CloudFlare security

CloudFlare leverages the knowledge of a diverse community of websites to power a new type of security service. Online threats range from nuisances like comment spam and excessive bot crawling to malicious attacks like SQL injection and denial of service (DOS) attacks. CloudFlare provides security protection against all of these types of threats and more to keep your website safe.

Automatic learning of new attacks

CloudFlare’s technology automatically detects new attacks that arise against any website on its network. Once CloudFlare identifies that there is a new attack, CloudFlare starts to block the attack for both the particular website and the entire community. This also means the longer you are on CloudFlare, the better the protection becomes. See a customer case study at the CloudFlare blog.

Ridiculously easy security

Forget the confusing control panels of most security products. With CloudFlare, simply choose the security setting for your website. You can choose between I'm under attack!, High, Medium, Low and Essentially off. Provide the full armor defense, or stop only the worst threats. Behind the scenes, our systems learn about your site and automatically tune protection to your particular needs.

Threat reports and details

CloudFlare shows you the list of threats that have been stopped from reaching your website. You can sort and see threats by type, country origin, and severity. CloudFlare protects against a range of threats: cross site scripting, SQL injection, comment spam, excessive bot crawling, email harvesters, and more.

Browser integrity

Automatically performs a browser integrity check for all requests to your website by evaluating the HTTP headers for threat signatures. If a threat signature is found, the request will be denied.

Visitor reputation

CloudFlare uses threat data from a variety of sources to build a reputation for every visitor online. You set the desired security setting for your site and then CloudFlare’s network stops the threats before it reaches your website. Reputation-based security provides a first line of defense for your website.

Block list / trust list

In addition to CloudFlare’s automatic detection, you can easily add an IP address, IP ranges or entire countries to your Trust and Block list.

Saved bandwidth and server resources

By stopping threats before they get to your website you save bandwidth and resources. Your server is also freed up to serve your legitimate traffic optimally.

Protect SSH / Telnet / FTP ports

Add a layer of protection to ports like SSH, FTP and Telnet by disabling them for your root domain. Continue to access them from a subdomain of your choosing.

Collaborative security

CloudFlare uses the collective intelligence of its community to get smarter. CloudFlare’s network learns from every new attack and then shares that information with the rest of the CloudFlare community. What this means is that since CloudFlare continually learns, every site, regardless of size, makes the system smarter.

Breaking the cycle of malware

Websites are empowered to inform visitors with compromised computers so these visitors can take action to clean the malware infection.

One-click SSL (Pro, Business and Enterprise)

SSL adds an additional layer of security for your visitors coming to your website. Add SSL with a single click without requiring you to change your existing configuration. CloudFlare makes it extremely easy to extinguish
the FireSheep!

Pro features

Web application firewall (WAF)

With no hardware to install, you can stop real-time attacks like SQL injection, cross-site scripting and comment spam with CloudFlare’s cloud-based web application firewall, which stops the malicious attack before it can cause damage to your website.

Learn more

One-click SSL

Add SSL with a single click without requiring you to change your existing configuration.

Learn more

Business and Enterprise features

Advanced DDoS protection – layer 3 and 4

Your network and servers are automatically protected from a range of TCP floods including SYN, UDP and ICMP attacks. Never install another piece of hardware or software, and never worry again about bandwidth and overage fees.

Advanced DDoS protection – layer 7

Sudden surges in traffic are often difficult to manage. CloudFlare layer 7 DDoS protection offers your website automatic protection by constantly monitoring and reacting to changes in your site’s traffic patterns.

Custom mod_security rules

Allow CloudFlare to manage your mod_security rules from our edge without the overhead of actually running mod_security, including OWASP compliance rules

SSL encryption

Enable SSL with either a SSL certificate issued by CloudFlare or by uploading your own dedicated certificate to the CloudFlare network. We allow for upload of any SSL certificate type including Extended Validation (EV) SSL.