Basic concepts

STACKIT CDN and WAF work together to deliver your web content quickly and securely to users worldwide.

What it does

The following diagram illustrates how regional requests are routed through the global edge network, where they are cached and inspected before reaching your origin.

Content Delivery Network (CDN)

A CDN stores copies of your static website content (such as images, stylesheets, and scripts) on a global network of edge servers, known as Points of Presence (PoPs).

When a user requests your content, the CDN automatically serves it from the PoP closest to them. This drastically reduces the distance the data must travel, bypassing the need to fetch the resources from your origin server every time.

Web Application Firewall (WAF)

The WAF acts as a security shield at the edge of the CDN network. It inspects incoming HTTP and HTTPS traffic before it reaches your origin server.

By evaluating requests against predefined security rules and allowlists, the WAF detects and blocks malicious traffic—such as SQL injections, cross-site scripting (XSS), or bad bots—while allowing legitimate users through.

When to use it

You should implement STACKIT CDN and WAF when you need to:

• Improve load times: You have a geographically distributed user base and want to minimize latency and improve page performance.
• Reduce origin load: You anticipate high traffic volumes or sudden traffic spikes and want to prevent your origin server from being overloaded.
• Enhance security: You need to protect your web applications from common cyber attacks and vulnerabilities without modifying your underlying application code.
• Control access: You want to restrict incoming traffic based on specific HTTP methods, protocol versions, or geographic locations.

Management interfaces

You can manage your STACKIT CDN and WAF configurations through the following interfaces:

• STACKIT Portal
• STACKIT API
• STACKIT SDK
• STACKIT Terraform Provider
• STACKIT OpenTofu Provider