Skip navigation
All Places > In the Limelight Blog > Authors wrotch

In the Limelight Blog

3 Posts authored by: wrotch

Deep Dive on Rules at the Edge

Posted by wrotch Jul 19, 2016

Limelight customers can benefit from the speed of self-service and the customized power of using rules to accomplish specialized tasks at the network edge.  


Limelight supports a large number of standard configurations for Web Site and App Acceleration content, and most times this allows customers to tailor the delivery of content to their specific needs. But sometimes, more powerful customer-specific logic is needed to be successful. At Limelight, this is accomplished via what we refer to as Rules at the Edge.


The primary benefit of using Rules at the Edge is being able to apply logic at the edge in support of a diverse set of business use cases. Rules provide an enterprise customer the ability to offload complex data manipulation or enrichment tasks to Limelight edge servers, saving them from having to do it as part of their website infrastructure.  What’s done with those rules is customer-specific.




In June, Limelight released new support for configuration of Web Site and App Acceleration services, including a feature called Rules at the Edge. Customers who use self-service configuration benefit from maintaining full control over the process and seeing their changes implemented in our global the network of edge servers in less than 30 minutes.


Rules at Edge screenshot.png


Examples of Using Rules at the Edge


If you are a web developer or are responsible for configuring your website properties, the following information should help you to understand the direct impact of Rules at the Edge. Let’s look at a few ‘real world’ examples of how our customers use rules.

  1. Doing GEO lookups and using the results: Through basic configuration and a feature we call IP Access Control, customers can whitelist or blacklist requests based on the geography of the requester. Sometimes, however, a customer wants to use the GEO information to accomplish more than simply allowing or blocking requests. This is where rules can be helpful. For example, say you had a global logistics company that had different content to display based on the country of the requester. Rather than directing the user to some landing page and requiring them to choose a country first, rules can be used to look up the country of the requester and return content specific to that country.
  2. Working with Cross Origin Resource Sharing (CORS) headers: CORS headers are used to manage and control what content can be sourced cross-origin. Rules at the edge can view the origin specified in a request and, for example, look this up dynamically against a list of ‘approved’ origins. If allowed, the response can contain an allow_origin value of that origin and if not on the approved list it can allow it but redirect the allow_origin header value to a different destination.  All of this means rules at the edge can provide custom logic run at the edge to set allow or deny values in CORS headers.
  3. Manipulating cache keys to optimize content delivery: Using rules to manipulate cache keys can reduce the number of copies of content the edge may need to hold, at the same time increasing cache efficiency, reducing storage requirements, and reducing the amount of traffic back to a customer’s origin. For example, let’s say a family of e-commerce sites are all selling the same item with associated photo and video content. Rules at the edge can be used to translate a series of requests, say for and, making these requests all point to the same single object regardless of which of many domains are requested.
  4. Setting content expiration: Sometimes rules are used to assist a customer with managing the expiration times of content. Rules can be used by the edge server to insert a content Time to Live (TTL) value for the content so that this does not have to be managed by the customer or at origin.
  5. Controlling whether or not cached content should be returned: An example of this would be using rules to override the fact that normally if cookies are associated with a request you might assume the content was dynamic and needed to come from origin. But in some cases you wish to pull the object from cache regardless of the presence of a cookie.


These are just some of the many possible uses for rules. With the use of a lightweight and efficient scripting language deployed on edge servers, many things are possible. If you think you may benefit from Rules at the Edge, or want more information on types of rules that can be created, please contact your Limelight Account Manager or Solutions Engineer.

Today we went live with a new generation of our Self Service portal called Control 3.  This is the result of nearly two years (and counting) of research, design, and development focused on improving the user experience of the site.

Control3_Dashboard w border.png

New Control 3 Customer Dashboard

Here's a look at some of the benefits being delivered in this new portal:

  • Fresh new look and navigation — CONTROL 3 supports adaptable screen layout, new navigation tabs representing activities, and better search capabilities.
  • Full redesign of configuration — An improved layout and workflow makes it easier and faster to create configuration changes.
  • Full redesign of SmartPurge — Our best-in-class SmartPurge product has gotten even better with completely redesigned screens featuring easier definition of templates and clearer display of purge statistics.
  • Improved reports — Numerous improvements to existing reports make them easier to use. Later in 2016 you can expect a full reports redesign featuring even more substantial improvements.

If you are a customer with a Control user account you can go to today and try out the new application.   If you don't yet have an account- simply ask your Limelight Account Manager to help you set one up.

The market is flush with security solutions promising to protect businesses from DDoS attacks. So why bother developing a new one?


After speaking with content providers across industries, we identified some common (and troublesome) pitfalls of available solutions:


  • DDoS protection services are often architected to react to DDoS attacks after they hit, rather than avoiding the pain altogether
  • Solutions that are not performance-minded can degrade performance, especially in "peacetime"
  • Premise-based solutions have the potential to require significant up front CAPEX
  • Some mitigation solutions are a ‘black box’ that do not provide critical real-time insight


These pitfalls are more than an annoyance; they can cost businesses precious dollars in lost revenue and ongoing maintenance fees, and create a significant distraction to high-value employees’ time.


Limelight developed DDoS Attack Interceptor as part of the Orchestrate 3.0 platform upgrade to mitigate the growing DDoS threat… without compromising business objectives.


Organizations that deploy DDoS Attack Interceptor have a significant advantage over organizations that deploy standard market solutions:


1. Proactive detection to avoid downtime (not just recovery)

Obviously, detection is critical to a strong DDoS solution. If you cannot detect an attack, how can you protect against it? DDoS Attack Interceptor is one of the smartest solutions out there. Always-on detection at the edge can see an attack before it hits. Additionally, behavior-based techniques can trap application attacks that are more subtle and can’t be spotted by simply monitoring traffic volumes.  After all, a flash crowd after a viral advertisement may look very much like a DDoS attack unless you view them through a behavior-based lens.


2. High website and application performance

No business wants to risk downtime. While a DDoS attack can bring you down for hours, the performance delays caused by always-on scrubbing solutions add up as well—slower web site performance that can translate directly into lower audience engagement. Unfortunately, “always-on” scrubbing solutions commonly force traffic through a small number of data centers to scrub in-line. Limelight detection satisfies our customers’ always-on requirement without the peacetime performance penalty that many solutions impose.


3. Scalable cloud capacity

Using a cloud-based solution for detection and mitigation provides sufficient capacity to fight the largest of attacks without requiring customers to invest in installing and maintaining on-premise hardware.  And it has the added benefit of preventing bill shock that can result from attack traffic which if "absorbed" by a CDN (rather than diverted to scrubbing), could cause an unusually high CDN bill.


4. Real-time attack insight

In today’s online world, real-time information is critical to decision making. In the event of an attack, Limelight customers see exactly what kind of attack is going on, how large the attack is, and how it is being mitigated. A post-attack summary provides a permanent record of what happened.


Customers count on CDNs like Limelight Networks to keep content online no matter what—even when the content is under attack. But it should never come at the cost of the business. DDoS Attack Interceptor is a new kind of security solution, meant to protect your content cost-effectively at all times without sacrificing performance.


Questions? I am eager to hear about your experiences with DDoS Attacks and what security challenges you expect to face this year. Reach me at