Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Based on CDN features and benefits, the following are a few key use cases:
Website Performance Optimization: The CDN's ability to cache static content and deliver it from edge servers nearest to the user's location significantly reduces website load time, ensuring that users experience minimal latency regardless of their geographical location.
Dynamic Content Delivery: Leveraging CDN edge servers for deploying computational resources leads to reduced latency in the response time for dynamic content requests.
Software Distribution: With improved download speeds and reduced latency, you can use CDN to distribute software updates and patches to users worldwide.
API Request Optimization: By caching API responses using edge servers, you can accelerate access to backend services using the API.
Users need appropriate privileges to create and manage CDN distributions. Cloud CDN has a new group privilege called Access and manage CDN. This privilege must be enabled for a group so that the members of this group inherit it through group privilege settings and can manage the CDN distributions.
Prerequisite: Make sure you have one or more Groups in the User Manager. To create one, see Create a group.
To set user privileges to manage CDN distributions, follow these steps:
In the DCD, go to Menu > Management > Users & Groups under Users.
Select the Groups tab in the User Manager window.
Select the appropriate group to assign relevant privileges.
In the Privileges tab, select Access and manage CDN.
Note: You can remove the privileges from the group by clearing Access and manage CDN.
Result: The privilege to manage CDN distributions is granted to all the members in the selected group.
You can revoke a user's Access and manage CDN privilege by removing the user from all the groups with this privilege enabled.
Warning: You can revoke a user from this privilege by disabling Access and manage CDN for every group the user belongs to. In this case, all the members in the respective groups would also be revoked from this privilege.
To revoke this privilege from a contract administrator, disable the administrator option on the user account. After performing this action, the contract administrator will become a contract user, and the privileges that were set up for the user before becoming an administrator will then be in effect.
With IONOS Content Delivery Network (CDN), you can quickly deliver web content and applications to users with exceptional availability and performance. CDN offers a range of security features, including Layer 7 Distributed Denial of Service (DDoS) protection and a Web Application Firewall (WAF), making it an adaptable and secure solution for content delivery.
Note: CDN is currently available on a request basis. To access this product, please contact your sales representative or IONOS Cloud Support.
Explore the key use cases to implement using CDN.
Get started with creating and managing CDN via the DCD.
Get started with creating and managing CDN via the API.
To get answers to the most commonly encountered questions about CDN, see FAQs.
A CDN distribution refers to the specific configurations that define how the content is delivered by the CDN to the users. You can create one or more CDN distributions under your contract as needed.
To create a CDN distribution, follow these steps:
Prerequisite: Make sure you have the corresponding permissions to create and manage CDN distributions. Only contract administrators, owners, and users with Access and manage CDN privilege can create a CDN distribution. For more information, see .
1. In the DCD, go to Menu > Network > CDN under Edge Networking.
2. Click Create CDN distribution from the Distribution overview page.
3. Configure the following details for a CDN distribution:
4. Click Save to apply the CDN distribution configurations.
Note:
— You can create a maximum of twenty CDN distributions, and each distribution can be configured with a maximum of twenty-five routing rules.
To define the CDN distribution properties, enter the following details:
1. Domain: Enter the origin domain, which is a URL that refers to the website address or content to access over the internet. You can use HTTP servers or Object Storage buckets as domains. For example, www.example.com
.
IONOS CDN trusts and accepts SSL/TLS certificates from recognized and reputable Certificate Authorities (CAs), ensuring high security and trustworthiness. Some examples of commonly supported CAs include, but are not limited to, the following:
-- GeoTrust
-- Let's Encrypt
-- GlobalSign
Self-signed certificates are not accepted due to the security policy requirements that mandate proven certification from established authorities.
To define the routing rules for a CDN distribution, enter the following details:
1. Prefix: Enter a prefix that helps CDN determine the routing policies to apply for any URL path that begins with the prefix defined here. For example, if a prefix is defined as /docs
under a routing rule, then all the URL requests that begin with /docs
will be managed per the routing rules under which this prefix is defined.
2. Scheme: Choose the type of transfer protocol to allow accessing resources from HTTP/HTTPS
, HTTPS
, or HTTP
schemes. On choosing HTTP/HTTPS
, the CDN directs HTTP
requests HTTP
and HTTPS
requests to HTTPS
.
Note: Only the HTTP
scheme is supported if SSL Certificate is not provided.
3. Host: Enter the upstream host URL responsible for handling content requests and serving content to the users. This host is also responsible for fetching the content from the domain if data is not already cached at the edge server. For example, server.example.com
.
4. Caching: Turn on or turn off to choose whether or not to cache the responses from the upstream host. If turned on, the data responses are cached, and the user's request for the same content is served to the user next time from this cache memory.
7. (Optional) Geo Restrictions: Click Open country list to turn on or turn off the countries to be blocked or allowed, then click Save. You can also enter the alphabet in the field provided to quickly jump to the country code in the list and choose to block or allow.
8. Click Add routing rule to define another rule. Follow steps from step 1 to step 7 to add the routing rule and click Save. You can add up to twenty-five routing rules per CDN distribution.
9. When more than one routing rule exists, use the drag-and-drop option to arrange them as needed. The routing rules' precedence applies in the order in which they are ordered.
Warning: It is recommended not to set the routing rule with the Prefix value /
as the first routing rule since this will override all the subsequent routing rules defined in the distribution.
Result: The CDN distribution is successfully created. An IPv4 and IPv6 Anycast IP address is provided which is needed to configure your domain's settings to activate the CDN functionality.
— If you are using IONOS , follow the steps in .
2. (Optional) SSL Certificate: Choose from the certificates already created via the Certificate Manager. You can also create a new certificate, which is then listed in the drop-down list here. To create one, follow the steps in . With a Secure Sockets Layer (SSL) certificate defined, the CDN distribution can serve content over HTTPS, the secure version of HTTP. To create auto-renewable SSL certificates based on a certificate provider like ACME, see .
5. WAF: Turn on or turn off WAF to choose whether or not to protect the upstream host from malicious threats and vulnerabilities. For more information, see . When turned on, WAF incurs additional costs.
6. Rate Limit Class: Choose from the drop-down list to limit the rate of incoming requests from specific IP addresses. The allowed rate limit class values are R1
, R5
, R10
, R25
, R50
, R100
, R250
, and R500
. For more information, see .
Configuring the DNS records for your domain completes the CDN distribution setup. For more information, see .
Once a CDN distribution is successfully created, the distribution is listed on the Distribution overview page.
To update the CDN distribution details, follow these steps:
1. In the DCD, go to Menu > Network > CDN under Edge Networking.
2. In the Distribution overview, select the CDN distribution to update.
3. In the Details & Edit CDN distribution, update the distribution details needed:
Properties: Refers to the Domain and SSL certificate details of the distribution. To update these details, see Define distribution properties.
Edit routing rule: This rule defines the rules for routing content requests to this CDN distribution. To update these details, see Define routing rules.
Delete routing rule: Use this option to delete an existing routing rule.
Add routing rule: You can create a routing rule. To do so, follow the steps in Define routing rules.
You can drag and drop the routing rules to change the precedence of the rules to apply to the CDN distribution.
4. Click Save to update the CDN distribution details with the changes made.
Result: The CDN distribution is successfully updated.
Prerequisite: You need administrative privileges to create and assign user privileges by using the Cloud API.
To set user privileges using the Cloud API for managing Cloud CDN distribution, follow these steps:
Authenticate to the Cloud API using your API credentials.
Create a user using the POST /cloudapi/v6/um/users
endpoint.
Set the following required parameters for the user: user's name
, email address
, and password
.
Create a group using the POST /cloudapi/v6/um/groups
endpoint.
Set accessAndManageCdn
privilege to true
.
Assign the user to the created group using POST /cloudapi/v6/um/groups/{groupId}/users
endpoint and provide the user ID in the header.
Note: The user ID in the request body could be as, id: <userID>
.
Result: The accessAndManageCdn
privilege is granted to the user.
Caching in CDN refers to storing copies of web content at multiple edge servers across various geographical locations. It allows users to access content from a server that is geographically closer to them, improving the speed and efficiency of content delivery.
Static Content Caching: Static content like HTML, CSS, JavaScript files, images, and videos are cached in the CDN edge servers. Caching is based on the request method GET
or HEAD
and the HTTP
response code defined in the cache policy. There will be no differences between static content and dynamic content. Content that should not be cached must have defined cache control headers.
Dynamic Content Caching: With cache-control
headers, you can customize the cache behavior to your needs and on enabling Caching on a CDN route, everything that matches the cache policy will be cached including the dynamic content.
Cache Policy: The default cache policy for IONOS CDN is as follows:
The edge servers cache all content with status code HTTP 2xx
from the origin server for 24 hours if no cache control headers are given. Cache-control headers take precedence otherwise.
Content with HTTP
301
, 302
, or 404
will be cached for 10 minutes if no cache-control
headers are set.
Stale content will be provided if the origin is unreachable and the cache still exists.
Automatic Purging: The CDN can automatically remove cached content based on a defined policy, ensuring that users always receive the most up-to-date version of the content when necessary.
With IONOS CDN, you can set cache response headers to X-CDN-Cache-Status
indicating whether a resource is cached or not. The supported values are as follows:
HIT: The resource was delivered from the CDN cache.
MISS: The resource was not found in the cache; it was served from the origin web server and cached. Further requests may be cached if the cache policy matches.
STALE: The resource was served from the cache but could have expired. Stale content will be delivered if the CDN is updating the content. A timeout or error from the origin server is provided.
BYPASS: All responses where the cache is disabled due to the policy or configuration.
You can also ensure not to cache specific requests if the following requirements are met:
An X-Accel-Expires
response header field was sent with a value of 0
.
An “Expires” response header was sent with a date that is already expired.
The “Cache-Control” header has values like no-cache
, no-store
or private
in the response.
The response header includes the Set-Cookie
field.
If the response header includes the Vary
field with the special value *
.
Reduced Latency: CDNs serve content from the nearest edge server, minimizing the distance data has to travel, reducing latency, and improving load times.
Enhanced Availability: Cached content can still be served to the users even if the origin server experiences downtime, improving the availability of web services.
Content Relevance: With well-defined caching policies, you can ensure users receive up-to-date content even while serving content from the cached server instead of the origin server.
Scalability: Caching allows websites to handle higher data traffic without degradation in the content served to the user requests, making it easier to scale during traffic spikes.
Improved Security: By reducing the number of direct content requests to the origin server, caching helps mitigate certain vulnerabilities and provides an additional security layer.
The following are a few limitations to consider while using CDN:
Limited Points of Presence (PoPs): CDN currently offers network edge servers focused on the European region and will soon extend the PoPs to other locations.
Restricted Customizations: You can only turn the Caching and WAF settings on or off. The option to customize these in the routing rule is not available.
Distributions: A maximum of twenty distributions can be created per contract. If the quota needs to be increased, contact IONOS Cloud Support.
Routing Rules: A maximum of 25 routing rules can be added for a distribution.
Prerequisite: Only contract administrators, owners, and users with accessAndManageCdn
privilege can create and manage CDN distributions via the API. You can also set user privileges in the DCD. For more information, see Set User Privileges.
To retrieve all the CDN distributions under a contract, perform a GET
request.
Use the following endpoint to retrieve all CDN distributions for a contract: https://cdn.de-fra.ionos.com/distributions
.
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
Content-Type
yes
string
Set this to application/json
.
200 Successful operation
Result: All the existing CDN distributions and their details are successfully obtained for your contract.
Prerequisite: Only contract administrators, owners, and users with accessAndManageCdn
privilege can create and manage CDN distributions via the API. You can also set user privileges in the DCD. For more information, see Set User Privileges.
To create a CDN distribution, perform a POST
request.
Use the following endpoint to create a CDN distribution: https://cdn.de-fra.ionos.com/distributions
.
Below is the list of mandatory body parameters:
domain
string
The domain name for the CDN distribution.
example.com
scheme
string
Choose whether to allow http
, https
, or http/https
protocol.
http/https
prefix
string
A prefix to match the beginning segment of the URL path and apply routing rule.
/api
host
string
An upstream host name that handles requests if data not cached in the CDN edge server.
server.example.com
caching
boolean
If enabled, CDN caches the data from the upstream host.
true
waf
boolean
If enabled, protects the upstream host.
true
rateLimitClass
string
Limits the number of incoming requests per IP.
R10
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
Content-Type
yes
string
Set this to application/json
.
201 Successful operation
Result: The CDN distribution is successfully created; the id
and other details of the created distribution are provided in the response.
The following are a few FAQs to provide insight into the CDN product.
A Content Delivery Network (CDN) is a system of distributed servers strategically placed worldwide to deliver web content and applications more quickly and reliably. CDN caches content at edge locations closer to the end users and delivers content with reduced latency and improved load times, ensuring a better user experience. CDN offers enhanced security and scalability and protects against various DDoS attacks. For more information, see Overview.
With CDN, you can experience faster loading times for web applications with high reliability of content delivery with globally distributed edge servers and delivering content to users from the closest server. For more information on how CDN best suits your business, see Features and Benefits and Use Cases.
A CDN works by caching content on servers located close to your users. When a user requests content from your website or application, the CDN server will deliver it from its cache rather than from your origin server. Additionally, an origin server is relieved of cacheable requests, leaving it with more resources available for processing non-cacheable requests. These aspects overall speed up your website performance.
An edge location is a specific data center within the CDN network housing multiple edge servers where content is cached. An edge region is a broader geographic area containing numerous edge locations to ensure high availability. IONOS CDN leverages both to ensure optimal content delivery.
Using a CDN significantly reduces the bandwidth required from your origin server by caching content at edge locations. Hence, it offloads the heavy lifting to the CDN, allowing you to maintain a smaller, more cost-effective infrastructure with fewer resources.
IONOS CDN is designed for high availability with a redundant, distributed network of edge servers. In the event of a server failure, traffic is automatically rerouted to ensure uninterrupted access to your content. Even if your origin server is offline, our edge servers may still have some cached content and serve that "stale" content in its place, keeping your website available.
Yes. Both IPv4 and IPv6 are supported. This ensures that your content is accessible to users on IPv4 and IPv6 networks, helping future-proof your web services and ensuring broad accessibility. Our edge servers can also access your origin servers via public IPv4 and IPv6 addresses.
Yes, we provide a comprehensive CDN API complemented by a GO SDK and Terraform tooling that allows for the automation of various CDN-related tasks. This ensures seamless integration with your DevOps workflow.
To get started with IONOS CDN, sign up for an account with IONOS Cloud. Once you have signed up, configure CDN distributions for your domain via the DCD or API.
To integrate CDN with your existing infrastructure, you need to create a CDN distribution with routing rules for the domain after which an IPv4 and IPv6 Anycast IP address is provided which is needed to configure the domain's DNS settings for the CDN distribution to be fully functional. For more information, see Create a CDN Distribution.
Yes. Contract administrators and owners can enable access to sub-users to manage CDN by providing the “Access and Manage CDN” group privilege. For more information, see Set User Privileges via the DCD and API. You can also view audit logs for CDN operations via the Activity Log functionality.
IONOS CDN is best complimented by using Cloud DNS for your domain's DNS management and utilizing IONOS S3 Object Storage or Compute Engine as the origin servers. This will ensure traffic stays in IONOS networks for optimal content delivery.
You can create up to twenty CDN distributions per contract, and each distribution can be configured with up to twenty-five routing rules.
CDN distribution is charged monthly; additional charges apply when enabling WAF on individual routing rules. For more information, see Prices.
If the origin server goes down, IONOS CDN will continue to serve cached content until the cache expires. This provides a level of redundancy that helps maintain content availability during origin server outages.
Using the Caching policy, you can define how long the content cached in the edge server must be retained. IONOS CDN has a default caching behavior in which the content is cached based on status code HTTP 2xx
from the origin server and cache-control
headers. For more information, see Caching.
No. Custom cache rules are currently not supported. For your CDN distribution, you can only enable or disable caching on a per-routing rule basis.
Yes, X-CDN-Cache-Status
set as a header to responses indicates whether a resource is cached or not. For more information, see Cache response headers.
No, disabling caching does not automatically delete the cache contents. Content will remain until expiry. When caching is disabled, the requests are always forwarded to the origin server.
Data transferred through IONOS CDN is secured using SSL/TLS encryption to prevent unauthorized access and ensure data integrity. To enforce this, configure HTTPS
as the protocol for the corresponding routing rule and provide a publicly trusted, valid TLS certificate for either the origin server's name or the website's configured name. Multi-layered DDoS protection and WAF features also offer added security against threats.
The IP addresses of IONOS edge servers currently belong to the following ranges:
212.227.172.0/24
2001:8d8:105::/64
216.250.123.0/25
2607:f1c0:105::/64
If your origin is hosted on IONOS Cloud and protected by firewall rules, you can use the above IP addresses to allow inbound traffic to your origin only from IONOS CDN’s origin-facing servers, preventing any non-CDN traffic from reaching your origin.
If the origin is an Object Storage bucket, a Bucket Policy can be set up to restrict access only from the above IP addresses.
The same list can also be used as a list of “trusted” IPs for Apache httpd’s
mod_remoteip, Nginx’s ngx_http_realip module, or similar features in other software to restore the original client's IP address in requests reaching the origin server.
Yes. Geo restriction can be optionally applied for CDN distributions. You can either create a ”block” list or an “allow” list of countries to restrict access to your domain.
Yes. You can configure rate limits for every CDN routing rule to control the number of incoming requests on a per-client IP basis for a given edge server. A response header X-WS-RateLimit-Limit
indicates which rate limit is configured. Each edge server and routing rule has its bucket for the client IP limits and will not be shared across all routes or edge servers. For more information, see Rate Limit Class.
CDN supports SSL/TLS encryption for secure data transmission. Remember to use valid certificates from recognized and reputable Certificate Authorities (CAs). You can manage and store TLS certificates using the Certificate Manager to terminate HTTPS connections from the internet. The Automatic Certificate Management Environment (ACME) protocol automatically renews TLS certificates. For more information, see Certificate Manager.
WAF can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by OWASP® CRS.
Yes, CDN supports Server Name Indication(SNI) mode particularly in the context of Secure Sockets Layer SSL or Transport Layer Security (TLS) communications. Specify the following mandatory properties to configure sniMode in CDN for outgoing connections to the upstream host:
Properties
Description
Usage
distribution
CDN requires the upstream host to present a valid certificate that matches the configured domain of the CDN distribution.
origin
CDN requires the upstream host to present a valid certificate that matches the configured upstream or the origin hostname. This avoids leaking traffic to unauthorized, misconfigured hosts that are not authorized to serve the same domain.
You can use this sniMode property for Object Storage hosted static websites.
Once a CDN distribution is successfully created, the distribution is listed on the Distribution overview page.
To view the CDN distribution details, follow these steps:
In the DCD, go to Menu > Network > CDN under Edge Networking.
Result: A list of CDN distributions created is displayed. For every distribution listed, you can view the following details:
DOMAIN: Displays the origin domain of the distribution. Select the name to view the respective cluster details.
STATE: Displays the state of the distribution. Possible values are as follows:
Available: The distribution is available and in good condition.
Busy: When the distribution is either being updated, created, or deleted.
CREATION DATE: Displays the date of creation of the distribution.
LAST MODIFIED: Displays the date when the distribution details were last updated.
OPTIONS: Select to perform the following:
Details & Edit: You can view and edit the selected distribution details.
Copy UUID: Copy the UUID of the distribution to use this identifier in the API calls.
Copy HREF: Copy the HREF of the distribution that points to the URL provided by the CDN where the resource is hosted.
Delete distribution: Deletes the selected distribution. In the dialog box that appears, select Delete to confirm deletion. For more information, see Delete a CDN Distribution.
For the selected CDN distribution, you can view the following details:
System Information: The following system information related to the distribution is displayed:
State: Displays the state of the distribution.
UUID: The unique ID of the CDN distribution.
Resource URN: A Uniform Resource Name (URN) that uniquely identifies the resources of the distribution, which is represented as ionos:<product>:<location>:<contract>:<resource-path>
.
IPv4 Address: This is the Anycast IPv4 address needed to configure the domain's Domain Name Server (DNS) settings so that the CDN functionality can be active.
IPv6 Address: This is the Anycast IPv6 address needed to configure the domain's DNS settings so that the CDN functionality can be active.
Creation date: Specifies the date and time of distribution creation.
Creation by: Unique IONOS identity specifying the user who created the distribution.
Last Modified: Specifies the date and time when the distribution was last modified.
Modified by: Unique IONOS identity specifying the user who modified the distribution.
Properties: Refers to the Domain and SSL certificate details of the distribution. For more information, see Define distribution properties.
Routing rules: Refers to the rules defined for handling the routing of content requests to this CDN distribution. For more information, see Define routing rules.
To delete a CDN distribution, follow these steps:
1. In the DCD, go to Menu > Network > CDN under Edge Networking.
2. From the Distribution overview page, select the distribution you want to delete. On this page, all the CDN distributions created are listed.
3. In the Options column for the selected distribution, click and select Delete.
Result: The selected CDN distribution is successfully deleted and no longer displayed in the Distribution overview.
To create and manage CDN distributions via the DCD, refer to the following How-Tos.
Set required user privileges to create and manage Cloud CDN distributions.
Create a CDN distribution.
View the list of created CDN distributions.
Manage an existing CDN distribution by updating the distribution details.
Delete an existing CDN distribution.
IONOS Content Delivery Network (CDN) is a network of servers located across the IONOS global edge network to speed up the delivery of static and dynamic web content to users. CDN uses Anycast routing in IONOS' global backbone network infrastructure, comprising multiple highly available edge locations where the content is distributed, offering reduced latency and high reliability of content loading on websites.
With CDN, users benefit from improved website performance. It provides the scalability to handle large spikes in traffic, making it ideal for websites and applications with a global audience. CDN offers advanced security features such as encryption, DDoS Layer 7 protection, secure token authentication, and Web Application Firewall (WAF), making it a versatile choice for secure content delivery and safeguards against cyber threats. For more information, see Features and Benefits and Use Cases.
CDN uses IONOS's global capacity to offer network servers to speed up content delivery. To begin with, CDN hosts its data center locations in two European metro regions. The network of server locations for the CDN will be steadily expanded to other locations closer to the user base shortly.
The CDN setup allows the administrator to create new CDN distributions and specify the origin servers for the CDN. The setup supports various origin types, such as S3 buckets, load balancers, and custom origins. For a CDN distribution, you can enable SSL/TLS support and manage these certificates to ensure a secure content delivery. CDN lets you configure up to twenty-five routing rules where geo-restriction can be managed on a per-distribution basis, and you can choose to enable WAF and Caching properties. You can configure and manage the CDN distributions via the DCD. For more information, see DCD How-Tos.
When a user sends a request for the first time to fetch content on your website, the user request is routed to the CDN edge server located closer to the user. The CDN requests content from the origin server, transfers the static content from the webserver to its cached memory, and sends the retrieved content to the user.
When a user requests the same data content the next time, the CDN retrieves the content from its cached memory and immediately delivers it to your website. When the content is cached in the edge server, the CDN provides it immediately with minimal or zero latency, thus improving the web application performance and reducing data traffic.
The illustration shows how the user's request for content is managed efficiently by using CDN edge servers and the flow of content between the user, origin server, CDN edge location, and cached memory. The overall CDN is built on top of the IONOS network infrastructure.
With CDN APIs, contract administrators, owners, and users with the required permissions can create and manage CDN distributions.
Set required user privileges for a user to create and manage CDN distributions.
Create a CDN distribution.
Using the distribution ID, get all the details of a CDN distribution.
Get all the requested CDN distributions details.
A distribution updated for the provided distribution ID. If already a distribution does not exist for the given distribution ID, a new one is created.
Deletes the specified CDN distribution.
Web Application Firewall (WAF) is a security feature integrated with CDN designed to protect users' web applications from cyber threats and attacks, thus facilitating improved application performance.
WAF serves as a fully managed Access Control List (ACL) that offers predefined rule sets that you can use to quickly implement security control against known vulnerabilities without manually having to set rule sets.
By default, the WAF is set to OFF
state. WAF can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by . You can set WAF to an ON
state via the DCD or API; enabling WAF incurs an additional cost.
In IONOS CDN, the current maximum request body size that is analyzed is ~15 MB, and only Content-Type
, which is handled by the OWASP® CRS, is analyzed by the WAF. When the WAF is unavailable or cannot process the request, the CDN continues to process it without canceling it.
Threat Detection and Mitigation: With WAF, CDN is secured from SQL injection attacks; WAF identifies and mitigates XSS attacks that aim to inject malicious scripts into web pages viewed by other users.
Predefined Rules: With fully managed rule sets readily available, you can quickly implement best practices and protect web applications against vulnerabilities without having to manually define rules.
Rate Limiting: With WAF, you can control the number of requests a user can make on a particular IP address. For more information, see .
Enhanced Performance: WAF built within CDN blocks malicious traffic and reduces the load on the origin server, improving overall application performance and availability.
Higher Security: WAF protects websites against various web attacks so that they remain secure and operational. With predefined rule sets, DDoS Layer 7, and geo-blocking, content transmission within the CDN network is highly secure.
Scalability: A highly scalable WAF that provides global threat intelligence and protection, ensuring security scales alongside the application traffic.
CDN Distributions: Configure the instructions and resources that define how content is delivered from the origin server to the users through the CDN.
SSL/TLS Encryption: With SSL/TLS support in CDN, data transmitted between the CDN edge servers and users is encrypted, ensuring secure data transmission and reliability of content delivery through CDN networks. CDN also offers the flexibility to upload custom SSL certificates that suit your organization's requirements. It also supports the auto-renew of SSL certificates based on a certificate provider like ACME via .
: CDN offers a critical security feature, WAF, that provides an additional layer of security for web applications.
DDoS Layer 7 Protection: You can enable DDoS protection at layer 7 of the Open Systems Interconnection (OSI) model, which protects web applications against distributed denial-of-service attacks.
: CDN caches static content such as images, CSS files, and scripts at edge servers, reducing the load on the origin server and speeding up content delivery to users. With these rules, you can control how content is delivered, cached, and optimized for users.
Routing Rules: With CDN, configure how incoming user requests are handled and routed within the CDN infrastructure. At least one routing rule for an origin server must exist, and a maximum of twenty-five routing rules are possible. The rules are applied in the defined sequence, meaning the first routing rule will have the highest precedence.
Warning: It is not recommended to set /
as the first rule, as all the subsequent rules present will be overridden by this rule.
Geo-Based Routing: With this routing mechanism, CDN allows users to route traffic based on the geographic location of users. This ensures that users are served content from the nearest edge server, reducing latency and improving overall performance.
Geo-Restrictions: With this feature, you can configure to block or allow countries to access the CDN distribution. Users can specify the geolocation parameters to block access from specific countries or regions. This can help prevent malicious traffic from specific locations and limit content delivery to only allowed geographical areas. You can also choose to allow countries or regions and restrict access to only the allowed countries list.
Rate Limiting: You can choose to limit the rate of incoming requests from specific IP addresses to the CDN. For more information, see .
Rate limiting controls the number of incoming ingress requests to the CDN from clients behind the same IP address within a specific timeframe. Rate limits can be configured for each routing rule, including the scheme, hostname, and path prefix. Rate limits apply to both cached and uncached content. IONOS CDN rate limits do not restrict outgoing egress connections from the CDN to the origin server.
By default, a limit of 100 requests per second is applied per routing rule, when the rate limit value is set to R100
.
Following are the rate limit classes that can be configured:
Note: All the rate limit requests are applied per second per CDN node which serves the CDN IP grouped by the scheme, hostname, and URI path.
R1: Allows up to 1 request per second, per client IP and routing rule.
R5: Allows up to 5 requests per second, per client IP and routing rule.
R25: Allows up to 25 requests per second, per client IP and routing rule.
R50: Allows up to 50 requests per second, per client IP and routing rule.
R100: Allows up to 100 requests per second, per client IP and routing rule.
R250: Allows up to 250 requests per second, per client IP and routing rule.
R500: Allows up to 500 requests per second, per client IP and routing rule.
Consider the following factors when choosing a rate limit class:
The rate limit applies to both cached and uncached content.
A CDN provides implicit flood protection for your origin server by serving cached content. However, uncached or uncacheable content must still be retrieved from your origin server, and these requests are not explicitly rate-limited. For example, a DDoS attack originating at 2000 IPs requesting uncacheable content could generate requests up to 2000 times the configured request rate.
You may prefer a lower rate limit to reduce the likelihood of unreasonable requests to the web content. Conversely, if you aim to serve all requests to the CDN as quickly as possible, you could opt for a higher rate limit.
If your clients are using shared IP addresses such as Managed NAT Gateway or proxy servers, it could lead to exhausting a lower rate limit sooner.
A lower rate limit can negatively impact overall website performance if your CDN-served website content contains many smaller objects.
Rate limits are configured and applied on a per-routing-rule basis. You can take advantage of this by using different routing rules for various types of content. Use one routing rule with a higher rate limit to ensure faster content delivery for static, easily cacheable content, and apply another routing rule with a significantly lower rate limit for potentially uncacheable, dynamic content.
Faster Website Loading: CDN delivers content from servers nearest to the user, thus reducing latency and improving page load times. This results in a better user experience and positively impact Search Engine Optimization (SEO) rankings.
Scalability: CDNs are designed to handle high traffic loads and can easily scale based on demand. This ensures that websites and applications remain responsive even during traffic spikes.
Enhanced Security: With DDoS Layer 7 protection, WAF, and SSL/TLS encryption, CDN helps safeguard websites and applications against online threats.
Improved Performance: By caching content at edge servers worldwide, CDNs can deliver content more efficiently, reducing server load and improving overall performance.
Global Delivery Scale: With CDN, geographical proximity between the user and the network server is always close, enabling requests for content delivery to the website to be loaded with less latency. This feature also boosts the website's Search Engine Optimization (SEO) since search engines prioritize websites that load at a quicker response time.
High Reliability: CDNs utilize redundancy and failover mechanisms to ensure high availability and reliability. If one server goes down, traffic can be automatically rerouted to another server, minimizing downtime.
Threat Mitigation: By blocking traffic from specific regions or countries, you can mitigate threats and malicious attacks from specific geographical locations.
The Bearer token enables requests to authenticate using a JSON Web Token (JWT). From the DCD, .
The Bearer token enables requests to authenticate using a JSON Web Token (JWT). From the DCD, .
You can use this sniMode property to point CDN to an API gateway. For more information, see .
Prerequisite: Only contract administrators, owners, and users with accessAndManageCdn
privilege can create and manage CDN distributions via the API. You can also set user privileges in the DCD. For more information, see Set User Privileges.
To delete a CDN distribution, perform a DELETE
request with the distributionID
of the CDN.
Use the following endpoint to delete a CDN distribution: https://cdn.de-fra.ionos.com/distributions/{distributionId}
.
Note: The following request contains a sample distributionId
. Replace them with the distributionId
value, whose information you want to retrieve.
Below is the list of mandatory path parameter:
distributionId
string
The ID (UUID) of the CDN distribution.
9ba15778-16c4-543c-8775-e52acf4853f5
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
Content-Type
yes
string
Set this to application/json
.
202 Successful operation
Result: The CDN distribution for the specified distributionID
is successfully deleted.
Prerequisite: Only contract administrators, owners, and users with accessAndManageCdn
privilege can create and manage CDN distributions via the API. You can also set user privileges in the DCD. For more information, see Set User Privileges.
To retrieve a CDN distribution, perform a GET
request with the distributionId
of the CDN.
Use the following endpoint to retrieve a CDN distribution: https://cdn.de-fra.ionos.com/distributions/{distributionId}
.
Note: The following request contains a sample distributionId
. Replace them with the distributionId
value, whose information you want to retrieve.
Below is the list of mandatory path parameter:
distributionId
string
The ID (UUID) of the CDN distribution.
9ba15778-16c4-543c-8775-e52acf4853f5
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
Content-Type
yes
string
Set this to application/json
.
200 Successful operation
Result: The CDN distribution details are retrieved for the given distributionId
.
Prerequisite: Only contract administrators, owners, and users with accessAndManageCdn
privilege can create and manage CDN distributions via the API. You can also set user privileges in the DCD. For more information, see Set User Privileges.
To update an existing CDN distribution, perform a PUT
request with the distributionID
of the CDN. The CDN distribution for a given distributionID
is updated with the provided distribution details.
Note: If a CDN distribution for a given distributionID
does not exist, a distribution is created instead.
Use the following endpoint to create or update a CDN distribution: https://cdn.de-fra.ionos.com/distributions/{distributionId}
.
Note: The following request contains a sample distributionId
. Replace them with the distributionId
value whose information you want to update.
Below is the list of mandatory path parameter:
distributionId
string
The ID (UUID) of the CDN distribution.
9ba15778-16c4-543c-8775-e52acf4853f5
Below is the list of mandatory body parameters:
id
string
The ID (UUID) of the CDN distribution.
9ba15778-16c4-543c-8775-e52acf4853f5
domain
string
The domain name for the CDN distribution.
example.com
scheme
string
Choose whether to allow http
, https
, or http/https
protocol.
http/https
prefix
string
A prefix to match the beginning segment of the URL path and apply routing rule.
/api
host
string
An upstream host name that handles requests if data not cached in the CDN edge server.
server.example.com
caching
boolean
If enabled, CDN caches the data from the upstream host.
true
waf
boolean
If enabled, protects the upstream host.
true
rateLimitClass
string
Limits the number of incoming requests per IP.
R10
To make authenticated requests to the API, the following fields are mandatory in the request header:
Authorization
yes
string
Content-Type
yes
string
Set this to application/json
.
200 Successful operation
Following is an example of when a CDN distribution is successfully created.
Result: A CDN distribution is successfully updated or created.
The Bearer token enables requests to authenticate using a JSON Web Token (JWT). From the DCD, .
The Bearer token enables requests to authenticate using a JSON Web Token (JWT). From the DCD, .
The Bearer token enables requests to authenticate using a JSON Web Token (JWT). From the DCD, .