User-Friendly URL (Edge CNAME)

Use a user-friendly URL, which is known as an edge CNAME URLThis type of URL takes advantage of an edge CNAME configuration and a CNAME record to provide a friendlier alternative to a CDN URL. An edge CNAME URL is specific to the platform from which it was configured., instead of a CDN URLA system-defined URL that points to a CDN hostname. A CDN URL allows content delivery via our network. Simplify your CDN setup by also creating an edge CNAME configuration which potentially allows you to deliver traffic via the CDN using the same links as your current setup..

Edge CNAME URLs are typically shorter and easier to remember than CDN URLs. Additionally, you may set up an edge CNAME URL to reflect your current workflow. Doing so allows you to transition to our service through a quick DNS update.

Setting up an edge CNAME URL requires:

Setting up an edge CNAME configuration will not update or set the corresponding CNAME record. A CNAME record must be defined via a DNS service provider before an edge CNAME URL may be used.

Key information:

To set up CNAME record support

  1. Navigate to the Edge CNAMEs page corresponding to the desired platform. ClosedHow?From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Edge CNAMEs.

  2. In the New Edge Cname option, type the hostname that will be associated with the edge CNAME configuration.

    This hostname should be specified in lower-case letters and should not include a protocol (i.e., http://).

  3. In the Points To option, select whether the edge CNAME will point to a customer origin or CDN origin server.
  4. In the Origin Directory option, select one of the following:

  5. By default, an edge CNAME configuration will point to the root folder of the selected origin server. Point the edge CNAME to a subdirectory by specifying the relative path to it (e.g., /marketing/conferences).
  6. In the Custom Reports option, choose whether custom data logging will be enabled for the edge CNAME being created.
  7. Click Add.
  8. Register a CNAME record via a DNS service provider.

    • The CNAME record's name should point to the hostname associated with the edge CNAME configuration as defined in step 2.
    • The CNAME record's value should be set to a CDN hostname.

    Learn more.

To modify an edge CNAME

  1. Navigate to the Edge CNAMEs page corresponding to the desired platform. ClosedHow?From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Edge CNAMEs.

  2. Click the next to the desired edge CNAME.
  3. Modify the edge CNAME's settings as needed.
  4. Click Update to save your changes.
  5. If the New Edge Cname option has been modified, make sure to update the corresponding CNAME record via a DNS service provider.

To delete an edge CNAME

  1. Navigate to the Edge CNAMEs page corresponding to the desired platform. ClosedHow?From the main menu, navigate to [HTTP Large, HTTP Small, or ADN] | Edge CNAMEs.

  2. Click the next to the edge CNAME that you would like to delete.
  3. When prompted, confirm the deletion of the selected edge CNAME.
  4. Make sure to update or delete the corresponding CNAME record via a DNS service provider.

    Learn more.

Rules Engine contains the ability to match all requests that originate from a particular edge CNAME. This type of configuration will prevent the corresponding edge CNAME from being deleted. In order to delete the edge CNAME in question, please make sure to first modify or delete all match conditions that reference it.

Setting up DNS for an Edge CNAME

Our CDN will not serve traffic over an edge CNAME until your DNS configuration has been updated to point to it.

Key information:

Avoid the following common mistakes:

Correcting an Insecure CNAME Configuration

An insecure CNAME configuration makes it possible for a malicious actor to host their content through your account.

It is possible to set up an insecure CDN configuration that bypasses edge CNAMEs by directly pointing a CNAME record to our service. This type of configuration results in URLs with the following format:

Sample URL that leverages an insecure CNAME configuration:

http://cdn.example.com/800001/myorigin/index.html

If your account is currently configured as indicated above, then we strongly recommend that you create an edge CNAME configuration that points to that origin and then remove the content access point from your links.

For example, upon creating an edge CNAME configuration that points to myorigin, you should update the above URL to:
http://cdn.example.com/index.html.

This vulnerability is restricted to URLs that bypass edge CNAMEs by leveraging a CNAME record defined within your zone followed by a content access point. CDN URLs, which require that the content access point be defined within the URL, are not affected by this issue.

To correct an insecure CNAME configuration

  1. Identify all CNAME records that meet both of the following conditions:

    • The record points to our CDN service.
    • A corresponding edge CNAME configuration does not exist.

    Example:

    If you have a CNAME record called cdn in the example.com zone and it points to our CDN service, then verify that the following edge CNAME configuration exists:

    cdn.example.com
  2. Identify each customer origin and CDN origin that is explicitly defined within a URL that is affected by this misconfiguration.

    Example:

    Let's assume that the following URLs serve traffic:

    http://cdn.example.com/800001/myorigin/index.html

    http://cdn.example.com/800001/sales/index.html

    http://cdn.example.com/800001/marketing/index.html

    Each of the above URLs point to a different customer origin. Specifically, they point to myorigin, sales, and marketing.

  3. Leverage Rules Engine's URL Rewrite feature to rewrite URLs for each origin identified in the previous step.

    Setting up edge CNAME configurations will cause your existing links to contain redundant URL segments. Therefore, it is critical to rewrite your URLs when transitioning to a secure CNAME configuration in order to prevent those requests from returning a 404 Not Found.

    The URL Rewrite feature requires Rules Engine - Advanced Rules which must be purchased separately. Contact your CDN account manager to activate it.

    URL Rewrite configuration:

    • Source: Set the Source option to:

      /Content Access Point/Content Access Point/(.*)
    • Destination: Set the Destination option to:

      /Content Access Point/$1

    The above URL Rewrite configuration removes redundant URL segments from URLs that point to a specific origin.

    Sample configuration:

    This example rewrites URLs that point to the following customer origin:

    /800001/marketing

    Configure the URL Rewrite feature as indicated below.

    • Source:

      /800001/marketing/800001/marketing/(.*)
    • Destination:

      /800001/marketing/$1
  4. Deploy a policy that contains the above rule and then wait until it has been fully deployed to the Production environment.

    It may take up to an hour before a policy is fully deployed to the Production environment.

  5. Create an edge CNAME configuration for each CNAME record identified in step 1. Wait an hour to ensure that your edge CNAME configurations have taken effect.
  6. Verify that your edge CNAME URLs return your content.

    Example:

    Let's assume that you currently use the following URL:

    http://cdn.example.com/800001/myorigin/index.html

    Remove the content access point and then verify that the URL returns your web page:

    http://cdn.example.com/index.html
  7. Remove the content access point from all links that leverage each CNAME record identified in step 1.

    Example:

    This example assumes that you currently use the following base URL:

    https://cdn.example.com/800001/myorigin

    You should remove 800001/myorigin from your links. Use the following base URL instead:

    https://cdn.example.com/
  8. Optional. Upon verifying that URLs that leverage an insecure configuration are no longer being requested, you may remove the URL rewrite(s) created in step 3.

Setting up DNS for an Edge CNAME Deactivation

A best practice for a deactivated edge CNAME configuration is to perform one of the following actions via your DNS service provider:

This best practice is designed to reduce your risk exposure.

Edge CNAME Deactivation

An edge CNAME configuration may be deactivated due to any of the following actions:

More Information