The biggest myth in the Magento Agency world is to pass traffic through cloudflare.

Don’t get me wrong – I am not a cloudflare critic. Indeed, we have customers on their business and enterprise accounts that we recommended. The issue is that cloudflare is not a magic wand many agencies make to believe it is.

The free or Pro accounts are not meant for production eCommerce websites.  Here are the problems of this approach when managed by an Agency

• Cloudflare free & pro accouts can throttle as there is no SLA.
• If you go through WAF on the internet, you have an additional internet hop.
• Rules have to be manually managed on cloudflare.

How luroConnect addresses security and caching concerns

• luroConnect builds its own nginx from sources, with modsecurity and geoip plugins. Modsecurity is maintained by OWASP – the same organization that publishes the TOP-10 threats. They also publish rules in modsecurity format which we use.
• A benefit cloudflare gives is not exposing IP of the server. luroConnect architecture uses a Cloud platform load balancer which then internally directs traffic to the server. The servers don’t have a public IP.
• Traffic analysis tools (and soon with AI help) to identify and flag malicious traffic.
• Ability to block IP, User Agent, ASN and complex rules such as filter parameters without referrer url, whitelist before blacklist – block AWS, digital ocean, linode, etc except whitelisted IPs for example.
• luroConnect uses varnish for frontend page cache (FPC)
• Use of HTTP/3 is inbuilt into our stack.
• Use of CDN for static and media resources.

Result: Secure website that “just opens”

Examples:

• markys.com, https://www.silhouettedesignstore.com/ in the US
• Tennishub.in / artlounge.in in India
• Cytoplan.co.uk, wholeprey.com in the US
• Protein.se in EU