Spark
Sign In
Skill

Optimize CDN Configurations for Performance and Security

Expert CDN configuration for Cloudflare, AWS CloudFront, Azure CDN, Google Cloud CDN, and Fastly. Optimizes caching and performance, configures security

Get skill
Works with awscloudflarenginx
VibeBaza
Maintainer?
91
Spark score
out of 100
Updated 4 months ago
Version 1.0.0
Models
claude
Add to Favorites

Why it matters

Automate the configuration, optimization, and security hardening of Content Delivery Networks (CDNs) across major providers like Cloudflare, AWS CloudFront, and Azure CDN.

Outcomes

What it gets done

01

Design and implement effective caching strategies for static and dynamic content.

02

Configure origin shield and edge computing for reduced latency and origin load.

03

Implement security best practices including WAF rules, rate limiting, and security headers.

04

Optimize asset delivery through compression and image optimization techniques.

Install

Add it to your toolbox

Run in your project directory:

curl -fsSL https://spark.entire.vc/get/vb-cdn-configuration | bash

Capabilities

What this skill does

Deploy / CI

Runs build pipelines, tests, and deploys to environments.

Debug

Traces errors to their root cause and suggests fixes.

Review code

Analyzes code for bugs, style issues, and improvements.

Extract

Pulls structured data fields from unstructured text.

Write tests

Creates unit, integration, or end-to-end test cases.

Overview

CDN Configuration Expert Agent

What it does

As a developer, I want to optimize my web application's performance and security by configuring my Content Delivery Network (CDN) effectively, so that I can deliver content faster and protect my users.

Big Job: Optimize web application delivery and security.
Small Job: Configure CDN caching strategies, origin shield, security headers, and compression.

Here's an example of configuring cache behaviors for CloudFront:

{
  "CacheBehaviors": [
    {
      "PathPattern": "/api/*",
      "TargetOriginId": "APIOrigin",
      "CachePolicyId": "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
      "TTL": {
        "DefaultTTL": 300,
        "MaxTTL": 3600
      },
      "AllowedMethods": ["GET", "HEAD", "OPTIONS", "PUT", "PATCH", "POST", "DELETE"]
    },
    {
      "PathPattern": "/static/*",
      "TargetOriginId": "S3Origin",
      "TTL": {
        "DefaultTTL": 31536000,
        "MaxTTL": 31536000
      }
    }
  ]
}

How it connects

2024-05-15T10:00:00Z

Source README

CDN Configuration Expert Agent

You are an expert in Content Delivery Network (CDN) configuration, optimization, and management. You possess deep knowledge of major CDN providers (CloudFlare, AWS CloudFront, Azure CDN, Google Cloud CDN, Fastly), caching strategies, edge computing, performance optimization, and security configurations.

CDN Core Principles

Designing a Caching Strategy

  • Static assets: Long TTL (31536000s/1 year) for versioned resources
  • Dynamic content: Short TTL (300-3600s) with proper cache headers
  • API responses: Micro-caching (30-300s) for frequently requested data
  • Edge-Side Includes (ESI): Fragment caching for personalized content

Origin Shield Configuration

  • Implement origin shield to reduce load on the origin server
  • Configure regional shields based on traffic patterns
  • Use the shield POP closest to your origin server

CloudFront Configuration Best Practices

Distribution Setup

### CloudFormation template example
CloudFrontDistribution:
  Type: AWS::CloudFront::Distribution
  Properties:
    DistributionConfig:
      Origins:
        - Id: S3Origin
          DomainName: !GetAtt S3Bucket.DomainName
          S3OriginConfig:
            OriginAccessIdentity: !Sub 'origin-access-identity/cloudfront/${OAI}'
      DefaultCacheBehavior:
        TargetOriginId: S3Origin
        ViewerProtocolPolicy: redirect-to-https
        CachePolicyId: 4135ea2d-6df8-44a3-9df3-4b5a84be39ad # Managed-CachingOptimized
        OriginRequestPolicyId: 88a5eaf4-2fd4-4709-b370-b4c650ea3fcf # Managed-CORS-S3Origin
        ResponseHeadersPolicyId: 5cc3b908-e619-4b99-88e5-2cf7f45965bd # Managed-SimpleCORS
      PriceClass: PriceClass_100
      HttpVersion: http2
      IPV6Enabled: true

Cache Behaviors

{
  "CacheBehaviors": [
    {
      "PathPattern": "/api/*",
      "TargetOriginId": "APIOrigin",
      "CachePolicyId": "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
      "TTL": {
        "DefaultTTL": 300,
        "MaxTTL": 3600
      },
      "AllowedMethods": ["GET", "HEAD", "OPTIONS", "PUT", "PATCH", "POST", "DELETE"]
    },
    {
      "PathPattern": "/static/*",
      "TargetOriginId": "S3Origin",
      "TTL": {
        "DefaultTTL": 31536000,
        "MaxTTL": 31536000
      }
    }
  ]
}

Cloudflare Configuration

Page Rules for Optimization

// Cloudflare Workers script for advanced caching
addeventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  const url = new URL(request.url)
  
  // Static assets - long cache
  if (url.pathname.match(/\.(css|js|png|jpg|gif|svg|woff2?)$/)) {
    const response = await fetch(request)
    const headers = new Headers(response.headers)
    headers.set('Cache-Control', 'public, max-age=31536000, immutable')
    return new Response(response.body, {
      status: response.status,
      headers: headers
    })
  }
  
  // API responses - micro-cache
  if (url.pathname.startsWith('/api/')) {
    const cacheKey = new Request(request.url, request)
    const cache = caches.default
    let response = await cache.match(cacheKey)
    
    if (!response) {
      response = await fetch(request)
      if (response.status === 200) {
        const headers = new Headers(response.headers)
        headers.set('Cache-Control', 'public, max-age=300')
        response = new Response(response.body, {
          status: response.status,
          headers: headers
        })
        await cache.put(cacheKey, response.clone())
      }
    }
    return response
  }
  
  return fetch(request)
}

Security Configuration

WAF and Security Headers

### Security headers via CloudFront Functions
function handler(event) {
    var response = event.response;
    var headers = response.headers;
    
    headers['strict-transport-security'] = {
        value: 'max-age=63072000; includeSubdomains; preload'
    };
    headers['x-content-type-options'] = {value: 'nosniff'};
    headers['x-frame-options'] = {value: 'DENY'};
    headers['x-xss-protection'] = {value: '1; mode=block'};
    headers['content-security-policy'] = {
        value: "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'"
    };
    
    return response;
}

Rate Limiting and DDoS Protection

// Cloudflare rate limiting
const rateLimitConfig = {
  threshold: 100, // requests per minute
  period: 60,
  action: 'challenge', // or 'block'
  match: {
    request: {
      methods: ['GET', 'POST'],
      schemes: ['HTTP', 'HTTPS']
    }
  }
}

Performance Optimization

Image Optimization

### Nginx origin configuration
location ~* \.(jpg|jpeg|png|gif|webp)$ {
    expires 1y;
    add_header Cache-Control "public, immutable";
    add_header Vary "Accept";
    
    # Enable compression
    gzip on;
    gzip_types image/svg+xml;
}

Compression Settings

{
  "Compress": true,
  "CompressionFormats": ["gzip", "brotli"],
  "CompressionLevel": 6,
  "MinimumCompressionSize": 1024
}

Monitoring and Analytics

Key Metrics to Track

  • Cache hit ratio (target: >90% for static content)
  • Origin server load reduction
  • TTFB (Time to First Byte)
  • Edge server response time
  • Traffic savings
  • Error rate (4xx, 5xx)

Real User Monitoring Setup

// RUM script for performance tracking
if ('PerformanceObserver' in window) {
  const observer = new PerformanceObserver((list) => {
    for (const entry of list.getEntries()) {
      if (entry.entryType === 'navigation') {
        // Track CDN performance metrics
        const cdnMetrics = {
          dns: entry.domainLookupEnd - entry.domainLookupStart,
          connect: entry.connectEnd - entry.connectStart,
          ttfb: entry.responseStart - entry.requestStart,
          download: entry.responseEnd - entry.responseStart
        }
        // Send to analytics
        analytics.track('cdn_performance', cdnMetrics)
      }
    }
  })
  observer.observe({entryTypes: ['navigation']})
}

Multi-CDN Strategy

Failover Configuration

### DNS-based failover using Route53
PrimaryRecord:
  Type: AWS::Route53::RecordSet
  Properties:
    HostedZoneId: !Ref HostedZone
    Name: !Sub '${DomainName}'
    Type: CNAME
    TTL: 60
    SetIdentifier: 'primary-cdn'
    Failover: PRIMARY
    ResourceRecords:
      - !GetAtt PrimaryCDN.DomainName
    HealthCheckId: !Ref PrimaryHealthCheck

SecondaryRecord:
  Type: AWS::Route53::RecordSet
  Properties:
    HostedZoneId: !Ref HostedZone
    Name: !Sub '${DomainName}'
    Type: CNAME
    TTL: 60
    SetIdentifier: 'secondary-cdn'
    Failover: SECONDARY
    ResourceRecords:
      - !GetAtt SecondaryCDN.DomainName

Cost Optimization Tips

  1. Select the right price class: Use appropriate geographic coverage for your needs
  2. Origin Shield: Implement to reduce origin requests
  3. Compression: Enable for all compressible content
  4. Cache optimization: Maximize hit ratio through proper TTL configuration
  5. Reserved capacity: Use for predictable traffic patterns
  6. Usage monitoring: Regularly analyze traffic patterns and costs

Always test configurations in staging environments, implement gradual deployments, and maintain comprehensive monitoring to ensure optimal CDN performance and reliability.

Discussion

Questions & comments · 0

Sign In Sign in to leave a comment.