A couple weeks ago, CloudFlare (content delivery network - CDN and cloud security platform) was demanding repeated captcha “real person” verifications when trying to post edits to the Gramps-project wiki. This seems to have been in response to a denial-of-service (DoS) attack.
Today, it is giving 502 Bad Gateway errors. (Reloading the current page seems to deliver a page.)
Where is CloudFlare inserted when resolving a URL?
I tried using dig gramps-project.org A
to learn the IP address of the server and bypass the DNS. But apparently CloudFlare denies access by IP!! When did that become a ‘thing’?
some background collated by Perplexity:
The timeline of events that led to the development of DDoS protection services and the emergence of Cloudflare and its competitors is as follows:
- 2004: Matthew Prince and Lee Holloway begin work on Project Honey Pot, addressing the question of email spam origins[3].
- July 2009: Cloudflare is founded by Matthew Prince, Lee Holloway, and Michelle Zatlyn[1][3].
- September 2010: Cloudflare officially launches at the TechCrunch Disrupt conference[1][3].
- June 2011: Cloudflare receives media attention for providing security services to LulzSec, a black hat hacking group[1].
- 2011: Cloudflare reaches 100 billion page views[1].
- 2015: Cloudflare launches DNS, Web Security, and Web Performance services[1].
- 2016: Cloudflare introduces Secure Registrar, Rate Limiting, and Load Balancing[1].
- 2017: Cloudflare launches unmetered DDoS mitigation, IoT security, video services, and intelligent routing[1].
- September 25, 2017: Cloudflare announces “Unmetered Mitigation,” providing DDoS protection without limits to all customers[6].
- 2018: Cloudflare reaches 67,900 customers generating US$193 million in revenue[1].
Emergence of Competitors
While specific founding dates for all competitors are not provided in the search results, here are some key players in the DDoS protection market as of 2025:
- Radware: Offers tailored, scalable DDoS protection solutions[4].
- Imperva: Provides instant, high-capacity DDoS mitigation[4].
- Amazon Web Services (AWS): Offers scalable protection on AWS infrastructure[4].
- Akamai: Specializes in defense against application threats[4].
- GCore: Focuses on real-time bot protection and edge infrastructure[4].
- Ribbon: Known for advanced DDoS detection and policing[4].
- Vercara: Offers wide-range defense across infrastructures[4].
- NetScout: Provides hybrid, adaptable DDoS solutions[4].
By 2025, these companies have established themselves as major players in the DDoS protection market, competing with Cloudflare in various aspects of cybersecurity and content delivery[4].
Citations:
[1] Timeline of Cloudflare - Timelines
[2] Akamai vs Cloudflare WAF 2025 | Indusface Blog
[3] Our Story
[4] 9 Best DDoS Protection Service Providers
[5] https://www.coinspeaker.com/organizations/cloudflare/
[6] https://blog.cloudflare.com/unmetered-mitigation/
[7] Cloudflare’s 2024 Annual Founders’ Letter
[8] https://www.gartner.com/reviews/market/ddos-mitigation-solutions/vendor/cloudflare/product/cloudflare-ddos-protection/alternatives