CloudlFlare is bad. I won't go into too many details, but those who understand -- understand. The goal is to see if it can be replaced for less or equal money and -- in case it can be done -- to understand exactly how to approach this task.
Why replace Cloudflare (tl;dr version)
Why replace Cloudflare (tl;dr version)
- My estimate of what they'd charge is anywhere between $7,000/mo and infinity (this is based on my personal experience with them). I think maybe this budget can be lowered if Cloudflare is replaced with a local solution -- especially when projects grow and there's more traffic. But we'll start with $7,000/mo as our budget.
- Cloudflare holds private SSL keys to be able to snoop on traffic and be able to decide what to do with each request (side effect being: they see ALL traffic between your users and your website).
- Cloudflare allegedly DDoS-es websites until they either pay up or, at least, subscribe to their free tier (strategy is, basically, to beat you up until you give in and let them read your traffic -- or, in other words, it's a racket).
- DDoS protection: ip-address filtering and DB of ip-addresses, ASNs and their reputation
- Auto-enabling protective measures upon traffic spikes (showing captcha, etc) or when other conditions are satisified.
- Request filtering: filter attempts at SQL-injections, XSS and other requests that attempt to break into your app or infrastructure in some way.
- Some kind Web-UI to set up various rules for any given website the system is protecting. The UI doesn't have to be feature-rich, but there has to be a UI, because setting this up via command-line will, quite clearly, get very tedious.