API
The Gcore Customer Portal is being updated. Screenshots may not show the current version.
Web Application Security
Web Application Security
BillingCreate protected resourceUse Web Application Security and CDNConfigure protection settingsAdd an SSL certificateRate LimiterSet the Access PolicyDeny accessSet the X-Forward-For headerCheck reports
View eventsCreate rulesRule typesManage triggersSettings
How do I change an A record?What criteria do you analyze?I see lots of requests from several IPs. Could this be an attack?I changed my A record long time ago, but you are not filtering it. What to do?Attackers have found out my origin IP and are attacking it directly. What should I do? directly. What should I do?Who is attacking us?Will a blacklisted user get unblocked after a particular time?During a DDoS attack, we changed your IP address, but we still have problems with the performance. Why?Do you protect against attacks targeted at DNS?Can you disable the protection for some time for the entire site or certain parts of the site?How long does the service enabling take?Which web crawlers doesn't your service block?Force an IP banGet all banned IP addresses for all resourcesRenew SSL certificates
API
Chosen image
Home/Web Application Security/Use Web Application Security and CDN

Connect Web Security and CDN for the same domain

What is the challenge in using Web Application Security and CDN together?

Previously, it was challenging to connect Web Application Security and CDN services for the same domain. The issue was that when using a CDN, the edge servers that cache content sent numerous requests to your application from a few IP addresses of our internal subnets. This made it difficult for Web Application Security to effectively apply the Bot protection mechanism since it couldn't distinguish between requests from legitimate users from an internal network IP and malicious requests from bots.

To avoid blocking legitimate requests, we recommended connecting CDNs and Web Protection to separate subdomains. However, it was not convenient for customers.

How we solved the challenge

We changed the bot-identifying process, thereby resolving the connectivity conflict between Web Application Security and CDN. Now, our security system analyzes web request characteristics to block robotic activity rather than relying on specific identifying information. This allows you to connect Web Security and CDN services for the main domain without subdomains.

Configure Web Secure and CDN for your application

1. Create a resource under the protection according to the "Create and configure a protected resource" guide.

2. Go to the Resources tab and copy the IP address from the "Protected IP" column.

Note: The IP from the example (5.188.189.82) will be different from yours.

Web protection

3. Go to the CDN resources tab and create a CDN resource according to the appropriate guide: Create a CDN resource for only static files or an entire site.

3.1. If you want to use Web Application Security with the CDN resource for only static files, specify the following values during creation:

  • The IP address copied at step #2 in the "Origin" field (e.g., 5.188.189.82).
  • The custom domain based on your application domain in the "Custom domain" field (e.g., cdn.test-domain.com).
Set up initial configuration

Complete the creation of the CDN resource by making all the necessary settings.

3.2. If you want to use Web Application Security with the CDN resource for an entire site, specify the following values during creation:

  • The domain of your application in the "Enter site name" step (e.g., test-domain.com).
  • The IP address copied at step #2 in the "IPv4 address" field (e.g., 5.188.189.82).
Add DNS record

Complete the creation of the CDN resource by making all the necessary settings.

That's it! This is how you connect Web Application Security and CDN for the same domain.

Was this article helpful?

Not a Gcore user yet?

Discover the all-in-one Web security solution by Gcore

Go to the product page
Edit on GitHub
// // Initialize a variable to undefined initially. // var growthBook = undefined; // (function() { // try { // var script = document.createElement('script'); // script.src = "https://cdn.jsdelivr.net/npm/@growthbook/growthbook/dist/bundles/auto.min.js"; // script.setAttribute("data-api-host", "https://cdn.growthbook.io"); // script.setAttribute("data-client-key", "sdk-truekA5wvhMYaqsu"); // document.head.appendChild(script); // script.onload = function() { // console.log("GrowthBook script loaded successfully."); // growthBook = window.GrowthBook; // Assuming GrowthBook attaches itself to window // }; // script.onerror = function() { // console.error("Failed to load the GrowthBook script."); // growthBook = undefined; // Explicitly set to undefined on error // }; // } catch (error) { // console.error("An error occurred while setting up the GrowthBook script:", error); // growthBook = undefined; // } // })(); // // Optional: Push to dataLayer if needed // window.dataLayer = window.dataLayer || []; // window.dataLayer.push({ // 'event': 'scriptLoadStatus', // 'growthBookStatus': growthBook ? "Loaded" : "Failed" // });