CloudFlare is a free service that accelerates and secures your website by acting as a proxy between your visitors and the Mosaic hosting servers. With CloudFlare, you can protect your website against malicious visitors, save bandwidth and reduce average page load times.
How Does It Work?
Once CloudFlare is enabled for your website, it is designated as your authoritative name servers; this allows CloudFlare to clean and accelerate your traffic as all requests to your website are now routed through CloudFlare. With network routing technology and 23 data centers around the world, CloudFlare is able to:
- Bring visitors the fastest connection possible – CloudFlare’s global Anycast network routes customers to the closest datacenter, resulting in your website loading twice as fast for your visitors no matter where they are located.
- Screen your website’s traffic for malicious visitors – CloudFlare receives requests for your website and analyzes them to determine if a visitor is a threat based on the visitor’s IP, the resource being requested, the payload being posted and how frequently requests are being made among other things. Threats are blocked and good visitors are able to quickly access the pages they request.
- Optimize your web content – Rocket Loader technology is included in all CloudFlare plans (even the free one) and helps your website to more efficiently process requests for third party scripts like apps, widgets and tags. Rocket Loader ensures that no script blocks your page content from loading by bundling all script requests into a single request and loading them one at a time.
Advantages of CloudFlare
There are several advantages to using the CloudFlare service:
- Site Performance Improvement – CloudFlare has proxy servers located throughout the world which are located closer to your visitors; this makes page load speed improvement possible as the cached content is delivered from the closest caching box rather than directly off our servers. There is a lot of research that shows the faster the site, the longer a visitor stays.
- Mobile Device Optimization – Various technologies, such as Rocket Loader and AutoMinify, come together to make your pages as fast and efficient as possible no matter what device is surfing your site.
- Bot and Threat Protection – CloudFlare uses data from its own community,Project Honey Pot and other third party sources to identify malicious threats online and stop attacks before they even get to your site. You can see which threats are being stopped by accessing your CloudFlare dashboard.
- Spam Comments Protection – CloudFlare leverages data from third party resources to reduce the number of spam comments on your site.
- Alerting Visitors of Infected Computers – CloudFlare alerts human visitors witth infected computers that they need to take action to clean up the malware or virus on their machine. Visitors can then enter a CAPTCHA to gain access to your site.
- Offline Browsing Mode – In the event that Mosaic servers are unavailable, visitors should still be able to access your site since CloudFlare serves visitors a page from its cache.
- Lower Resource Usage – As fewer requests hit Mosaic servers, the overall CPU usage of your account is reduced. Even during a traffic surge, your server will stay online as CloudFlare absorbs the requests.
- New Site Stats – CloudFlare gives you insight into search engine crawlers, and threats and legitimate traffic in easy to read formats.
- CloudFlare Apps – CloudFlare offers a single marketplace where the web’s leading apps can be quickly and safely installed on any website with just a few clicks.
- SSL Support – SSL usage is now applicable through CloudFlare.
Limitations of CloudFlare
Before enabling CloudFlare for your website, you may want to consider the following:
- Currently, requests must be directed to www.yourdomain.tld instead ofyourdomain.tld which means you may need to make some configuration changes (WordPress installations are automatically adjusted).
- CloudFlare caches static content from your site. While this reduces the load on your server, it means that if you make a change to an existing static file, like an image, there may be a delay before the change appears. While you are updating your site, you can put CloudFlare in Development Mode so that changes appear immediately.
CloudFlare Statistics and Settings
CloudFlare provides detailed website statistics and offers various customizable settings, allowing users to make the most of this free service. Statistics and settings can be accessed from within the cPanel plugin (for Shared and Reseller hosting plans) or directly from the CloudFlare dashboard.
Accessing Statistics and Settings via the CloudFlare cPanel Plugin
To access statistics and settings from the CloudFlare plugin in cPanel:
- Log into cPanel.
- Under the Software/Services section, click the CloudFlare icon.
- Select Statistics and Settings next to the CloudFlare-enabled domain for which you wish to view statistics and settings.
From the cPanel CloudFlare plugin, users can view basic statistics from the previous week for the selected domain. Statistics for the CloudFlare Free plan update every 24 hours.
Available statistics include:
- Page Views – The number of visits to the site that return HTML content (sorted by legitimate human views, search engine crawlers and bots, and threats)
- Unique Visitors – The number of legitimate human views, search engine crawlers and bots and malicious visitors with unique IP addresses
- Requests Saved – This number defines how many page requests hit CloudFlare servers instead of Mosaic servers, lowering resource usage and increasing page load speed.
- Bandwidth Saved – This number defines the amount of bandwidth used on CloudFlare instead of Mosaic.
The following configuration options for CloudFlare are all available in one, convenient place within the cPanel CloudFlare plugin:
- CloudFlare Account Type – Allows users to upgrade their CloudFlare plan from Free to CloudFlare Pro
- CloudFlare Security Setting – Changes how sensitive CloudFlare is when challenging visitors. A low setting will challenge only the most threatening visitors, while a high setting will challenge all visitors that have shown malicious behavior within the past 2 weeks. We recommend starting with high or medium setting.
- Development Mode – When enabled, changes made to the site are shown immediately. If disabled, changes will only display when the cache refreshes. Development Mode will automatically toggle off after 3 hours.
- Cache Purge – Forces CloudFlare to clear all cached content for a site and fetch a new version
- Always Online – Enables a site to serve cached content even if the server is unavailable and allows viewers to go back to viewing the site live when the server is back online
- Automatic IPv6 – If enabled, CloudFlare will listen to IPv6, even if your host or server only supports IPv4, meaning that your site will work no matter which network it’s being viewed on.
Accessing Analytics and Settings via the CloudFlare Dashboard
For more in-depth statistics and settings for a CloudFlare-enabled domain or to retrieve statistics for multiple domains all at once, you will need to navigate to the CloudFlare dashboard.
To access the CloudFlare dashboard:
- Click on the See More Statistics button in the middle of the cPanel CloudFlare plugin page. You will be redirected to www.cloudflare.com/login.
- Sign into CloudFlare, and you will be automatically directed to the Analytics page of the dashboard.
While the majority of the information in the CloudFlare dashboard is available in the cPanel plugin, the CloudFlare Analytics dashboard contains some notable features which are listed below:
- Combined statistics for all CloudFlare-enabled domains
- A detailed graph, customizable to show page view, hits or bandwidth data for any combination of regular traffic, crawlers/bots or threats, which shows statistics as far back as 30 days
- A pie graph that visually breaks down the site’s traffic by type of visitor
The CloudFlare dashboard offers some additional configuration options for CloudFlare-enabled domains. To access these advanced settings:
- From the CloudFlare dashboard, click the Websites button at the top of the page.
- Click on the gear icon next to the domain for which you’d like to edit settings. A drop-down menu will appear with the following settings:
- DNS settings – Disconnects the selected domain from CloudFlare
- CloudFlare settings – Offers some advanced security and performance settings which are not available in cPanel, including minimum expire TTL, auto minify and Rocket Loader
- Page rules – Allows users to set rules that apply to sub-sections of a website.
- Development mode – When enabled, changes made to the site are shown immediately. If disabled, changes will only display when the cache refreshes. Development Mode will automatically toggle off after 3 hours.
- Pause CloudFlare – Temporarily deactivates CloudFlare for a website
- Delete domain – Permanently removes a website from a CloudFlare account
CloudFlare features a Threat Control dashboard where users can view an analysis of threats to their sites. Here, users can also specify which visitors CloudFlare allows and which visitors will be blocked. To access the Threat Control dashboard:
- Log into your CloudFlare account.
- Next to the website you wish to view, click Threat Control.
Any threats to your website which CloudFlare detects will be listed in the Alerts section of the Threat Control dashboard. If an item appears in this area, the visitor was challenged with a CAPTCHA before gaining access to your website. The following details will be provided for each threat:
- Type of threat
- Threat score
- Date detected
- IP address
- Country of origin
- Status of threat
Types of Threats
The following is an overview of the types of threats detected by CloudFlare:
- Botnet Zombie: Computers identified as infected with a virus that are doing something malicious such as sending spam
- Rule Breaker: An automated crawler or bot that does not appear to follow robots.txt or other rules
- Email Harvester: A visitor identified as stealing email addresses from websites
- Web Spammer: A visitor caught posting spam comments or spam blogs
- Exploit Hacker: A visitor caught attempting to exploit weaknesses in code
High Priority Alerts
An exclamation symbol ( ! ) next to the threat type indicates an item which requires attention for one of two reasons:
- The visitor was blocked; however, the visitor passed the CAPTCHA and left a message requesting to be permanently whitelisted.
- The visitor is listed as a threat in CloudFlare’s global system but was allowed to get through based on your security settings.
Threat scores are used to indicate the severity of a particular type of threat. The scores are determined by a logarithm and generally range from 0 to 100. The higher the score, the more severe the threat.
CloudFlare allows users to specify a preference for how threat scores are handled in the security settings. The following options are available:
- High – Anything greater than 0 will be challenged.
- Medium – Anything greater than 8 will be challenged.
- Low – Anything greater than 15 will be challenged.
- Essentially Off – Anything greater than 25 will be challenged.
Blocking or Trusting Visitors
In the Threat Control dashboard, CloudFlare users can choose to either block or trust visitors listed as threats in the Alerts list. Users also have the ability to manually enter an IP, IP range or country name to block or trust.
If a threat is trusted or blocked, the visitor’s IP address will be placed into either the Trust list or Block list respectively. Visitors with IPs listed in the Block list will not be challenged with a CAPTCHA. They will be completely restricted from accessing the website.
The following are commonly asked questions pertaining to the use of CloudFlare with Mosaic web hosting services.
- Is the CloudFlare plugin available to all hosting plans?
- How much does CloudFlare cost?
- Do I need to change my nameservers to use CloudFlare?
- I signed up for CloudFlare through cPanel. How do I log into the CloudFlare dashboard?
- I already have an SSL I purchased from Mosaic. It does not use a special subdomain. How can I get my SSL to work with CloudFlare?
- I have an SSL from another company I would like to use. How can I get this SSL to work with CloudFlare?
- Why do I see a black page saying CloudFlare has not been set up for my domain?
- How do I use CloudFlare page caching?
1. Is the CloudFlare plugin available to all hosting plans?
Currently, all plans may enable CloudFlare services via cPanel. The service is also available to VPS and Dedicated Servers upon request. Unfortunately, CloudFlare is not available on any Windows VPS or Dedicated Servers.
For more information on how to sign up and activate CloudFlare through cPanel for your hosting account, please see the following article:
2. How much does CloudFlare cost?
For basic service, CloudFlare is free; however, some additional features may require an upgrade and additional payment. To compare CloudFlare’s plans and prices, please visit:
3. Do I need to change my nameservers to use CloudFlare?
When you change your domain’s nameservers to CloudFlare nameservers, you make CloudFlare your DNS provider while keeping your current hosting provider and registrar the same. CloudFlare is then able to route potentially malicious traffic away from your site before it reaches your server.
If You Signed Up via cPanel
If you signed up for CloudFlare through cPanel, you should not change your nameservers.
If You Signed Up Via CloudFlare’s Website
If you signed up for CloudFlare through the CloudFlare website, you must change your nameservers. From that point, any change that would typically be made to DNS through cPanel will need to be made in the management portal of your CloudFlare account instead.
This method is only recommended for advanced users who cannot make the redirections that basic mode demands. If you attempt to add a domain via advanced mode, you will not be able to add the domain via basic mode until you remove it from the CloudFlare dashboard.
4. I signed up for CloudFlare through cPanel. How do I log into the CloudFlare dashboard?
For help retrieving the user name and password for your CloudFlare account, please see the following article:
5. I already have an SSL I purchased from Mosaic. It does not use a special subdomain. How can I get my SSL to work with CloudFlare?
CloudFlare now offers SSL encryption, including both free and paid plans. (Note that an SSL is required on your Mosaic domain to fully encrypt your data, as CloudFlare’s service only covers traffic outbound from their own servers.)
Mosaic customers who have signed up for CloudFlare service via their cPanel will encounter errors when attempting to use the free CloudFlare SSL service, and CloudFlare recommends that such customers upgrade to a paid account.
Please refer to the following articles from CloudFlare’s knowledge base to learn more about this service and how to configure it to work with your HostGator account:
- How do I add SSL to my site?
- Why am I getting an error message that my domain is not eligible for a SSL certificate?
- Why am I getting a “SSL expired” error message?
6. I have an SSL from another company I would like to use. How can I get this SSL to work with CloudFlare?
You may use a third-party SSL on your Mosaic server to secure data sent to CloudFlare. The same conditions apply as listed for Mosaic SSLs above.
Information on installing third-party SSLs to your HostGator account may be found here:
7. Why do I see a black page saying CloudFlare has not been set up for my domain?
This error is most likely the result of a DNS error preventing the subdomain from resolving. For detailed instructions on how to correct this issue, please see the following article:
8. How do I use CloudFlare Page Caching?
CloudFlare allows users to adjust CloudFlare behavior settings to fit the needs of their website, including cache policy, performance and security for specific URLs. To learn how to use this feature, please see the following article: