What is CloudFlare and how it works

Cloudflare

Hello Friends,

Today I will discuss cloudflare. Many of us heard about CloudFlare.

As general, most people know that CloudFlare is a company which provides custom nameservers and a private IP address. Many people also think that if a domain is using CloudFlare nameservers, that means the domain is hosted with remote end. But that is not always true. We need to verify whether the domain (which is using CloudFlare nameservers) is hosted with us or it is with remote end.

 

Here I am starting the theory and concept about CloudFlare.

Cloudflare is a provider that provides the service for the performance of the Websites. If any domain is using the Cloudfare nameserver, then the performance of that domain will increase. It will serve faster.

CloudFlare protects and accelerates any website online. Once the website is a part of the CloudFlare community, its web traffic is routed through their intelligent global network.

They automatically optimize the delivery of the web pages so the visitors get the fastest page load times and best performance. They also block threats and limit abusive bots and crawlers from wasting the bandwidth and server resources.

 

How to check whether the domain is loading from our server or remote server:

If the domain is using CloudFlare nameservers, the domain can use any IP, either our server’s IP or some remote IP.

Method 1:

Create a test page in the server and load the page. If the test page loaded, then the domain is hosted with us and it is using our server to server the files of the domain.

Method 2:

Use the below command to know whether the domain is present in our server:

Syntax:

dig domain.com @our_server_ip_address

Example:

dig beanexpert.online @456.34.54.656

After executing the above command, if you get A record of the server in ANSWER Section, then the domain is with us and it is present in the server “456.34.54.656”. Further, the above command will also show the authoritative nameservers. A snippet is given below to understand this clearly:

 

dig beanexpert.online @456.34.54.656

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.47.rc1.el6_8.4 <<>> beanexpert.online @456.34.54.656
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41519
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;beanexpert.online.             IN      A

;; ANSWER SECTION:
beanexpert.online.      14400   IN      A       456.34.54.656

;; AUTHORITY SECTION:
beanexpert.online.      86400   IN      NS      ns2.mydomain.com.
beanexpert.online.      86400   IN      NS      ns1.mydomain.com.

;; ADDITIONAL SECTION:
ns1.mydomain.com.     14400   IN      A       456.34.54.656
ns2.mydomain.com.     14400   IN      A       456.34.54.656

;; Query time: 288 msec
;; SERVER: 456.34.54.656#53(456.34.54.656)
;; WHEN: Sun May 14 02:57:47 2017
;; MSG SIZE  rcvd: 133

 

In the above snippet, you can see “ANSWER SECTION”, there we have received an IP address and in “AUTHORITY SECTION”, we received nameservers details, which is the authoritative nameservers.

While executing the above command, if you do not get any IP address in “ANSWER SECTION”, that means the domain is not present in the server that you are checking.

 

Where to change the DNS details of the domain using CloudFlare nameservers:

If a domain is using CloudFlare nameservers and if you want to make any changes in DNS for the domain, then this will be done at CloudFlare end, as the domain is using CloudFlare nameservers.

 

How CloudFlare works:

CloudFlare masks the original IP address and gives a different IP address so that the server IP address could not be revealed. Below diagram will show you how a domain works with/without CloudFlare.

 

CloudFlare

 

We can see that a domain without CloudFlare works a 2 tier application and a domain with CloudFlare works as 3 tier application.

In simple words, we can say that CloudFlare acts as a Firewall between a client and the server.

 

How to setup CloudFlare so that a domain can use CloudFlare services:

Setting up a CloudFlare service for a domain takes less than 5 minutes. Adding the website to CloudFlare requires only a simple change to the domain’s DNS settings.

CloudFlare does not require you to buy hardware, install software or change any code to get the benefits of our Content Delivery Network (CDN) or security. Instead, you deploy CloudFlare by changing the current authoritative name servers for your domain. This allows us to route potentially malicious traffic away from your site through our advanced filtering network and stop attackers before they reach your server as well as accelerate your content. This means that CloudFlare now becomes your free DNS provider. You keep your current hosting provider and registrar.

If you are ever unhappy you can turn CloudFlare off as easily as you turned it on.

Important: You do NOT need to change to CloudFlare’s nameservers if you signed up through a CloudFlare hosting partner’s panel option. Changing nameservers to CloudFlare is only required when you signup for CloudFlare directly.

Note: CloudFlare’s core service is free and they offer enhanced services for websites who need extra features like real time reporting or SSL.

To create a CloudFlare account and add a website, you can refer the URL:

https://support.cloudflare.com/hc/en-us/articles/201720164

 

Services offered by CloudFlare:

There are many services offered by CloudFlare. Some of them are listed below:

DDoS protection:

For all customers, Cloudflare offers an “I’m Under Attack Mode” setting. CloudFlare claims this can mitigate advanced Layer 7 attacks by presenting a JavaScript computational challenge which must be completed before a user can access a website.

Web application firewall:

CloudFlare allows customers on paid plans to utilize a web application firewall service. By default, the firewall has the OWASP ModSecurity Core Rule Set alongside CloudFlare’s own rule set and rule sets for popular web applications.

Reverse proxy:

Cloudflare supports new web protocols, including SPDY and HTTP/2. In addition to this, Cloudflare offers support for HTTP/2 Server Push. It also supports proxying WebSockets.

Reverse Proxy: A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from one or more servers. These resources are then returned to the client like they originated from the Web server itself.

If you setup CloudFlare account, then you will get the below services from them:

 

CloudFlare services

 

A small overview of the above options:

  1. Overview: Here you will status and summary of the domain.
  2. Analytics: Here you can view the performance and security statistics of your domain.
  3. DNS: You can manage your Domain Name System (DNS) settings.
  4. Crypto: Manage cryptography settings for your website, like SSL.
  5. Firewall: Manage access by IP, country, or query rules DDoS protection.
  6. Speed: Manage performance settings for your website.
  7. Caching: Manage caching settings for your website.
  8. Page Rule: Control your Cloudflare settings by URL.
  9. Network: Manage network settings for your website, like WebSockets, IPv6 Compatibility.
  10. Traffic: Control and manage your traffic and review firewall events.
  11. Customize: Personalize the error and challenge pages that Cloudflare presents to your visitors.
  12. Scrape Shield: Protect content on your site.

 

Conclusion:

Cloudflare-powered the websites to see a significant improvement in performance and a decrease in spam and other attacks.

If you have any question, feel free to comment below. I will be more than happy to assist you. 🙂

Thank you.

My name is Shashank Shekhar. I am a Software Engineer, currently working in one of the leading web-hosting companies in India. I am having 2 years of experience in Linux Server Administration.

I love to work in Linux environment & love learning new things.

Powered by Facebook Comments

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.