Comment by johnmaguire
1 year ago
Cloudflare's CDN capabilities are separate from DDOS protection and indeed many requests cannot be cached due to the resources being sensitive (i.e. authenticated requests.)
Again, there are many forms of proxies and DDOS protection that do not rely on TLS interception, just as there are cars that do not rely on gasoline. Cloudflare has many less technical home users who use their service to avoid sharing their IP online, avoid DDOS, or access home resources. I do not think the average Internet user is familiar with these concepts. There are many examples of surprised users on subreddits like /r/homelab.
how would they know what to cache? the response headers from the server are encrypted. there is maybe the high end l3 protection available if you have the resources. the free tier has caching bundled.
Also, how would their certificates work if they don’t see content?
> how would they know what to cache?
That's a weird question to ask to someone that went out of their way to describe a non-caching situation.
> Also, how would their certificates work if they don’t see content?
Can you be more specific? I'm not sure which feature you're asking about or how it uses certificates.
But the answer is likely "that feature isn't necessary to provide DDOS protection".
Sorry, they did not go much out of their way, to simply claim “solutions exist”. Sure, you could invent other ways of protecting your traffic but what CF offers in the free tier always includes SSL termination with their own certificates (if you enable ssl), and always includes caching.
7 replies →