Cloudflare provides protection from distributed denial of service (DDOS) attacks on websites and many common forms of hacking. One of the largest companies in the internet infrastructure space, Cloudflare has special programs aimed at protecting human rights, democracy, and government communities.
Every organization with a website should have DDOS protection through a Content Delivery Network (CDN) like Cloudflare. If enrolled in one of their nonprofit/political support programs (see below), or if an “Enterprise” level commercial client, Cloudflare also protects websites from a range of typical hacking attacks.
An organization’s web presence is their primary home online, and often a critical element in information communication to their supporters and interested parties. However, websites are subjected to a withering barrage of hacks and distributed denial of service (DDOS) attacks. Particularly for small NGOs focused on democracy and human rights, such aggressive attacks can be a way to silence critical voices in hostile environments. Cloudflare’s signature service is their Content Delivery Network, or CDN; a CDN is a system where copies of a website are distributed on a network of servers often spread around the world. CDNs serve as a powerful shield to block the effects of massive DDOS attacks. Cloudflare also offers a Web Application Firewall, or WAF, for some clients; this is a tool that intercepts incoming website traffic, blocking potentially dangerous hacking attempts.
Note that Cloudflare provides a wide array of other products and services that could be of use to at-risk organizations or individuals, including an easy-to-use VPN and more sophisticated authorization and authentication services.
Everyone is eligible to put their website on Cloudflare’s most basic tier of support for free, which provides a significant level of protection from DDOS attacks, though it does not include the protection of their Web Application Firewall (WAF).
The Cloudflare company has a history of supporting democracy, rights, and political organizations around the world. Through their Project Galileo and Athenian Project, nonprofits and political parties may be eligible for enhanced enterprise-level protection at no cost.
Putting a website behind a system like Cloudflare requires changing the DNS (domain name system) entries for a web site. Every organization should ensure they have access to someone who knows how their DNS is configured – they would be able to make this change. Cloudflare has detailed instructions.
For paying customers and members of Project Galileo or the Athenian Project Cloudflare has a full customer support team.
As a managed service, Cloudflare’s CDN product does not require any maintenance on the part of the user. However, it is important that everyone involved is aware of how Cloudflare works, how the site DNS is set up, and has access to the console in case of problems.
DDOS protection is a critical element in keeping websites online, particularly if they have hostile adversaries interested in knocking them offline. Cloudflare’s web application firewall (WAF) also protects sites against a wide range of common hacks, though it is not a complete shield.
If an adversary got access to the Cloudflare control console, they could effectively make a website inaccessible on the internet or redirect unsuspecting users to another malicious site.