When comparing CloudFront vs CloudFlare, the Slant community recommends CloudFlare for most people. In the question“What are the best content delivery networks (CDNs)?” CloudFlare is ranked 1st while CloudFront is ranked 2nd. The most important reason people chose CloudFlare is:
CloudFlare offers a [free plan](https://www.cloudflare.com/plans) with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Ranked in these QuestionsQuestion Ranking
Pro Any type of content
CloudFront can deliver dynamic, static and streaming content.
Pro Dynamic scaling
CloudFront will allocate more hardware resources when needed automatically. It will take care of traffic spikes and accommodate product's growth without needing manual input from the user.
Pro Simple interface
Pro Tight integration with other Amazon Web Services
CloudFront integrates tightly with Amazon's storage, computing, database and networking services allowing you to use a tested and cohesively developed set of solutions.
Pro Very affordable
CloudFlare offers a free plan with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Pro Works with static and dynamic content
Pro SSL encryption
As of late 2014 Cloudflare offers SSL encryption for all sites using its service.
Pro Automatic IPv6
Pro Handled some of the largest DDoS attacks in history
Cloudflare was able to deflect 2 massive DDoS attacks. During the March 2013 attack on Spamhaus, they were able to absorb a peak 120Gbps attack that lasted 4 days, as well as a 400Gbps attack in February 2014.
Their track record shows their ability to protect against DDoS attacks in practice.
Pro Easy management interface
Pro Highly secure
Pro Anyone can add or update libraries
Pro Has npm auto-update
Pro Site enhancing apps
Cloudflare has a wide selection of app support that allows the user to install the app easily through Cloudflare instead of in their site. This creates ease of use, time saved and less degradation of performance.
Pro Works with other CDNs
Pro Page Rules are powerful
Pro Railgun optimization for Business & Enterprise plans
Railgun allows caching dynamic and personalized sites, allowing for up to 140% performance increase.
Pro Official WordPress plugin
Cloudflare offers an official WordPress plugin that allows for customization through the user panel.
Pro Has tag based cache spoilage for Enterprise plan
Pro Free service is Best
Con Can get expensive quickly
Con Slow support
Even on paid (Pro) account, support often takes several hours per reply. So a single query can take days to resolve.
Con Practices Man-in-the-Middle certificate forgery
Https ("secure") comunications with sites using CloudFlare are intercepted at their servers, decrypted and recrypted with CloudFlare's certificates. This poses huge problem with what users perceive as safe communication - browsers fail to display notice about MitM taking place.
Con Lowers usability of the web for Tor users
Tor users are required to enter captcha at each site using CloudFlare. In some circumstances, this introduces unsolvable roadblock.
Con Relies on intrusive captcha screens to validate visitors
During large attacks, Cloudflare will block users with captcha screens to filter out malicious attacks. Albeit effective, they cause a considerable annoyance to legitimate users.
Con Support doesn't have access to logs
Log access is an enterprise feature and priced at the "contact us" level. So when an error code is returned to the user that wasn't returned from your app, debugging this is impossible at the pro level. Unfortunately these logs aren't available to support personnel either so they have no way of tracking/validating issues.
Con Lack of cache control
If you want to cache all kinds of content (e.g. HTML, JSON), you need the "Cache Everything" setting, and this imposes a long "max-age" directive of 2 hours. It ignores your origin server's value.
Con Layer 7 attacks must be manually identified
In order to enable layer 7 protection with Cloudflare, customers must manually press an "I'm under attack" button.