working-with-cdn

Working with CDN

This chapter provides detailed guidance for configuring and managing CDN features. It covers domain management, ACL policy management, cache control, SSL certificate management, cache content management, logging, and analytics. Each sub-tab provides step-by-step instructions for managing acceleration domains, with precise control over origin configuration, access control, and cache TTL.

Domain Management

To start accelerating the website(s) with CDN, add and configure the domain(s) first.

Adding a Domain

1. Log in to the SwiftFederation portal and go to Domains.
2. Click Add Domain and enter the acceleration domain name (for example, example.com).
3. Configure the Origin URL by specifying the origin server where the content is hosted. Multiple origin URLs can be added to ensure high availability.
4. Configure Advanced Settings:
   • Enable Multi Domains – Add multiple alternative domain names. All alternative domains share the configuration of the primary domain. SSL certificates must be configured separately for each alternative domain.
   • Enable Streaming – Optimise live streaming by merging duplicate client requests before forwarding them to the origin server.
   • Enable HTTP/2 – Allow multiplexed requests over a single connection to improve performance.
   • Redirect HTTP to HTTPS – Force secure connections by redirecting HTTP traffic to HTTPS.
5. Click Save to add the domain to CDN.



Domain Configuration

After adding a domain, click the domain name in the Domains list to configure the domain.


Basic Information

• Domain Name – The primary acceleration domain used for CDN access (for example, www.example.com).
• CNAME – The CNAME record assigned by CDN when an acceleration domain is added. Configure a corresponding CNAME record with your DNS provider to point the acceleration domain to the provided CNAME. Once propagated, the domain will resolve through the CDN’s global traffic management to the optimal edge node.
• Redirect HTTP to HTTPS – Automatically redirect HTTP traffic to HTTPS.
• Enable Streaming – Optimise live streaming request management.
• Enable HTTP/2 – Improve request performance with multiplexing.
• Status – Indicates whether the domain is active.


Origins Control

Configure the origin server for the selected domain.

• Origin URL – The origin address (domain name or IP). Configure the protocol used for origin requests; if not specified, the protocol from the client request is used. Custom origin ports and paths are supported.
• Server Name Indication (SNI) – Server Name Indication (SNI) is used to select the correct SSL certificate during the TLS/SSL handshake when an origin host has multiple domains.
• Origin Headers – Key-value pairs for custom headers sent from CDN to the origin (for example, the Host header).


For origins hosted on AWS S3, Conversant OSS, or other S3-compatible object storage services, Origin Advanced Settings support S3 signature authentication, enabling public access to private objects via CDN:

• Access Key ID – AWS access key for signature generation.
• Secret Key – AWS secret key for signature generation.
• Region – AWS region (for example, ap-southeast-1, us-west-1).
• Drop Query String – When enabled, CDN removes query strings before forwarding requests to the origin.


Access Control

Access control leverages policies, including whitelist, blacklist, token-based access, and rate limiting, to control users' access. If multiple policies match a request, the policy with higher priority will be applied.

Whitelist Policy

Requests that do not match the whitelist rules are rejected with an HTTP 403 response.

• URL Path – Match by prefix, suffix, exact, or regex.
• Query String – Match by prefix, suffix, exact, or regex.
• GEO-Restriction – Allowed countries.
• IP/Network Restriction – Allowed source IP ranges.
• Anonymous IP Restriction – Allow or block anonymous IPs.
• Priority – Determines precedence when conflicts occur.


Blacklist Policy

Requests matching the blacklist rules are rejected with an HTTP 403 response.

• URL Path – Match by prefix, suffix, exact, or regex.
• Query String – Match by prefix, suffix, exact, or regex.
• GEO-Restriction – Blocked countries.
• IP/Network Restriction – Blocked source IP ranges.
• Anonymous IP Restriction – Allow or block anonymous IPs.
• Priority – Determines precedence when conflicts occur.


Token Access Policy

CDN checks the token access signature of the requests. Invalid signatures are rejected with HTTP 403.

• URL Path – Paths requiring signature verification.
• Query String – Query parameters requiring signature verification.
• GEO-Restriction – Countries requiring verification.
• IP/Network Restriction – IP ranges requiring verification.
• Token Secret – Secrets used to generate signatures (multiple allowed; must be securely stored).
• Priority – Determines precedence when conflicts occur.


Rate Limiting

Rate limiting restricts the number of requests from the same user IP within a defined time window. Requests exceeding the limit are rejected with HTTP 403 until the next time window.

• Request – Maximum number of requests per time window.
• Time Window – Duration in seconds before counters reset.
• Ignore URL Path – When enabled, different URLs from the same IP are counted separately.
• Ignore Query String – When enabled, different query strings for the same URL are counted separately (this option applies only when Ignore URL Path is disabled).