$250,000 revenue. $1 billion valuation. W - T - F. This better be a bloody joke.
The more I read the article, the more it seems that the article is definitely masterful PR from CloudFare. K.M. Cutler either took the bait hook-line-and-sinker (comparing vanity metrics for a proxy service to service sites, etc.) or the bubble is way worse than I imagined.
This article is littered with inaccurate comparisons. Getting to 400M uniques for them is completely different than facebook or twitter. It should be better compared to how long did it take google analytics to hit 400M uniques.
I do like the idea of what they are doing, the DDOS protection alone makes their service worth at least $100/Month to most revenue generating sites. If they are signing up 30k new customers per month, and 1% pay $20/month, then you're talking about growing by $6k/revenue or more a month. compounding that adds up. I'd be surprised if they didn't break $1-2M in revenue in 2012. (pure speculation, no insider info. I do use their plugin on my blog)
Agreed. Think about how easy it would be for people to ditch Cloudflare for a competitor versus, say, Twitter. Very few of those 400M even know they're using the service.
It's not even 400m uniques unless you consider delivery of a cached page a unique where the end viewer of the page doesn't even know he is served by cloudflare. Other than hijacking the 404 pages (which would be a percentage of the uniques) there isn't any value that I can think of to that. It's like serving up dns queries in a way.
I was thinking exactly the same thing. The value is compared to the commercial DDOS protection services that many of these hosts offer like liquid web http://www.liquidweb.com/services/ddos.html ($$$)
Cloudflare is a frigging nightmare if you're outside the US and on a dynamic ip(which includes pretty much everyone in India.)
I keep having to enter a captcha on links from HN, because a lot of people apparently use them.
Things like these(although probably helpful to the site authors) are actually breaking the internet unfortunately.
Although I banned China, Russian and some eastern euro countries after getting hit heavy by spammers and using Cloudflare to see that they all came from there. Spam went down by 99% after that.
The caveat is that none of my signups were coming from those countries (where Diabetes is less prevalent).
FWIW, Cloudflare lets you configure how aggressive you want it to be in blocking "threats." The default seems a bit strong, but there's an option labelled "essentially off"
I've had terrible experiences with cloudflare, a fellow HN user uses it and I constantly have problems connecting to his site (cloudflare telling me it's down) when it's definitely up and accessible by others. I definitely see the value in their product (idea) though.
They've caused me a fair amount of downtime on several sites too. The third time they made my sites unavailable for hours I cancelled the paid plan and switched off them.
Their service is so flaky that at present I would never consider upgrading from the free tier to the paid tier. Theoretically it's a great idea and something I'd pay for, but not when it's so busted.
Agreed. It also adds time connecting to your site, sometimes up to 100ms. Google crawlbot stats confirm it every time I switch on or off using Cloudflare.
Not sure its worth the bandwidth/http request savings on a small site. If you run a big site, you'd be willing to pay for a top notch CDN.
Some big swings in the opinions on CloudFlare in this thread so far. I've used CloudFlare on a site with low traffic and I liked the results and so I just recommended that a publisher client who gets around 20,000 daily uniques should use it too.
On reading some of the criticisms here, I'm concerned I made the wrong recommendation - but at the same time, I'm also seeing comments like "CloudFlare is fantastic". Can anyone weigh in with what I really need to know about CloudFlare in order to ascertain if it's a good choice for my client or not?
I used it for my low traffic personal site and thought it was great. But then one my posts got on the front page of HN and the traffic triggered CAPTCHAs for everyone. I dialed down the security settings and the CAPTCHAs went away, but still, that was annoying. And tech support wouldn't own up to their software thinking an HN spike was an attack.
Then I used it for my startup, which was using an SSL cert, and it had major problems on launch day because of that (ugh). It continued to have SSL compatibility issues for a week, so I've only been using it as a DNS since. As a test, I enabled it on staging and have left it off on production. To their credit, it seems like the SSL downtime issues have gone away.
It's been fine as a DNS, but I don't really have any desire to enable the CloudFlare features again. I love the idea of it keeping me safe from spambots and DDOS. At the same time, it really is a single point of failure, and it's failed more than any other technology in my stack. And the caching layer is way too brittle. I've set up rules to turn it off in staging.
I hate their stance toward SSL. When one of the sites on Cloudflare needed SSL the only thing you could do was turn off caching for HTTPS.
Since then they've added an SSL service where you can get an SSL cert from them. It only SSL's the traffic from the client to Cloudflare, not from Cloudflare back to the server so you've still got part of your transport not secured. I wonder how many people bought into that service without realizing that. (You can have Cloudflare connect HTTPS back to your server, but they still offer that partially covered option for some reason).
If you take a look at the number of domains transferred out from cloudflare servers daily (just change the date in the URL below) while they have a net gain generally every day it's interesting (and confirms what you are saying) about the service. Why so many people leaving so consistently?
Same here. One of my clients uses it for all of his sites, and we have all sorts of problems with it. For a while it was flagging my Linux and Mac PCs as sending viruses/spamming cloudflare sites. They couldn't provide me any logs though.
Same here, it always thinks me or someone on my network has a virus and asks me to enter a re-captcha before "granting access" to the site. I have no clue why it thinks that!
I usually get flagged when following popular links from Twitter. I just find it highly annoying their support doesn't care. When this happens, I just get told to wait 72 hours or whatever and go back to the site. I wonder how many users sites lose because of that.
I've been using CF for a few months, and thus far it's been great: I use it to server static files and my bandwidth bill is 100 USD cheaper. I host on linode, and their bandwidth is pretty expensive.
Few users complained about being blocked. I contacted the support, but their answers didn't solve my problem. Finally, I figured out how to add my country to the "trust list" and never heard about blocks ever since.
I can't speak much for Cloudflare's CDN features, but they're one of the best free DNS providers I've ever come across - Anycast, web management, and API-wise. I use them mostly for that.
What is the barrier to entry for CloudFlare? Putting a few servers in different colos, buying quality bandwidth, set up BGP anycast, get the IP Geolocation database from MaxMind. We are talking a service that could be duplicated with open source software and about $100K to $250K investment.
Enlighten me... a 1U server can handle nearly 1Gbps of traffic. BGP anycast - a solved problem. How many different locations do you need? For USA - Chicago, NYC, WashDC, Boston, LA, Phoenix, Dallas. In Europe - Amsterdam, Frankfurt, Berlin, London, Paris, Moscow/StPete, probably a few I have missed. Australia, Singapore, Taiwan, HongKong. Half a rack (20U) in each location would more than cover most, though possibly the USA would require more.
But Cloudflare isn't just a CDN, it has an application firewall/security thing built in too.
That's important because suddenly you can't get away with just Varnish, and rolling Apache+mod_security out to each node is probably insufficient as well.
The other thing to realize about cloudflare is unless you play with your apache logs any hits coming in will show cloudflare Ip's as accessing pages as opposed to the end users. There are workarounds for this (if you know enough to play with apache etc. config) but the default state when you sign up gives you the cloudflare ips.
I'm surprised at a lot of the negative posts about CloudFlare. We serve around 100 million impressions monthly through CloudFlare, and have been doing so for the past year with no issues.
The negative posts don't seem to be directed at the company, which probably is a solid company doing great things. Just the crazy $1 billion dollar valuation figure being thrown around.
not a bubble, not a bubble, not a bubble, not a bubble...
no but seriously. sounds like a CDN for your static URLs and maybe combined with a web throttler and web firewall in front of your dynamic URLs. I do see some revenue potential there, especially in providing service to companies with weak/no tech staff.
People who are looking at the revenue and think this valuation is outrageous probably have a fundamental misunderstanding of the CDN market.
$1 billion is high, but not outrageous.
Akamai is the market leader, and currently valued at ~$7 billion. They recently bought the most innovative player in the CDN market (Cotendo) for $250 million.
CloudFlare may not have huge revenue, but they have something that all the other non-Akamai CDN players would kill for: a huge, quickly growing customer base.
Their lack of revenue is a byproduct of their freemium business model. It's not a big problem, because CloudFlare can change the parameters in that model at anytime, and provided they are keeping customers happy it should be a fairly easy conversion to a paid customer.
People are used to paying for webhosting, and Cloudflare are already building reseller agreements with companies like Dreamhost to build these relationships further.
The biggest problem I see with CloudFlare is that they don't have strong (any?) video CDN offerings. At the moment that isn't a big problem for them (not many of their customers need it since most use SaaS platforms for video) but I would imagine it is an area they are looking hard at.
That may be true and they could have out of this world potential but I can't think of any sector or business model where a P/S ratio of 4000 is anywhere close to sane.
I've also had issues with CF. Saying the site is down while I'm logged into the server. Does anybody have any solid alternatives to the bot blacklist? It gets hard to keep up with htaccess ip blocks, and it's more or less all I'm using it for now (apart from DNS which can be changed anyway).
55 comments
[ 4.1 ms ] story [ 105 ms ] threadThe more I read the article, the more it seems that the article is definitely masterful PR from CloudFare. K.M. Cutler either took the bait hook-line-and-sinker (comparing vanity metrics for a proxy service to service sites, etc.) or the bubble is way worse than I imagined.
I can see the Superbowl ads already: "It's not really the cloud unless it's dot-cloud."
I do like the idea of what they are doing, the DDOS protection alone makes their service worth at least $100/Month to most revenue generating sites. If they are signing up 30k new customers per month, and 1% pay $20/month, then you're talking about growing by $6k/revenue or more a month. compounding that adds up. I'd be surprised if they didn't break $1-2M in revenue in 2012. (pure speculation, no insider info. I do use their plugin on my blog)
It's not even 400m uniques unless you consider delivery of a cached page a unique where the end viewer of the page doesn't even know he is served by cloudflare. Other than hijacking the 404 pages (which would be a percentage of the uniques) there isn't any value that I can think of to that. It's like serving up dns queries in a way.
Things like these(although probably helpful to the site authors) are actually breaking the internet unfortunately.
Although I banned China, Russian and some eastern euro countries after getting hit heavy by spammers and using Cloudflare to see that they all came from there. Spam went down by 99% after that.
The caveat is that none of my signups were coming from those countries (where Diabetes is less prevalent).
Not sure its worth the bandwidth/http request savings on a small site. If you run a big site, you'd be willing to pay for a top notch CDN.
Cloudflare sits in a weird middle ground.
On reading some of the criticisms here, I'm concerned I made the wrong recommendation - but at the same time, I'm also seeing comments like "CloudFlare is fantastic". Can anyone weigh in with what I really need to know about CloudFlare in order to ascertain if it's a good choice for my client or not?
Then I used it for my startup, which was using an SSL cert, and it had major problems on launch day because of that (ugh). It continued to have SSL compatibility issues for a week, so I've only been using it as a DNS since. As a test, I enabled it on staging and have left it off on production. To their credit, it seems like the SSL downtime issues have gone away.
It's been fine as a DNS, but I don't really have any desire to enable the CloudFlare features again. I love the idea of it keeping me safe from spambots and DDOS. At the same time, it really is a single point of failure, and it's failed more than any other technology in my stack. And the caching layer is way too brittle. I've set up rules to turn it off in staging.
Since then they've added an SSL service where you can get an SSL cert from them. It only SSL's the traffic from the client to Cloudflare, not from Cloudflare back to the server so you've still got part of your transport not secured. I wonder how many people bought into that service without realizing that. (You can have Cloudflare connect HTTPS back to your server, but they still offer that partially covered option for some reason).
http://www.dailychanges.com/cloudflare.com/2012-04-14/
Honestly, I hate them.
I usually get flagged when following popular links from Twitter. I just find it highly annoying their support doesn't care. When this happens, I just get told to wait 72 hours or whatever and go back to the site. I wonder how many users sites lose because of that.
That's 1/6th the Akamai market cap.
You know, Akamai. That other little CDN. The one that happens to make 4000x the revenue of Cloudflare.
Ah well, it's probably justified. Cloudflare insists they're not a CDN after all. They only happen to offer the exact same services by accident.
This is from techcrunch and not confirmed...
Few users complained about being blocked. I contacted the support, but their answers didn't solve my problem. Finally, I figured out how to add my country to the "trust list" and never heard about blocks ever since.
I had similar problems with blocked users and site-is-down false positives, so I had to drop it.
What else could justify such a valuation for a Web security proxy provider?
But Cloudflare isn't just a CDN, it has an application firewall/security thing built in too.
That's important because suddenly you can't get away with just Varnish, and rolling Apache+mod_security out to each node is probably insufficient as well.
Edit: fixed url, thanks.
The idea of rebuilding it for $250k is ludicrous.
On the other hand, that is the baseline pitch that has been used by starry-eyed start-ups for ages now.
https://www.cloudflare.com/wiki/Log_Files
no but seriously. sounds like a CDN for your static URLs and maybe combined with a web throttler and web firewall in front of your dynamic URLs. I do see some revenue potential there, especially in providing service to companies with weak/no tech staff.
$1 billion is high, but not outrageous.
Akamai is the market leader, and currently valued at ~$7 billion. They recently bought the most innovative player in the CDN market (Cotendo) for $250 million.
CloudFlare may not have huge revenue, but they have something that all the other non-Akamai CDN players would kill for: a huge, quickly growing customer base.
Their lack of revenue is a byproduct of their freemium business model. It's not a big problem, because CloudFlare can change the parameters in that model at anytime, and provided they are keeping customers happy it should be a fairly easy conversion to a paid customer.
People are used to paying for webhosting, and Cloudflare are already building reseller agreements with companies like Dreamhost to build these relationships further.
The biggest problem I see with CloudFlare is that they don't have strong (any?) video CDN offerings. At the moment that isn't a big problem for them (not many of their customers need it since most use SaaS platforms for video) but I would imagine it is an area they are looking hard at.
Drug dealers, if you measured the P/S ratio right after they have given out that first, free hit :)
Seriously, though: that's how freemium business models work. They deliberately delay revenue to build adoption.