First and foremost, if your choices are to either run entirely unencrypted or to protect against the 95% (or thereabouts) of transport layer threats that exist between your visitors and your origin, do the sensible thing. Nobody in their right mind is going to advocate for remaining totally unencrypted rather than using CloudFlare purely to encrypt between their edge nodes and your users. There are people not in their right mind that will argue to the contrary and that's precisely what the title of this post suggests - it's unhealthy security absolutism.
Secondly, remember that you're getting many other things out of the box with CloudFlare including all that edge node caching goodness. As I said earlier, if you're paying for bandwidth and you can shave the vast majority of that off your origin for free and serve your content fast then that's a serious advantage. That should be in your ROI somewhere.
And finally, as I recently wrote, HTTPS served over HTTP/2 has a massive speed advantage and you get that from CloudFlare even if your origin doesn't support HTTP/2. Of course it only makes sense for the requests that aren't served from your old HTTP/1.1 origin, but that's a small portion of them anyway.
I'm aware of how evangelical this sounds so for the sake of total transparency, I'm not incentivised by CloudFlare in any way and they've never paid me for anything or given me any free or discounted services. When I really like a technology, I get excited about it and that combined with the counterproductive attitudes I've mentioned throughout this post are what's led me to write it.
Troy Hunt - https://www.troyhunt.com/cloudflare-ssl-and-unhealthy-security-absolutism/
Comments
0 comments
Please sign in to leave a comment.