CDN Distributions: Configure the instructions and resources that define how content is delivered from the origin server to the users through the CDN.
SSL/TLS Encryption: With SSL/TLS support in CDN, data transmitted between the CDN edge servers and users is encrypted, ensuring secure data transmission and reliability of content delivery through CDN networks. CDN also offers the flexibility to upload custom SSL certificates that suit your organization's requirements. It also supports the auto-renew of SSL certificates based on a certificate provider like ACME via API.
WAF: CDN offers a critical security feature, WAF, that provides an additional layer of security for web applications.
DDoS Layer 7 Protection: You can enable DDoS protection at layer 7 of the Open Systems Interconnection (OSI) model, which protects web applications against distributed denial-of-service attacks.
Caching: CDN caches static content such as images, CSS files, and scripts at edge servers, reducing the load on the origin server and speeding up content delivery to users. With these rules, you can control how content is delivered, cached, and optimized for users.
Routing Rules: With CDN, configure how incoming user requests are handled and routed within the CDN infrastructure. At least one routing rule for an origin server must exist, and a maximum of twenty-five routing rules are possible. The rules are applied in the defined sequence, meaning the first routing rule will have the highest precedence.
Warning: It is not recommended to set / as the first rule, as all the subsequent rules present will be overridden by this rule.
Geo-Based Routing: With this routing mechanism, CDN allows users to route traffic based on the geographic location of users. This ensures that users are served content from the nearest edge server, reducing latency and improving overall performance.
Geo-Restrictions: With this feature, you can configure to block or allow countries to access the CDN distribution. Users can specify the geolocation parameters to block access from specific countries or regions. This can help prevent malicious traffic from specific locations and limit content delivery to only allowed geographical areas. You can also choose to allow countries or regions and restrict access to only the allowed countries list.
Rate Limiting: You can choose to limit the rate of incoming requests from specific IP addresses to the CDN. For more information, see Rate Limit Class.
Rate limiting controls the number of incoming ingress requests to the CDN from clients behind the same IP address within a specific timeframe. Rate limits can be configured for each routing rule, including the scheme, hostname, and path prefix. Rate limits apply to both cached and uncached content. IONOS CDN rate limits do not restrict outgoing egress connections from the CDN to the origin server.
By default, a limit of 100 requests per second is applied per routing rule, when the rate limit value is set to R100.
Following are the rate limit classes that can be configured:
Note: All the rate limit requests are applied per second per CDN node which serves the CDN IP grouped by the scheme, hostname, and URI path.
R1: Allows up to 1 request per second, per client IP and routing rule.
R5: Allows up to 5 requests per second, per client IP and routing rule.
R25: Allows up to 25 requests per second, per client IP and routing rule.
R50: Allows up to 50 requests per second, per client IP and routing rule.
R100: Allows up to 100 requests per second, per client IP and routing rule.
R250: Allows up to 250 requests per second, per client IP and routing rule.
R500: Allows up to 500 requests per second, per client IP and routing rule.
Consider the following factors when choosing a rate limit class:
The rate limit applies to both cached and uncached content.
A CDN provides implicit flood protection for your origin server by serving cached content. However, uncached or uncacheable content must still be retrieved from your origin server, and these requests are not explicitly rate-limited. For example, a DDoS attack originating at 2000 IPs requesting uncacheable content could generate requests up to 2000 times the configured request rate.
You may prefer a lower rate limit to reduce the likelihood of unreasonable requests to the web content. Conversely, if you aim to serve all requests to the CDN as quickly as possible, you could opt for a higher rate limit.
If your clients are using shared IP addresses such as Managed NAT Gateway or proxy servers, it could lead to exhausting a lower rate limit sooner.
A lower rate limit can negatively impact overall website performance if your CDN-served website content contains many smaller objects.
Rate limits are configured and applied on a per-routing-rule basis. You can take advantage of this by using different routing rules for various types of content. Use one routing rule with a higher rate limit to ensure faster content delivery for static, easily cacheable content, and apply another routing rule with a significantly lower rate limit for potentially uncacheable, dynamic content.
Faster Website Loading: CDN delivers content from servers nearest to the user, thus reducing latency and improving page load times. This results in a better user experience and positively impact Search Engine Optimization (SEO) rankings.
Scalability: CDNs are designed to handle high traffic loads and can easily scale based on demand. This ensures that websites and applications remain responsive even during traffic spikes.
Enhanced Security: With DDoS Layer 7 protection, WAF, and SSL/TLS encryption, CDN helps safeguard websites and applications against online threats.
Improved Performance: By caching content at edge servers worldwide, CDNs can deliver content more efficiently, reducing server load and improving overall performance.
Global Delivery Scale: With CDN, geographical proximity between the user and the network server is always close, enabling requests for content delivery to the website to be loaded with less latency. This feature also boosts the website's Search Engine Optimization (SEO) since search engines prioritize websites that load at a quicker response time.
High Reliability: CDNs utilize redundancy and failover mechanisms to ensure high availability and reliability. If one server goes down, traffic can be automatically rerouted to another server, minimizing downtime.
Threat Mitigation: By blocking traffic from specific regions or countries, you can mitigate threats and malicious attacks from specific geographical locations.
Web Application Firewall (WAF) is a security feature integrated with CDN designed to protect users' web applications from cyber threats and attacks, thus facilitating improved application performance.
WAF serves as a fully managed Access Control List (ACL) that offers predefined rule sets that you can use to quickly implement security control against known vulnerabilities without manually having to set rule sets.
By default, the WAF is set to OFF state. WAF can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by OWASP® CRS. You can set WAF to an ON state via the DCD or API; enabling WAF incurs an additional cost.
In IONOS CDN, the current maximum request body size that is analyzed is ~15 MB, and only Content-Type, which is handled by the OWASP® CRS, is analyzed by the WAF. When the WAF is unavailable or cannot process the request, the CDN continues to process it without canceling it.
Threat Detection and Mitigation: With WAF, CDN is secured from SQL injection attacks; WAF identifies and mitigates XSS attacks that aim to inject malicious scripts into web pages viewed by other users.
Predefined Rules: With fully managed rule sets readily available, you can quickly implement best practices and protect web applications against vulnerabilities without having to manually define rules.
Rate Limiting: With WAF, you can control the number of requests a user can make on a particular IP address. For more information, see Rate Limit Class.
Enhanced Performance: WAF built within CDN blocks malicious traffic and reduces the load on the origin server, improving overall application performance and availability.
Higher Security: WAF protects websites against various web attacks so that they remain secure and operational. With predefined rule sets, DDoS Layer 7, and geo-blocking, content transmission within the CDN network is highly secure.
Scalability: A highly scalable WAF that provides global threat intelligence and protection, ensuring security scales alongside the application traffic.
The following are a few limitations to consider while using CDN:
Limited Points of Presence (PoPs): CDN currently offers network edge servers focused on the European region and will soon extend the PoPs to other locations.
Restricted Customizations: You can only turn the Caching and WAF settings on or off. The option to customize these in the routing rule is not available.
Distributions: A maximum of twenty distributions can be created per contract. If the quota needs to be increased, contact .
Routing Rules: A maximum of 25 routing rules can be added for a distribution.
IONOS is a network of servers located across the IONOS global edge network to speed up the delivery of static and dynamic web content to users. CDN uses Anycast routing in IONOS' global backbone network infrastructure, comprising multiple highly available edge locations where the content is distributed, offering reduced latency and high reliability of content loading on websites.
With CDN, users benefit from improved website performance. It provides the scalability to handle large spikes in traffic, making it ideal for websites and applications with a global audience. CDN offers advanced security features such as encryption, DDoS Layer 7 protection, secure token authentication, and Web Application Firewall (WAF), making it a versatile choice for secure content delivery and safeguards against cyber threats. For more information, see and .
CDN uses IONOS's global capacity to offer network servers to speed up content delivery. To begin with, CDN hosts its data center locations in two European metro regions. The network of server locations for the CDN will be steadily expanded to other locations closer to the user base shortly.
The CDN setup allows the administrator to create new CDN distributions and specify the origin servers for the CDN. The setup supports various origin types, such as S3 buckets, load balancers, and custom origins. For a CDN distribution, you can enable SSL/TLS support and manage these certificates to ensure a secure content delivery. CDN lets you configure up to twenty-five routing rules where geo-restriction can be managed on a per-distribution basis, and you can choose to enable WAF and Caching properties. You can configure and manage the CDN distributions via the DCD. For more information, see .
When a user sends a request for the first time to fetch content on your website, the user request is routed to the CDN edge server located closer to the user. The CDN requests content from the origin server, transfers the static content from the webserver to its cached memory, and sends the retrieved content to the user.
When a user requests the same data content the next time, the CDN retrieves the content from its cached memory and immediately delivers it to your website. When the content is cached in the edge server, the CDN provides it immediately with minimal or zero latency, thus improving the web application performance and reducing data traffic.
The illustration shows how the user's request for content is managed efficiently by using CDN edge servers and the flow of content between the user, origin server, CDN edge location, and cached memory. The overall CDN is built on top of the IONOS network infrastructure.
Caching in CDN refers to storing copies of web content at multiple edge servers across various geographical locations. It allows users to access content from a server that is geographically closer to them, improving the speed and efficiency of content delivery.
Static Content Caching: Static content like HTML, CSS, JavaScript files, images, and videos are cached in the CDN edge servers. Caching is based on the request method GET or HEAD and the HTTP response code defined in the cache policy. There will be no differences between static content and dynamic content. Content that should not be cached must have defined cache control headers.
Dynamic Content Caching: With cache-control headers, you can customize the cache behavior to your needs and on enabling Caching on a CDN route, everything that matches the cache policy will be cached including the dynamic content.
Cache Policy: The default cache policy for IONOS CDN is as follows:
The edge servers cache all content with status code HTTP 2xx from the origin server for 24 hours if no cache control headers are given. Cache-control headers take precedence otherwise.
Content with HTTP 301, 302, or 404 will be cached for 10 minutes if no cache-control headers are set.
Stale content will be provided if the origin is unreachable and the cache still exists.
Automatic Purging: The CDN can automatically remove cached content based on a defined policy, ensuring that users always receive the most up-to-date version of the content when necessary.
With IONOS CDN, you can set cache response headers to X-CDN-Cache-Status indicating whether a resource is cached or not. The supported values are as follows:
HIT: The resource was delivered from the CDN cache.
MISS: The resource was not found in the cache; it was served from the origin web server and cached. Further requests may be cached if the cache policy matches.
STALE: The resource was served from the cache but could have expired. Stale content will be delivered if the CDN is updating the content. A timeout or error from the origin server is provided.
BYPASS: All responses where the cache is disabled due to the policy or configuration.
You can also ensure not to cache specific requests if the following requirements are met:
An X-Accel-Expires response header field was sent with a value of 0.
An “Expires” response header was sent with a date that is already expired.
The “Cache-Control” header has values like no-cache, no-store or private in the response.
The response header includes the Set-Cookie field.
If the response header includes the Vary field with the special value *.
Reduced Latency: CDNs serve content from the nearest edge server, minimizing the distance data has to travel, reducing latency, and improving load times.
Enhanced Availability: Cached content can still be served to the users even if the origin server experiences downtime, improving the availability of web services.
Content Relevance: With well-defined caching policies, you can ensure users receive up-to-date content even while serving content from the cached server instead of the origin server.
Scalability: Caching allows websites to handle higher data traffic without degradation in the content served to the user requests, making it easier to scale during traffic spikes.
Improved Security: By reducing the number of direct content requests to the origin server, caching helps mitigate certain vulnerabilities and provides an additional security layer.