55 comments

[ 4.1 ms ] story [ 105 ms ] thread
$250,000 revenue. $1 billion valuation. W - T - F. This better be a bloody joke.

The more I read the article, the more it seems that the article is definitely masterful PR from CloudFare. K.M. Cutler either took the bait hook-line-and-sinker (comparing vanity metrics for a proxy service to service sites, etc.) or the bubble is way worse than I imagined.

Burst bubble, burst!
But it's "Cloud," very different from the .com a while back. I heard it on TV and read it in a blog.
Has anyone filed the ~$200K ICANN application to get the .cloud TLD going yet?

I can see the Superbowl ads already: "It's not really the cloud unless it's dot-cloud."

$0 revenue, $1 billion valuation? Anyone wants to guess who it is?
This article is littered with inaccurate comparisons. Getting to 400M uniques for them is completely different than facebook or twitter. It should be better compared to how long did it take google analytics to hit 400M uniques.

I do like the idea of what they are doing, the DDOS protection alone makes their service worth at least $100/Month to most revenue generating sites. If they are signing up 30k new customers per month, and 1% pay $20/month, then you're talking about growing by $6k/revenue or more a month. compounding that adds up. I'd be surprised if they didn't break $1-2M in revenue in 2012. (pure speculation, no insider info. I do use their plugin on my blog)

Agreed. Think about how easy it would be for people to ditch Cloudflare for a competitor versus, say, Twitter. Very few of those 400M even know they're using the service.
"Getting to 400M uniques"

It's not even 400m uniques unless you consider delivery of a cached page a unique where the end viewer of the page doesn't even know he is served by cloudflare. Other than hijacking the 404 pages (which would be a percentage of the uniques) there isn't any value that I can think of to that. It's like serving up dns queries in a way.

Um. Read the WHOLE story. I point out that their comparisons are flawed.
Cloudflare is a frigging nightmare if you're outside the US and on a dynamic ip(which includes pretty much everyone in India.) I keep having to enter a captcha on links from HN, because a lot of people apparently use them.

Things like these(although probably helpful to the site authors) are actually breaking the internet unfortunately.

This is a fair criticsm.

Although I banned China, Russian and some eastern euro countries after getting hit heavy by spammers and using Cloudflare to see that they all came from there. Spam went down by 99% after that.

The caveat is that none of my signups were coming from those countries (where Diabetes is less prevalent).

FWIW, Cloudflare lets you configure how aggressive you want it to be in blocking "threats." The default seems a bit strong, but there's an option labelled "essentially off"
I don't think that option was there initially, at least not for the free tier. It's nice that it's there now.
I've had terrible experiences with cloudflare, a fellow HN user uses it and I constantly have problems connecting to his site (cloudflare telling me it's down) when it's definitely up and accessible by others. I definitely see the value in their product (idea) though.
They've caused me a fair amount of downtime on several sites too. The third time they made my sites unavailable for hours I cancelled the paid plan and switched off them.
Their service is so flaky that at present I would never consider upgrading from the free tier to the paid tier. Theoretically it's a great idea and something I'd pay for, but not when it's so busted.
Agreed. It also adds time connecting to your site, sometimes up to 100ms. Google crawlbot stats confirm it every time I switch on or off using Cloudflare.

Not sure its worth the bandwidth/http request savings on a small site. If you run a big site, you'd be willing to pay for a top notch CDN.

Cloudflare sits in a weird middle ground.

I've experienced terrible service as a customer as well. I think that place is a mess.
Some big swings in the opinions on CloudFlare in this thread so far. I've used CloudFlare on a site with low traffic and I liked the results and so I just recommended that a publisher client who gets around 20,000 daily uniques should use it too.

On reading some of the criticisms here, I'm concerned I made the wrong recommendation - but at the same time, I'm also seeing comments like "CloudFlare is fantastic". Can anyone weigh in with what I really need to know about CloudFlare in order to ascertain if it's a good choice for my client or not?

I used it for my low traffic personal site and thought it was great. But then one my posts got on the front page of HN and the traffic triggered CAPTCHAs for everyone. I dialed down the security settings and the CAPTCHAs went away, but still, that was annoying. And tech support wouldn't own up to their software thinking an HN spike was an attack.

Then I used it for my startup, which was using an SSL cert, and it had major problems on launch day because of that (ugh). It continued to have SSL compatibility issues for a week, so I've only been using it as a DNS since. As a test, I enabled it on staging and have left it off on production. To their credit, it seems like the SSL downtime issues have gone away.

It's been fine as a DNS, but I don't really have any desire to enable the CloudFlare features again. I love the idea of it keeping me safe from spambots and DDOS. At the same time, it really is a single point of failure, and it's failed more than any other technology in my stack. And the caching layer is way too brittle. I've set up rules to turn it off in staging.

I hate their stance toward SSL. When one of the sites on Cloudflare needed SSL the only thing you could do was turn off caching for HTTPS.

Since then they've added an SSL service where you can get an SSL cert from them. It only SSL's the traffic from the client to Cloudflare, not from Cloudflare back to the server so you've still got part of your transport not secured. I wonder how many people bought into that service without realizing that. (You can have Cloudflare connect HTTPS back to your server, but they still offer that partially covered option for some reason).

Thanks, I really appreciate the personal insight. I may take a wait-and-see approach with this one now.
If you take a look at the number of domains transferred out from cloudflare servers daily (just change the date in the URL below) while they have a net gain generally every day it's interesting (and confirms what you are saying) about the service. Why so many people leaving so consistently?

http://www.dailychanges.com/cloudflare.com/2012-04-14/

Same here. One of my clients uses it for all of his sites, and we have all sorts of problems with it. For a while it was flagging my Linux and Mac PCs as sending viruses/spamming cloudflare sites. They couldn't provide me any logs though.

Honestly, I hate them.

Same here, it always thinks me or someone on my network has a virus and asks me to enter a re-captcha before "granting access" to the site. I have no clue why it thinks that!
I wonder if it's related to odd traffic spikes: http://news.ycombinator.com/item?id=3856364

I usually get flagged when following popular links from Twitter. I just find it highly annoying their support doesn't care. When this happens, I just get told to wait 72 hours or whatever and go back to the site. I wonder how many users sites lose because of that.

Is is April 1st yet again?

That's 1/6th the Akamai market cap.

You know, Akamai. That other little CDN. The one that happens to make 4000x the revenue of Cloudflare.

Ah well, it's probably justified. Cloudflare insists they're not a CDN after all. They only happen to offer the exact same services by accident.

Lets all wait until they actually get valued at $1 billion before getting all excited.

This is from techcrunch and not confirmed...

I agree that it's a pretty high valuation, but Cloudflare is fantastic.
With 100x the customers, maybe that's a bargain?
I've been using CF for a few months, and thus far it's been great: I use it to server static files and my bandwidth bill is 100 USD cheaper. I host on linode, and their bandwidth is pretty expensive.

Few users complained about being blocked. I contacted the support, but their answers didn't solve my problem. Finally, I figured out how to add my country to the "trust list" and never heard about blocks ever since.

Seems likely that there are other users that are blocked and never complain, and just leave.

I had similar problems with blocked users and site-is-down false positives, so I had to drop it.

I can't speak much for Cloudflare's CDN features, but they're one of the best free DNS providers I've ever come across - Anycast, web management, and API-wise. I use them mostly for that.
Either this is total BS or some VCs are trying to ride the Instagram wave.

What else could justify such a valuation for a Web security proxy provider?

What is the barrier to entry for CloudFlare? Putting a few servers in different colos, buying quality bandwidth, set up BGP anycast, get the IP Geolocation database from MaxMind. We are talking a service that could be duplicated with open source software and about $100K to $250K investment.
One of the least informed opinions I've seen on HN.
Enlighten me... a 1U server can handle nearly 1Gbps of traffic. BGP anycast - a solved problem. How many different locations do you need? For USA - Chicago, NYC, WashDC, Boston, LA, Phoenix, Dallas. In Europe - Amsterdam, Frankfurt, Berlin, London, Paris, Moscow/StPete, probably a few I have missed. Australia, Singapore, Taiwan, HongKong. Half a rack (20U) in each location would more than cover most, though possibly the USA would require more.
http://fastly.com does that: Varnish on SSDs.

But Cloudflare isn't just a CDN, it has an application firewall/security thing built in too.

That's important because suddenly you can't get away with just Varnish, and rolling Apache+mod_security out to each node is probably insufficient as well.

Edit: fixed url, thanks.

CloudFlare also provides basic analytics, DNS, url rewrite rules, and a fairly decent UI.

The idea of rebuilding it for $250k is ludicrous.

And fastly is crazy expensive.
"We are talking a service that could be duplicated with open source software and about $100K to $250K investment."

On the other hand, that is the baseline pitch that has been used by starry-eyed start-ups for ages now.

Try it for $250K ...let me know how that goes.
The other thing to realize about cloudflare is unless you play with your apache logs any hits coming in will show cloudflare Ip's as accessing pages as opposed to the end users. There are workarounds for this (if you know enough to play with apache etc. config) but the default state when you sign up gives you the cloudflare ips.

https://www.cloudflare.com/wiki/Log_Files

That's how any proxy service works. It's not just CloudFlare.
I'm surprised at a lot of the negative posts about CloudFlare. We serve around 100 million impressions monthly through CloudFlare, and have been doing so for the past year with no issues.
The negative posts don't seem to be directed at the company, which probably is a solid company doing great things. Just the crazy $1 billion dollar valuation figure being thrown around.
not a bubble, not a bubble, not a bubble, not a bubble...

no but seriously. sounds like a CDN for your static URLs and maybe combined with a web throttler and web firewall in front of your dynamic URLs. I do see some revenue potential there, especially in providing service to companies with weak/no tech staff.

People who are looking at the revenue and think this valuation is outrageous probably have a fundamental misunderstanding of the CDN market.

$1 billion is high, but not outrageous.

Akamai is the market leader, and currently valued at ~$7 billion. They recently bought the most innovative player in the CDN market (Cotendo) for $250 million.

CloudFlare may not have huge revenue, but they have something that all the other non-Akamai CDN players would kill for: a huge, quickly growing customer base.

Their lack of revenue is a byproduct of their freemium business model. It's not a big problem, because CloudFlare can change the parameters in that model at anytime, and provided they are keeping customers happy it should be a fairly easy conversion to a paid customer.

People are used to paying for webhosting, and Cloudflare are already building reseller agreements with companies like Dreamhost to build these relationships further.

The biggest problem I see with CloudFlare is that they don't have strong (any?) video CDN offerings. At the moment that isn't a big problem for them (not many of their customers need it since most use SaaS platforms for video) but I would imagine it is an area they are looking hard at.

That may be true and they could have out of this world potential but I can't think of any sector or business model where a P/S ratio of 4000 is anywhere close to sane.
I can't think of any sector or business model where a P/S ratio of 4000 is anywhere close to sane.

Drug dealers, if you measured the P/S ratio right after they have given out that first, free hit :)

Seriously, though: that's how freemium business models work. They deliberately delay revenue to build adoption.

I've also had issues with CF. Saying the site is down while I'm logged into the server. Does anybody have any solid alternatives to the bot blacklist? It gets hard to keep up with htaccess ip blocks, and it's more or less all I'm using it for now (apart from DNS which can be changed anyway).
Did anyone else originally hear about them because the lulzsec page used them?