A distribution is a CDN property that provides caching and web acceleration for one or more origins. In simpler terms, while an origin is a service which the CDN fetches files from, a distribution is the service that caches and serves those files to customers.
The distribution configuration specifies how it can be accessed by customers. Its settings include its domain name, whether it should have HTTPS enabled and if so, which SSL certificate to use. More importantly, a distribution also contains a distribution policy (or more than one, depending on the distribution type). Policies dictate what, how and for how long content from the origin(s) will be cached, which directly affects the performance of content delivery. This makes distributions and policies arguably the most important part of the CDN configuration.
Our CDN platform supports different types of distributions which offer a variety of advantages but are also subject to different restrictions. Depending on the type of your account, you may not have access to some of them.
Multi-CDN Distributions
Multi-CDN is the most popular type of distribution because it allows content distribution by 3rd-party CDN systems. This greatly increases the amount of available locations to serve content from, which in turn results in higher speeds and lower latency for customers. The downside is that the features of this type of distribution are limited to the common subset that all our partner CDN systems support. For example, it is currently not possible to use URL protection (also known as URL tokens) with Multi-CDN distributions.
Before you create a Multi-CDN distribution, please make sure that you have first configured any origins you intend to use. Then on the main menu on the left, click “Distributions”. This will show the list of current Multi-CDN distributions under your account.
For each distribution, the following information is shown: number, description, status and target CNAME. While most of these are self-explanatory, the status icon shows whether the distribution configuration has been applied on all nodes. After you create a new distribution this icon will be red for a short amount of time, while waiting for the configuration to propagate on all relevant CDN nodes. Then it will turn into a green check mark.
On the right side, buttons are provided which allow you to either modify or delete each distribution.
Shield CDN Distributions
An origin shield is an additional caching layer between the actual CDN nodes and the origin. They are used in cases where the CDN nodes are numerous and the origin does not have enough capacity to serve them all. Using an origin shield reduces the amount of nodes that connect directly to the origin, therefore reducing the origin’s load.
Shield CDN distributions allow you to set up such an origin shield. After setting up a shield CDN distribution, it can then be configured as an origin in a Multi-CDN distribution.
Before you create a Shield CDN distribution, please make sure that you have first configured any origins you intend to use. Then on the main menu on the left, click on “Distributions”. This will show the list of current Shield CDN distributions under your account.
For each distribution, the following information is shown: number, description, status and target CNAME. While most of these are self-explanatory, the Status icon shows whether the distribution configuration has been applied on all nodes. After you create a new distribution this icon will be yellow for a short amount of time, while waiting for the configuration to propagate on all relevant CDN nodes. Then it will turn into a green check mark.
On the right side, buttons are provided which allow you to either modify or delete each distribution.
Create Distribution
To create a distribution, click on the “Create Distribution” on the top-right corner of the page. A form will open up that makes you able to create different types of distributions.
To configure a distribution, the following fields need to be specified:
TLS Settings | – Select None if you do not use HTTPS – If you have your own SSL certificates and you have uploaded them in Configuration > Certificates, select SNI TLS/SSL and choose the appropriate certificate in the field below – If you do not have any SSL certificates of your own, you can select Shared TLS/SSL. This will allow you to use HTTPS with the CDN’s own certificates, but that will only work correctly for the CNAME target, not your own domains |
Description | Please fill-in a description that is meaningful to you. Usually the endpoint hostname is used, for example “cdn.mysite.com“. |
Origin | In the field Pull origin in the Select origin pane, you have the option to quickly select one of the origins you may have already configured in the Origins section. Alternatively, you can opt to pull content from a previously configured shield distribution. Shield distributions are listed in the same dropdown menu. |
Click on Save to finish saving the distribution configuration.
Modify Distribution
Whereas adding a distribution requires minimal configuration on your part in order to help you get started quickly, modifying a distribution allows you to manage all the possible configuration options at your disposal. You can modify an existing distribution by clicking on the appropriate orange icon with the white magnifying glass in the column Action(s) of the distributions list.
A form will open up that makes you able to create different types of distributions. Based on the type you choose, different settings will appear on the form.
Multi-CDN Distributions
A form will open up which contains all the possible settings, organized in five (5) tabs:
Basic Settings
Description | Should be filled with a name that helps you identify the policy, although since only one policy is allowed in the Multi CDN, setting this option is not very important. “Default policy” is a good choice. |
Custom Domains | Add any additional (custom) domains you want to add to the distribution. |
TLS Settings | – Select None if you do not use HTTPS – If you have your own SSL certificates and you have uploaded them in Configuration > Certificates, select SNI TLS/SSL and choose the appropriate certificate in the field below – If you do not have any SSL certificates of your own, you can select Shared TLS/SSL. This will allow you to use HTTPS with the CDN’s own certificates, but that will only work correctly for the CNAME target, not your own domains |
Allowed methods | Specifies which HTTP methods should be allowed for this distribution. By default only “GET” requests are allowed which is a good default for static content distributions. All others (POST, PUT, DELETE and OPTIONS) are disabled by default for both performance and security reasons, and the CDN will refuse to servce them. You can enable any combination of these if they make sense for the type of content you wish to accelerate, like full website acceleration for example. |
Cache Settings
Cache Query String | If disabled (the default), the CDN ignores the query string of your URLs (everything after the “?”). Therefore the URLs http://cdn.mysite.com/output?format=pdf and http://cdn.mysite.com/output?format=csv will always serve the same content despite the fact that they have a different query string. If this setting is enabled on the other hand, the URLs http://cdn.mysite.com/output?format=pdf and http://cdn.mysite.com/output?format=csv will be treated by the CDN as different URLs and will be cached independently. Enabling this option makes the cache less efficient because the CDN needs to keep many different copies of content for the same base URL. |
Cache settings | You can choose between “Origin Controlled” and “CDN Controlled” – Origin Controlled: Cache policies returned from the origin are respected – CDN Controlled: CDN will force a cache policy regardless of what origin is returning |
Default Cache TTL | Only when “Origin Controlled” is selected. You can choose a TTL in case the origin is not sending any cache policy. You can also choose “Do No Cache” to ensure that there won’t be any caching. |
Cache TTL | Only when “CDN Controlled” is selected. You can enforce or override the cache TTL by putting a custom value. |
Serve stale content | When this option is enabled (the default) and a requested URL has expired in the cache and cannot be refreshed from the origin, the CDN will serve the expired (stale) cached version anyway. If the option is disabled, the CDN will serve an error response instead, which may be needed in cases where cache lifetime needs to be enforced for security or content protection reasons. |
Pull Origin Settings
Pull Origin | Here you can select which origin to pull content from. If no options appear, make sure you have specified an origin in the section “Origins”. Shields can also be considered as an origin. |
Protocol | Whether to use HTTP or HTTPS to make requests to the origin server(s). HTTP has lower overhead and is therefore faster, but unless special precautions are taken it can compromise the security of your content delivery. |
Compressed | Specifies whether the CDN nodes will enable HTTP compression in their requests to the origin(s). This option is disabled by default because in most situations static content is compressed already, but you may want to enable it if your distribution is set up for full website acceleration which includes uncompressed text files like HTML and CSS. |
Host header | This option allows overriding the “Host:” header the CDN nodes send to the origin with each request. Normally this value is taken from the hostname of the origin itself, but you may need to override it for an origin which hosts many different sites with incomplete or non-existent DNS records. |
X-Forwarded-For | When origins receive connections from CDN nodes, they log the CDN node’s IP address as the source of the connection, not the real user’s IP address. To remedy that, CDN nodes send the X-Forwarder-For HTTP header which contains the IP address of the user who actually made the request. Origins can then use that header value, usually for logging purposes. This option enables the X-Forwarded-For header generation by the CDN nodes and it’s enabled by default. |
Delivery Settings
Force HTTPS | If you enable this option, users who make HTTP requests to the distribution will be automatically redirected to the same URL but using HTTPS instead. |
Delivery Cache | You can choose between “Origin Controlled” and “CDN Controlled” – Origin Controlled: Cache policies returned from the origin are respected – CDN Controlled: CDN will send a cache policy regardless of what origin is returning |
Delivery Cache TTL | Only when “CDN Controlled” is selected. You can enforce or override the cache ttl by putting a custom value. |
Passthrough headers | Origin-generated header names should be allowed to be passed through to the users. By default, origin headers are suppressed to improve caching efficiency. You can add more than one header name by clicking on the “Add” button. Example: ‘X-Cache-Status’ |
Static headers | With this setting, you can specify one or more custom headers that the CDN nodes will deliver to the end users. To do so, click on the ‘Add’ button and fill in the desired header names and values. |
Security Settings
GEO targeting/ blocking | Denies content delivery to country codes you specify, while allowing delivery to all other countries. If you enable this option, you will be presented with a list of countries to choose from. |
IP subnet targeting/ blocking | Denies content delivery to subnets you specify, while allowing delivery to the rest of the Internet. You can add one or more subnets by clicking on the ‘Add’ button. |
Referrer blocking | If enabled, this option will deny content delivery to all incoming requests, except for the ones that contain a specific string in the referrer field. You can add one or more referrer strings by clicking on the “Add” button. Each referrer needs to be in the form “www.mysite.com” and the only allowed action is “Allow” since non-matched requests are denied by default. This option is used primarily to counter hot-linking. |
After filling in all the relevant fields, save your changes by clicking on Save.
Shield Distributions
Whereas adding a Shield CDN distribution requires minimal configuration on your part in order to help you get started quickly, modifying a distribution allows you to manage all the possible configuration options at your disposal. You can modify an existing distribution by clicking on the appropriate orange icon with the white magnifying glass in the column Action(s) of the distributions list.
The first tab presented to you after clicking on the modify icon, is similar to the basic distribution settings you already specified while creating the distribution. The only difference is the Enabled switch at the top-right side of the window, which allows the activation / de-activation of the distribution and is enabled by default.
The second tab is called Policy settings and it’s here where most of the distribution performance-related options are hosted. In this tab, you will find a list of the existing policy settings. Shield CDN distributions support multiple policies, and they decide which one to use for each incoming request based on the policy’s Path field. Therefore, if we have two different policies, one for path “/” and another for path “/assets”, a request like “https://cdn.mysite.net/myfile” will use the first policy and a request like “http://cdn.mysite.net/assets/my.css” will use the second one. This allows you to use different origins depending on the path of the incoming request, a feature that is not available in Multi CDN distributions.
A new policy can be added by clicking on the orange + icon at the top-right side of the list. An existing one can be modified by clicking on the Edit action button which looks like a pencil. In either case, you will be presented with the Edit policy window, which contains all the possible settings, organized in six (6) tabs:
Basic Settings
Path/regex | The path this policy applies to. This field also supports regular expressions to match the desired path. If you are just using a single policy, please set this value to “/”. |
Description | Should be filled with a name that helps you distinguish the policies among each other. If you only use one, the value Default policy is a good choice. |
Allowed methods | Specifies which HTTP methods should be allowed for this distribution. By default only GET requests are allowed which is a good default for static content distributions. All others (POST, PUT, DELETE and OPTIONS) are disabled by default for both performance and security reasons, and the CDN will refuse to service them. You can enable any combination of these if they make sense for the type of content you wish to accelerate, like full website acceleration for example. |
Cache Settings
Disable Caching | If this option is enabled, the CDN will perform no caching at all, which might be needed in very specific scenarios or for debugging purposes. It is disabled by default for obvious reasons. |
Segmented downloads | When this option is enabled, the CDN will fetch files in chunks (segments) instead of a single file. This improves performance and reduces latency in RANGE requests against files that are larger than a few megabytes and do not exist in the cache yet. It is enabled by default. |
Cache Query String | If disabled (the default), the CDN ignores the query string of your URLs (everything after the “?”). Therefore the URLs http://cdn.mysite.com/output?format=pdf and http://cdn.mysite.com/output?format=csv will always serve the same content despite the fact that they have a different query string. If this setting is enabled on the other hand, the URLs http://cdn.mysite.com/output?format=pdf and http://cdn.mysite.com/output?format=csv will be treated by the CDN as different URLs and will be cached independently. Enabling this option makes the cache less efficient because the CDN needs to keep many different copies of content for the same base URL. |
Cache settings | You can choose between “Origin Controlled” and “CDN Controlled” – Origin Controlled: Cache policies returned from the origin are respected – CDN Controlled: CDN will force a cache policy regardless of what origin is returning |
Default Cache TTL | Only when “Origin Controlled” is selected. You can choose a TTL in case the origin is not sending any cache policy. You can also choose “Do No Cache” to ensure that there won’t be any caching. |
Cache TTL | Only when “CDN Controlled” is selected. You can enforce or override the cache TTL by putting a custom value. |
Serve stale content | When this option is enabled (the default) and a requested URL has expired in the cache and cannot be refreshed from the origin, the CDN will serve the expired (stale) cached version anyway. If the option is disabled, the CDN will serve an error response instead, which may be needed in cases where cache lifetime needs to be enforced for security or content protection reasons. |
Pull Origin Settings
The options Pull Origin and Origin group are mutually exclusive. Selecting one will automatically de-select the other.
Pull Origin | Here you can select which origin to pull content from. If no options appear, make sure you have specified an origin in the section Origins. Available types of origin: – Simple – Advanced – Origin Group |
Protocol | Whether to use HTTP or HTTPS to make requests to the origin server(s). HTTP has lower overhead and is therefore faster, but unless special precautions are taken it can compromise the security of your content delivery. |
Compressed | Specifies whether the CDN nodes will enable HTTP compression in their requests to the origin(s). This option is disabled by default because in most situations static content is compressed already, but you may want to enable it if your distribution is set up for full website acceleration which includes uncompressed text files like HTML and CSS. |
Host header | You can select either “Origin Host Header” or “Custom Host Header”. – Origin Host Header: The host header sent to the origin is taken from the origin itself – Custom Host Header: You can set a custom value to be used in the host header |
Custom Host Header | Only possible when “Custom Host Header” is selected. Put any custom value to be used as the host header sent to the origin. |
X-Forwarded-For | When origins receive connections from CDN nodes, they log the CDN node’s IP address as the source of the connection, not the real user’s IP address. To remedy that, CDN nodes send the X-Forwarder-For HTTP header which contains the IP address of the user who actually made the request. Origins can then use that header value, usually for logging purposes. This option enables the X-Forwarded-For header generation by the CDN nodes and it’s enabled by default. |
Upstream headers | By clicking on the “Add” button, you can configure one or more headers to be sent to the origin with each request. For each header, its name and value need to be specified separately. |
Delivery Settings
Force HTTPS | If you enable this option, users who make HTTP requests to the distribution will be automatically redirected to the same URL but using HTTPS instead. | |
Delivery Cache | You can choose between “Origin Controlled” and “CDN Controlled” – Origin Controlled: Cache policies returned from the origin are respected – CDN Controlled: CDN will send a cache policy regardless of what origin is returning | |
Delivery Cache TTL | Automatically compress compression-friendly content (Javascript, CSS, XML, etc.) during delivery to users. | |
Compression | Automatically compress compression-friendly content (Javascript, CSS, XML, etc.) during delivery to users. | |
Rate limiting | Enables transfer rate limiting per each connection, based on the values below. Does not apply to existing connections. | |
Transfer Rate | Maximum bandwidth per connection in kB/s (i.e. 1000 Bytes per second). | |
Burst size | The initial data that can be downloaded at full speed before the above transfer rate takes effect. | |
Passthrough headers | Origin generated header names that should be allowed to be passed through to the users. By default, origin headers are suppressed to improve caching efficiency. You can add more than one header name by clicking on the “Add” button. Example: ‘X-Cache-Status’ | |
Custom Response Headers | With this setting, you can specify one or more custom headers that the CDN nodes will deliver to the end users. To do so, click on the ‘Add’ button and fill in the desired header names and values. |
Secured (Tokenized) URLs
Secured URLs offer the best protection against hot-linking and link sharing. Using a common secret or a pre-shared pair of keys, websites can encrypt URLs using the options below. The CDN can in turn decrypt those URLs and serve them without revealing the real URL to the user.
Method | Choose between: – “Simple” secure URL with global secret – “Encrypted” which uses a pair of AES and SHA keys |
Secret | The secret to use when generating secured URLs using the “simple” method. This value must be the same as in the code which generates the URLs on the website. |
Use client IP | Include the user’s IP address in the secret used to generate a “simple” secured URL. This makes the generated secure URLs accessible only by the user that requested them. |
Number of path components | Number of path components to protect, counting from the beginning. Set to “-1” to protect the entire URL. This does not include tokens if they are embedded into the path. |
Embed into path | Enable this option to embed the secure URL tokens (st, e and/or key) into the beginning of the path. Example of “simple” secure URL: – Enabled: /9vvJQlqkDmEgMeSDgjiaOA/1484062002/file.pdf – Disabled: /file.pdf?st=9vvJQlqkDmEgMeSDgjiaOA&e=1484062002 |
Rewrites
Allows performing URL rewrites on the CDN, off-loading this responsibility from the origin(s). One or more rules can be added by clicking on Add.
Flag | Standard URL rewrite flags that dictate what to do when a URL matches this rewrite rule. | |
break | Stop processing any other rewrite rules after this one. | |
last | Stop processing rewrite rules for this URL and start processing them again using the replacement URL. | |
permanent | Return the replacement as a permanent redirect with the 301 code. | |
redirect | Return the replacement as a temporary redirect with the 302 code. | |
Regex | Regular expression to apply on the URL. | |
Replacement | Replacement string to apply to the URL matched by the regular expression. Match variables (like $1) are supported. |
After filling in all the relevant fields, save your changes by clicking on Save.