When comparing CloudFlare vs Modshield SB WAF, the Slant community recommends CloudFlare for most people. In the question“What are the best services to protect against DDoS attacks for startups?” CloudFlare is ranked 2nd while Modshield SB WAF is ranked 4th. The most important reason people chose CloudFlare is:
CloudFlare offers a [free plan](https://www.cloudflare.com/plans) with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Ranked in these QuestionsQuestion Ranking
Pros
Pro Very affordable
CloudFlare offers a free plan with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Pro Works with static and dynamic content
Pro Automatic IPv6
Pro SSL encryption
As of late 2014 Cloudflare offers SSL encryption for all sites using its service.
Pro Handled some of the largest DDoS attacks in history
Cloudflare was able to deflect 2 massive DDoS attacks. During the March 2013 attack on Spamhaus, they were able to absorb a peak 120Gbps attack that lasted 4 days, as well as a 400Gbps attack in February 2014.
Their track record shows their ability to protect against DDoS attacks in practice.
Pro Easy management interface
Pro Highly secure
Pro Anyone can add or update libraries
Pro Has npm auto-update
Pro Site enhancing apps
Cloudflare has a wide selection of app support that allows the user to install the app easily through Cloudflare instead of in their site. This creates ease of use, time saved and less degradation of performance.
Pro Works with other CDNs
Pro Page Rules are powerful
Pro Railgun optimization for Business & Enterprise plans
Railgun allows caching dynamic and personalized sites, allowing for up to 140% performance increase.
Pro Official WordPress plugin
Cloudflare offers an official WordPress plugin that allows for customization through the user panel.
Pro Has tag based cache spoilage for Enterprise plan
Pro Free service is Best
Pro High Performance
Despite its robust protection, the WAF doesn’t compromise on application performance.
Pro Real-Time Threat Detection
The product operates in real-time, countering threats as they occur to ensure uninterrupted operation.
Pro Comprehensive Protection
Modshield SB WAF defends against SQL Injection, Cross-Site Scripting (XSS), and many more threats, ensuring broad-spectrum security.
Cons
Con Slow support
Even on paid (Pro) account, support often takes several hours per reply. So a single query can take days to resolve.
Con Practices Man-in-the-Middle certificate forgery
Https ("secure") comunications with sites using CloudFlare are intercepted at their servers, decrypted and recrypted with CloudFlare's certificates. This poses huge problem with what users perceive as safe communication - browsers fail to display notice about MitM taking place.
Con Lowers usability of the web for Tor users
Tor users are required to enter captcha at each site using CloudFlare. In some circumstances, this introduces unsolvable roadblock.
Con Relies on intrusive captcha screens to validate visitors
During large attacks, Cloudflare will block users with captcha screens to filter out malicious attacks. Albeit effective, they cause a considerable annoyance to legitimate users.
Con Support doesn't have access to logs
Log access is an enterprise feature and priced at the "contact us" level. So when an error code is returned to the user that wasn't returned from your app, debugging this is impossible at the pro level. Unfortunately these logs aren't available to support personnel either so they have no way of tracking/validating issues.
Con Lack of cache control
If you want to cache all kinds of content (e.g. HTML, JSON), you need the "Cache Everything" setting, and this imposes a long "max-age" directive of 2 hours. It ignores your origin server's value.
Con Layer 7 attacks must be manually identified
In order to enable layer 7 protection with Cloudflare, customers must manually press an "I'm under attack" button.
Con Technical Complexity
Some users might find the learning curve challenging due to the product's technicalities.