That page argues against your point, even the basic plan does quite a bit to fend of DDOS. In particular, the most common and effective type of DDOS, which is volumetric and based on reflected UDP traffic, is defended against, even on their free tier.
Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible. Cloudflare, or any other service, can't magically make a site scale.
> That page argues against your point, even the basic plan does quite a bit to fend of DDOS. In particular, the most common and effective type of DDOS, which is volumetric and based on reflected UDP traffic, is defended against, even on their free tier.
Maybe I'm missing something here, where does it mention that the free plan protects against UDP floods?
> Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible.
Flooding a site using Siege from a single IP falls under the layer 7 attack (correct me if I'm wrong), which is protected against in the Business plan.
> Cloudflare, or any other service, can't magically make a site scale.
Where did I mention that I expect Cloudflare to magically scale a site? A POST or GET flood falls under layer 7 protection, which Cloudflare offers in paid plans.
If it was not clear, the point was that layer 7 protection is offered in the paid plans(Business and Enterprise), but not in the free plan.
Using a tool like Siege to bring a site behind Cloudflare down doesn't mean it's not protected. A layer 7 attack against a site which can't handle incoming HTTP requests is still possible. Cloudflare, or any other service, can't magically make a site scale.