Edgio AppOpsEdgio DeliveryEdgio StreamingContact SalesContact SupportResourcesInvestorsCareersDeliveryApp EdgeEdgeJS (CDN-as-code)ObservabilityTraffic SplittingGlobal CDNFull-Stack EnvironmentsFeature ManagementBranch PreviewPredictive PrefetchServerless ComputeGraphQL CachingImage OptimizationApp PlatformWeb Application FrameworksIterative MigrationApp SecurityWAF, DDoS, Bot Management and API ProtectionDevelop fasterRelease with confidenceRun sub-second sitesProtect your appSimplify, save and evolveSecurityStreamingExpert ServicesEdge Cache for ISPsAccelerated DevelopmentInstant Page LoadsNext-Gen Web CDNGlobal CDNWeb SecurityDocsContact SalesApp EdgeApp PlatformApp SecurityBranch PreviewEdgeJSFeature ManagementFull-stack EnvironmentsGlobal CDNGraphQL CachingImage OptimizationIterative MigrationObservabilityPredictive PrefetchServerless ComputeTraffic SplittingWAF, DDoS, Bot ManagementWeb Application FrameworksDeliveryStreamingSupportResource CenterBlogDeveloper DocsChangelogForumAboutLeadership TeamCareersInvestorsNewsroomContact UsTerms of ServicePrivacy PolicyAcceptable Use PolicyData and Protection AddendumInvoice MethodologiesPrivacy ShieldWebsite Disclaimer
Blog

Configuring the Edge for Your Online Business

Edgecast Rules Engine Allows Enterprises to Fine-Tune Configurations with Flexibility and Ease

April 21, 2022
Print Article

Original source: Edgecast

Summary

Edgecast offers edge solutions for media companies and global enterprises. Built on our leading global edge network, Edgecast high-quality delivery, compute, security and streaming solutions power and protect some of the world’s largest websites, apps and OTT services. We understand the importance of configurability and flexibility for our customers, which is why we provide a host of technologies that put control into their hands. Rules Engine is just one example of this.

Edgecast Rules Engine allows the customization of how requests are handled by our edge network. By default, Edgecast honors all of the headers sent from customer origins. However, depending on the content and the customer use case, custom rules may be required to override the default behavior of the origin. Rules Engine and its associated APIs provide great flexibility and configurability. They enable customers to control their content delivery and security needs with unparalleled precision. In this article, we dive into some common use cases and identify the benefits gained from utilizing various rules defined in Rules Engine.

Rules Engine features

Rules Engine includes many valuable features, each defining the type of action to be applied to the request identified by a set of match conditions. A match condition identifies specific types of requests for which a set of features will be performed. Let’s first look at the types of features available to customers. These customize how our edge network manages requests for their content. ‍

‍Access: These features control access to content. For example, the Token Auth feature determines whether Token-Based Authentication will be applied to a request. This helps limit and lock access to data, files, or pages to only those with proper permission. This prevents content or information from being shared with unauthorized users. Other access controls include country/geographic locations.

1 2 3 4 5 6 <rule> <description>Enable Token Auth</description> <match.request.edge-cname.literal hostnames="origin.example-edgecast.com"> <feature.access.token-auth enabled="true"/> </match.request.edge-cname.literal> </rule>

‍Caching: These features customize when and how content is cached. Rules Engine offers dozens of caching features to help you fine-tune how the edge handles your content. For example, Partial Cache Sharing (PCS) dictates whether a partially cached file can start being served as a cache-hit on subsequent requests, or if the file needs to be fully cached before serving it from the edge. When enabled, PCS helps reduce origin load and improves performance. This means fewer origin requests are made to source content, which can result in a smaller bandwidth bill at the host/origin. In parallel, optimizing cache can help improve performance by serving content from the CDN edge whenever possible.

1 2 3 4 5 6 <rule> <description>Enable Partial Cache Sharing</description> <match.request.edge-cname.literal hostnames="origin.example-edgecast.com"> <feature.caching.partial-cache-sharing enabled="true"/> </match.request.edge-cname.literal> </rule>

Headers: These features manipulate the request and/or response headers on the fly. For example, the Modify Client Request Header enables users to overwrite, append, or delete a header from a request. Users can control their websites and applications’ behavior by customizing the data sent from the client or received from the server.

1 2 3 4 5 6 <rule> <description>Add CORS Header</description> <match.request.edge-cname.literal hostnames="origin.example-edgecast.com"> <feature.headers.modify-client-response-header action="set" name="access-control-allow-origin" value="*"/> </match.request.edge-cname.literal> </rule>

Logs: Among the suite of UI-based analytics, raw, real-time and custom logs can be generated for an in-depth (or 360-degree) view of the CDN and security traffic footprint. These features customize the data stored in raw log files. For example, Mask Client Subnet determines whether a client's IP address will be masked for logging and reporting purposes. This helps with General Data Protection Regulation (GDPR) compliance. We used real-time log delivery to support Plus500, a global fintech firm, allowing them to make quicker and safer software releases.

Origin: These features control how the CDN communicates with an origin server. For example, Maximum Keep-Alive Requests defines the maximum number of requests for a Keep-Alive connection before it’s closed. This helps edge performance by minimizing the number of TCP authentication steps needed for requests.

Specialty: These features provide advanced functionality for how the CDN behaves with the origin or client. For example, by toggling the QUIC rule, you can dictate whether the client is informed that our CDN service supports QUIC. By doing so, Edgecast can serve web pages optimized to perform at their best.

1 2 3 4 5 6 <rule> <description>Enable QUIC</description> <match.request.edge-cname.literal hostnames="origin.example-edgecast.com"> <feature.specialty.quic enabled="true"/> </match.request.edge-cname.literal> </rule>

User Variable: Assigns a value to a user-defined variable passed to your bespoke traffic processing solution. This is often used with our custom back-end scripting language (LUA). One benefit of this is that it enables the user to inject user-defined variables into a static configuration to control the back-end for server load balancing.

Rules Engine feature/benefit summary.

Use cases

Redirecting HTTP to HTTPS: If you’re not forcing your website or application traffic over TLS, visitors will see the dreaded security warning pop up in their browser. Website visitors know that insecure sites are vulnerable to attacks that can steal their information. A secure site instills trust. It lets visitors know that you’re doing your part to protect their personal data. HTTPS is key to ensuring security and accessibility, and redirecting from HTTP to HTTPS is accomplished easily with Rules Engine. Edgecast also offers a fully managed Secure Socket Layer (SSL) and a bring your own certificate (BYOC) SSL via key vault integration for SSL.

Understanding visitor geo and device type: Businesses can obtain a wealth of intelligence by understanding where their web property visitors are coming from and what type of device is used. With Rules Engine, custom log fields can be added to provide insight into the geolocation of the request and the device type used. HTTP variables make this easy and allow these metrics to be added to the raw logs. This creates more thorough logging, internal reporting, monitoring, insights and troubleshooting.

In addition, the URL Redirect feature enables businesses to redirect requests to different URLs based on the geo region of the end user. This is particularly helpful for multinational companies who maintain different regional-specific versions of their websites (for example, different languages and themes).

1 2 3 4 5 6 7 8 9 10 11 <rule> <description>Language Redirect</description> <select.first-match> <match.location.country.literal result="match" codes="US"> <feature.url.url-redirect source="/80666BA/Origin1/(.*)" destination="%{scheme}://www.example-edgecat.com/us/$1" code="301"/> </match.location.country.literal> <match.location.country.literal result="match" codes="DE"> <feature.url.url-redirect source="/80666BA/Origin1/(.*)" destination="%{scheme}://www.example-edgecat.com/de/$1" code="301"/> </match.location.country.literal> </select.first-match> </rule>

Another geo use case relates to firmware downloads. Often, a globally distributed customer has a single URL for a firmware download. But these need to have the requests pulled from the closest regional server for a better end user experience and to ensure that the servers will not get overloaded with too many requests. With Rules Engine, a URL rewrite can be applied to have the requests rerouted to a regional server based on the geolocation initiating the request.

1 2 3 4 5 6 7 8 9 10 11 <rule> <description>Rewrite for Regional Origin Servers</description> <select.first-match> <match.location.country.literal result="match" codes="US"> <feature.url.url-rewrite source="/80666BA/Origin1/(.*)" destination="/80666BA/Origin-US/$1"/> </match.location.country.literal> <match.location.country.literal result="match" codes="DE"> <feature.url.url-rewrite source="/80666BA/Origin1/(.*)" destination="/80666BA/Origin-DE/(.*)"/> </match.location.country.literal> </select.first-match> </rule>

Denying access to content: There are many reasons online businesses need to deny or block access to their content. Geoblocking restricts access to content based on the end user’s location. This may be necessary for a company to comply with economic sanctions, privacy laws or stop security threats. Geoblocking rules can be set up in Rules Engine to deny or allow access to content using a variety of location match conditions, including region code and country code.

1 2 3 4 5 6 <rule> <description>Deny RU Access</description> <match.location.country.literal result="match" codes="RU"> <feature.access.deny-access enabled="true"/> </match.location.country.literal> </rule>

Customers can also deny access to content using Token-Based Authentication. This involves denying or permitting access to content based on numerous characteristics of the incoming request, such as precise geolocation, URL path, values of various headers and/or cookies, filenames, IP address, and more. Geoblocking is used in streaming services like Netflix and Hulu to comply with license laws of the content they deliver over the internet.

Cache-control: Rules Engine allows customers to fine-tune how their content is cached on our edge servers. There are dozens of caching rules that can be applied depending on your content and delivery requirements. Here are a few use case examples:

  • The CDN, by default, will follow caching directives set by the origin. However, if the origin requests to bypass cache, the customer can easily ignore this directive to have the asset cached for delivery. This allows for simplified cache-control using Rules Engine and prevents the customer from having to make origin changes.

  • The External Max-Age rule enables control of the browser to edge server cache revalidation. In other words, customers can specify the amount of time that should pass before a browser checks for a new version of an asset from an edge server.

  • The Stale While Revalidate rule improves performance by allowing our edge servers to serve stale content to the requester while revalidation occurs. The customer has complete control over the length of time past the time-to-live (TTL) expiration during which the CDN may deliver stale content. A version of this is the Stale Content Delivery on Error rule. This can be used to serve expired cached content when an error occurs, during either cache revalidation or when retrieving the requested content from the origin server. Customers may prefer this over forwarding an error to the end user in some instances.

  • Negative caching can also be set up via Rules Engine to briefly cache specific failures in order to protect the origin from a surge of such requests that generate errors. We have seen this configuration alleviate pressure from the origin when requests cannot be fulfilled. This is a great feature that users can configure to reduce origin spikes on 4xx or 5xx requests.

  • The Streaming Optimization feature in Rules Engine is perfect for tuning your caching configuration to optimize the performance of live streams and reduce the load on the origin server(s).

Configurations as unique as your needs

We know that no two customers are the same, and even two companies in the same industry will have different content requirements. Rules Engine gives you complete control over how the network is configured to handle your content. We work with companies small and large and can ensure our network is fine-tuned to meet the expert delivery of your content.

Contact us to learn more about how Rules Engine can support your content and delivery needs.

Explore Edgio Solutions

Get the information you need. When you’re ready, chat with us, get an assessment or start your free trial.