Product reference pages are available in English only.
Network Services

CDN

What Is It?

CDN (Content Delivery Network) is a globally distributed system of edge servers that caches and delivers web content closer to end users. By serving requests from the nearest edge location, CDN reduces latency, improves load times, and handles traffic spikes automatically while providing built-in security features including DDoS Layer 7 protection, Web Application Firewall, and SSL/TLS encryption.

Quick Facts

Aspect Details
Type Global edge caching and content delivery network
Distributions Up to 20 per contract (increase via support)
Routing Rules 1 to 25 per distribution
Geographic Coverage Locations in key European markets, including Germany (Berlin, Frankfurt), Spain, the United Kingdom, and the United States
Protocols IPv4 and IPv6 (dual-stack)
Security DDoS Layer 7 protection, optional WAF, SSL/TLS encryption
Cache Behavior HTTP 200 cached 24h, 301/302/404 cached 10 min (default)

Rate Limiting Classes

Class Requests per Second (per client IP)
R1 1 req/s
R5 5 req/s
R10 10 req/s
R25 25 req/s
R50 50 req/s
R100 100 req/s (default)
R250 250 req/s
R500 500 req/s

SSL/TLS Certificate Requirements

Supported Certificate Authorities: GeoTrust, Let's Encrypt intermediate certificates (R5, R6, R10, R11, R12, R13, R14), GlobalSign, and other reputable public CAs. Custom certificates can be uploaded or auto-renewed via ACME.

Not Supported: Self-signed certificates are rejected.

What You Can Do

Edge Caching

Cache static and dynamic content at edge servers closest to users. Caching reduces origin load, lowers latency, and enables faster page loads. You can enable or disable caching per routing rule based on cache-control headers.

Note: Custom cache policies are not supported. You can only enable or disable caching per routing rule.

Flexible Routing Rules

Define up to 25 routing rules per distribution to control how requests are handled. Each rule specifies scheme (HTTP/HTTPS), hostname, path prefix, upstream host, caching behavior, WAF status, rate limiting class, geo-restrictions, and SNI mode. Rules are evaluated in order with the first match taking precedence.

Note: Do not set "/" as the first rule, as it will override all subsequent rules.

SSL/TLS Encryption

Secure data in transit with end-to-end encryption between edge servers and users. Upload custom certificates from the Certificate Manager or use auto-renewed certificates via ACME (such as Let's Encrypt).

Web Application Firewall

Enable optional per-routing-rule WAF protection based on the OWASP Core Rule Set. WAF analyzes request bodies up to approximately 15 MB and protects against common web application attacks.

Note: Enabling WAF incurs additional costs.

DDoS Layer 7 Protection

Built-in protection against application-layer DDoS attacks. The edge network absorbs malicious traffic before it reaches your origin servers.

Geo-Based Routing and Restrictions

Route traffic to the nearest edge location based on user geography. Optionally allow or block traffic from specific countries using allow-lists or block-lists.

Rate Limiting

Limit request rates per client IP address using predefined classes (R1 to R500). Rate limiting applies to both cached and uncached requests and helps protect against abusive traffic patterns.

High Availability

Redundant edge servers with automatic failover ensure service continuity. If a node fails, traffic is automatically rerouted. Cached "stale" content can still be served even when the origin server is unavailable.

Bandwidth Offload

Reduce origin server load by serving content from edge caches. This lowers bandwidth consumption at the origin and improves overall infrastructure efficiency.

Best For

Scenario Why It Fits
Global website delivery Serves static assets (HTML, CSS, JS, images, video) from edge servers nearest to users, reducing latency and improving page load times
Dynamic content delivery Caches API-driven or personalized content based on cache-control headers, delivering dynamic responses faster than origin-only architectures
Software distribution Handles large-scale delivery of updates, patches, or installers with high throughput and low latency during demand spikes
API request optimization Caches repeated API calls (configuration data, catalog lookups) at the edge, reducing round-trip time to backend services
Traffic spike handling Automatically scales to serve more concurrent users during traffic surges without degrading performance
Security hardening Reduces direct traffic to origin servers while providing DDoS protection, WAF, and SSL/TLS encryption

Key Considerations

Billing & Costs

  • Main billing: Monthly per-distribution fee
  • Additional costs: WAF protection incurs extra charges per routing rule

Limitations

  • Geographic coverage currently focused on Europe with US coverage
  • Maximum 20 distributions per contract (increase requires support request)
  • Maximum 25 routing rules per distribution
  • Caching can only be enabled or disabled per routing rule
  • Self-signed SSL/TLS certificates are not accepted (only public CA-issued certificates)
  • WAF request body analysis limited to approximately 15 MB
  • Only two SNI modes available (distribution or origin)

Management Options

  • Data Center Designer (DCD) for UI-based management
  • Full CDN REST API with Bearer JWT authentication
  • Go SDK for programmatic integration
  • Terraform provider for infrastructure-as-code deployments