Onboarding to the Distil network is a simple process but it requires some preparation. Before you migrate to the Distil network, please follow this short checklist.
- Verify Origin Server IP / Hostname – After you log in to the Distil Portal for the first time, verify that we correctly identified your origin server's IP address.
NOTE: if you do not have a Distil Portal account yet, contact your account executive and continue with the list.
To verify that your origin server's IP address is correct, select your domain from the main domain list and click Settings on the top left of the next page. You can find your origin server IP address on the top right of the page. Click Edit to change this setting. You can change this entry to either an IP address or a hostname.
- Whitelist Distil IPs on your Firewall – Since all your traffic will route through the Distil network, your firewall will see only connections from Distil IP ranges. Many firewalls will misinterpret this high traffic volume from a narrow IP range as an attack and begin to drop traffic. If your firewall uses rate limiting or throttling, it is important to whitelist Distil IP ranges.
For a full list of Distil's current IP addresses, please visit our support article, What Distil IP Range Do I Need to Whitelist?
- Request Client IP – As a reverse proxy, Distil relays requests to your origin server from our own IP addresses. By default, Distil passes the requesting client IP back to your origin server in the X-Forwarded-For and X-Real-IP headers. If your web server requires the requesting client IP in a different header (for example X-True-Client-IP), you can configure this in the Distil Portal under Settings -> Content Distribution -> Custom Headers.
- Whitelist Monitoring Tools – Since Distil's technology looks for automation, Distil often will flag monitoring tools such as Pingdom, Catchpoint, New Relic, and similar services as "bad bots" unless you whitelist these services. If you utilize these tools or any custom monitoring scripts, please add their IP ranges to the IP Access List under the Settings tab for your domain.
For more information about adding Distil IP ranges, please visit our support article, I Have A Third-Party Monitoring Tool, How Do I Add It?
- Prepare DNS Settings – Before you change your DNS to point to the Distil network, reduce the time-to-live (TTL) values on the A and CNAME records for your domain on your DNS provider. We recommend you lower these values to 5 minutes (300 seconds). This allows traffic to move on to the Distil network quickly, rather than wait for propagation due to a long TTL.
Please visit our collection of DNS Migration articles at the Distil Support Center for provider-specific instructions on updating your DNS. Distil only proxies HTTP and HTTPS traffic. Distil does not proxy email or FTP traffic. Email traffic includes SMTP, POP3, IMAP, and other e-mail protocols. Configure any email or FTP-oriented subdomains (such as mail., smtp., or ftp.) to point to your origin server IP and not to the Distil network. If you point your email traffic at Distil, it will interfere with your ability to send and receive emails.
- Request SSL – Distil does not enable SSL or HTTPS traffic for websites by default. If your site requires SSL, you must contact Distil support at email@example.com before you onboard. In your request, please include all the specific hostnames you want to use with HTTPS. Distil support will add your domain to our network's SSL certificate and confirm with you that we completed this process. If you currently use SSL, please do not attempt to onboard before you request SSL.
You can find more information on the Distil shared SSL certificate in our support article, How Does Distil Implement SSL (TLS) Certificates For My Site? If you do not use SSL, please skip this step.
Conduct Functional Tests – We recommend performing basic functional tests to address any unexpected false positives. Configure all threat responses to CAPTCHA mode and use a generic browser to make a request to your website. Your Distil solutions engineer can help troubleshoot any problems that may arise.
Find more information about conducting functional tests in our support article, Functional Testing Before Onboarding with Distil.
Take advantage of the following optional checklist items to further optimize your Distil deployment:
- Prepare Logging - If you use on-server logging or require the IP address of the user making the request, you'll want to integrate Distil's X-Forwarded-For header into your logs. You can find more information in the Logging Integration and How Can I Set Distil To Only Monitor Bots? articles.
- Adjust Upload Size Limit - Distil allows users to upload file sizes up to 4MB. If you or your users need to the ability to upload files larger than 4MB, please contact Distil support at firstname.lastname@example.org.
- Prepare Long-Running Processes - Distil allows HTTP requests that receive a response within 60 seconds. If you have any requests that may exceed this limit (i.e. a page that displays a list after a long database query), the request will timeout and a 504 error will be served. If you have requests that will take longer than 60 seconds, please inform Distil via email@example.com. They can provide you with possible solutions to prevent any potential issues.
That's it! Once your domain is ready for migration, log in to the Distil Portal, click your domain, click Settings, and click Show DNS Configuration Instructions for tailored migration steps. You are well on your way to a bot-free web.
If you have any questions at all, feel free to reach out to us at firstname.lastname@example.org.