Five Advanced CDN Configurations for the Serious User
CIOREVIEW >> Content Delivery Network >>

Five Advanced CDN Configurations for the Serious User

Jay Moore, Vice President, Marketing, Highwinds
Jay Moore, Vice President, Marketing, <a href='' target='_blank' style='color:blue !important'>Highwinds</a>

Jay Moore, Vice President, Marketing, Highwinds

Using a CDN off the shelf is like buying an economy sedan off the lot and then racing at the Daytona 500. The car will get you to work and back, but you’re not going to be at a highly-customized racing machine fine-tuned for speed, performance, and durability.

  ​To improve application performance, you can use technologies to shield your origin using a mid-tier cache and origin shielding   

Here are five advanced configurations to help you get the very most out of your CDN.

TIP #1: Customize Your Edge Behavior

A CDN script engine is a PHP interpreter that lives on the CDN edges and can transform any header data based on arbitrary characteristics of the data, user, or imported settings. What this means to your site delivery can vary widely thus it’s very important to customize script engine carefully to ensure the best possible results.


Say you want to use three different data sets for your content depending on the client platform accessing it, but your CMS is incapable of making the distinction. This can be accomplished via a script engine match on the User Agent of the client device.


What if you have a set of files with differing cache expiration needs, identifiable only based on complex pattern matching from within the file name?

“File1.png” through “File999.png”, for instance, need to be cached for 10 seconds or less, while “File1000.png” through “File9999.png” can be cached for up to a week. By creating a script that matches the substrings 1-999 and 1000-9999 and placing it on queue 3 (origin to edge), the CDN can appropriately set the time-to-live on each file within the cache.


There is a complex web of distribution rights that can come into play when publishing premium content. You can have the rights to a music video catalog in North America but not in Europe.

A script on queue 1 (client to edge) can be configured to detect an end user IP address and look them up in a geo IP database.

If their region matches the allowed set, the CDN will pass their request on, pull the file into cache, and deliver it. If the user doesn’t match the allowed region, but does match the region of a partner, they will be given a redirect response to view the page of the partner.


A script can be used to force HTTPS redirects, as well as identify which content is to be delivered via HTTP versus HTTPS. If needed to separate HTTP and HTTPS traffic, script engine can enable this behavior.

TIP #2: Origin Management

To improve application performance, you can use technologies to shield your origin using a mid-tier cache and origin shielding. Using mid-tier caching, you set rules to determine when to shield your origin from new requests.

If some of your content does not get requested in certain regions, rather than expiring it off the cache altogether, it can be preserved at the mid-tier to be reactivated on demand.


The chart below takes a look at HTTP ingest bandwidth and the impact of utilizing origin shielding.

The last seven days after this website started shielding its origin show the increased ingest performance gained from using origin shielding.

Figure 2:  Highwinds StrikeTracker CDN - Analytics - Traffic Analyzer


The next graph compares HTTP ingest requests to HTTP bandwidth. This website needed better origin performance for the large amounts of UGC it produces. They asked the CDN to help improve origin performance at the mid-tier cache level.

The site increased cache retention and reduced costs significantly.

Figure 3:  Highwinds StrikeTracker CDN - Analytics - Traffic Analyzer

The next chart illustrates gigabytes cached on the edge vs. HTTP bandwidth. This shows how HTTP cache retention is increasing while bandwidth remains the same after origin shielding has been enabled.

Figure 4:  Highwinds StrikeTracker CDN - Analytics - Traffic Analyzer

TIP #3: Protect Content with SNI and Certificates

SNI is a method by which clients can securely designate the domain that they are attempting to access before completing the SSL handshake. That means that custom SSL certificates can be used on a multi-tenant system without having to consume scarce dedicated IPv4 address space. Some CDNs only offer security via a wildcard certificate and via dedicated IP with custom certificates, while only a few utilize full SNI support.

Figure 5:  Highwinds StrikeTracker CDN - Configuration - Certificates

Benefits of protecting content with SNI and certificates include:

1. End users can safely and privately validate against your certificates on any host configurations you’ve defined.
2. You can update certificate frequency often.
3. It’s not an issue if you have a short time-to-live on your certificate.
4. You can manage any number of certificates.

TIP #4: Purge Content Using Advanced Criteria

Thanks to advanced purging features, along with managing no-cache/no-store, you can now effectively cache objects that were previously seen as “too dynamic”. Having content that was previously requested individually for each user being cached even once or twice can have an enormous impact on performance, and being able to manage TTLs and purge in real-time is an important aspect of that capability.


Purge by URL gives you easy access to deleting content from the cache by its exact location on any host in your account.

Figure 7:  Highwinds StrikeTracker CDN - Tools - Purge

The ability to purge from specific cache keys on the URL helps to eliminate a specific sub-version of the file by query string or cache keyed header.

Figure 8:  Highwinds StrikeTracker CDN - Tools - Purge


If your aim is to purge your entire host, or a recursive path within that host, purge by path is recommended.

Figure 9:  Highwinds StrikeTracker CDN - Tools - Purge


Purge by tag enables you to clear the cache of content that contains one or more of the submitted list of tags as defined by your origin server.

Figure 10:  Highwinds StrikeTracker CDN - Tools - Purge


Purge by header allows you to purge content with arbitrary cached header characteristics.

Figure 11:  Highwinds StrikeTracker CDN - Tools - Purge


The most advanced CDNs offers purge receipts (as seen below), which informs the user instantaneously when the chosen content has been purged system-wide.

Figure 12:  Highwinds StrikeTracker CDN - Tools - Purge

TIP #5: Automate Workflows with APIs

Most CDNs allow you to accomplish tasks from an administration portal. A more effective CDN will let you accomplish even more by automating your workflows using APIs. This helps to ensure ease of integration when adapting to your existing code base.

Figure 13:  Highwinds StrikeTracker CDN - Tools - API Documentation

Automating workflows with APIs (RESTful APIs, UI, existing code base) produces many benefits:

• Save time
• Integrate CDN with your publishing workflow
• Automate purging
• Automate new customer workflows
• Automate log and analytics retrieval  

Read Also

Cloud At The Edge

Duncan Clubb, Head of Digital Infrastructure Advisory, CBRE

Edge Computing - Where Does It Fit Today And Tomorrow!

Adel Bekhiet, Senior Director of Infrastructure & Cloud Services, Northwestern Mutual

The Evolution of Digital Banking Landscape in Indonesia

Altona Widjaja, Head of New Digital Venture, Bank OCBC NISP

Banking Preference Shifted: Moving Away from Traditional Banks

Supaneewan Chutrakul, First Senior Vice President, Kasikornbank

How Opendoor Platformized Inspection Tooling for Self-Guided Assessments

Salman Jamali, Head of Engineering, Strategic Initiatives, Opendoor

Mobile-Centricity is Banking's 'New Normal

Lyndon Subroyen, Global Head of Digital and Technology, Investec