A customer origin group provides the means through which you may serve traffic from:
Set up a customer origin group by performing the following steps:
PCI Only
Setting up a customer origin group for a site whose traffic must be served over a Payment Card Industry-certified (PCI) network requires assistance. Contact our technical customer support prior to setup.
Optional. Prepare for HTTPS delivery by requesting a TLS certificate
Create a customer origin group.
A customer origin group maps your origin (e.g., your web servers) to a CDN URL through which your content may be served. A CDN URL consists of a system-defined base URL followed by the relative path to your content.
Optional. Create an edge CNAME configuration.
Use an edge CNAME configuration to serve traffic via the CDN without having to update your links. This type of configuration maps a customer origin group to a CNAME recordA Canonical Name (CNAME) record is used to indicate that a hostname is an alias of another hostname. A CNAME record must be registered on a Domain Name System (DNS). This term should not be confused with edge CNAME..
Verify that your firewall accepts HTTP and/or HTTPS traffic from our network. Additionally, requests that originate from our network should not be rate limited.
Key information:
Upon creating a customer origin group, a dedicated CDN URLA system-defined URL that points to a CDN hostname. A CDN URL allows content delivery via our network. Simplify your CDN setup by also creating an edge CNAME configuration which potentially allows you to deliver traffic via the CDN using the same links as your current setup. is generated for it. The name assigned to your customer origin group is incorporated into this CDN URL. This allows our service to forward the request to the correct data source (i.e., your web servers) for the requested content.
Each customer origin group identifies a set of web server(s) by hostname or IP address. This configuration is known as an origin entry. A customer origin group may identify up to 10 hostnames or IP addresses per protocol (i.e., HTTP and HTTPS).
Since CDN URLs are case-sensitive, note the case when assigning a name to a customer origin group.
This scenario assumes that you have created a customer origin group whose name is Marketing.
The following CDN URL uses the proper case:
The following CDN URL uses the incorrect case for the name of the customer origin group (i.e., Marketing) and therefore is invalid:
A customer origin group consists of one or more origin entries that identify the set of servers that will fulfill HTTP and/or HTTPS requests.
It is strongly recommended to cloak your origin to protect it against attacks that directly target your web servers and thereby bypass the security provided by our CDN service.
A list of origin groups are provided on the
Clear a search by clicking the x or searching for a blank value.
Searching for "cdn" would include all of the following results:
It would exclude all of the following results:
This section provides step-by-step instructions on how to create a customer origin group.
Key information:
The DNS record corresponding to each hostname defined within a customer origin group must be fully propagated by your DNS service provider.
Check DNS record propagation via the "dig" command-line tool, which is a networking tool that queries DNS name servers for a DNS record. Add the "+trace" parameter to instruct your DNS service provider to provide a direct response on the DNS record. The syntax for this command is provided below.
In the bottom section of the response, you should see an A record that points the specified hostname to an IP address. This indicates that the DNS record has been fully propagated. An excerpt from a sample response is shown below.
The maximum number of customer origin groups per platform is 100.
To create a customer origin group
Setting up a customer origin group for a site whose traffic must be served over a PCI-certified network requires assistance. Contact our technical customer support prior to setup.
Click within the Group option and then perform the following steps:
Type the name that will be assigned to the new customer origin group.
Use the following characters when defining this name: alphanumeric, hyphens, periods, and underscores.
This name will be incorporated into the CDN URL (e.g., http://wpc.0001.omegacdn.net/800001/Customer Origin Group).
In the Name option, type the name by which you will identify the hostname or IP address being defined.
Use the following characters when defining this name: alphanumeric, hyphens, periods, and underscores.
Identify your web server(s) and how our network will communicate with them via one of the following methods:
End-to-End Encryption: This type of setup only allows the HTTPS protocol for the communication between clients, our network, and your web servers.
HTTPS delivery requires the installation of a TLS certificate on our network. Request one through our Certificate Provisioning System.
Learn more.
Set the Hostname or IP Address option to either an IP address or a hostname that points to your web server(s).
Example:
Client-to-Edge Encryption: This type of setup only allows the HTTPS protocol for communication between clients and our network. Communication between our network and your web servers will be performed using the HTTP protocol.
HTTPS delivery requires the installation of a TLS certificate on our network. Request one through our Certificate Provisioning System.
Learn more.
Set the Hostname or IP Address option to http:// followed by either an IP address or a hostname that points to your web server(s).
Example:
Set the Port option to the port over which our network will serve traffic to the above hostname or IP address.
HTTP Only: Only allow the HTTP protocol for the communication between clients, our network, and your web servers.
HTTPS requests cannot be served by a hostname or IP address set to this mode.
Set the Hostname or IP Address option to either an IP address or a hostname that points to your web server(s).
Example:
Set the Port option to the port over which our network will serve traffic to the above hostname or IP address.
Match Client: Match the protocol defined in the client's request.
HTTPS delivery requires the installation of a TLS certificate on our network. Request one through our Certificate Provisioning System.
Learn more.
Our network will serve HTTP traffic to your web servers over port 80, while HTTPS traffic will be served over port 443.
Set the Hostname or IP Address option to either an IP address or a hostname that points to your web server(s).
Example:
From the Primary option, determine how requests will be load balanced when multiple hostnames or IP addresses have been associated with a customer origin group.
From the Group Settings section, click HTTP Host Header. Verify that the Host Header option is set to one of the following:
ADN Only
Perform the following steps
Upload a sample asset to each server that has been specified for this customer origin group.
Our servers use this asset to choose the optimal ADN Gateway servers and data routes for your customer origin group. The optimal file size for this sample asset is 5 KB.
In the Validation Path option, specify a URL that points to a sample asset on your customer origin server.
The hostname specified in this URL should match the one defined in the Host Header option unless that option has been set to blank.
Origin Shield Only
Origin Shield, which must be purchased separately, is available on the HTTP Large and HTTP Small platforms.
Set up origin shield on a customer origin by performing the following steps:
Perform one of the following:
Create a custom origin shield configuration by enabling the Multiple POPs option and then selecting the origin shield action that will take place for each region.
Optional. From the Group Settings section, click Resolve to IPv6 or IPv4. Review whether requests will be resolved to IPv4 or IPv6.
HTTPS Delivery Only
Optional. If your customer origin group supports HTTPS delivery, click Origin TLS from the Group Settings section. Review your SNI setup and whether self-signed certificates will be allowed.
Optional. Add another hostname or IP address to your customer origin group.
A customer origin group contains individual origin entries and settings that apply across the entire group. Modify a customer origin group by clicking within one of its origin entries.
If an edge CNAME points to a customer origin group, then you will not be allowed to switch one of its origin entries to a different customer origin group. Consider creating a new customer origin group. Alternatively, you can delete the edge CNAME configuration and then switch the desired origin entries to a different customer origin group.
It may take up to an hour for changes to your customer origin group to take effect.
To modify a customer origin group
Permanently delete a customer origin group by deleting all of its origin entries and then deleting the customer origin group.
If an edge CNAME points to a customer origin group, then you will not be allowed to delete its last origin entry. Delete the corresponding edge CNAME configuration and then delete the last origin entry.
It may take up to an hour for customer origin group deletions to take effect.
To delete a customer origin group
Delete the customer origin group by clicking the that appears next to it.
If the icon is unavailable, then you should verify that all of its origin entries have been deleted.
The Group option uniquely identifies your customer origin group. This name is included as a URL segment within a CDN URLA system-defined URL that points to a CDN hostname. A CDN URL allows content delivery via our network. Simplify your CDN setup by also creating an edge CNAME configuration which potentially allows you to deliver traffic via the CDN using the same links as your current setup. as indicated below.
Syntax:
Key information:
If the primary purpose of your web servers is to serve images, then you might create a customer origin group called images. An example of what a CDN URL for this type of customer origin might look like is provided below.
Sample CDN URL:
http://wpc.ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC..omegacdn.net/80ANThis term represents your customer account number (e.g., 0001) which can be found in the upper right-hand corner of the MCC./imagesIdentifies a customer origin group by its directory name.
The above sample CDN URL points to the webroot on the server(s) associated with the images customer origin group. Append the desired relative path to the content that you would like to request. This relative path is highlighted in the following sample CDN URL:
A customer origin group may consist of up to 10 origin entries per protocol. An origin entry identifies a set of web server(s) by hostname or IP address.
Create an origin entry by clicking Create from the Origins page. Set the Group option to the customer origin group to which the origin entry will be added.
Define a customer origin's web servers through the following options:
Option | Description |
---|---|
Name |
Assigns a friendly name to an origin entry. |
Protocol Type |
Determines whether an origin entry will fulfill:
HTTPS delivery requires the installation of a TLS certificate on our network. Request one through our Certificate Provisioning System. |
Hostname or IP Address |
Identifies the web server(s) that will be associated with the current origin entry via a hostname or IP address. If you selected either the HTTPS Only or HTTP Only mode in the Protocol Type option, then you may also define a protocol for edge to origin communication. You may not specify a hostname or IP address that points to our network. This type of configuration is disallowed since it may cause your traffic to infinitely loop within our network. Use any combination of hostnames and IP addresses when defining a customer origin group's origin entries. A hostname must be resolved to an IP address before a request can be forwarded to it. The Origin Configuration option defines how hostnames will be resolved to an IP address. Syntax:
Brackets are required when identifying an origin server through the use of IPv6 notation. This is the standard URI convention for IPv6 addresses. |
Port |
Determines the port for edge to origin communication. This option cannot be set when an origin entry has been configured to use Match Client mode. Default value: 80 | 443
|
Key information:
An optimal configuration requires that the web servers specified for each customer origin group reside in relatively close vicinity to one another.
The recommended setup for optimal performance for web servers located in disparate geographic regions is to create a customer origin group for each region.
In order to avoid DNS latency when communicating with your web servers, our edge serverThis type of server is located near the edge of our network where its close proximity to your end-users allows it to deliver data more quickly than normal Internet communication. It is responsible for handling requests and caching assets.s proactively resolve each hostname defined in a customer origin group.
Our edge servers respect the DNS TTLDefines the length of time, in seconds, that a DNS record will be cached by a recursive nameserver. for the DNS record corresponding to each hostname.
If our edge servers are unable to resolve a hostname or if the hostname's DNS TTL has expired, then they will reattempt to resolve it at regular intervals until it is resolved. Since this action may incur additional charges by your DNS provider, it is recommended that all hostnames associated with a customer origin group be registered in DNS with a reasonable TTL (e.g., 3600 seconds or more).
HTTP 1.1 requires a Host header to be sent with each request. A Host header identifies the hostname/IP address and port associated with a request. This information is especially useful when there are multiple virtual domains hosted on a single physical server or load-balanced set of servers.
Each customer origin group allows a Host header value to be configured. Typically, the Host header value should be set to either of the following:
A hostname corresponding to a CNAME record that meets the following requirements:
If the Host Header option is set to blank, then the request URI determines the value for the Host request header.
A load balancing configuration defines how traffic will be managed between the edge of our network and a customer origin group for a particular protocol (i.e., HTTP or HTTPS).
HTTPS Traffic: A separate list of IP addresses is generated for the HTTPS Only and Match Client modes.
A hostname must be resolved to an IP address before a request can be forwarded to it. The Origin Configuration option defines how hostnames will be resolved to an IP address.
Learn more.
HTTPS delivery requires the installation of a TLS certificate on our network. Request one through our Certificate Provisioning System.
Learn more.
Traffic is load balanced when a customer origin group contains multiple origin entries for either the HTTP or HTTPS protocol. The customer origin group's load balancing configuration determines which IP address will handle the next request.
The available load balancing options are:
Round Robin: This mode distributes requests evenly across all IP addresses generated for a particular protocol (i.e., HTTP or HTTPS). If a server is unavailable, then the request will be sent to the next IP address on the list. Set up round robin load balancing by disabling the Primary option on all origin entries associated with the desired customer origin group for a given protocol.
The above load-balancing options are completely independent from any load balancing configuration that may already distribute traffic to your web servers. For instance, traffic for a single IP address might be load balanced across several physical servers.
A server is considered unavailable when either of the following conditions are true:
The manner in which an unavailable server affects load balancing is described below.
Hostnames associated with a customer origin group must be resolved to an IP address before a request can be served to it. The Origin Configuration option determines whether our servers will prefer to resolve a hostname to an IPv4 or IPv6 address.
Setting | Description |
---|---|
Default |
Indicates that hostnames should be resolved to IPv4 addresses only. We reserve the right to change the behavior of this default setting at any time. |
V6 Preferred Over V4 |
Indicates that our edge servers will resolve hostnames to IPv6 addresses whenever possible. If an IPv6 address for that hostname does not exist, then the hostname will be resolved to an IPv4 address. |
V4 Preferred Over V6 |
Indicates that our edge servers will resolve hostnames to IPv4 addresses whenever possible. If an IPv4 address for that hostname does not exist, then the hostname will be resolved to an IPv6 address. |
V4 Only |
Indicates that hostnames should be resolved to IPv4 addresses only. |
V6 Only |
Indicates that hostnames should be resolved to IPv6 addresses only. |
Configure how our edge servers perform TLS verification with your origin servers.
HTTPS delivery requires the installation of a TLS certificate on our network. Request one through our Certificate Provisioning System.
Learn more.
Our network can leverage Server Name Indication (SNI) during the TLS handshake. If the SNI hint is not found, then your origin server's implementation determines the TLS certificate that will be returned.
Additionally, an edge server will compare the hostname used for the SNI hint to the certificate's Subject Alternative Name (SAN) or Common Name (CN) during the TLS handshake. If the hostname does not match, then the edge server will respond with a 502 Bad Gateway response.
To enable SNI
From the SNI Hostname option, define the hostname that will be sent as a SNI hint during the TLS handshake.
Our service will also perform a strict check using this hostname against the certificate's Subject Alternative Name (SAN) or Common Name (CN) during the TLS handshake.
Our network can disable delivery when an edge server detects a self-signed certificate from the origin server during the TLS handshake. Enable the Disallow Self-Signed option to require our edge servers to respond with a 502 Bad Gateway response upon detecting a self-signed certificate from the origin server during the TLS handshake.
Register the SHA-1 digest for the public key of your end-entity (i.e., leaf) certificate. After which, our edge servers will respond with a 502 Bad Gateway response when the SHA-1 digest for the public key detected from the origin server does not match one of the values defined within this option.
To pin your public key(s)
Generate a SHA-1 digest of your public key by running the following command on the server hosting your end-entity certificate(s):
Origin Shield establishes an additional buffer between a customer origin server and your clients. This buffer is useful for protecting a customer origin server from:
The Origin Shield feature is only available after it has been activated on the HTTP Large and/or the HTTP Small platform. This feature is unavailable for all other platforms. For more information, please contact your CDN account manager.
The Origin Shield feature reduces the number of requests that are sent to the customer origin server. This results in reduced server and network load on the customer origin server. It is able to accomplish this by establishing an intermediate caching layer between the customer origin server and an edge server. This intermediate caching layer is illustrated below.
This intermediate caching layer augments the default CDN caching behavior in the following ways:
If an edge server does not have a freshIdentifies cached content that can be served directly by an edge server without requiring revalidation with an origin server. It also indicates that the cached content's TTL has not expired. version of the requested content, then it will forward the request to an origin shield server.
The origin shield server will handle this request according to the cache state of the requested content (as indicated below).
Cache State | Description |
---|---|
Fresh |
State: An Origin Shield server contains a freshIdentifies cached content that can be served directly by an edge server without requiring revalidation with an origin server. It also indicates that the cached content's TTL has not expired. version of the requested content. Action: The asset is served directly from an Origin Shield server. Benefit: In this scenario, Origin Shield provides the response instead of a customer origin server. This eliminates bandwidth and load on your network. |
Stale |
State: An Origin Shield server contains a staleIdentifies cached content whose TTL has expired. Our edge servers revalidate stale content with the origin server. This step ensures that the latest version of the requested content is served to the requester. version of the requested content. Action: An Origin Shield server will revalidateRefers to the process that occurs when a request for stale content requires that our edge servers check for a new version of the requested content on the origin server. the cached asset with the origin server. Benefit: Origin Shield provides a central caching repository that increases the probability that the requested content has been previously cached. In turn, this drastically reduces the number of revalidation requests that are sent to the customer origin. |
Not Found (Miss) |
State: An Origin Shield server does not contain a cached version of the requested content. Action: An Origin Shield server will forward the request to the customer origin server. Benefit: Origin Shield provides a central caching repository through which the frequency of requests for the same content may be minimized. Requests forwarded by Origin Shield to a customer origin may result in cached content. Origin Shield may then serve that cached content for subsequent requests. |
Protecting a customer origin through the use of the Origin Shield feature requires the selection of a single (recommended) or multiple origin shield locations. Each configuration method is described below.
Enable the PCI Certified Only option on your customer origin group if it handles payment card transactions. This option restricts the selection of Origin Shield POPs to those that are Payment Card Industry (PCI)-certified.
Setting up a customer origin group for a site whose traffic must be served over a PCI-certified network requires assistance. Contact our technical customer support prior to setup.
Each origin shield server is identified by the city and the three-letter abbreviation for the POP where it is located. The use of a POP abbreviation allows you to distinguish between multiple origin shield servers in the same city.
The recommended configuration for reducing requests to your customer origin server is to define a single origin shield location. This can be achieved by enabling the Single POP option and then selecting the location closest to the server(s) associated with the customer origin.
The workflow through which a request for content protected by Origin Shield is handled by our CDN service is illustrated below.
The above workflow is described below.
If an edge server does not have a cached version of the requested content, then it will forward the request to the specified origin shield location.
If a cached version is found, the requested content will be served immediately to the client.
If an origin shield server does not have the requested asset, it will forward the request to your web servers.
If a cached version is found, then the origin shield server will serve it immediately to the client via the edge server from the previous step. Proceed to step 5.
An alternative configuration is to define several origin shield locations for a single customer origin group. This can be accomplished by enabling the Multiple POPs option and then choosing how requests are handled for each of the following regions: North America: West Coast United States, North America: East Coast United States, Europe, and Asia/South America. Choose one of the following options for each region:
Origin shield locations in Asia and South America require the activation of the Premium Asia and Latin America geographic delivery regions, respectively.
ADN Gateway servers are responsible for ensuring efficient data delivery between the CDN and external web servers (i.e., customer origin servers). Before an ADN Gateway server can assume this responsibility, our network will need to calculate the top three ADN Gateway servers that can provide the best performance for a customer origin group. This is calculated by requesting an asset from each web server associated with a customer origin group.
Configuration:
Sample Asset: Download a sample performance test asset.
Set the Validation Path option to a URL that points to the desired asset.
If a Host header value has been defined in the Host Header option, then it is recommended that the hostname defined in the validation path match that header value.
Example:
Click Validate to check the communication with the current origin entry and to verify that the asset is accessible through that origin entry.
HTTP 200 OK: This test returns a HTTP 200 OK when it is able to successfully request the asset defined within the Validation Path option through the current origin entry.
You should validate an origin entry upon its creation or modification.
Key information:
If a sub-optimal configuration is detected, then a message will appear directly below the ADN Gateways section. It is highly recommended that you verify that the detected issue will not affect your website's performance.
Example
If ADN detects that your site is redirecting URLs to another server, then this could lead to a situation where the wrong ADN Gateway server is being used to accelerate your website.
The use of the Reselect option is recommended under the following circumstances:
The following sample scenario provides an example as to how the Validation Path option should be configured.
Item | Scenario Description |
---|---|
HTTP Host Header |
A customer origin server's HTTP Host header is set to: adn.mydomain.com
|
Sample Asset Configuration |
A sample asset has been uploaded to all of the web servers associated with your customer origin group. The relative path to this sample asset is: /Permanent/Background.png
|
Validation Path |
The Validation Path option should be set to: http://adn.mydomain.com/permanent/background.png
|
Configure your web server(s) or Rules Engine to include key headers in the response sent to the client to ensure optimal CDN performance.
The web server(s) associated with a customer origin should include one of the following headers with each response that should be cached:
The above response headers allow our edge servers to perform cache revalidationRefers to the process that occurs when a request for stale content requires that our edge servers check for a new version of the requested content on the origin server. when staleIdentifies cached content whose TTL has expired. Our edge servers revalidate stale content with the origin server. This step ensures that the latest version of the requested content is served to the requester. content is requested. If both response headers are missing, then our edge servers will perform an unconditional GET request to the customer origin server.
Allow QUIC-compatible clients to leverage QUIC by including the alt-svc header in the response.
The easiest way to enable QUIC for all CDN traffic is to add the QUIC feature under the Always match condition.
Response headers may be defined via either of the following methods:
Rules Engine: Create a rule that:
QUIC is an emerging technology that is developing at a rapid pace. For this reason, we are occasionally required to temporarily suspend this capability when upgrading our QUIC implementation. Although QUIC will be disabled during these maintenance windows, your traffic will continue to be accelerated via our network.
Google QUIC, which stands for Quick UDP Internet Connections, is a new transport protocol developed by Google that reduces latency and provides better HTTP/2 stream-multiplexing support when compared to TCP. QUIC provides functionality equivalent to TCP + TLS + HTTP/2 except that it is implemented over UDP.
QUIC is only supported for client-to-edge traffic to customer origins that have been configured to support TLS.
Learn more.
According to The Chromium Projects, it provides the following advantages over TCP + TLS + HTTP/2:
Enable QUIC by setting up a rule within Rules Engine that either:
Adds the alt-svc response header for all traffic or the desired edge CNAMEs.
If you are manually adding the alt-svc response header, it is strongly recommended to use both QUIC Versions HTTP variables to define the v parameter. Explicitly defining the set of supported versions is strongly discouraged since you will need to manually update it whenever we add or drop support for a specific version.
Once a QUIC-compatible user agent discovers that a server supports QUIC, it will attempt to leverage QUIC for all subsequent requests to the same domain until the connection ends. This means that enabling QUIC using more granular control will not accomplish the desired result.
Sample Scenario
In this sample scenario, you have created a rule that only enables QUIC for HTML files.
Let's assume that a QUIC-compatible user agent requests the following file:
This user agent will leverage QUIC for all subsequent requests to cdn.example.com until the connection ends. This will occur regardless of whether HTML files are being requested.
To enable QUIC via Rules Engine
Before enabling QUIC, please verify that the desired customer origin(s)
Update a rule within that draft to define the condition(s) under which QUIC should be enabled.
Edge CNAME: If QUIC should only be enabled for specific edge CNAMEs, then add one or more Edge CNAME match condition(s).
Use a Select First Match section to add more than one Edge CNAME match condition to a single rule.
Before a user agentRefers to software that acts on behalf of a user. For example, a web browser (e.g., FireFox, Chrome, and Internet Explorer) is a user agent. A web browser will make HTTP/HTTPS requests based on user actions (e.g., requesting a web site or clicking a link). may leverage QUIC, it must be informed via the alt-svc (Alternative Service) response header that it may communicate with the CDN via QUIC. This response header also informs the client the set of supported QUIC versions and the length of time that this data should be cached by the client.
By default, QUIC is supported on the latest versions of Google Chrome, Chromium, and Opera. However, it may require enablement. If a user agent doesn't support QUIC, then it will communicate with the CDN using HTTP/2 over TCP.
Our QUIC implementation supports the Bottleneck Bandwidth and Round-trip propagation time (BBR) congestion control algorithm without requiring additional CDN setup. However, BBR will only be used when a QUIC-enabled client (e.g., Google Chrome) requests it.
Sample alt-svc header name/value:
The above sample response header indicates to the client that:
Our CDN only supports QUIC versions defined within the v (version) parameter.
We may add or drop support for QUIC versions at any time. Ensure that your configuration remains up-to-date through the QUIC feature.
The WebSocket protocol is a TCP-based protocol that enables an open, continuous, and full-duplex connection between a client (e.g., web browser) and a server. This allows a server to send data to a client without requiring the client to request it. In contrast, the HTTP protocol only allows a server to respond when a client requests content.
Leverage the WebSocket protocol for low latency applications that require real-time, interactive communication. For example, WebSocket communication improves the user experience for multiplayer games and chat applications by providing higher responsiveness via lower latency.
Key benefits:
Set up involves:
WebSocket Protocol Activation
You must activate support for the WebSocket protocol before you can leverage it.
Contact your CDN account manager to request support for the WebSocket protocol. We will determine whether to activate it based on an analysis of your use case.
Web Server Setup
Verify that your web server supports the use of the WebSocket protocol. After which, you should implement a WebSocket server-side application and verify that it allows bidirectional communication with your client.
Our network acts as a middleman between your client and server for bidirectional communication via the WebSocket protocol. If your web server does not properly support WebSocket communication, then a client's request to upgrade to the WebSocket protocol will fail and communication will proceed via HTTP.
Client Setup
Update your client to include the following request headers when initially requesting a connection that requires low latency:
Connection: Upgrade
Upgrade: websocket
These headers indicate that the client wants to change the protocol from HTTP to WebSocket.
Update your client to re-initiate the connection with the server upon disconnection.
A client, server, or a network disruption may disconnect a WebSocket connection.
A WebSocket connection starts when a client submits a request to the CDN over HTTP. This request must inform an edge serverThis type of server is located near the edge of our network where its close proximity to your end-users allows it to deliver data more quickly than normal Internet communication. It is responsible for handling requests and caching assets. that the client would like to upgrade the connection to use the WebSocket protocol via the following request headers:
Connection: Upgrade
Upgrade: websocket
If the WebSocket protocol has been activated on your account, an edge server will forward the request to your web server(s). Your web server must then either:
Accept the request to upgrade to the WebSocket protocol with a 101 Switching Protocols response that contains the following response headers:
Connection: Upgrade
Upgrade: websocket
An edge server will forward the response to your client. Once the client receives this response, the handshake will be complete and a WebSocket connection has been established. This connection allows both the client and the server to send control (i.e., Close, Ping, and Pong) and data frames to each other. This connection will persist until either the client or the server closes it.
For the purpose of log data, all client/server communication within a single WebSocket connection is treated as a single log entry. Additionally, it is not logged until either the client or the server closes the connection.
For the purpose of fulfilling requests, our edge servers require access to all servers associated with a customer origin group. Please ensure that your firewall allows access to all of the IP blocks listed in the Whitelist IP Blocks page.
Export a list of the IPv4 and IPv6 blocks that should be whitelisted by clicking CSV from the Whitelist IP Blocks page.
The Whitelist IP Blocks page contains a superset of IP addresses that includes:
Once the IP blocks defined within the Whitelist IP Blocks page have been whitelisted on your firewall, it is unnecessary to add the IP blocks defined within the CDN IP's page.
If your customer origin hosts a dynamic application, then it is highly recommended that you do not use a user's IP address to maintain a session instance. This type of configuration is unsupported, since the client does not connect directly to your web servers. Instead, the client connects to a server on our network, and then that server connects to your web server. If you would like to maintain a session for your dynamic application, we recommend that you use a cookie to identify the session. For example, a cookie could keep track of a unique ID for each client's session.