LogoLogo
  • Welcome
  • Landing in Transparent Edge
  • Sign up process
  • Getting Started
    • Basics concepts
      • Glosary
        • API
        • Brotli Compression
        • Cache-Control
        • Cache key
        • Caching
        • CNAME
        • Cloud Computing
        • Cloud Computing Architecture
        • Cloud Services
        • DASH
        • Data Center
        • Edge Server
        • ETag
        • GSLB
        • HLS (HTTP Live Streaming)
        • HTTP/2
        • Infrastructure as a Service (IaaS)
        • Internet Exchange Point
        • Last-Modified
        • Load Balancing
        • MultiCDN
        • NoSQL (not only SQL)
        • Origin
        • Origin Shield
        • OTT (Over The Top)
        • Platform as a Service (PaaS)
        • PoP (Point of Presence)
        • Private CDN
        • Private Cloud
        • Public Cloud
        • Purge
        • Query String
        • Reverse Proxy
        • RTT (Round-trip Time)
        • SaaS (Software as a Service)
        • SDS (Software Defined Storage)
        • Smooth Streaming
        • Status Code
        • TCP (Transmission Control Protocol)
        • TLS Acceleration
        • TLS (Transport Layer Security)
        • TTFB (Time-to-first-byte)
        • TTL (Time-to-live)
        • Virtual Machine
        • VPS (Virtual Private Server)
        • Web Services
      • Let's start at the beginning
      • Things to consider
      • Houston, we have a problem
      • HTTP, How does it work?
      • Invalidating methods
      • DNS Pointing
      • Log formats
      • Predefined headers
      • Default headers
        • geo_country_code
        • X-Device
        • Vary
        • Cache headers
        • Age
        • TP-Cache
        • True-Client-IP and X-Forwarded-For
      • Forcing No-Cache
      • Architecture
        • Transparent Edge’s IP addresses
        • Locations and PoP
        • Cache layers
      • Cache effectiveness
      • SSL
      • HTTP 5xx Error Codes
      • Features
        • Protection against origin failures
        • Rate Limit
        • Geolocation and geoblocking
        • Prefechting
        • Refetching
        • Fast purging
        • HTTP Redirects
        • Caching static vs. dynamic objects
        • Rewriting of headers
        • Device detection
    • Dashboard
      • Historic
      • Analytics
      • Invalidating content
      • Content invalidation by tags
      • Prefetching Cache
      • Log shipping
      • Provisioning
        • Initial configuration
        • Backends
        • Sites
        • Configuration deployments
        • Network ACLs
        • TLS/SSL Certificates
      • User management
  • Configuration
    • VCL Reference
      • Default Functions
      • VCL Objects
      • Callable Functions
      • Security restrictions
      • Varnish book
    • Network Access Control List
      • Initial configuration
      • Auto generated lists
      • Manage lists via API
    • i3
      • Quality adjustment
      • Cache timing allocation for transformed images
      • Conversion to grayscale
      • Conversion to WebP
      • Blurring
      • Inclusion of graphics in the footer (strip)
      • Automatic resizing
      • Definition of the maximum size (content-length)
    • Transcoding
      • Relaunch or requeue jobs
      • Create a transcode job
      • Get job information
      • Dashboard usage
    • OpenAPI de TransparentCDN
  • Security
    • HTTPS
    • Blocking User-Agent
    • Blocking by IP Address
    • Blocking Requests Geographically
    • Avoiding Hotlinking
    • Bot Mitigation
    • WAF
      • Configuration
      • CAPTCHA
      • Content protected by token
      • Rate limit
    • Anomaly Detection
      • Detection Types
      • Automatic Reactions
      • Detection History
    • Under attack mode
    • Global Whitelists
  • Integrations
    • Wordpress plugin
    • Google Cloud Platform
    • Amazon Web Services
  • GUIDES AND TUTORIALS
    • How to do things
    • Edge Computing
      • ESI Tags
    • Acting on the Query String
    • Working with cookies
    • Making decisions based on HTTP headers
    • Web Application Gateway
    • Configure your servers to send cache headers
    • Caching a version per device
    • True-Client-IP in the origin
    • A/B Testing
    • Routing traffic to different backends
    • JSON Web Tokens
    • Debug codes
    • Streaming logs
    • API
      • Authentication
      • Invalidation
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. GUIDES AND TUTORIALS

Web Application Gateway

PreviousMaking decisions based on HTTP headersNextConfigure your servers to send cache headers

Last updated 1 year ago

Was this helpful?

It is common to use a CDN as an intermediate proxy to cache content, accelerate delivery, or provide an extra layer of security to our websites. However, there are less commonly used use cases that are very useful in complex architectures. Today, we are going to see an example, which is using a CDN as an application gateway or application-level proxy.

A CDN like Transparent CDN acts as a hub for requests to your domain, so any routing, filtering, service mesh, etc., can be done at this layer.

Having a language like VCL (Varnish Configuration Language) available to define logic at this level allows for all kinds of tricks and operations that will delight any DevOps professional. The possibilities are extensive for any app or website that goes through Transparent CDN, which supports SSL-offloading (protocol downgrade), end-to-end SSL, WAF, URL-based routing, multiple backends based on arbitrary and custom criteria, A/B testing, canary deployments, HTTP-header feature flags, and much more.

Since functionalities are better understood with examples, let's consider an API based on microservices distributed across multiple hosts. With an Application Gateway, we can make all services available via . The different microservices can be hosted under different URLs of the same domain /login, /stats, /cart, each with its own backend. Here's an example VCL configuration:

# Supongamos tres backends dados de alta:
# backend c0_login: login.miempresa.com:8080
# backend c0_stats: 11.22.33.44:80
# backend c0_shopcart: carrito.proveedordeterceros.com:443
sub vcl_recv {  
    if (req.url ~ "^/login"){  
        set req.backend_hint = c0_login.backend();  
    }else if (req.url ~ "^/estadisticas"){  
        set req.backend_hint = c0_stats.backend();  
    }else if (req.url ~ "^/carrito"){  
        set req.backend_hint = c0_shopcart.backend();  
    }  
}
#Cada oveja con su pareja: ap

This VCL can be as complex as needed, incorporating validations, throttling, redirects, URL rewriting, and more. Below are some examples:

sub vcl_recv {  
    if (req.url ~ "^/login"){  
        set req.backend_hint = c0_login.backend();  
        # Solo permitimos acceder a estas URLs a nuestra IP de la oficina  
        if (! req.http.True-Client-Ip == "12.34.56.78"){  
            error 403 "The power of Christ compels you!";  
        }  
    }else if (req.url ~ "^/estadisticas"){  
        set req.backend_hint = c0_stats.backend();  
        # Hay mucho forofo de la estadística, vamos a intentar que no saturen de peticiones limitando a 10 req/s  
        set req.http.x-ratelimit = 30;  
    }else if (req.url ~ "^/carrito"){  
        set req.backend_hint = c0_shopcart.backend();
        # El carrito es de terceros, y tiene una URL distinta que quiero ocultar a los clientes:
        set req.url = "/third-parties/aef5677c321bb761c/"  
        # Aqui hacemos un poco de AB testing, seteando un header que el origen tendra en cuenta para devolver una version u otra:  
        set req.http.abtesting = 0;  
        if (req.http.True-Client-IP ~ "[0-2]$") { Si la ip del cliente acaba en 0,1 ó 2, cambiamos la cabecera, para que el backend devuelva una u otra version.  
            set req.http.abtesting = 1;  
        }  
    }  
}

The possibilities are endless, so if you have something in mind and you want us to help you, contact us at

api.mysite.com
api.mysite.com:
soporte@transparentcdn.com