Cloudflare CDN

I am now on the Cloudflare service. I awoke this morning to see that my hosting service set it up without telling me in advance (bad), but since you can turn it off with a click not horrible.

I haven't noticed a huge difference in response today but my site is usually quick to load. I'll see what the hard numbers tell me after a few days. Since I have a lot of images plus some video and audio, I am hoping to see, at the minimum, more uniform performance without  the slowdowns caused by spikes in traffic (especially search engine crawlers hammering away at my site).

There are some other advantages that come automatically with the service: I can block IPs, ranges of IPs or whole countries at Cloudflare so that that traffic never hits my site. Since I currently have a huge IP blocklist in my .htaccess, I may try moving over to using their blocks and stripping that from my .htaccess file. They also keep tabs on a number of types of bad actors based on Project Honeypot and other services. I might experiment with unblocking countries and see if it catches most of the problems without any intervention by me. I've never really liked blocking whole countries but I was having such a problem from Russia, China, South Korea and eastern European countries that it just made managing the issue much easier.

For anyone interested, there is a free service option for Cloudflare providing CDN and the services I described above. They also have a paid service with more advanced features though many will find the basic service adequate. You can check it out at Home | CloudFlare | The web performance & security company. Support is available for many through their cPanel.

Bob

How are you monitoring performance?  Pingdom?

I am using both Pingdom and Site Speed in Google Analytics.

Bob

I had trouble with Pingdom.  It wouldn't see my site through cloudflare.  It would only see the direct.site.com, and even then it kept saying it was down when it wasn't.

How recently was that? I have not yet experienced that.

I noticed that a number of people were complaining of slower responses after installing Cloudflare. That has not been my experience thus far. People were also saying that Pingdom was showing longer response times which is what I have also noticed but my times are about the same in Site Speed in Google. I suspect that I will see more improvements as Cloudflare has more time to cache my site.

I did not have stats on Cloudflare this morning (it's been over the stated 24 hours). I am interested in seeing what information their stats provide.

Bob

So, I am liking the "threat protection" built into Cloudflare:



I'm thinking that if everything else works out that this will minimize the need for a feature like 0000290: Spammer database - ocPortal feature tracker. Perhaps not quite as powerful but awfully nice for a free solution.

I still have a lot of testing to do and need to see what my page load times are since that seems to be an issue for some would-be Cloudflare users. Of course, life is full of trade-offs and my decision might come down to those trade-offs.

The free version comes with minify support for JS, CSS and HTML - I've yet to turn any of these on as I want to get a baseline first and I know that minified resources can be problematic for some browsers.

Still, I am so far impressed with the options available for a free resource.

Bob

I know sholzy expressed interest some time ago about what my experiences with Cloudflare was like. Well, since I just started with Cloudflare last Thursday, I can now report a bit.

First, I am getting confusing results. Pingdom shows my page load times increasing however Site Speed in Google Analytics does not. The speed feels about the same to me but I will need to engage in more robust speed testing.

I have not yet taken advantage of some of the performance enhancements available in CF - minify (JS, CSS, HTML), gzip output, something they call Rocket loader (a pre-fetch, I believe). I plan on testing these one at a time especially since I expect to run into some issues with browser support. One improvement I have noticed is that my PDFs hosted on Scribd load significantly faster once they are cached on CF.

On the security front, I like what I see. They are catching a number of IPs flagged in Project HoneyPot and issuing a challenge response (a CAPTCHA). No response, no getting through.

I have been maintaining a pretty extensive block list by country in my .htaccess file which needs constant attention(although I am using a service which provides updates). I just read about CF's handling of country "blocks" - they do not actually ban all IPs from the country but rather issue a challenge response. I think this is a much better approach as I have felt that banning everyone from a coutry just because they have a few too many scofflaws for me to deal with individually was overkill. I am planning on trying CF's country block with either Latvia or Estonia - a real thorn for such small countries. If it works well, I will remove all country blocks from my .htaccess and use CF's instead. I will still maintain a block list in my .htaccess for exploited servers which may include significant swaths of nuisances from AWS servers.

That's it for now, more experimenting to do.

Bob

BobS said

I know sholzy expressed interest some time ago about what my experiences with Cloudflare was like. Well, since I just started with Cloudflare last Thursday, I can now report a bit.

I've been lurking this thread.  

Thanks for the info.  

So, I have noticed a slight delay on page loads and am not sure if it is happening on Cloudflare's end or if it also happens when going direct to the server. Unfortunately, my hosting provider (eLief)  seems to not be well-versed on Cloudflare because they have been unable to figure out the directions given by Cloudflare to bypass their proxies so that I can do a head-to-head test of the proxied v non-proxied results. eLief is working on this so hopefully there will be a resolution soon.

Another downside to using Cloudflare is that most all requests in your logs will show Cloudflare's IP addresses. Cloudflare provides a means to pass in the original source IP but eLief has apparently not implemented this. I have worked with both tech support and Richard Rowan on this issue which I hope is also resolved soon.

Bob

In the process of checking site performance, I have been using webpagetest.org which provides a great deal of information about how your page loads. In particular for my homepage, it shows a bunch of failures for "Proper cookie usage" with a score of 26/100. I am not sure if this is happening because of the Cloudflare proxy or if it is the way ocPortal is coded.

Could some of you kind people test a page or two from your non-Cloudflare sites to see if you also get the failures with cookies? After running the test, click the "Performance review" link and scroll down to the"Proper cookie usage" section.

Thanks for any input.

Bob

My interesting numbers, from the default test server (Dulles, VA USA (IE 6-9,Chrome, dynaTrace)), are:

IE 8

---

Proper cookie usage: 39/100
GZIP encode all appropriate text assets: 63/100
Leverage browser caching of static assets: 18/100

Firefox

---

Proper cookie usage: N/A
GZIP encode all appropriate text assets: 63/100
Leverage browser caching of static assets: 11/100

Chrome

---

GZIP encode all appropriate text assets: 63/100
Leverage browser caching of static assets: 11/100
Proper cookie usage: N/A

Bob,

If you point webpagetest.org to direct.yoursiteurl.com, then it'll bypass the Cloudflare proxy.

temp-

I wonder what's with the proper cookie usage and how it might impact performance.

Bob

o said

If you point webpagetest.org to direct.yoursiteurl.com, then it'll bypass the Cloudflare proxy.

Thanks. I thought I tried that. There might also be the issue that my .htaccess redirects to the www version of the url, thus putting me right back into proxy land.

Bob

EDIT: I tried this and it just resulted in a site not found error. I am going to need to figure out how to bypass the redirect to www version of the site when coming from my non-proxied sub-domain.

BobS said

temp-

I wonder what's with the proper cookie usage and how it might impact performance.

Bob

It probably refers to the idea of running all images off a separate domain with no cookies, so that cookie data isn't sent with each HTTP request for images.

Take some of these "micro optimisations" with a grain of salt. We're talking a few hundreds bytes for the cookie change, once per user (due to caching). Just because something can be optimised, doesn't mean it should. The makers of these tools can be rather single-issue fanatics and aren't going to talk trade-offs, costs, or practicalities – they're just going to try and mark as much stuff as they can to be 'comprehensive'. You could easily spend days tuning things and end up saving 20 milliseconds per request. That makes sense for huge sites with high variable costs relative to developer costs, not so much for most people.

When it talks about "leveraging browser caching" it is probably saying to configure the web server to explicitly say images etc should have a cache lifetime. The default mechanism is the server is told the date of the version the client has, and the server therefore tells the client if their version is already up-to-date rather than always re-transferring the data. With explicit ("Expires") caching no such check is performed, which removes a round-trip-time for each check (although they are done in parallel so that's not huge) but it has a big trade-off in that if you change images etc then the client won't get the new versions – meaning if you mess something up, it's too late to fix immediately, or if you make some change across multiple files, a client could end up with an inconsistent state between the two versions.

ocPortal CSS/Javascript is already minimised, that is a very worthwhile saving.

Distributing content away from a centralised server, and closer to users, which is the mai function here, that is also a useful thing.

Chris-

Thanks for jumping in. What you said makes perfect sense so I won't bother myself about that.

There are other optimizations available in Cloudflare that I have not turned on yet. For instance, there is one to combine the request for all CSS files which I am guessing is useful. There are also some pre-fetch settings which I suppose are hit-or-miss much like the leveraging of browser caches.

Bob

 there is one to combine the request for all CSS files which I am guessing is useful.

It's an interesting one. In v8 we've made it so if you wanted you could cut and paste CSS out of secondary CSS files, into global.css, leaving them blank. Then ocP is smart enough to sense what you did and not load them.

Pre-fetch sounds like a great idea to me.

Okay, so for all you evil grep/rewrite geniuses. Is there someway for me to exclude a specific URL from my rewrite rule to www.DOMAIN.com. The URL to be bypasssed is directxxxxx.OTHERDOMAIN.com.

Thanks for any help.

Bob

BobS said

temp-

I wonder what's with the proper cookie usage and how it might impact performance.
Bob

The term proper cookie didn't ring a bell until I read the explanation at the bottom of the webpagetest.org report page, which reads:

Any request for a static object that sends up a cookie will fail. All other requests that send up cookies will warn.

Which not only includes images, as Chris states, but also any other static content.

I recall reading something once on googles gstatic.com servers being highly optimised for serving static content (images, .js, etc), and I think the no-cookies benefit was mentioned there.

BobS said

Okay, so for all you evil grep/rewrite geniuses. Is there someway for me to exclude a specific URL from my rewrite rule to www.DOMAIN.com. The URL to be bypasssed is directxxxxx.OTHERDOMAIN.com.

I think this might work:
Using RewriteCond will only affect the rule that immediately follows it, so you may need to use it multiple times if you have multiple rules.