Special
offer
Premium-class CDN solution has never been cheaper! Unprecedented promo will get you CDN from HighWinds For as low as $9/TB!
close
Contact Us Anytime: +357 25104256
Security
illustration
You get full control over who sees what, when and where. Get protected from digital thefts.
Benefits Features
alt_picture! Protect your brand Your content is only yours! So prevent others from using it in their contexts.
alt_picture! Business alignment Build your own custom delivery rules and align your digital security implementation with your exact business needs.
alt_picture! Segregated network Our entirely separate and secure CDN was built and dedicated solely to e-commerce traffic.
alt_picture! Stay in license Get control over your content and easily restrict access by country, title, or date if you need it.
alt_picture! PCI compliance Financial and transactional information is protected with the highest level of PCI compliance.
alt_picture! Secure HTTP Full support for encrypted and authenticated HTTPS. Enhance our standard HTTPS delivery with a wide range of custom security certificates.
alt_picture! Rules-based delivery Our HTTP Rules Engine lets you build your own custom set of access rules.
alt_picture! All-day Support You can always rely on our support. Anytime, day-and-night we are ready to help you with any question with all the patience and without delays.
alt_picture! SSL delivery We support everything you need - single hostname, wildcard, SAN, Extended Validation, or any other type of SSL certificate.
alt_picture! Network Security Freeze You'll never see significant changes to our platform during the busiest e-commerce periods, such as the holiday season, to ensure maximum stability.
alt_picture! Broad authentication options Token authentication, SWF authentication, and RTMPE let you restrict access by IP, TTL, URL, location, or referrer.
alt_picture! Analytics-powered security With our EC360 Analytics Suite you have the detailed visibility you need to effectively control your site.
alt_picture! DDoS mitigation Our robust IP Anycast and Rules Engine systems provide sophisticated DDoS mitigation strategies to keep you up and running.
alt_picture! Active failover & redundancy Requests are routed automatically along the next-best path by our platform if degradation along one path occurs.
Try our features with a no commitment test account

SECURITY IN-DEPTH

Web Application Firewall (WAF)

Many web sites, web applications, and web servers receive and process requests from outside a company's protected internal network. That can result in a variety of malicious attacks including SQL injections, cross-site scripting, and application layer distributed denial of service (DDoS).

This exposure poses a threat to the customer’s infrastructure and the confidentiality, integrity, and availability of the data delivered by those resources over the Internet. These types of attacks can result in unauthorized access to content, the loss of personally identifiable information (PII), and the dissemination of private/copyrighted information.

The Web Application Firewall (WAF) service provides a layer of security between many of these security threats and the customer’s external web infrastructure. Our WAF increases security by monitoring, detecting, and preventing application layer attacks. It inspects inbound HTTP/HTTPS traffic against reactive and proactive security policies and blocks malicious activity in-band and on a real-time basis.

There are various layers to the protection provided to an origin server via Web Application Firewall, such as:



The diagram below illustrates how traffic is screened before it can ever reach our core network. The distributed nature of our worldwide network provides an additional layer of protection to origin servers. Finally, an intermediate caching layer may be enabled on an origin server as an additional measure to prevent web servers from being overloaded. This capability is known as Origin Shield.

security

WAF Setup

The manner in which Web Application Firewall should be configured varies by organization due to a variety of factors, such as those listed below.

Factor
Description
Web Applications
The type of web applications running on the origin server may affect the level of protection that may be applied via WAF.
Traffic Delivery Profile
The type of traffic that is considered legitimate affects the amount by which traffic may be restricted. Additionally, there may be multiple traffic delivery profiles that are specific to a site, role, or the action being performed.
Acceptable Risk
WAF allows the flexibility to determine the degree to which a site will be protected. A balance must be found between security and allowing the flow of legitimate traffic. A major factor in this balancing act is the degree to which an organization is able to cope with risk.



HTTP Rules Engine

The Media Control Center (MCC) provides many different options that the customer can leverage to configure how his assets are handled by our CDN. However, the customer’s unique working environment may require an additional level of customization. For this reason, we provide an interface through which the customer can create custom rules that will override his MCC configuration and the default behavior of our edge servers. These custom rules can be created to handle how our edge servers cache and grant access to large and small assets.

A rule defines the criteria that a request has to meet before one or more features can take effect. For example, the customer can define a rule that disables caching for PHP assets.

However, when setting up a rule's criteria, the customer should keep in mind that a rule is interpreted as it is laid out. In other words, actions take place as a set of criteria is met. Once a set of criteria has been satisfied, then no additional attempts to match other criteria in the current rule will take place.

Using multiple rules allows the customer to exercise both coarse and granular control over how requests for his assets are handled. For example, the customer could create a rule that determines the default manner through which all requests are handled. After which, he could create a set of rules that determine how certain types of requests are handled for a particular location. In order for this type of configuration to work properly, the customer will need to pay attention to the order in which these rules are listed.

The order in which multiple rules are listed affects how they are handled. Rules are typically processed in the order that they appear. If a client's request satisfies the criteria for more than one rule, then the features associated with the matching criteria for each rule will take place. This could lead to a situation where conflicting actions will take place. In such a case, the last action to take place will take precedence over previous actions. Therefore, it is recommended that the customer place rules that should take precedence as close to the bottom of the list as possible.

The following illustration contains four sample rules that provide different instructions based on the type of request being performed. In this scenario, we'll assume that the client requests an HTML asset from the "Secure" folder on "myhostname.com." This type of request will satisfy the match criteria for all four rules. Therefore, the features associated with each of the rules will be applied to the request. If one or more rules contain conflicting instructions, then the rule closest to the bottom of the list will take precedence. In this sample scenario, the rule called "Apply to All HTML Requests for "myhostname.com" in "Secure" Folder" would take precedence over the other rules.
security

HTTP Rules Engine can be used to override and/or extend the CDN configuration defined in the MCC and the response headers defined by a web server (e.g., Apache or IIS).


The following illustration is of a rule that disables Token-Based Authentication for HTML files.
security

Token-Based Authentication

If Token-Based Authentication is enabled, then only requests that provide an encrypted token and comply to the requirements specified by that token will be honored. Only requests from clients that provide a valid token and meet its requirements will be honored. FTP transactions are excluded from Token-Based Authentication.

Try our features with a no commitment test account
OTHER SERVICES
Application Delivery Accelerate delivery of web applications and non-static content.
Caching Our delivery and acceleration services will lead you to the world's digital threshold, from complete websites to mobile.
Analytics Full and instant visibility into performance of the content and the user experience.
Download Manager Your files are delivered globally with super-fast speed, intelligence and flexibility.
Security Protect your applications and content from unauthorized use with the powerful security tools.
Edge Optimizer Powered by Google PageSpeed, Edge Optimizer keeps your application's data and logic off of your network.
Streaming We will deliver better than anyone else your Flash, Silverlight, or HTTP – live or on-demand.
Storage It is more than just CDN storage. Security, replication, and caching infrastructures really mean massive scale at ultra-fast rates of speed.
Rules Engine With our powerful tool you have the whole control over when, how and if the content is served and delivered.
Piranha Purge Better caching flexibility, efficiency, and performance with Piranha Purge.

High-performance CDN solutions are costly?NOT ANYMORE!

Unprecedented INXY promo will get
you Premium-class CDN
from

for as low as $10/TB!contact us now

Premium-class CDN solution has never been cheaper!

Unprecedented Promo
will get you CDN from

for as low as $6/TB!contact us now