8 Advanced Content Delivery Network Features

advanced content delivery network features

Many people enable their Content Delivery Network service and leave it at that. While you might be taking advantage of all the primary CDN benefits, there are additional advanced features you can implement to take your content delivery to the next level. Some of these features can help you harden security on your CDN, lower costs by preventing bandwidth theft, and decrease the load on your origin server.

Advanced Content Delivery Network Features

Below are just a few advanced content delivery network features you may not yet be using.

Advanced CDN Features Index

  1. X-Pull Key
  2. Zonereferrer (hotlink protection)
  3. Secure Token
  4. Origin Shield
  5. Purge By Cache-Tag
  6. Cache-Control
  7. Logging
  8. HTTP Live Streaming

1. X-Pull Key – Restricting CDN Traffic

The X-Pull key feature allows you to restrict traffic to your content delivery network. There are a couple reasons why you might want to do this:

  • You want to rate limit bandwidth on your origin server
  • You want to make sure everyone is using the CDN for better performance and not linking traffic to your server directly
  • Create a custom logic on your origin server
  • Restrict access to visible CDN URLs
  • Distinguish KeyCDN traffic from other traffic on your origin server

This is available within the KeyCDN dashboard under “Zones” → “Edit Zone” →  “Show Advanced Features.” By default it is set to KeyCDN. But you can change this value to a custom key if desired.

cdn x-pull key

Another use case would be to restrict access to certain visible CDN URLs. For example, if you setup a custom CDN URL (such as cdn.domain.com) the root will normally be accessible. You could restrict access to this and instead return a 451 Restricted message. We have done that on our custom CDN URL: https://cdn.keycdn.com.

There is no specific UserAgent when KeyCDN fetches content from your origin server. Instead the X-Pull feature allows you to distinguish KeyCDN traffic from other traffic on your origin server by modifying the request header.

GET /foobar.jpg HTTP/1.1
Host: your_origin_host
X-Forwarded-Host: <zonename>-<id>.kxcdn.com
X-Forwarded-For: 178.82.72.134
X-Forwarded-Scheme: http
X-Pull: KeyCDN
Connection: close
Accept: */*
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36
Accept-Language: en-US,en;q=0.8,de;q=0.6,ja;q=0.4
Cookie: foobar

Read more on how to restrict traffic to your CDN.

2. Zonereferrer (Hotlink Protection) – Prevent CDN Bandwidth Theft

Zonereferrer, also referred to as hotlink protection, is one of the easiest and quickest methods to implement which will prevent bandwidth theft. Hotlinking refers to someone directly linking to one of your images on their own server. What this means is that when someone visits their site it has to load the image from your CDN (edge server), taking up your bandwidth and actually costing you money.

By enabling hotlink protection requests without an HTTP referrer field are NOT allowed to access your assets. If they try, the asset will show up as on broken on their server, generating a 403 error in the header.

This is available within the KeyCDN dashboard under “Zonereferrers.”

cdn zonreferrer hotlink protection

Check out our step by step tutorial on creating a zonereferrer and enabling hotlink protection.

3. Secure Token – Limiting CDN Accessibility by Time

Secure Token allows you to generate secured links with an expiration time. Once a token has expired, it is not possible anymore to access the content. Unlike some other providers, KeyCDN provides secure token free with every account.

This is available within the KeyCDN dashboard under “Zones” → “Edit Zone” →  “Show Advanced Features.”

content delivery network secure-token

Example of how a secure token link would look like:
http://yourzone-id.kxcdn.com/folder1/file1.jpg?token=85b9a81b78b24b4d18303c91b79e0124&expire=1384719072

Check out our step by step tutorial on how to generate secure tokens.

4. Origin Shield – Reduce Load on Origin Server

Origin shield is basically an extra caching layer which reduces the load on your origin server and accelerates the distribution of your content from the origin server to your edge servers. Origin Shield is a great feature to reduce the traffic on your origin server to an absolute minimum and protect your infrastructure from abuse or traffic spikes.

This is available within the KeyCDN dashboard under “Zones” → “Edit Zone” →  “Show Advanced Features.”

origin shield content delivery network

First Request with Origin Shield

Here is an example of what happens on the first request to your origin server.

Following Requests with Origin Shield

After the first request, the following requests for the same content are served out of cache without requesting additional data from your origin server.

Unlike some other providers, KeyCDN provides origin shield free with every account!

5. Purge By Cache-Tag – Programmatically Purging

Cache-Tags are assigned to cached content via a Cache-Tag response headers. These can be used to programmatically purge only portions of cache, instead of flushing the entire cache. The tags must be defined via the Cache-Tag header from the origin server.

You can add tags within the KeyCDN dashboard under “Zones” → “Purge by Tag.”

cdn purge by tags

Read more in our API document on how to use Purge Zone Tag.

6. Cache-Control – Speed up Access

Cache-Control is an HTTP cache header comprised of a set of directives that allow you define when / how a response should be cached and for how long. Browsers store these, which in turn means they don’t have to make an additional request to the server, speeding up access. You can add or modify the Expires and Cache-Control response header fields that are sent to the client.

This is available within the KeyCDN dashboard under “Zones” → “Edit Zone” →  “Show Advanced Features.”

content delivery network cache-control

  •  -1 Cache-Control: no-cache
  •   0 Push Zone: disabled / Pull Zone: as received from the origin (header honoring)
  • >0 Cache-Control: max-age=t, where t is the time specified in the directive in minutes converted to seconds

This setting overwrites the value received from the origin in case of a pull zone. The expire value only impacts browser cache and not the KeyCDN cache. Read more about Cache-Control.

7. Logging – Digging Deeper Into Your Data

KeyCDN provides you with real-time logs which can be accessed both via a browser or sent to a 3rd party logging system. The logging feature allows you to run a live tail on your raw logs. It is also possible to define custom filters to drill down on your traffic pattern. This could be very helpful to identify broken links (Status:404) or if your content has been cached (Cache: HIT).

This is available within the KeyCDN dashboard under “Reporting” → “Real-time Logs.”

CDN raw logs

Here are some examples of some additional filter options.

cdn logging queries

You can then also see additional details on each log request.

CDN real-time logs details

You can also forward your logs to third-party log management solution such as logentries or loggly. The other option would be to configure your own syslog server.

8. HTTP Live Streaming – Speeding up Video Delivery

HTTP Live Streaming (HLS) is a technology, developed by Apple, for streaming live and on-demand video. Live streaming has made some great advancements in the past few years as far as accessibility, usability, security, and configuration abilities. HTTP Live Streaming plays a big part in these advancements especially for mobile devices as it allows for these devices to access live media efficiently and seamlessly.

You can use KeyCDN to help supercharge your HLS live stream by creating a pull zone and enabling Optimize for HLS.

This is available within the KeyCDN dashboard under “Zones” → “Edit Zone” →  “Show Advanced Features.”

cdn HLS video

Read our step by step tutorial on delivering HLS Content With KeyCDN.

Summary

As you can see there are many additional ways you can take your content delivery network to the next level and really fine tune the delivery of your content to your visitors. From restricting CDN traffic, preventing bandwidth theft, using secure token, programmatically purging, tweaking cache control settings, digging into your log data, and speeding up the delivery of your video content with HLS.

Do you have additional advanced CDN features you would like to see added? If so, join the KeyCDN team over in our new community and request it!

Related Articles

8 Advanced Content Delivery Network Features was last modified: June 6th, 2017 by Brian Jackson
Share This