CDN rules are defined to provide fine-grained control over the cached resources on the CDN edge server. You can customize how the incoming requests are processed and how the CDN edge server manages the cache and redirection. A CDN rule is a combination of conditions and actions. The rule can include a single match condition or multiple match conditions. You can define a maximum of ten (10) conditions and five (5) actions in a single rule. If multiple conditions are defined, they are grouped together with the AND logic. An incoming request is matched with all the defined conditions and if all conditions are met, the CDN edge server performs the actions associated with the rule.
Request Workflow when CDN is enabled:
- A client sends a request to www.foobar.com/index.html. WAF-as-a-Service CDN intercepts the request and checks if the requested content is available.
- If the content is not available in the CDN server, the request is forwarded to WAF-as-a-Service, where the request is evaluated with all the security rules and policies.
- After the successful evaluation, the request is forwarded to the back-end application server.
- The back-end server sends the response to WAF-as-a-Service.
- WAF-as-a-Service applies the rules and policies on the response, encrypts all sensitive data, and forwards the request to WAF-as-a-Service CDN.
- WAF-as-a-Service CDN caches the content and forwards the request to the client.
- A subsequent request to www.foobar.com/index.html is sent to WAF-as-a-Service CDN.
- WAF-as-a-Service CDN responds to the request.
Rule Conditions
You can filter requests using the following conditions:
- Remote Address – Filters the request(s) based on the IP address or the country code of the geo-location.
- Request Method – Filters the request(s) based on HTTP methods (GET, POST, PUT, DELETE, HEAD, OPTIONS, TRACE).
- Query String – Filters the request(s) based on query string(s).
- POST Args – Filters the request(s) based on the arguments provided within the POST request’s body.
- Request URL – Filters the request(s) based on the URL. The URL is evaluated with the associated protocol and query string.
- Request Header – Filters the request(s) based on the header and the associated value.
- Request Body – Filters the request(s) based on the text that appears in the body of the request.
- Request Protocol – Filters the request(s) based on the protocol (HTTP or HTTPS).
- Request Path – Filters the request(s) based on the specified path in the request URL.
- Request File Extension – Filters the request(s) based on the extension of the file name in the request URL.
- Request File Name – Filters the request(s) based on the name of the file in the request URL.
- HTTP Version – Filters the request(s) based on HTTP versions (2.0, 1.1, 1.0, 0.9)
- Request Cookies – Filters the request(s) based on cookies in the request.
- Device Type – Filters the request(s) based on the type (Mobile or Desktop) of the device used to send the request.
- Socket Address – Filters the request(s) based on the IP address that is used to connect to the WAF-as-a-Service CDN.
- Client Port – Filters the request(s) based on the TCP port of the client that sent the request.
- Server Port – Filters the request(s) based on the TCP port of the Waf-as-a-Service CDN server that received the request.
- Host Name – Filters the request(s) based on the hostname in the request.
- SSL Protocol – Filters the request(s) based on the SSL protocol (1.0, 1.1, 1.2) that established the TLS connection between the client and the WAF-as-a-Service CDN.
Rule Actions
When a request matches all conditions, WAF-as-a-Service CDN performs the action(s) associated with the rule. Following are the action(s) that can be associated with the rule:
- Modify Response Header – Use this action when you want WAF-as-a-Service CDN to modify the header(s) in the response before sending it to the client.
- Modify Request Header – Use this action when you want WAF-as-a-Service CDN to modify the header(s) in the request before sending it to WAF-as-a-Service.
- URL Redirect – Use this action when you want to redirect client requests to a new URL.
- URL Rewrite – Use this action when you want to rewrite a request’s path.
- Route Configuration Override – Use this action when you want to override the caching behavior of the WAF-as-a-Service CDN server.
Examples
To disable caching for a particular URL and a domain
Add a rule with the following condition(s) and action(s):
- Select Request URL from the Add a condition list.
- Configure the Request URL condition:
- Operator: Select Equal from the drop-down list.
- Value: Enter /image1.jpeg in the text field.
- String Transform: Select how you want the request string to be transformed/converted (Lowercase, Uppercase, RemoveNulls, Trim, UrlDecode, UrlEncode).
- Configure the Request URL condition:
- Select Host name from the Add a condition list.
- Configure the Host name condition:
- Operator: Select Equal from the drop-down list.
- Host name: Enter domain1.com in the text field.
- String Transform: Select how you want the request string to be transformed/converted (Lowercase, Uppercase, RemoveNulls, Trim, UrlDecode, UrlEncode).
- Configure the Host name condition:
- Select Route configuration override from the Add an action list.
- Configure the Route configuration override action:
- Caching: Select Disabled from the drop-down list.
- Configure the Route configuration override action:
- Click Save.
Based on the configuration in the example above, any request to domain1.com/image.jpeg will not be cached in the WAF-as-a-Service CDN server.
To Redirect a URL
Add a rule with the following condition(s) and action(s):
- Select Request URL from the Add a condition list.
- Configure the Request URL condition:
- Operator: Select Equal from the drop-down list.
- Value: Enter /image5.png in the text field.
- String Transform: Select how you want the request string to be transformed (Lowercase, Uppercase, REmoveNulls, Trim, UrlDecode, UrlEncode).
- Configure the Request URL condition:
- Select URL Redirect from the Add an action list.
- Configure the URL redirect action:
- Redirect Type: Select Found (302) from the drop-down list.
- Redirect Protocol: Select HTTPS from the drop-down list.
- Destination Path: Enter /images/image5.jpeg in the text field.
- Destination Host: Enter domain1.com in the text field.
- Configure the URL redirect action:
- Click Save.
Based on the configuration in the example above, any request to domain1.com/image5.png will be redirected to domain1.com/images/image5.jpeg.
Steps to Add a CDN Rule
- On the WAF-as-a-Service web interface, go to the APPLICATIONS page and click on the application to which you want to add CDN rules.
- On your application page, click CDN in the left panel and then click Rules.
- On the CDN Rules page:
- Click Add Rule and select New Rule.
- Specify a rule name in the Rule Name text field.
- Click Add a condition and select the parameters or elements of a request.
- Click Add an action and select the action to be performed when the request matches all conditions.
- Click Save.