User:Eighty5cacao/misc/CDN URL notes


 * Anything on this page that looks like a regular expression probably is. URI schemes may be omitted in cases where both  and   are valid.

A content delivery network (CDN) is a service that offers a large distributed network of web servers to increase a web site's availability and performance. This page describes...

TODO: Decide whether to mention some of the easier CDNs like CloudFront, CacheFly, and Rackspace Cloud Files. In this case, "easy" means "easy for HTTPS Everywhere ruleset writing" in the sense that the domain name is sufficient to identify the bucket.

Shared SSL
Shared SSL uses the domain.

The first subfolder may be the hostname of the origin server (but not always; TODO: explain findings here)

Premium accounts
edgekey.net (supports https on custom domain names)

akamaihd.net (*-a.akamaihd.net generally supports HTTPS, but *-f. is used for streaming video and does not (returning 403))

(TODO finish this)

Other
Akamai also owns various domains containing. Most of these do not have valid certificates.

Shared SSL
The type of account that supports shared SSL uses URLs such as

Subdomains that validly support HTTPS include at least,  ,  ,  ,  ,  , and nothing at all (that is, the domain consists entirely of the two levels  ). Those that present mismatched certificates include  (content also on   and   [and possibly also   depending on bucket?], but only when flags is  );   (content also on   and possibly  ).

(TODO: Some canonical names are subdomains of  instead.)

flags may be  or. It is probable that  means "pull from customer-defined origin server" and   means "push" (i.e., customer uses FTP or a secured version thereof to upload files to an EdgeCast-owned staging server).

bucket_id consists of four hexadecimal digits; letters are capitalized where this appears in the path.

The first folder in rest_of_path may(?) be the hostname of the origin server (if flags is ?).

When custom domain names are used (for unencrypted HTTP), the CNAME chain points from the custom name to / / and then to a domain of the form mentioned above.

Premium accounts
For the service tier that allows HTTPS on custom domain names, the canonical names are usually of the form / /. The service tier that allows whole-site acceleration with HTTPS uses / /. Between two and three digits (inclusive) have been observed; it is unknown whether leading zeros are ever used. ("ADN" may be an abbreviation for "Application Delivery Network". Note that this abbreviation is also used for some service tiers that don't support custom HTTPS)

As an exception, some premium accounts have their domains handled via the SubjectAltName fields in the same certificates that cover the shared-SSL domains.