*Inability to resist DDoS/traffic surges/etc.* I heard a rumour[1] that you guys...

eli · on Sept 10, 2014

Just like there's no such thing as "unlimited data storage" there isn't really such a thing as "unlimited DDoS protection." I assume there's SOME limits on how much you get with a free or even $20 plan. I can only imagine what the companies that specialize in DDoS protection charge.

spindritf · on Sept 10, 2014

Sure. But if protection starts at $200/mo (CloudFlare Business) then it's not really for smaller sites with a controversial opinion. For $200 you can get two dedicated servers with DDoS protection on top.

valarauca1 · on Sept 10, 2014

2 dedicated servers might buy you ~3-4GB/s of DDoS protection. Cloudflair's base model protects from around 100GB/s, which what commonly takes banks offline (Bank of American, or Chase be taken down with ~70GB/s).

They gave talk at defcon21 about migrating a 300-400GB/s DDoS (Roughly 1.25% of all internet traffic in the US at the time was that DDoS).

When you start getting into DDoS's >300GB/s your DDoS will start causing issues for providers, and backbone companies, not just Cloudflair.

spindritf · on Sept 10, 2014

I didn't mean going at it alone with two rented boxes but rather a service provided by your operator with the rental like http://www.soyoustart.com/en/anti-ddos.xml

rdl · on Sept 10, 2014

Gb everywhere you said GB, just to be fair (gigabits per second, not gigabytes per second)

khc · on Sept 10, 2014

I don't know if it's true or not, but given that they've paid nothing, doesn't that seem perfectly fair?

jamespo · on Sept 10, 2014

It's fortunate that Cloudflare don't have a monopoly on serving HTTP content with DDoS protection in that case, although perhaps they do have a monopoly on providing those services for free.

rdl · on Sept 10, 2014

We also give free service to various NGOs/activist groups/etc at the "we accept huge DDoS and won't shut you off level" -- https://www.cloudflare.com/galileo FWIW