Security

Content Delivery Networks, or CDNs, are now invisible yet essential infrastructure. They accelerate websites, deliver video, block attacks, and connect billions of users to online services. Their story stretches from the late 1990s, when a few pioneering companies sold premium acceleration to media giants, to today, when free CDN tiers are available to anyone running a blog. This article traces that history, highlighting the technical and commercial shifts that shaped the CDN industry. ...

Content Delivery Networks, or CDNs, keep much of the modern web running smoothly. They are behind faster page loads, fewer outages, and safer browsing experiences. If you have wondered how they work or whether you should use one, here are the ten questions people ask most — with answers in plain language. For more advanced strategies that combine multiple providers, see the Top 10 Questions About Multi-CDN. 1. What is a CDN and how does it work? A CDN is a network of servers in many locations. It stores copies of website content on those servers so they can be delivered from a place closer to the visitor. Instead of every request going back to the main origin server, a CDN routes the visitor to the nearest edge server. The shorter the journey, the faster the response. ...

CDN providers are bolstering security features to address growing cyber threats, critical for protecting content delivery. Cloudflare and Akamai are integrating advanced DDoS protection, WAF, and Zero-Trust capabilities. These enhancements ensure availability amid rising attack sophistication. Modern CDNs incorporate WAAP to safeguard web applications and APIs at the edge. SSL/TLS encryption is standard, securing data in transit. These features mitigate risks like data breaches and service disruptions, which can degrade p95 performance. The focus on security responds to increased attack volumes targeting e-commerce and media platforms. Robust CDN security reduces latency impacts from mitigation processes. Multi-CDN setups benefit by diversifying security layers across providers. ...

Cloudflare has deployed defenses against MadeYouReset, a newly disclosed HTTP/2 denial-of-service (DoS) vulnerability identified by Tel Aviv University researchers. This flaw could disrupt CDN services by overwhelming servers, impacting availability for websites and applications. Cloudflare’s swift response strengthens its role as a secure content delivery provider. The vulnerability targets HTTP/2’s stream multiplexing, allowing attackers to exhaust server resources with minimal effort. Cloudflare’s existing DDoS mitigation systems, including its WAF, were updated to detect and block these attacks. No user action is required, as the fix is applied globally across Cloudflare’s network. ...

Synopsis This chapter explains how to design and operate origin infrastructure that can serve more than one CDN at the same time. It covers topology choices, origin shielding, authentication, cache key consistency, deployment and consistency models, failover behavior, and operational practices. The goal is to keep content correctness and performance stable while multiple CDNs fetch from the same source. Role of the origin in multi-CDN The origin is the source of truth for content and APIs. In a multi-CDN setup more than one provider will fetch from it. The design must handle higher fan in, different retry behaviors, and different cache semantics without breaking correctness. It should also keep the number of variables low so that problems are diagnosable during incidents. ...

Synopsis This chapter describes how to keep security controls equivalent when more than one CDN serves the same properties. It covers ownership of policy, alignment of web application firewall rules, parity in bot defenses, consistent rate limiting, origin authentication, secrets handling, configuration drift control, verification, logging normalisation, and incident procedures. The aim is a uniform security posture that does not depend on which provider handled a request. Scope and objectives Security parity means that requests receive the same protection and the same outcomes independent of provider. Rules must be functionally equivalent, telemetry must be comparable, and emergency controls must have the same effect at all edges. Differences in vendor features are handled by choosing portable constructs first and by documenting exceptions that cannot be avoided. ...

Synopsis This chapter describes how transport security and certificate management function in a multi-CDN deployment. Topics include certificate lifecycle and automation, subject naming choices, OCSP and certificate transparency, origin authentication with mutual TLS, session behavior across providers, and controls that keep the security posture consistent while avoiding service disruption. Scope and goals The transport layer must present a uniform and reliable interface regardless of which CDN serves a connection. Users should see correct certificates, modern protocol support, stable cipher policy, and predictable session behavior. Operations should see an automated lifecycle that avoids expirations, supports rapid revocation, and provides clear observability. The origin path should authenticate CDNs in a way that cannot be replayed from the public internet. ...