I found out about Cloudflare from a link on Hacker News. Assuming it works (and if you’re reading this 24-48h after I post it, then it presumably is) it’s just insanely wonderful.

Basic idea — sit in between your website and users (including robots and would-be attackers) and massage what the users see (e.g. replace harvestable email addresses with scriptlets) and the way they are able to access your content (e.g. cache static content, insert analytics code, block cross-links and war dialers) while acting as a CDN. And do it for free (at least for now).

Setup is wonderfully handled if not quite completely painless — although it’s close. You need to enter your DNS records one-by-one (at least, you’re supposed to — I’m pretty sure the automatic detection it does would probably be sufficient in most cases) which took me a while for since it has a whole lot of bizarre legacy subdomains. (And since a denial of service attack doesn’t care how popular a subdomain is, you shouldn’t ignore them.)

So, I’ll see how it goes, and add any updates here.

First update: it works as advertised. I’ve set it up for, but not for my other sites. I’ve since switched on some additional features including Javascript minification. Check out this link.

Second update: I added to Cloudflare. Unlike (which has all kinds of whacky DNS records because of all the different prototypes and experiments I’ve set up on it over the years) this took about two minutes and didn’t involve any data entry.

Tentative Conclusion

If Cloudflare cost $20/month/site it wouldn’t be worth it for my little personal site. It probably wouldn’t even be worth it for RiddleMeThis. But it’s free. For any kind of serious site, the $20/month seems like a no-brainer.

The joy of Cloudflare is that it frees you up to create websites in a more sensible manner. Instead of working with normal JavaScript files then minifying them at the last moment you can simply code with sensible files (and debug with them) and then simply flip a switch and everything is minified.