CloudFlare? What is it? How does it works? Let’s get the questions to be solved up here.
What is cloudflare?
CloudFlare is a CDN(Content Delivery Network) which protects website from attacker. Does it host website on their webserver? No, They don’t host website but in simple way we can say that it builds a wall between the Host and the visitor of that specific website. The picture below explains the chart when a site is not under CloudFlare protection and when it is under protection.
It means when a website is under CloudFlare, visitors and crawlers are given access to the website but attackers aren’t given the access.
Here is the explanation by CloudFlare team “How does CloudFlare works?”
Cloudflare is designed to accelerate and secure any website. Our system works somewhat like a Content Delivery Network (CDN), but is designed to be much easier to setup and configure.
To explain how the system works, imagine you have a website (allen.com) and it’s running a web server with the IP address of 220.127.116.11. Before Cloudflare, if someone typed your website’s domain (allen.com) into their browser, the first thing that visitor’s computer would do is send a query to the DNS system and get back your web server’s IP address (18.104.22.168).
In order to make Cloudflare easy to set up, we take advantage of how this basic function of the Internet works. Rather than having you add hardware, install software, or change your code, we have you designate two Cloudflare nameservers as the authoritative nameservers for your domain (e.g., bob.ns.cloudflare.com and sara.ns.cloudflare.com). You make this change with the registrar from which you bought your domain (e.g., GoDaddy, Network Solutions, Register.com, etc.).
Designating Cloudflare as your authoritative nameservers doesn’t change anything about your website. Your registrar remains your registrar, your hosting provider remains your hosting provider, and so on. However, because we are your authoritative nameserver, we can begin cleaning and accelerating your web traffic.
To make this happen we use a network routing technology called Anycast (and some other fancy tricks) to route initial DNS lookups for your domain to a Cloudflare data center closest to the visitor. We have data centers around the world and we’re growing every month. The data center that receives the request returns an answer in the form of an IP address (e.g., 22.214.171.124), which directs all the visitor’s subsequent requests to the best data center for them.
After a visitor’s browser has done the initial DNS lookup, it begins making requests to retrieve the actual content of a website. These requests are directed to the IP address that was returned from the DNS lookup. Before Cloudflare, that would have been 126.96.36.199, with Cloudflare as the authoritative nameserver that would be 188.8.131.52 (or some other address depending on what Cloudflare data center is closest to the user). Cloudflare’s edge servers running on that IP address receive the request and perform analysis on it. We scan to see if the visitor appears to be a threat based a number of characteristics including the visitor’s IP address, what resource they are requesting, what payload they are posting, how frequently they’re making requests, etc.
Assuming the visitor is not a threat, the frontline checks the request against the Cached resources on our front line servers to see if the resource being requested is in Cloudflare’s local cache. If we have a local copy of the file being requested, then we can deliver it directly to the visitor from a local data center greatly increasing request response time.
If the request is for a type of resource we don’t cache, or if we don’t have a current copy in our cache, then we make a request from our data center (184.108.40.206) back to your origin server (220.127.116.11). Because of our scale, we can get premium routes from our data centers back to most places on the Internet. As a result, while it may seem counter-intuitive, it is sometimes the case that the number of “hops” a visitor’s request makes going through the Cloudflare network is less than the number of “hops” that they would have made going to the origin web server directly, even when we aren’t able to return a result from our cache.
The combination of these systems means that we can protect sites from malicious visitors by stopping them before they even get to the origin web server, save over 60% of the bandwidth that a site would otherwise have to pay for, save over 65% of the requests that would otherwise have to be handled by a site, and cut in half average page load times. In order to make performance even better, we also do web content optimization.
But their is an increase in terrorism through CloudFlare, What? How can be terrorism spread behind CloudFlare? As per media and some activist cyber groups, Terrorists organisation like LeT, ISIS and etc are protecting website under CloudFlare and they are paying to CloudFlare to make themselves protective against the attack by Law Enforcement agencies. CloudFlare is bad-rated in these cases.
How to bypass CloudFlare?
If the owner of the website haven’t configured CloudFlare carefully, it can be bypassed and we can get the real IP of that website which is hiding behind CloudFlare. Like if subdomain’s DNS isn’t protected under cloudflare then we can ping those subdomains and get real IP.
One of a service called “CrimeFlare” does the same for you in an easier way.
The video tutorial below will help you bypass CloudFlare using “CrimFlare”.