Tuesday, May 14, 2024

A Deep Dive into CDN Capabilities Within AEM as a Cloud

 In this post, we’ll explore some of the recent enhancements to the out-of-the-box CDN capabilities in AEM as a Cloud.

AEM as a Cloud’s CDN(Fastly) has recently enabled several key features that help us quickly address various issues. Some of these features are not yet in general availability but are accessible through the Early Adopter Program.

Image from Adobe Document

The above image outlines the process flow for request and response handling in AEM as a Cloud CDN. Let’s examine some key features that are either currently enabled or available at the early adopter stage. These CDN configurations can be set through the cdn.yaml file and deployed separately via the Cloud Manager config pipeline.

For example below config folders in your code repository and configure the required features into the cdn.yaml file.



kind: "CDN"
version: "1"
envTypes: ["prod", "stage"]


Define config pipeline to deploy the CDN changes

Origin Selector:

The Origin Selector feature enables the CDN to route traffic to non-AEM backends according to the configuration, functioning similarly to a reverse proxy.

You can define rules to determine when requests should be directed to a specific origin. You can specify the backend domain or Ip address to connect, this allows for the configuration of various options such as useCache(default is true), forwardHost(default is false), forwardCookie(default is false), forwardAuthorization(default is false), and timeout (default is 60) settings.

Request Transformations:

Request transformation rules enable you to modify incoming requests by setting, unsetting, and altering paths, query parameters, and headers (including cookies) based on a variety of matching conditions, such as regular expressions. The supported actions — set, unset, and transform — can be chained together. Additionally, these rules allow you to set variables and reference these variables later in the pipeline, such as in Response Transformers.

Response Transformations:

Response transformation rules allow you to set and unset headers of the CDN’s outgoing responses. The supported actions — set (Sets a specified header to a given value in the response) and unset (Removes a specified header from the response)

Client-side Redirects(Early Adopter Program):

This feature is not yet generally available. To join the early-adopter program, email [email protected].

the client-side redirect rules for 301, 302 and similar client-side redirects. If a rule matches, the CDN responds with a status line that includes the status code and message (for example, HTTP/1.1 301 Moved Permanently), as well as the location header set. Both absolute and relative locations with fixed values are allowed.

CDN Error Pages:

When the CDN is unable to reach the AEM origin, a generic, unbranded error page is displayed. However, this default error page can be overridden by hosting static files in self-hosted storage solutions such as Amazon S3, Azure Blob Storage, or any external servers. These can then be referenced through CDN configuration.

kind: "CDN"
version: "1"
envTypes: ["dev"]
title: the error page
icoUrl: https://www.example.com/error.ico
cssUrl: https://www.example.com/error.css
jsUrl: https://www.example.com/error.js

Edge Side Includes (ESI) for Loading Dynamic Content (Early Adopter Program):

This feature is not yet generally available. To join the early-adopter program, email [email protected].

The Adobe Managed CDN now supports Edge Side Includes (ESI), enabling dynamic content replacement directly at the CDN level. Sling Dynamic Include facilitates various include types such as SSI (Server Side Include), ESI (Edge Side Include), and JavaScript includes. To leverage ESI, specific CDN configurations are necessary, allowing dynamic content placeholders to be replaced at the CDN level, which permits full-page caching. While SSI allow content to be fully cached at the dispatcher (not at the CDN), as the dispatcher retains the full page with dynamic include placeholders and substitutes them with actual content upon request. ESI, on the other hand, enables the complete content along with dynamic placeholders to be stored at the CDN, with placeholders replaced with real content as needed. For a more detailed understanding, refer to the article ‘Sling Dynamic Include — Deep Dive | Dynamically Include Page Components in AEM | by Albin Issac | Tech Learnings | Medium.

Traffic Filter Rules Alerts (Early Adopter Program):

Traffic filter rules at the CDN layer can be employed to either block or allow requests, providing crucial control in various scenarios. These include:

  • Restricting access to specific domains exclusively to internal company traffic before a new site goes live.
  • Establishing rate limits to reduce susceptibility to volumetric DoS attacks.
  • Blocking access from IP addresses known to be associated with malicious activities.

Rate Limit Rules — to block traffic if it exceeds a certain rate of incoming requests, based on a specific condition. Setting a value for the rateLimit property limits the rate of those requests that match the rule condition.

Additionally, you can implement WAF (Web Application Firewall) traffic filter rules, which utilize WAF flags. These rules require either an Enhanced Security license or a WAF-DDoS Protection license.

Please note, that there is a size limit to the configuration file (the cumulative size of the configuration file cannot exceed 100KB) so organizations with larger requirements should define rules in the apache/dispatcher layer.



Configuring CDN Error Pages | Adobe Experience Manager

Traffic Filter Rules including WAF Rules | Adobe Experience Manager

No comments:

Post a Comment