This article was published on June 7, 2011

CloudFlare: A website security product accidentally makes sites 60% faster


CloudFlare: A website security product accidentally makes sites 60% faster

I remember sitting in the front row of TechCrunch: Disrupt when CloudFlare was giving its pitch. At the time I commented to some other people around about how the service was answering a lot of questions, but probably wasn’t consumer-focused enough to win the competition. I was right, as Qwiki emerged as the winner but as time has moved on CloudFlare has managed to change the world of websites…and maybe even more than that.

In short, CloudFlare is a security product. Available for free to any website that wants to hop on board, there are also more in-depth packages that start at $20 per month which provide a myriad of services. When my email had an invitation to sit and talk with CEO Matthew Prince, I thought it would be interesting to see where the company has come in the 9 months since last September.

To start, we need to look at the history. CloudFlare comes from a product called Project Honey Pot that was initially launched at Paul Graham‘s MIT Spam Conference. Prince was a self-described “recovering lawyer” with a background in computer science. Project Honey Pot was launched with the goal of helping to track down all of the fraud and abuse that was happening on the Internet, spam included.

In 2007 the Department of Homeland Security reached out to Prince, essentially asking him if he had any idea what technology that he owned. Honey Pot had grown to be used by over 100,000 web administrators and millions of sites, all sending back amazing data about how spammers, hackers and fraud happened online. In short, CloudFlare wasn’t at all about speed, but rather about security. Each site that fed into Project Honey Pot only served to make it more accurate and smarter.

With a seed investment in CloudFlare, Prince was told that that the idea was great, but niche. The problem, he was told, was that going through CloudFlare’s Honey Pot would add latency. With that in mind, the team went to work trying to solve the problem. The goal was parity. The team didn’t want to make sites faster, they just wanted CloudFlare to run without interfering with page load times.

But then something unexpected happened when CloudFlare launched to the public in March of 2010.

“It was like clockwork. Three days after they’d sign up people would find that their sites were loading 30 to 40 percent faster.”

What the team had found was that, in tweaking CloudFlare’s operation at every line of code in order to get it to run at parity, they had actually found a way to make websites load faster, essentially turning CloudFlare into an accidental CDN.

“I don’t think that we’d have gone this route, if we knew what we were getting into. CloudFlare is a testament to what happens when you take the combined knowledge of huge Silicon Valley businesspeople and then provide a service that you can offer to anyone.”

But the bigger story is what CloudFlare has done since finding out about its happy accident. “We’re essentially building an operating system for the Internet,” proclaims Prince. “We can modify HTML as it’s flowing through the system, opening up a whole new set of services that we can offer.” The modification refers back to a test that was run in order to protect email addresses from spam.

“We challenged an engineer on our staff to sniff a packet of data to see if there was an email address inside of it. Then we wanted to know if we could replace it with a bit of JavaScript and bring it back so that it couldn’t be harvested.”

The end result? A virtual elimination of spam related to scraped email addresses, and it all happens with a 5-10 millisecond transfer time. From that revelation of being able to provide a whole new set of services, more innovation was born.

Prince touts CloudFlare’s ability to have 1-click integration with a number of services. Instead of having to put a line of code into every page on your site, CloudFlare can deploy things like Uservoice or Google Analytics to every page with a single button. The team went to 20 different Internet apps providers and immediately signed up 19, including services such as Apture, Pingdom, TRUSTe and typekit.

What’s more, that 30-40% increase that people used to see is now in the range of at least 50-60% as the team continues to find ways to make CloudFlare faster, while still offering security at the forefront.

What I’ve noticed about CloudFlare is a seemingly rabid commitment to its customers via interaction on Twitter. This is apparently no accident. In fact, Prince tells me that everyone on the team gets a copy of every single customer service inquiry and it’s not uncommon for members to be in the office at 4am solving a problem.

There were a couple of questions asked in the comments, and this is an appropriate place to answer those, while adding to the article overall.

In terms of stability, Prince states that CloudFlare runs its multiple datacenters over Anycast, allowing traffic to be filtered to another location if one were to go offline. It’s an answer to the single point of failure problem, as well as an increase in stability.

One TNW reader asked about government intervention and requests to pull sites offline. As another reader notes, you should be able to simply move your DNS servers back to your host’s, but Prince explains things a bit deeper:

In terms of government censorship, CloudFlare is a US-based entity and we comply with the law. We’ve never received a request from the US government, or any other government for that matter, to block any content. Our privacy policy states that if we are ever ordered to turn over data by a court, we will disclose that to the extent we can. And, most importantly, we don’t sign contracts with our users in blood. In fact, we don’t have long-term contracts at all. We like to say that it takes 5 minutes to sign up for CloudFlare, and about 2 minutes to leave if you’re ever unhappy. We have a very low churn rate today, but we recognize that could change very quickly if we ever lost the trust of our users.

When the Amazon EC2 outage in April of 2011 brought down millions of sites across the Internet, CloudFlare was able to keep static pages from its customers alive. “We’re not a hosting provider,” says Prince, “but we can make sure that at least that static content stays online.”

How many pages? At present, CloudFlare serves enough content that if it were its own website it would be the 10th largest on the Internet. Growing from 5 datacenters at launch to a current crop of 12, it generates over 2 million log lines of code every minute. To put one more figure out there, 12% of the people on the Internet have passed through CloudFlare’s servers in the 8 months that the company has been serving content.

So what’s next? Prince says that the biggest thing is CloudFlare’s new Rocketloader product. As the Internet gains more widgets, each of them requires another connection to an external site. Rocketloader is a product that allows all of those Twitter, Facebook and other widgets to be served via a single connection providing 30-40% faster response times, on top of the existing increases from CloudFlare itself.

Pre-vetted code on CloudFlare’s marketplace for the 1-click installs have taken off, as well. “That 1-click install really resonates,” notes Prince. “Performance hits are a concern for users, and most people won’t bother with things that even require a single line of code to be inserted into a page.”

So the work continues. Prince feels that in order to make security better, you need security on every site on the Internet. While this could be an explanation for CloudFlare’s free product offering, it’s also a testament to his passion. “We’re hiring like crazy. We want the kind of people who look at  a problem saying ‘make the entire Internet faster’ and decide that it sounds like fun.”

We’ll be keeping an eye on CloudFlare and you should be too. The site’s blog has some great tips for new users and we’re looking forward to what we’ll see from the company moving forward.

Get the TNW newsletter

Get the most important tech news in your inbox each week.