When deploying Distil behind any content delivery network (CDN), it's important to properly configure your CDN settings to ensure Distil works as expected. The items below detail a few important notes and best practices when deploying Distil behind a CDN.
Caching Distil Threat Response Pages
When configured to serve CAPTCHA, Block, and Drop pages back to bad bots, Distil serves these pages rather than by your CDN. These pages should never be cached by your CDN. Generally, this is not an issue because Distil serves these pages back with HTTP error status codes (405, 416, and 456).
NOTE: Some CDNs default caching of HTTP error responses to decrease server load. Please check your CDN settings to ensure caching of these pages is off.
Caching Dynamic Content
Distil works as a proxy, and so can only protect the requests which Distil sees, such as pages fetched from your origin (when Distil is deployed between the CDN and your origin). If your site has long caching times for pages you would like to protect, it may be better to configure Distil to operate closer to the browser, with the CDN between Distil and your origin.
Aggressive or Enhanced Caching
Certificate Trust Settings
Some CDNs offer the ability to authenticate the upstream TLS or SSL certificate to ensure that the connection is secure. If you have configured this feature in your CDN to trust a certificate at your origin, it is important for you to update your CDN Certificate Trust Settings to also trust the certificate that it will see when sending traffic to Distil.
Refer to our Certificates and HTTPS Traffic section more information on managing certificates with Distil.