I am talking internally with the customer support team about what happened to this customer's traffic. It is definitively <i>not</i> the case that doing "four requests per minute" gets you rate limited.
As someone who has run a wide range of sites on Cloudflare for many years, I am certain this is bupkis.<p>1. Cloudflare doesn’t send 503 when they’re deliberately rate limiting; they send it when there’s an unexpected problem. It’s fairly rare, and it usually results in something being posted on cloudflarestatus.com if it persists.<p>2. Sometimes error rates are low enough or the conditions are obscure enough that you may have to contact support to point out that it’s happening. This is even rarer.<p>3. When you switch between plans, the IP addresses assigned to you may change, and users may hit different edges. If the issue is regional (as is usually the case), this may resolve it.<p>4. I have been sending tens of requests per second to a free plan over the course of several years and have never measured an increase in 503 responses on Cloudflare’s end compared to a paid plan.<p>5. Cloudflare’s response mentions specific 503 errors that are fairly rare; they’re notable because they look like a standard Nginx 503 page, rather than a nice Cloudflare error page. The only difference is that they will say “cloudflare” at the bottom where the Nginx version would normally be. You probably frequent sites that use Cloudflare free plans; how often do you see this error message?<p>6. What the hell is this n=1 correlation? It reads like a conspiracy theory. It <i>is</i> a conspiracy theory.<p>There are plenty of reasons to criticize Cloudflare, but this isn’t one of them.
While this blog post has very little in the way of proof, we actually got screwed over by CF a few weeks back. Basically, one morning all requests started being slow: small responses would take 7 seconds (within a few milliseconds, if you accounted for the RTT to the edge) with 7 seconds TTFB, larger ones (not sure exactly what the threshold was, but it was hundreds of KiB, not MiB) would take 1 minute (again, almost exactly 1 minute), but these would just stream very slowly. All while having cf-cache-status: HIT.<p>It turned out we got throttled because we were serving some (a minority, something like 10% of the traffic) video files from the domain and they wanted us to upgrade to enterprise (from business, I think). We just stopped serving video through them.<p>The annoying part was that we weren't notified and, obviously, had some downtime (no way you can call a site loading in 5 minutes up). They said they have released an update that does notify customers when this happens, though.
Today there was a topic on HN about customers who complain about limiting free tiers. That’s a great example of it, especially from someone who provides paid SaaS product.<p>Free tier is awesome for small websites, keeping domains and many other things. But if you run business who earns, then just pay for that god damn thing, and stop ranting. :-)
I think Cloudflare is fine in most of the cases. Putting title "Never use Cloudflare free plan" with so weak arguments in the blog post is too much.
Could this be explained by something like “there was some bug causing this person’s config to be in a weird state (on the cloudflare side), and changing the payment tier merely gave the system a kick that got it out of the bad state? After all, the person payed $20pm not because they thought it would give a better reliability but because they wanted better support for a weird issue. I’m not really very appalled by the idea that free users don’t get great support.
OP here. This article generated some attention and traffic. The claims contained in it are incorrect. After another contact with CF support, it turned out that the Bot Fight Mode behaves differently for Free and PRO plans. That's what caused the instant improvement after upgrading. Another way to resolve the issues I was experiencing would have been to disable the bot fight mode altogether or add a custom page rule disabling it. My website never experienced any traffic throttling. I've decided to remove the article, to stop spreading the misinformation about CF services.
I'm starting to lose faith in cloudflare lately - we're on the business plan and there's been some really strange UI bugs in the dashboard where it looks like state just isn't reflected properly (Access and Load Balancing being ones we see quite a bit)<p>Summary of things that we've had issues with lately:<p>- Caching of a specific route just stopped working.
I log a support ticket (nightmare to find in the dashboard) and miraculously it starts working again after the ticket gets responsded to.<p>- Some of our staff got locked out of part of our app because we exceeded the 5 free users of the "Access" plan. Upgraded to the 50 user plan in the new Teams part and it still didn't work. Contacted support, fixed again but no explanation. (multiple day turnaround on tickets)<p>We're invested in their tech a lot and I love workers - they really take some big tasks off us. If Azure come up with something compelling we'll probably switch though (assuming I can make sense of Azure's billing and product naming strategy)
Cloudflare might have other issues from time to time, but I've never experienced the similar problem.<p>I'm running around 40 domains on Cloudflare Free plan. About 20 of these domains have some traffic.
There is a pretty big collection of Hungarian historical photos online, a bit more than a terabyte, well above 100K of them and the photos are on B2 with Cloudflare fronting it. There's many terabytes of traffic each month and it's on the free tier. Since the hosting costs are covered by yours truly, I can assure you the project couldn't possibly afford cloud storage traffic prices. We would need to store it on a VPS and all the problems that come with it -- disk size, availability, reliability etc. I am so grateful for B2-CF to do this.<p>Special kudos for allowing the -- very cheap, only $5 -- worker addon without forcing a paid plan.
I just upgraded back to Pro, i will post the results in 1-2 days time. I used to use pro but there's really no benefit or difference.<p>Anyway i did a quick check, my 503 error is currently at 3.23k the past 7 days , that's out of 1 million request the past 7 days.<p>I was about to upgrade to ARGO and pay for it since i was optimising the bandwidth the past month until I saw this article which really gave me a shock.... because I heavily invested in Cloudflare stock market...... Which so far has good returns and i still believe in it but this article is critical ... If what this person say is true, I might exit Cloudflare earlier, from the stock market i mean.
Sounds weird. I'm not saying to trust Cloudflare blindly, but I used a social media site (very "reddit-like") my friend made and kept for over a year on free plan with no issues. Around 20-80 people online were actively creating content, private messages, browsing, upvoting, with live notifications with websockets and so on, it was a quite busy little site for a year or so). There never was issues with couldflare and it basically allowed the site to run on two smallest VPS machines mentioned friend could find.<p>Also why is author giving trust in a free service for his paid service? CF is not that expensive.
This article seems fairly scant on details to be honest. I understand how they came to the conclusion, but there's still quite a lot of conjecture here.
That does seem strange, I never experienced this myself. Also, I don't understand the use case for Cloudflare here, can you elaborate on "I’ve been using Cloudflare free plan for Abot"
My cost benefit analysis is that the Cloudflare free plan is a bargain. At any time I can instantly turn on the protection I might need because I have already integrated Cloudflare into my infrastructure.<p>I am careful about what technologies I add to my stack because I am a sole developer, but Digital Ocean and Cloudflare have been big wins for me.
Unpopular opinion - there's a lot of entitled people here and jumping to conspiracy.<p>There is no such thing as a free lunch [0] for people to depend a commercial service on. If your business model depends on another company providing you a free service perhaps you should reconsider.<p>This seems to be a person being cheap and jumping to conclusions, claiming broad assumptions and conjecture as fact.<p>Yes, cloudflare's free tier is deliberately dropping your requests to foil your freeloading commercial company - raise pitchforks!<p>Assuming this is all true (which I don't), I don't feel sympathy for the author for not purchasing a paid plan.<p>[0] <a href="https://en.wikipedia.org/wiki/There_ain%27t_no_such_thing_as_a_free_lunch" rel="nofollow">https://en.wikipedia.org/wiki/There_ain%27t_no_such_thing_as...</a>
I have nothing but good things to say about Cloudflare's free services. However my usage is limited to small static sites, which are free of surprises.
I was doing a couple of POSTs a minute on a paid plan, and I saw a random 2-3% of request to be failing they never hit my backend, speaking to support wasn't helpful at all, that's when we moved away from Cloudflare, I wouldn't base my business on it.
For what it's worth, Cloudflare actually provides error code stats for the free plan in Account Analytics. The 5xx errors bucket is at 0.18% for me, but I don't have that many requests.
One gotcha for CloudFlare is that I find they will serve CAPTCHA pages for asset requests (like JavaScript or CSS) which will break your site (obviously the user won't see the captcha when the browser was expecting JS or an image).<p>To avoid this you need to turn the firewall and security feats to "Essentially Off" at least for asset requests (you can do this partial blocking via a page rule).<p>That being said this doesn't seem to be an issue with Free vs Paid, just a general problem with their blocking.
I have two domains with millions of requests a month and hundreads of GB of bandwidth, both of them work quite well even in free mode.<p>However today and few days ago too it seems requests going through Cloudflare are just timing out. So we finally move to paid plan<p>We're monitoring both endpoints (CF and the origin)
<i>nervous tick</i> Reading this title triggered traumas :D<p>Same applies for AWS 'Free tier' database usage. Nothing free about it practically.
Sounds scary.<p>I would not want to use a CDN with some hidden limits. Especially not if I don't even get informed when rate limited.<p>I can imagine them rate limiting me in a way that I will never notice. Like only limiting requests from some other country or continent.<p>What is a good CDN for a site that has about a million visitors per month? And how much would one have to expect to pay for it?
I thought about responding to some comments here but I feel like this point deserves a comment on its own: not to defend Cloudflare, but charging at least $19 / month, having 100 customers (as he said on the post) and not using a proper fully featured WAF to protect an enterprise product is... amateurish?<p>Also, if the infrastructure is in AWS, CloudFront would cost cents if he really does have "4 requests per minute" with full integration and logs.<p>I have the feeling that with the advent of cloud solutions, very big companies depend on these really small and very useful tools that disregard almost entirely a number of best practices and standards. The Solarwinds incident is going to happen a lot more, that's for sure.<p>Regarding Cloudflare: I'm fine with the free product not being great, but hiding the logs is not understandable. I bet a lot more people would upgrade if they knew.
I've always seen free plans as a way to get started. A great way for a startup to get things up before they get money rolling in. Then as you grow, you outgrow the free plan but by then you have the money to upgrade.
Is the issue with free services in general? Does any other vendor (AWS, Fastly or Akamai) offer a decent free service?<p>It does seem to be more Marketing if you want to lock in customers before they get too big to switch.
"I used a free service and it wasn't great"<p>Then use another service or pay for it.<p>This is highly unlikely to be as simple as the author conjects, we're talking about a service that processes an enormous amount of traffic and if what the author suggests is true, would someone else not have noticed by now? It's certainly possible that different infrastructure is used by free/paid plans, and perhaps this specific site was hosted on an unhealthy instance. But we don't have any external data points here to analyse - only those reported by Cloudflare, along with anecdotal reports.<p>Edit: I see the title has now been changed, at least we're reducing clickbait.
You can blame Cloudflare for not meeting their promises on free tier. But you can't blame them for "hiding" the errors. You are responsible to monitor your service, and it's good practice to have that happen externally from your environment. If you have a public API, monitor it publicly. Things like Pingdom and synthetic monitoring exist for this reason.
what a load of horseshit, this is my free plan 30 day stats, 2 order magnitude more request, a order magnitude less cache hits, no request limit in sight<p><a href="https://i.imgur.com/UOlW836.png" rel="nofollow">https://i.imgur.com/UOlW836.png</a><p>edit: changed bull crap to the more appropriate horseshit in response to this unsubstantiated-bordering-conspiracy blog post, because if the former is already enough to triggers the community downvoting brigades, no point in showing any restraint