Advanced Global CDN

Edge configuration tools that enable advanced site management, enhanced security, and a customizable WAF

Discuss in our Forum Discuss in Slack

Advanced Global CDN is a Managed Service that takes Pantheon's CDN offering a step forward, for customers that require unique optimizations for digital delivery at scale.

Each AGCDN service configuration is offered as an annual contract subscription. Customers can include multiple sites to the configuration, or conditionally apply specific rules.

It includes a wide range of benefits that let teams individually manage their own sites, drive growth through site iteration, calibrate control over branding, and extend enterprise-grade security.

Note: At the moment, AGCDN only works with custom domains. .pantheonsite.io domains are not covered.

Features

OSI Layer 3 & 4 DDoS Protection & Mitigation

Advanced Global CDN provides DDoS protection and mitigation at the network (Layer 3) and transport (Layer 4) layers of the OSI model.

SOC 2 Type 2 Compliance

SOC 2 Type 2 compliance provides third-party assurance to our customers about the conformance of Pantheon’s information security system with industry standards. Our SOC 2 compliance covers the Security and Availability Trust Services Criteria.

IP Allowlisting & Blocklisting

Restrict access to properties using Acess Control Lists (ACLs) that use IP adddresses to either allow or deny access.

  • Blocklist - prevent users with specific IPs or in IP ranges from accessing your site.

  • Allowlist - only allow users with specific IPs or in IP ranges to access your site, blocking everyone else.

Token Authentication / JWT (JSON Web Token)

Use the AGCDN Edge to generate JSON Web Tokens to help build your custom API.

Custom Error & Maintenance Page Rules

Response code messages enable you to create custom error pages (e.g., 404 and 503 errors) for a tailored end-user experience.

Geolocation-based Actions

Sending location info to your application is much faster than fetching it from a third-party API. AGCDN enables actions based on the physical location of your user (eg. blocking or redirecting based on country), and can send location information to your application for performant, custom control.

Device Detection and Edge Control

Device detection can drive differentiated delivery strategies at the edge of the network, to address issues that impact mobile user experience.

Complete CDN Edge Logs

See every request to your website, whether or not the content was cached. Server logs can only record requests that couldn't be fulfilled from a CDN's cache. Full CDN edge logs replace these with logs from the edge, to provide a complete picture of your traffic.

Modify and Filter Headers at the Edge

Change or filter request and response headers before your application starts up to create, add, delete, or update parts of your request and apply custom rules.

Edge Redirects

Reduce requests to your CMS by moving page redirects to the edge. We can do path, domain, and pattern-based (RegEx) redirects, or redirects based on geolocation information. We can also combine redirect behavior using Headers (Cookies, Responses, etc).

Domain Masking and Reverse Proxy

  • Domain masking: run multiple Pantheon or non-Pantheon applications behind a single domain, using different URL paths.
  • Reverse proxy: serve content from another service (eg. S3) seamlessly from your application.

Enterprise Blue/Green Deployment Support

Support for blue/green deployment CI/CD processes that enable continuous testing and deployment workflows and always ready disaster recovery.

Additional Features from WAF/IO

  • Efficient IO at the edge

    With Image Optimization (IO) images render quickly from the edge offloading work from your servers and adding resilience to your site. IO supports a number of formats including animated GIFs.

  • Layer 7/Enterprise WAF rules

    Application-layer (OSI Layer 7) protection simplifies event monitoring and mitigation without requiring changes that introduce latency.

  • OWASP & WAF rules for Drupal/WordPress

    Support for OWASP WordPress and Drupal rules helps you monitor and address the most commonly seen application risks for these popular CMSes. Examples include SQL injection and XSS vulnerabilities.

  • Custom/Comprehensive WAF services

    Our Web Application Firewall (WAF) inspects each packet in detail to block malicious traffic and is fine-tuned for WordPress and Drupal.

  • Advanced bot detection & mitigation (available as an add-on)

    The following third-party plugins are available:

    The customer is responsible for purchasing, maintaining payment for, and supporting these plugins.

See a comparison of the features offered by our CDN services.

Frequently Asked Questions

Is Global CDN still included?

Yes, Global CDN is included free of charge for all Pantheon customers. This enables customers to render pages with speed by caching responses at the edge with over 70 Fastly points of presence.

Who sets up the Fastly edge configuration files?

Advanced Global CDN is supported by Pantheon’s experienced Professional Services team, who can set up, configure, and maintain your Fastly edge configurations.

Is the CDN configurable?

Yes. Unlike Global CDN, Advanced Global CDN can be configured to meet the unique needs of your team. While we don’t currently offer direct access to the Fastly configuration file, our Professional Services team can implement the custom settings that you require.

How do I get Advanced Global CDN?

Contact us to learn how Advanced Global CDN can help your organization. Our Professional Services team will talk through your needs and help determine the best configuration for you.

See Also