In this approach, you have the same domain name for managing content updates as serving your viewers. Scenario 2: Same domain name for admin users and viewers of content This is the recommended setup, as it allows for maintaining fine-grained access and cache controls over the different set of users. If your origin is deployed within AWS, then traffic from the edge location to your AWS origin stays within the AWS network, leading to a more consistent content delivery experience for your end users. In both cases, CloudFront applies last mile optimizations, including content compression and TCP Bottleneck Bandwidth and Round-trip propagation time (BBR) to further lower the page load times for viewers. In the second CloudFront distribution used for admin access, caching is disabled and CloudFront works to accelerate the dynamic content update API calls using techniques like reuse of persistent connections across requests, optimized TCP congestion windows, and TLS session resumption. This lowers origin requests and optimizes your backend infrastructure.įor admin users, you’ll define custom rules in your second AWS WAF to only allow requests based on a special session cookie set by Drupal for authorized users. As traffic scales up, CloudFront serves more requests from cached content at the edge locations. CloudFront will be configured to cache and serve content securely over HTTPS using the closest edge location, leading to faster page downloads. ![]() To do this, create two independent CloudFront and WAF configurations with respective firewall rules to secure the Drupal backend.įigure1: Separate domain names for admin users and viewers of contentįor viewers, you’ll define custom rules in AWS WAF to block all of the path patterns pertaining to the admin sections of the CMS. Here, you want to restrict anonymous viewers from accessing URL patterns related to content update operations, for example: /node, /admin, /core, /batch, etc. In this setup, the admin and public website have different domain names. ![]() Scenario 1: Separate domain names for admin users and viewers of content Or, you can use the same domain name for both. In this post, you’ll learn some strategies to improve security while delivering content using CloudFront and AWS WAF in these two scenarios. ![]() When using Drupal, a popular CMS, you can set up separate domain names to access the section where you make content updates (we’ll call it the “admin domain name”) and for the public website. As part of the CMS, there’s an admin section where content updates are made, and a publicly available website for viewers to consume the content. Furthermore, it provides mechanisms to protect your application from Layer 7 attacks (the application layer of the OSI model).Ī content management system (CMS) helps content owners create and maintain articles and sections on a website without having specialized knowledge of how to present it in a browser. Additionally, AWS WAF is a managed web application firewall service that fully integrates with CloudFront, Application Load Balancer (ALB), Amazon API Gateway, and AWS AppSync. This is true for static cacheable content and dynamic content because of optimizations done at different stages of the request/response cycle. In this post, you’ll learn how to secure and accelerate the delivery of Drupal-based websites using Amazon CloudFront, AWS Web Application Firewall (AWS WAF), and Amazon CloudFront Functions.ĬloudFront is a content delivery network service (CDN) offering improved security and acceleration of the content served through it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |