Follow

Using Distil Behind a CDN

When deploying Distil behind any content delivery network (CDN), it's important to properly configure your CDN settings to ensure Distil works as expected. The items below detail a few important notes and best practices when deploying Distil behind a CDN.

Caching Distil JavaScript Files

Distil JavaScript files must be retrieved from the Distil platform. Distil serves these files with "cache-busting" headers that should prevent CDNs and other proxies from caching them.  

Caching Distil Threat Response Pages

When configured to serve CAPTCHA, Block, and Drop pages back to bad bots, Distil serves these pages rather than by your CDN. These pages should never be cached by your CDN. Generally, this is not an issue because Distil serves these pages back with HTTP error status codes (405, 416, and 456).
NOTE: Some CDNs default caching of HTTP error responses to decrease server load. Please check your CDN settings to ensure caching of these pages is off.

Caching Dynamic Content

Distil works as a proxy, and so can only protect the requests which Distil sees, such as pages fetched from your origin (when Distil is deployed between the CDN and your origin). If your site has long caching times for pages you would like to protect, it may be better to configure Distil to operate closer to the browser, with the CDN between Distil and your origin.

Aggressive or Enhanced Caching

Most of the major CDN providers offer you a way to cache objects that are generally not cacheable, or to override cache control headers. Using these settings is not compatible with Distil as Distil may serve back browser identification challenges or JavaScript resources with cache control headers are intended to prevent all caching.

Certificate Trust Settings

Some CDNs offer the ability to authenticate the upstream TLS or SSL certificate to ensure that the connection is secure. If you have configured this feature in your CDN to trust a certificate at your origin, it is important for you to update your CDN Certificate Trust Settings to also trust the certificate that it will see when sending traffic to Distil.   

Refer to our Certificates and HTTPS Traffic section more information on managing certificates with Distil.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments