When comparing CloudFlare Red October vs CloudFlare, the Slant community recommends CloudFlare for most people. In the question“What are the best software to mitigate DDOS attacks?” CloudFlare is ranked 2nd while CloudFlare Red October is ranked 3rd. The most important reason people chose CloudFlare is:
CloudFlare offers a [free plan](https://www.cloudflare.com/plans) with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Ranked in these QuestionsQuestion Ranking
Pro Fully open source
Red October is fully open source, from the encryption library to the UI modules. Everyone can inspect the code hosted on GitHub or fork it and implement it to suit their needs if they have to.
Pro Uses the "two-man rule" for extra security
Red October was built to add an extra layer of security inside organizations. The "two-man rule" that Red October employs means that data can only be decrypted if two or more users provide the necessary keys.
Pro Very affordable
CloudFlare offers a free plan with basic DDoS protection and promises to always provide a free service with at least the feature set that it has today. More advanced DDoS protection is available for the higher plans, which can be added as your needs grow.
Pro Works with static and dynamic content
Pro SSL encryption
As of late 2014 Cloudflare offers SSL encryption for all sites using its service.
Pro Automatic IPv6
Pro Handled some of the largest DDoS attacks in history
Cloudflare was able to deflect 2 massive DDoS attacks. During the March 2013 attack on Spamhaus, they were able to absorb a peak 120Gbps attack that lasted 4 days, as well as a 400Gbps attack in February 2014.
Their track record shows their ability to protect against DDoS attacks in practice.
Pro Easy management interface
Pro Highly secure
Pro Anyone can add or update libraries
Pro Has npm auto-update
Pro Site enhancing apps
Cloudflare has a wide selection of app support that allows the user to install the app easily through Cloudflare instead of in their site. This creates ease of use, time saved and less degradation of performance.
Pro Works with other CDNs
Pro Page Rules are powerful
Pro Railgun optimization for Business & Enterprise plans
Railgun allows caching dynamic and personalized sites, allowing for up to 140% performance increase.
Pro Official WordPress plugin
Cloudflare offers an official WordPress plugin that allows for customization through the user panel.
Pro Has tag based cache spoilage for Enterprise plan
Pro Free service is Best
Con Uses its own crypto library
Red October uses its own crypto implementation in to encrypt secrets. While it's not necessarily a security risk, it would be safer to use a crypto library that has proven it's worth and that has been used for a long time in a lot of projects.
Con Slow support
Even on paid (Pro) account, support often takes several hours per reply. So a single query can take days to resolve.
Con Practices Man-in-the-Middle certificate forgery
Https ("secure") comunications with sites using CloudFlare are intercepted at their servers, decrypted and recrypted with CloudFlare's certificates. This poses huge problem with what users perceive as safe communication - browsers fail to display notice about MitM taking place.
Con Lowers usability of the web for Tor users
Tor users are required to enter captcha at each site using CloudFlare. In some circumstances, this introduces unsolvable roadblock.
Con Relies on intrusive captcha screens to validate visitors
During large attacks, Cloudflare will block users with captcha screens to filter out malicious attacks. Albeit effective, they cause a considerable annoyance to legitimate users.
Con Support doesn't have access to logs
Log access is an enterprise feature and priced at the "contact us" level. So when an error code is returned to the user that wasn't returned from your app, debugging this is impossible at the pro level. Unfortunately these logs aren't available to support personnel either so they have no way of tracking/validating issues.
Con Lack of cache control
If you want to cache all kinds of content (e.g. HTML, JSON), you need the "Cache Everything" setting, and this imposes a long "max-age" directive of 2 hours. It ignores your origin server's value.
Con Layer 7 attacks must be manually identified
In order to enable layer 7 protection with Cloudflare, customers must manually press an "I'm under attack" button.