Security


The latest technology ensures that your origin, your connection and your content are safer than ever. Stay protected with our proprietary DDoS solution, Secure Token, TLS 1.3 and many more.

Secure connection

All HTTPS connections are powered by the latest web performance and security features, such as TLS 1.3 with 0-RTT or optimized HTTP/2.

Install your own SNI certificate or let us handle it for you with our InstantSSL by Let's Encrypt.

SSL Labs overall rating A+

Check for yourself on SSL Labs or our own tool.

Client panel security features

  • Secure tokens & Signed URL

    Protect your content by using secure links with expiration time, and/or limit them to a specific IP address. We provide a unique token/password to generate signed URLs.

  • Origin protection

    Our proxy servers protect your origin server and reduce the load on your servers as well as the cost of your egress traffic. Proxy servers reside between your origin and our caching servers.

  • IP & geo-whitelisting / blacklisting

    When it comes to allowing or blocking specific IPs or countries, a simple deny/allow rule has you covered.

  • Hotlink protection

    Content theft will no longer be an issue. Lock your content exclusively to your domain. Hotlink protection only allows requests with the correct referer header.

DDoS protection

All our PoPs are equipped with custom-made filters, all with 100G+ network capacity. With 24/7 traffic monitoring, we detect and effectively block both Protocol and Volume based attacks in under 10 seconds.

  • UDP Flood
  • NTP Amplification
  • DNS Amplification
  • ICMP Flood
  • SYN Flood

  • Robust network

    We cooperate with 15 transit providers all over the world and have hundreds of direct peers/PNIs. With an external capacity of ~50 Tbps we can ensure uninterrupted delivery of your content.

  • Proprietary solution

    CDN77 has developed a proprietary DDoS solution based on DPDK. Pairing real-time monitoring with machine learning, we can detect and stop incoming attacks in seconds.

  • Non-interrupted connection

    We keep your content safe and accessible to legitimate users, even during an attack, without trade-off; filtered traffic is guaranteed to reach your hosts.

SmartWAF - Web Application Firewall

Our SmartWAF is a convenient web application firewall which you can enable with a single click in your Client Panel. It is a strong, yet easy to use feature for any web application.

SmartWaf scheme

CDN77 is using the OWASP Core Rule Set (CRS) which is designed to deflect the most common vulnerabilities, including the OWASP Top 10, such as:

  • SQL Injection (SQLi)
  • Cross Site Scripting (XSS)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • PHP Code Injection
  • Java Code Injection
  • HTTPoxy
  • Shellshock
  • Unix/Windows Shell Injection
  • Session Fixation
  • Scripting/Scanner/Bot Detection
  • Metadata/Error Leakages

The modified version ensures a low number of false alerts for better recognition of real attacks.

If you are interested in setting up custom rules, exceptions or heuristic-based approach, let us know via or email.

Deliver your content with CDN77