brienblatt.com
4 min read 834 words

What Cloudflare Is, and Why I Run Everything Through It

Cloudflare is more than a CDN. Here's what it does, what it doesn't, and why the free tier is enough for most sites.

Published Updated
On this page +
  1. Once you understand Cloudflare, you wonder how you ran sites without it
  2. What it does, in one paragraph
  3. Performance — the part most people know
  4. Security — the underrated part
  5. DDoS protection
  6. Web Application Firewall (WAF)
  7. Bot management
  8. Free SSL/TLS
  9. Reliability
  10. Analytics worth looking at
  11. The free tier is shockingly good
  12. What Cloudflare is not
  13. When it isn’t the right call
  14. Setting it up
  15. Why I keep using it

Once you understand Cloudflare, you wonder how you ran sites without it

I thought Cloudflare was a CDN. Cache your stuff on servers around the world, serve it faster. Done.

It does do that. It also does about ten other things I now consider non-negotiable.

Cloudflare sits between your site and the rest of the internet. Traffic, security, performance, DNS — all in one panel. For a site like this one (Astro, Cloudflare Pages, no traditional backend), it’s the whole stack.

Here’s why I keep recommending it.

What it does, in one paragraph

A visitor types your URL. The request hits the closest Cloudflare edge first, not your server. Cloudflare decides what to do with it — serve a cached page, block a bot, challenge a suspicious IP, or pass it through to your origin. By the time anything reaches your server, it’s been filtered.

Sounds like an extra hop. In practice it’s the opposite. Cloudflare’s edge is closer to your visitor than your origin almost always is.

Performance — the part most people know

Cloudflare runs data centers in 300+ cities across 100+ countries.

When someone visits your site:

  1. Their request hits the nearest Cloudflare edge
  2. If the page is cached there, it ships instantly
  3. If not, Cloudflare pulls from your origin, caches the response, and serves it

For a static site, the difference is night and day. Pages render from an edge node a few hops from the visitor, with no origin trip at all.

Security — the underrated part

This is where I pay the most attention.

DDoS protection

A DDoS attack is someone flooding your site with traffic to crash it. Cloudflare absorbs the flood without your origin ever seeing the storm.

I’ve watched a small site get hit. With Cloudflare in front, I noticed nothing until I checked the analytics. Without it, the site would have been down for hours.

Web Application Firewall (WAF)

The WAF blocks common attack patterns — SQL injection, XSS, path traversal — before they reach your server. The free tier covers the obvious stuff. Paid tiers let you write your own rules.

Bot management

Cloudflare sorts good bots from bad ones. Googlebot gets through. Scrapers, credential stuffers, and content thieves get challenged or blocked.

Free SSL/TLS

A free certificate, auto-renewed, terminated at the edge. No certbot cron job, no expiry alerts at 2am.

Reliability

If your origin goes down, Cloudflare keeps serving cached pages while you fix it. Always Online has saved me from a few embarrassing outages.

Smart routing also helps — if one edge has trouble, traffic shifts to the next.

For a business site, this is the difference between “we had an outage” and “nobody noticed.”

Analytics worth looking at

The dashboard shows:

  • Where visitors come from (country, ASN)
  • Which pages get hit
  • Threats blocked, by type
  • Cache hit ratio
  • p50/p95 response times

Enough to spot trends without dragging a third tool into the mix.

The free tier is shockingly good

Most of what I described is free:

  • Global CDN
  • DDoS protection
  • WAF (managed rules)
  • SSL/TLS
  • Analytics
  • Page rules (limited count)
  • DNS

You pay nothing to start. Paid tiers add advanced WAF rules, image optimization, longer cache retention, and so on. For most sites, free is plenty.

What Cloudflare is not

Worth being clear:

  • Not a hosting provider for legacy apps (Pages and Workers are their own thing)
  • Not a backup for your content. Keep your own copy.
  • Not a fix for slow code or a bloated database
  • Not a substitute for solid security on your origin

It’s a layer in front of whatever you’re running.

When it isn’t the right call

A few cases where I’d skip it:

  • You need narrow cache rules Cloudflare won’t allow
  • You run protocols beyond HTTP(S) on the same hostname (SSH, custom TCP)
  • You’re already on Fastly, Akamai, or Bunny and happy
  • Your audience is one country and latency is fine without an edge

For static sites and content-heavy blogs, those edge cases rarely apply.

Setting it up

The whole flow:

  1. Create a free account at cloudflare.com
  2. Add your domain
  3. Switch your nameservers to the two Cloudflare gives you
  4. Wait for DNS to propagate (usually under an hour, sometimes longer)
  5. Turn on the features you want, one at a time

Done. Your site is now behind Cloudflare.

Why I keep using it

It’s faster. It’s safer. It stays up. It’s free to start. For a static site running on Cloudflare Pages, the whole stack lives in one provider, one dashboard, one billing relationship.

If you’re running anything public-facing without an edge layer in front of it, you’re exposed in ways that have straightforward fixes. Setting it up takes an afternoon. Next time something tries to take the site down, you’ll barely notice.

Related posts