How does SiteSpect work with CDNs?
      Back to home
      1. Knowledge Base
      2. Implementation, Deployment, and Security
      3. How does SiteSpect work with CDNs?

      CDN Rules & Configuration Guide for SiteSpect

      Decide Where to Put the CDN

      There are usually two types of CDN deployment, one is the single leg option where the CDN sits in front of SiteSpect, the other is the sandwich option where the CDN will be both in front and behind SiteSpect. Several factors should be considered when choosing which option to be deployed:

      1. HTML Caching - If you would like to cache HTML on the CDN, then the CDN needs to sit behind SiteSpect, if you would like to cache static objects on the CDN, then the CDN needs to sit in front of SiteSpect. 
      2. Security features - If you would like to use specific feature on the CDN to shield the web origin, you would likely want the CDN to be in front of the web origin, if you would like to use bot manager on a CDN to prevent certain traffic from going to SiteSpect, the CDN needs to sit in front of SiteSpect.
      3. Selective routing - If you would like to only route part of the traffic to SiteSpect, then CDN is needed in front of SiteSpect.

      In conclusion, if you need the CDN to only sit in front of SiteSpect, Single Leg option should be chosen, if you need the CDN to sit both in front and behind SiteSpect, Sandwich option would be chosen.

      Single Leg Rules

      SiteSpect Requirements 

      • Route testable HTML Content to SiteSpect (Bypass Cache) 
      • Always route SiteSpect Paths to SiteSpect (Bypass Cache) 
        1.  */__ssobj/* (path) Note: folder path can be customized
        2.  ?*SS_PREVIEW_EXP* (query string) 
      • Do not override existing SiteSpect cookies or response headers 
      • These request headers are important for testing. Do not override without verification
        1. User-Agent 
        2. Host

       

      CDN Requirements 

      • CDN needs to be able to communicate with SiteSpect’s Bypass target (typically Web Origin) when SiteSpect is in Bypass mode.

       

      CDN Optional Rules 

      • Some SiteSpect Objects can be cached to improve performance 
        1. */__ssobj/*.js 
        2. */__ssobj/static/* 
      • Static Content/Binary Files can be served from cache at the CDN or requested directly from Web Origin 
      • Traffic Splitting - If routing only a subset of traffic to SiteSpect based on percentage or other rules: 
        1. When a new user request arrives at the CDN, the CDN can decide where to direct the request, and set a cookie “SSLB” to split traffic between SiteSpect and the web origin. 
        2.  Requests for HTML content with an existing SSLB cookie value of 0 should be routed directly to Origin or served from cache. 
        3.  Requests for HTML content with an existing SSLB cookie value of 1 should be routed to SiteSpect (Bypass Cache).



      Sandwich Model Rules

       

       

      CDN Leg One Logic: 

      Important note: 

      “/__ssobj” folder is a general folder marked in this documentation, for each unique configuration the CDN would need to agree on a unique path to use, usually it would be “/<client abbreviation>objects" folder, for example for company “Apple Banana”, the below “/__ssobj” will be replaced with “/abobjects”.

       

      SiteSpect Requirements 

      • Route testable HTML Content to SiteSpect (Bypass Cache) 
      • Always route SiteSpect Paths to SiteSpect (Bypass Cache) 
        1. */__ssobj/* (path) Note: folder path can be customized
        2. ?*SS_PREVIEW_EXP* (query string) 
      • Do not override existing SiteSpect cookies or response headers 
      • These request headers are important for testing. Do not override without verification
        1. User-Agent 
        2. Host

       

      CDN Requirements 

      • CDN needs to identify a method to differentiate a Leg 1 request from a Leg 2 request. For example, insert request header (SSVisit) on Leg 1 for Leg 2 to track whether request has already been routed to SiteSpect (to prevent looping). 
      • CDN needs to be able to communicate with SiteSpect’s Bypass target (typically CDN Leg 2) when SiteSpect is in Bypass mode.

       

      CDN Optional Rules 

      • Some SiteSpect Objects can be cached to improve performance 
        1. */__ssobj/*.js 
        2. */__ssobj/static/* 
      • Static Content/Binary Files can be served from cache at the CDN or requested directly from Web Origin 
      • Traffic Splitting - If routing only a subset of traffic to SiteSpect based on percentage or other rules: 
        1. When a new user request arrives at the CDN, the CDN can decide where to direct the request, and set a cookie “SSLB” to split traffic between SiteSpect and the web origin. 
        2. Requests for HTML content with an existing SSLB cookie value of 0 should be routed directly to Origin or served from cache. 
        3. Requests for HTML content with an existing SSLB cookie value of 1 should be routed to SiteSpect (Bypass Cache).

       

      CDN Leg Two Logic: 

      CDN Requirements 

      • CDN needs to identify that the request has already been routed through SiteSpect. For example, if the optional header exists (SSVisit), serve response from cache or route to Web Origin. 

      CDN Option Rules 

      • Responses from Web Origin can be cached.