Much of the digital content we consume is delivered by content delivery networks (CDNs), cloud hosting sites, and the like. Content providers create the content and pass the content to the CDN for optimized delivery to end users located throughout the world. Using a CDN allows a content provider to focus on content creation. The CDN manages the infrastructure and capacity used to deliver content provider content to users all over the world. CDNs provide other benefits including optimizing the delivery of content provider content while providing some level of security and protection against attack.
Optimized content delivery is based primarily on the CDN distribution infrastructure. CDNs deploy points-of-presence (PoPs) at different geographic regions. Each PoP typically includes multiple servers that serve different content provider content to end users located closest to the PoP. By reducing the geographic distance between the end user and where the content is located, end users are able to receive the content with less latency, packet loss, potential for network failure, etc. Other optimizations performed by the CDN include compressing content provider content before distribution and passing a version of content that is optimal for the end user device as determined from the device's screen resolution, network bandwidth, processing power, memory, etc.
CDN security is provided in the form of web application firewalls (WAFs). A WAF is a distributed firewall that the CDN invokes at each PoP where content provider content is accessible. The WAF detects and prevents various attacks directed to content provider content served by the CDN.
However, CDN security does not protect a content provider from security vulnerabilities that are present in the content provider's own content. For example, if the content provider's content is passed without encryption, then the CDN cannot prevent that content from being intercepted. Some such vulnerabilities arise because the content provider misconfigures or improperly sets security attributes that control how the content provider content is delivered, protected, or can be accessed or used by a recipient. Such issues can happen accidentally or because the content provider is unfamiliar with the available security attributes or does not know to properly configure or set the attributes for their own content. With the exception of some of the optimizations described above, the CDN passes content provider content as is. Accordingly, any security weaknesses and vulnerabilities that are inherent in the content provider content will be exposed to the end user receiving the content, allowing the end user to exploit those weaknesses and vulnerabilities if desired.
There is therefore a need to improve CDN security by addressing issues originating from within the content provider content. Specifically, there is a need for the CDN to correct misconfigurations and improperly set security attributes in the content provider content.