Where is CloudFlare implemented in resolving Gramps-project.org URLs

A couple weeks ago, CloudFlare (content delivery network - CDN and cloud security platform) was demanding repeated captcha “real person” verifications when trying to post edits to the Gramps-project wiki. This seems to have been in response to a denial-of-service (DoS) attack.

Today, it is giving 502 Bad Gateway errors. (Reloading the current page seems to deliver a page.)

Where is CloudFlare inserted when resolving a URL?

I tried using dig gramps-project.org A to learn the IP address of the server and bypass the DNS. But apparently CloudFlare denies access by IP!! When did that become a ‘thing’?

some background collated by Perplexity:

The timeline of events that led to the development of DDoS protection services and the emergence of Cloudflare and its competitors is as follows:

  1. 2004: Matthew Prince and Lee Holloway begin work on Project Honey Pot, addressing the question of email spam origins[3].
  2. July 2009: Cloudflare is founded by Matthew Prince, Lee Holloway, and Michelle Zatlyn[1][3].
  3. September 2010: Cloudflare officially launches at the TechCrunch Disrupt conference[1][3].
  4. June 2011: Cloudflare receives media attention for providing security services to LulzSec, a black hat hacking group[1].
  5. 2011: Cloudflare reaches 100 billion page views[1].
  6. 2015: Cloudflare launches DNS, Web Security, and Web Performance services[1].
  7. 2016: Cloudflare introduces Secure Registrar, Rate Limiting, and Load Balancing[1].
  8. 2017: Cloudflare launches unmetered DDoS mitigation, IoT security, video services, and intelligent routing[1].
  9. September 25, 2017: Cloudflare announces “Unmetered Mitigation,” providing DDoS protection without limits to all customers[6].
  10. 2018: Cloudflare reaches 67,900 customers generating US$193 million in revenue[1].

Emergence of Competitors

While specific founding dates for all competitors are not provided in the search results, here are some key players in the DDoS protection market as of 2025:

  • Radware: Offers tailored, scalable DDoS protection solutions[4].
  • Imperva: Provides instant, high-capacity DDoS mitigation[4].
  • Amazon Web Services (AWS): Offers scalable protection on AWS infrastructure[4].
  • Akamai: Specializes in defense against application threats[4].
  • GCore: Focuses on real-time bot protection and edge infrastructure[4].
  • Ribbon: Known for advanced DDoS detection and policing[4].
  • Vercara: Offers wide-range defense across infrastructures[4].
  • NetScout: Provides hybrid, adaptable DDoS solutions[4].

By 2025, these companies have established themselves as major players in the DDoS protection market, competing with Cloudflare in various aspects of cybersecurity and content delivery[4].

Citations:
[1] Timeline of Cloudflare - Timelines
[2] Akamai vs Cloudflare WAF 2025 | Indusface Blog
[3] Our Story
[4] 9 Best DDoS Protection Service Providers
[5] https://www.coinspeaker.com/organizations/cloudflare/
[6] https://blog.cloudflare.com/unmetered-mitigation/
[7] Cloudflare’s 2024 Annual Founders’ Letter
[8] https://www.gartner.com/reviews/market/ddos-mitigation-solutions/vendor/cloudflare/product/cloudflare-ddos-protection/alternatives