Have you actually run any sort of web service/website without Cloudflare? This sounds like something straight out of a sales reps mouth, obviously there is more solutions than just Cloudflare out there...
I dont think you appreciate the threat scenario discussed here if you think its reasonable to ask for personal experience. Leaves me to wonder if i am supposed to deny having committed any crimes while we are at it?
Still thank you for the response, gives the ability to clarify that this is by no means an advertisement. You have of course endless options for ddos mitigation right now. But once cloudflare no longer wants you, your other options have a tendency to evaporate as well.
>But once cloudflare no longer wants you, your other options have a tendency to evaporate as well
This! If the forces persecuting you made Cloudflare to drop you, and you go, you establish your own site and your own platform your own infrastructure, unless you have some billions lying around to put fiber optical cables over the oceans physically connecting your servers to the rest of the world, you will depend on other people. And the forces persecuting you, they could just go the next level and start to demand Tier 1 providers to drop you. And the whole thing start to derailing into a cat a mouse game. Where you will have to constantly be thinking "Okay, what is their next move to deplatform me?"
Because as you said. Usually when Cloudflare drops you... it's not very absurd to assume banking institutions, Mastercard, Visa, Google, Microsoft, Amazon, etc... will also drop you. And the law pretty much allows those multibillion dollar companies to deny service to a paying costumer, which is a pretty dangerous precedent in my opinion.
I believe cloudflare drops if they cannot withstand the level of traffic you’re being hit with, which is an exception to your suggestion. As per other posts, if CF drops you, you won’t be able to build your own ddos mitigating infra without billions. Microsoft and Amazon offer similar services, but I’m guessing cloudflare offers the best resiliency based on ops specific naming of CF.
I think generally with cloudflare is they may be quick to drop you (or demand payment) if large DDoS is a regular occurrence for you. The free tier is generous but it dries up if your a huge target.
My company runs a a bunch of large community products and we run cloudflare in front of them to handle frequent DDoS attacks. We also pay for a cloudflare enterprise plan though.
The other side of the coin is them dropping a custom for other reasons.
Is immediately after. And a person died. Clouflare are aware that they shouldn’t exist. They exist because they solve a problem that our telecoms networks and government/regulatory apparatus won’t. And it’s regarding the daily stormer.
Cloudflare keeps protecting the Russian state because if they don’t Russia will develop the technology themselves and then eat some of Cloudflare’s lunch. The effectiveness of a single period of successful DDOS attacks in a whole war is debatable.
It’s easy to stop a handful of neo Nazis. The Russian state is a lot harder. If you want Cloudflare to do it get the government to force them.
If cloudflare dropped someone because they couldn't withstand the traffic, that would be an exceptional event that would not go unnoticed. I don't believe they do that.
As someone who has run services online for the last two decades, without ever using Cloudflare, you do have "options". Those options tend to be rooted in proper network engineering, DDoS mitigation, owning and operating your own ASN and advertising routes through multiple physical POPs and proper distributed hosting, with low-dynamic content.
But if by "options" you are talking about "pay someone else to deal with the problem", then sure you might be right.
A lot of these solutions don't actually mitigate large DDoS attacks, or have enormous loopholes that can be bypassed by a novice attacker. I've heard that OVH's DDoS protection used to let in other OVH servers, for example.
When I checked, some of the equivalents to Cloudflare's lower plans cost hundreds of dollars a month.
> OVH's DDoS protection used to let in other OVH servers
And why wouldn't they? If you're getting ddos'd on OVH from OVH, they'll just turn off the source of the traffic rather than trying to fight it on the receiving end.
