The Short Answer
Cloudflare protects and accelerates any website online. Once your website is a part of the Cloudflare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: Cloudflare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
Cloudflare's system gets faster and smarter as our community of users grows larger. We have designed the system to scale with our goal in mind: helping power and protect the entire Internet.
Cloudflare can be used by anyone with a website and their own domain, regardless of your choice in platform. From start to finish, setup takes most website owners less than 5 minutes. Adding your website requires only a simple change to your domain's DNS settings. There is no hardware or software to install or maintain and you do not need to change any of your site's existing code. If you are ever unhappy you can turn Cloudflare off as easily as you turned it on. Our core service is free and we offer enhanced services for websites who need extra features like real time reporting or SSL.
The Long Answer
Cloudflare is designed to accelerate and secure any website. Our system works somewhat like a Content Delivery Network (CDN), but is designed to be much easier to setup and configure.
To explain how the system works, imagine you have a website (allen.com) and it's running a web server with the IP address of 18.104.22.168. Before Cloudflare, if someone typed your website's domain (allen.com) into their browser, the first thing that visitor's computer would do is send a query to the DNS system and get back your web server's IP address (22.214.171.124).
In order to make Cloudflare easy to set up, we take advantage of how this basic function of the Internet works. Rather than having you add hardware, install software, or change your code, we have you designate two Cloudflare nameservers as the authoritative nameservers for your domain (e.g., bob.ns.cloudflare.com and sara.ns.cloudflare.com). You make this change with the registrar from which you bought your domain (e.g., GoDaddy, Network Solutions, Register.com, etc.).
Designating Cloudflare as your authoritative nameservers doesn't change anything about your website. Your registrar remains your registrar, your hosting provider remains your hosting provider, and so on. However, because we are your authoritative nameserver, we can begin cleaning and accelerating your web traffic.
To make this happen we use a network routing technology called Anycast (and some other fancy tricks) to route initial DNS lookups for your domain to a Cloudflare data center closest to the visitor. We have data centers around the world and we’re growing every month. The data center that receives the request returns an answer in the form of an IP address (e.g., 126.96.36.199), which directs all the visitor's subsequent requests to the best data center for them.
After a visitor's browser has done the initial DNS lookup, it begins making requests to retrieve the actual content of a website. These requests are directed to the IP address that was returned from the DNS lookup. Before Cloudflare, that would have been 188.8.131.52, with Cloudflare as the authoritative nameserver that would be 184.108.40.206 (or some other address depending on what Cloudflare data center is closest to the user). Cloudflare's edge servers running on that IP address receive the request and perform analysis on it. We scan to see if the visitor appears to be a threat based a number of characteristics including the visitor's IP address, what resource they are requesting, what payload they are posting, how frequently they're making requests, etc.
Assuming the visitor is not a threat, the frontline checks the request against the Cached resources on our front line servers to see if the resource being requested is in Cloudflare’s local cache. If we have a local copy of the file being requested, then we can deliver it directly to the visitor from a local data center greatly increasing request response time.
If the request is for a type of resource we don't cache, or if we don't have a current copy in our cache, then we make a request from our data center (220.127.116.11) back to your origin server (18.104.22.168). Because of our scale, we can get premium routes from our data centers back to most places on the Internet. As a result, while it may seem counter-intuitive, it is sometimes the case that the number of "hops" a visitor’s request makes going through the Cloudflare network is less than the number of "hops" that they would have made going to the origin web server directly, even when we aren't able to return a result from our cache.
The combination of these systems means that we can protect sites from malicious visitors by stopping them before they even get to the origin web server, save over 60% of the bandwidth that a site would otherwise have to pay for, save over 65% of the requests that would otherwise have to be handled by a site, and cut in half average page load times. In order to make performance even better, we also do web content optimization.
Read more about Cloudflare at our blog.