What is Cloudflare and how do I use it to speed up and protect my website?
Cloudflare is a cloud-based CDN, security, and performance platform that acts as a reverse proxy in front of your website — caching content in 300+ global data centers, blocking malicious traffic, and providing DDoS protection before requests reach your origin server.
DETAILED EXPLANATION:
When you add a site to Cloudflare and update your nameservers, all traffic flows through Cloudflare's network. Cloudflare:
1. Resolves DNS queries to nearest Cloudflare PoP
2. Serves cached content (images, CSS, JS) directly from that PoP
3. Filters malicious requests (WAF rules, bot management)
4. Proxies legitimate dynamic requests to your origin server
Cloudflare Free tier includes: Global CDN, DDoS protection (unlimited), Free SSL, Basic WAF, Page rules (3), Analytics.
Cloudflare AI Gateway (2024): Proxy and cache LLM API calls (OpenAI, Anthropic), reducing latency and costs.
WHEN TO USE:
- Any public website (CDN + free SSL + basic DDoS protection)
- Hiding origin server IP (attackers can't DDoS your server directly)
- Globally distributed traffic (Cloudflare's PoP serves from nearest location)
- API protection and rate limiting
STEP-BY-STEP — Add website to Cloudflare:
1. Sign up at cloudflare.com (free)
2. Add site → enter your domain
3. Cloudflare scans existing DNS records
4. Review and confirm DNS records
5. Update domain nameservers at registrar (connectquest.co.in domain manager):
Replace with: ns1.cloudflare.com, ns2.cloudflare.com
6. Wait 24-48 hours for propagation
7. SSL/TLS > Mode: Full (Strict) — requires SSL on origin too
8. Speed > Optimization > Enable Auto Minify, Brotli, Rocket Loader
REAL EXAMPLES:
# Cloudflare API - purge cache
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/purge_cache" \
-H "Authorization: Bearer CF_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{"purge_everything":true}"
# Page Rule - Cache everything for static site
# URL: *yourdomain.com/assets/*
# Setting: Cache Level = Cache Everything, Edge Cache TTL = 1 month
# Workers - Edge function (runs at Cloudflare PoP)
export default {
async fetch(request) {
const url = new URL(request.url);
if (url.pathname === "/api/hello") {
return new Response("Hello from Cloudflare edge!");
}
return fetch(request); // Pass through to origin
}
}
FLOW:
[ User in Mumbai ] → Cloudflare Mumbai PoP (cache hit: <10ms) → [ User ]
[ User in Mumbai ] → Cloudflare Mumbai PoP (cache miss) → Connect Quest Origin Server → Cloudflare caches → [ User ]
KEY POINTS:
- Enable "Under Attack Mode" during DDoS: adds 5-second challenge page
- Orange cloud (proxied) = traffic through Cloudflare; grey cloud = DNS only
- Cloudflare does not replace origin server SSL — use Full Strict mode
- Workers enable serverless functions at edge — 0ms cold start
COMMON MISTAKES:
- SSL mode set to Flexible (encrypts Cloudflare↔User but NOT Cloudflare↔Origin — creates false sense of security)
- Caching dynamic pages (logged-in user pages, cart pages)
- Forgetting to whitelist Cloudflare IPs in server firewall
QUICK FIX:
Cloudflare showing 521 (Origin Down) → Check origin server is running, verify origin IP in DNS, check firewall allows Cloudflare IP ranges: https://www.cloudflare.com/ips/
DIFFICULTY: Beginner
RELATED: CDN, DDoS Protection, SSL, Website Performance
DETAILED EXPLANATION:
When you add a site to Cloudflare and update your nameservers, all traffic flows through Cloudflare's network. Cloudflare:
1. Resolves DNS queries to nearest Cloudflare PoP
2. Serves cached content (images, CSS, JS) directly from that PoP
3. Filters malicious requests (WAF rules, bot management)
4. Proxies legitimate dynamic requests to your origin server
Cloudflare Free tier includes: Global CDN, DDoS protection (unlimited), Free SSL, Basic WAF, Page rules (3), Analytics.
Cloudflare AI Gateway (2024): Proxy and cache LLM API calls (OpenAI, Anthropic), reducing latency and costs.
WHEN TO USE:
- Any public website (CDN + free SSL + basic DDoS protection)
- Hiding origin server IP (attackers can't DDoS your server directly)
- Globally distributed traffic (Cloudflare's PoP serves from nearest location)
- API protection and rate limiting
STEP-BY-STEP — Add website to Cloudflare:
1. Sign up at cloudflare.com (free)
2. Add site → enter your domain
3. Cloudflare scans existing DNS records
4. Review and confirm DNS records
5. Update domain nameservers at registrar (connectquest.co.in domain manager):
Replace with: ns1.cloudflare.com, ns2.cloudflare.com
6. Wait 24-48 hours for propagation
7. SSL/TLS > Mode: Full (Strict) — requires SSL on origin too
8. Speed > Optimization > Enable Auto Minify, Brotli, Rocket Loader
REAL EXAMPLES:
# Cloudflare API - purge cache
curl -X POST "https://api.cloudflare.com/client/v4/zones/ZONE_ID/purge_cache" \
-H "Authorization: Bearer CF_API_TOKEN" \
-H "Content-Type: application/json" \
--data "{"purge_everything":true}"
# Page Rule - Cache everything for static site
# URL: *yourdomain.com/assets/*
# Setting: Cache Level = Cache Everything, Edge Cache TTL = 1 month
# Workers - Edge function (runs at Cloudflare PoP)
export default {
async fetch(request) {
const url = new URL(request.url);
if (url.pathname === "/api/hello") {
return new Response("Hello from Cloudflare edge!");
}
return fetch(request); // Pass through to origin
}
}
FLOW:
[ User in Mumbai ] → Cloudflare Mumbai PoP (cache hit: <10ms) → [ User ]
[ User in Mumbai ] → Cloudflare Mumbai PoP (cache miss) → Connect Quest Origin Server → Cloudflare caches → [ User ]
KEY POINTS:
- Enable "Under Attack Mode" during DDoS: adds 5-second challenge page
- Orange cloud (proxied) = traffic through Cloudflare; grey cloud = DNS only
- Cloudflare does not replace origin server SSL — use Full Strict mode
- Workers enable serverless functions at edge — 0ms cold start
COMMON MISTAKES:
- SSL mode set to Flexible (encrypts Cloudflare↔User but NOT Cloudflare↔Origin — creates false sense of security)
- Caching dynamic pages (logged-in user pages, cart pages)
- Forgetting to whitelist Cloudflare IPs in server firewall
QUICK FIX:
Cloudflare showing 521 (Origin Down) → Check origin server is running, verify origin IP in DNS, check firewall allows Cloudflare IP ranges: https://www.cloudflare.com/ips/
DIFFICULTY: Beginner
RELATED: CDN, DDoS Protection, SSL, Website Performance