is a Content Delivery Network (CDN) company that provides various network and security services.
In March 2018, they
while caching all files in Cloudflare edges.
We have a bunch of files hosted in S3 which are served through CloudFront.
To reduce the CloudFront bandwith cost
to make use of a global CDN (we use Price Class 100 in CloudFront), we decided to use Cloudflare for file downloads. This would help us cache files in Cloudflare edges and will eventually reduce the bandwidth costs at origin (CloudFront). But to do this, we had to solve a few problems.
We had been signing CloudFront download URLs to restrict their usage after a period of time. This means the file download URLs are always unique. Since Cloudflare caches files based on URLs, caching will not work when the URLs are signed. We had to remove the URL signing to get it working with Cloudflare, but we can’t allow people to continuously use the same download URL. Cloudflare Workers helped us with this.
We negotiated a deal with Cloudflare and upgraded the subscription to Enterprise plan. Enterprise plan helps us define a
Custom Cache Key
using which we can configure Cloudflare to cache based on user defined key.
Enterprise plan also increased cache file size limits.
We wrote following Worker code which configures a custom cache key and authenticates URLs using HMAC.
Cloudflare worker starts with attaching a method to "fetch" event.
verifyAndCache function can be defined as follows.
Once the worker is added, configure an associated route in "Workers -> Routes -> Add Route" in Cloudflare.
Now, all requests will go through the configured Cloudflare worker. Each request will be verified using HMAC authentication and all files will be cached in Cloudflare edges. This would reduce bandwidth costs at the origin.