Azure CDN allows placing caching edge servers closer to your users. The service is useful when paired with a static website or blob storage container for public-access resources.
- Pricing tiers determine which partner network is used (Verizon, Akamai, Microsoft) and which features are available.
- CDN profiles specify a pricing tier and can contain multiple endpoints.
- Endpoints represent CDN configurations by pairing hostnames, configuration.
- Edge servers are close to customers, and serve cached content where available. Where it's not, they'll fetch, store and serve the content.
- Origin servers host the content, and are used as sources.
- The time to live determines the lifespan of the content, and upon its expiry indicate that it must be fetched again.
The CDN can compress files by their MIME type.
Geo-filtering allows limiting access by region of the source IP address, and can be used to enforce regulatory compliance.
Caching rules allow global and match-based configuration of the cache's behaviour:
- Bypass cache always sends the request the origin server.
- Override causes the CDN to ignore cache directives in responses from the origin server.
- Set if missing allows the CDN to add missing cache directives whilst preserving those already set.
- Not set does nothing.
Private blob containers
Query strings can either be ignored or preserved, the latter resulting in multiple copies of the same data in the cache. This can be used to provide authentication for resources in private blob containers.
- SAS passed through via client just requires the SAS to be specified to the URL in the request to the CDN. It'll be preserved, and provided the same token is used will result in one cached copy of the data per SAS token.
- Rewrite rules in the Verizon pricing tier allow appending the SAS token in the rewrite rule, not exposing it to clients.
- The Verizon pricing tier also allows preventing hotlinking by enforcing token authentication with the CDN, using a rewrite rule to append the SAS.
Optimisation allows biasing performance of the CDN for delivery of certain types of content, e.g. large files or streaming of media. This feature is only available with some CDN pricing tiers.
SSL certificates are provided for the default
*.azureedge.net CDN endpoint, and custom certificates can be issued via DigiCert free of charge or provided via a key vault.
CDN profiles expose metrics which can be used to determine the health and performance of the service:
- Cache hit and miss rates.
- Data transferred.
- Responses status.