I think Iโve seen that asked before, but canโt find the post now. I also know quite some instances of Fedi use Cloudflare.
This site is missing some alternatives such as the Swiss Infomaniak, so be mindful.
Edit: or maybe not such a good alternative after all https://www.tomsguide.com/computing/vpns/infomaniak-breaks-rank-and-comes-out-in-support-of-controversial-swiss-encryption-law
Beware that infomaniak does kyc even for such simple things like buying a domain.
I think the main selling point of Cloudflare is their free plan. Iโm not sure if these alternatives will take off, since there is just one provider with a free plan amongs that, and itโs somewhat limited. But then I donโt know why so many people use Cloudflare for Fediverse services. My instance runs fine without.
I assume itโs to handle DDOS attacks? If somebody has beef with your instance, it would be very easy to bring it down for an extended period of time without some kind of protection in front.
Itโs kind of like a fire extinguisher, everything is fine without it, right up to the point it isnโt.
Supposedly, yes. Though I only ever read about attacking with uploaded images, maybe lots if requests which are crafted to result in expensive database queriesโฆ Iโm not sure if itโs ever something Cloudflare could protect from? I mean all their advertising about security, mitigation and prevention sure goes down like oil. But I sometimes wonder if itโs just 100% snake-oil for use-cases like thisโฆ
I think the fire-extinguisher is a proper set up of Linux, updates, backups, and a web application without a lot of issues in the program code, and a minimum of attack surface.
