I’ve written about CloudFlare in the past. I think it’s a no-brainer for small-time bloggers like me who control their own domain name registry. My writing has attracted the attention of another company, Incapsula, who offer a similar service.
Incapsula would love for me to give them a try, so I can write about them, too. They’re under the impression that I have some sort of influence in the world. Ha! They’ve even offered me a free upgrade to the ‘pro’ level of the service. One really cool thing about the upgrade: out-of-the-box SSL, which means you don’t have to get your own certificate to handle commerce. Certificates can be a real hassle, and a considerable expense.
The thing is, I’m pretty happy with CloudFlare. As of today, people on IPv6 can read these words. (Much like telephone numbers in some areas, the world is running out of IP addresses.) I’ve worked out one kink with the system and things are running smoothly. Does Incapsula have code to install on the server to make it play well with others? I don’t know.
Also, I don’t really need any of the advanced services of either system. I don’t do e-commerce, which could be a compelling reason to switch and grab my free upgrade.
I have a couple of terrifically minor quibbles about CloudFlare’s user interface and flexibility blocking IP ranges, but nothing worth even mentioning here. Logically, I should just stick with CloudFlare and leave it at that.
Except…
That guy they think I am? The one whose words can shift the balance of power in an emerging new market? I’m not that guy. I’ll never be that guy unless I devote myself to the task, and I’ve got other things to write about that are probably more interesting to most of you. But still I want to be the guy they think I am. I want to write the CloudFlare vs. Incapsula smackdown article to which all the pundits refer.
To do something like that, I’d have to set up a site to use Incapsula, but I don’t want to rock the Muddled Boat. I have jerryseeger.com, but what sort of test do I get out of a site that no one ever visits? It’s a site where acceleration hardly matters because the whole thing is so simple, and there’s no sign of e-commerce on the horizon. The thing barely even gets spammed.
Still, I have to think of something… the public demands it!
We’re pretty happy with how the comparisons have come out so far. :-)
As a side note, our SSL works the same way as theirs (they actually copied our method down to using the same SSL certificate authority). If you get SSL through CloudFlare, you don’t need to pay for your own SSL certificate anymore. But that’s version 1. Stay tuned for what we are about to do next (after the IPv6 thing which, no, they don’t support) which will make SSL even easier and more affordable than it ever has been before.
Thanks for being a part of the CloudFlare community!
Matthew Prince
CEO, CloudFlare, Inc.
Twitter: @eastdakota
“Then there’s Incapsula”…very well said. So, did you ever try it out?
I did, and I never went back to CloudFlare. After I switched to Incapsula my comment spam virtually vanished, and I don’t need an extra line of defense like Bad Behavior that you mention in the post you link to above.
I’m happy with Incapsula. Then again, we must all chose the tool that works best. For some that is CloudFlare, for me it was not.
You wrote a blog article about that you are not going to write a blog article? :-/ Anyway:
Here I found a review of Incapsula and CloudFlare:
http://www.ehackingnews.com/2012/11/incapsula-vs-cloudflare-security-review.html
“Incapsula is the clear winner when it comes to security”
“[CloudFlare] offer a wider CDN network than Incapsula”
Yes. Yes I did. And I was right. That article remains unwritten to this day.
But mainly it was about how I’m not the right guy to write that article and how much I wish I was. It’s an autobiography piece, not a technical article. So thanks for pointing me to the article written by someone more qualified.
Having now read that article, and being a big fan of security, I have to say that while an extra layer of protection (almost) never hurts, I hope no one out there chooses to use Incapsula as an alternative to building their site correctly.
But there are always new exploits, and chances are the geeks in their dark caves at Incapsula will hear about them before you do, and there’s a moderate chance that they’ll be able to do something about it.
Just don’t confuse their security for actual security. It’s about the layers, man.