare could have on the future. It does not call for abandoning CloudFlare but encourages users to consider whether it is necessary for their tasks and to have a contingency plan in case of an emergency move.

Thank you for informing me about Full mode. Besides that, everything else seems right. The potential monopolization of services can be detrimental, so having a contingency plan in place is important.

However, small amateur websites may not have the financial means to explore alternative options, even with the benefit of three free months. It's essential to weigh the costs and benefits carefully and assess the risks associated with relying on a single service provider.

How does any other DDoS protection compare to CloudFlare's capabilities? CloudFlare's dominance in the industry stems from their size and control over 12% of the world's traffic.

1) With a massive bandwidth on edge servers, no DDoSer can take down the CF network. Although they can target the victim's infrastructure through the CF servers, the victim will still have access to admin panels and options to tighten security measures such as providing captchas or whitelists for key clients.

2) CloudFlare also maintains the largest and most comprehensive database on attacking botnets and their behaviors, making their decision-making quality superior to other providers.

It's logical to assume that smaller players in the industry cannot provide effective protection against DDoS attacks compared to CloudFlare, which dominates in both criteria. However, there may be other factors at play that I'm not aware of.

Over the past 5 years, cybersecurity issues have begun to be approached many times more seriously. If earlier such terms as "mirror barrier" or "DDoS filter" were approached with disdain, now any normal hosting cannot do without these tools. Essentially, cloudflare provides both a CDN package and cloud solutions. After 2014, when big companies were under attack and cloudflare just couldn't keep up, users started thinking about alternatives or replacements. I discovered Sukuri for myself, which provides both a protective screen that protects against both DDoS attacks, SQL injection, and XSS-JavaScript hаcks.

DDoS protection can vary greatly and may mean different things to different people. Some may block IP addresses that exceed certain traffic limits, while others use reputation databases or machine learning models to detect abnormal traffic.

Caching HTTP traffic, dropping malicious HTTP requests, rate limiting, and load balancing are all potential DDoS protection strategies. However, these techniques would require terminating TLS and inspecting HTTPS traffic, which is considered L7 protection.

While some may criticize Cloudflare for reading plaintext traffic, it's important to note that any provider offering L7 protection would need to do the same. Trust is an issue in this scenario, as users need to consider whether they trust their hosting provider who has physical access to the server hardware and controls the VPS hypervisor.

In summary, DDoS protection can take many forms, and different providers may implement varying techniques. It's essential to carefully consider what type of protection you need and whether you trust the provider offering such services.