Comment by bubblethink

8 years ago

That's because HTTPS allows that. Whether it's cloudflare, or your own servers and load balancers, it's all legal. So it would be unfair to single cloudflare out. You could take some measures to identify their flexible-ssl traffic, and that's a grey area, but their regular ssl is fine. If it weren't for them, you would roll your own solution, which wouldn't be very different.

3 comments

bubblethink

Reply
lifthrasiir  8 years ago

Ultimately I believe CF is sustaining its business by filling a gap in the Internet, namely DDoS protection. Until somehow the gap is closed we will see CF-like services continue to be popular even after this incident.

  • homakov  8 years ago

    So there is no cheap in-house solution to DDoS but CF?

    • lifthrasiir  8 years ago

      CF's success (especially in the free plan) suggests that this might be actually true---I'm afraid I cannot prove or disprove the claim (that's why I believe so). My observation comes from drawing the parallel to djb's Internet Mail 2000 [1], which tries to counter spams by changing mail storage to the sender's responsibility.

      [1] https://cr.yp.to/im2000.html