We then saw - on the same page - CF's new rate-limiter. It seemed great, and I think it said '1 free rule'. We quickly set it up to rate limit to a few rps. This also did not work, because there were multiple tokens making requests from 100s of IPs. We finally ended up filtering those tokens out on NGINX.

Fast forward to yesterday when we got the bill. I don't usually open them because it's always $40/month. This time we added their LBs (they don't support session stickiness, so again, beware) so I was curious about the charge.

$876.

$90 for the LB, fine. But the clincher? $721 for the 'rate-limiter'.

Here's why we have an issue with this:

1. Rate-limiting did not work for us. 144 million requests passed through. 28 requests were rate-limited. 28. (facepalm)

2. The pricing is misleading; In the heat of things, I only remember it saying '1 free rate-limiting rule' and missed their note on usage pricing. Yes, silly of me to assume that CF would continue their claim-to-fame as the single unmetered vendor. You have to click the 'usage' link nearby and read the blog post to understand pricing.

3. No billing alerts whatsoever. When usage is over 20x of a user's monthly charge, you'd expect some form of an alert. To put this in a USD -INR context, that's ~2 month's salary for our devops guy.

We absolutely love CF and have been evangelizing them since we started using them 2 years ago. I've reached out to support and their first response was to say there'd be no refund. Let's see how this plays out. :-)

In the meantime, if you're using CF please check your usage to make sure you're not running up 20x your monthly costs.