Supporting At-the-Edge Processing with CDN Integrations

DataDome’s mission is to protect our customers against threats on any infrastructure. In the past, companies would often use their own on-premise web and application servers to host important resources, or rely on their content delivery network (CDN) to provide bot detection. But today’s far-reaching internet requires far more distributed resources than most companies can sustain. Cloud computing and CDNs now meet that need, but the places they fall short in terms of cybersecurity are more impactful than ever. 

  • Security: Many CDNs include their own non-transferable security. However, it is not the best, most comprehensive security tool available, and most likely does not cover specific threats—especially sophisticated bot attacks—as well as you need.
  • Updates: Because CDNs become part of your website infrastructure, they need to be bulletproof, or they could become vectors for attacks by malicious actors. CDNs may not update or patch as regularly as they should because that is not the primary focus of their business.
  • Attacks: CDNs, which exist to serve internet resources across the globe, are just as likely to be attacked as specific websites, servers, and mobile apps. For instance, many CDNs face distributed denial of service (DDoS) attacks that attempt to overwhelm their resources to ultimately take down the target site—or every single site serviced by that CDN. DDoS attacks are easier than ever to perform thanks to proxy IP addresses and bots-as-a-service vendors, and if your CDN isn’t prepared to handle high-volume bot traffic, it may fail.

For our customers, integrating DataDome at the CDN/edge level is the best path for protection. That way, the scalability of the protection will be handled by the CDN platform as well, so when attacks occur, they will be distributed across ~100 points of presence (PoPs), with the CDN handling the traffic rather than the origin. 

By comparison, using server side modules (for example, a web server like Nginx/HAProxy) or application modules (like ASP.NET/NodeJS) would mean that the attack would be received by the origin and the origin would not scale. So, a large attack would crash the website. 

Our customers need to ensure their website resources are consistently available to their users, no matter what malicious actors may be trying to attack them. Integrating DataDome at the CDN or edge level helps ensure bot management is handled, while also ensuring high-volume attacks are managed by the CDN—not their own servers. DataDome continues to support more CDN platforms to protect websites, mobile apps, and APIs at the edge.

What is a content delivery network (CDN)?

A CDN is a network of interconnected servers that improve the load time of a website by caching (saving) content to deliver to the end user. As CDNs are located across the globe with hundreds of points of presence (PoPs), integrating with CDNs allows DataDome to process requests closer to the user’s location, allowing us to better mitigate the distributed attack.

CDN servers help distribute requests across the globe.

How does DataDome work with CDNs?

DataDome analyzes every request to your mobile app, website, and/or API in under 2 milliseconds and leverages keep-alive (also known as “persistent”) connections between the CDN and DataDome’s protection. Keep-alive connections help reduce the number of HTTP requests, and therefore speed up the web page in question.

At DataDome, all of our “CDN/at-the-edge” modules work the same way: Before reaching the CDN, an event is triggered and processes the DataDome logic. The module makes a call to the closest of DataDome’s 25 regional endpoints using a keep-alive connection. Depending on the API response, the DataDome module either blocks the request or allows the CDN to continue its regular processing.

DD CDN Process

Which CDN and at-the-edge platforms are supported by DataDome?

DataDome runs anywhere, in any cloud. Install DataDome in minutes with a simple piece of code optimized for your architecture. It’s compatible with all major web technologies, including multi-cloud and multi-CDN setups.

DataDome’s integration doesn’t require any architecture changes or DNS rerouting. You just set up our module depending on which CDN you are using—and you’re protected straight away.

We currently support several CDN/at-the-edge integrations:

Akamai Our module leverages Akamai EdgeWorker to protect any website or API.

We support both Akamai EdgeWorker Basic & Dynamic Tier.

  • Upload our EdgeWorker code.
  • Configure your Akamai Property to send dynamic requests to the DataDome EdgeWorker module.
  • You are now protected!
AWS CloudFront Lambda@Edge Our module leverages Cloudflare Worker CloudFront Lambda@Edge to protect your origin.

We support both Node.js and Python languages.

  • Upload our Lambda code.
  • Add a trigger for the existing distribution you want to protect.
  • Deploy it to Lambda@Edge.
  • You are now protected!
Cloudflare Our module leverages Cloudflare Worker to add our protection logic and protect any website. 
  • Search for DataDome inside Cloudflare Apps.
  • Log into or register your DataDome account.
  • Deploy the protection by clicking on “Install on all pages”.
  • You are now protected!
Fastly Our module leverages the Fastly snippet, which is perfect for adding DataDome protection inside your existing Fastly configuration in minutes!
  • Clone your existing configuration.
  • Copy/Paste our VCL Snippet in your service configuration and activate the service.
  • You are now protected!

    We also provide a terraform integration if you prefer to deploy our module with IAC (infrastructure as code).
Vercel Edge Functions Our module leverages Vercel edge Functions to integrate DataDome protection.


  • Update your application code with our sample code.
  • Deploy your application.
  • You are now protected!

We will continue to expand our integrations at the edge with other CDN providers to make it easy for our customers to get the best bot and online fraud protection—wherever they need it. Stay tuned!

*** This is a Security Bloggers Network syndicated blog from DataDome authored by DataDome. Read the original post at: