Configure a Zone

Before you can configure a zone, the zone must be created and verified. When you configure a zone, the settings apply to all hostnames within the zone, regardless of where the hostname was configured (instance or realm).

Zone settings are organized into three groups:

To configure a zone, perform the following steps:

  1. Select Administration > Sites > Embedded CDN Settings > Configure Zones.
    If there's no embedded CDN enabled for your instance, you see the message: The embedded CDN has not been enabled.
    A slider opens from the right side of the page. The slider contains an entry for each zone listed on the page.
  2. Click the Verified label to see the verification record.

    For example, the Verification Value is cloudflare-verify.redcliff.de INTXT '123456789-87654321'.

    This value enables you to communicate with the provider after a forced verification, or if you delete the record and need to replace it, regardless of whether the zones have already been verified.

  3. Select a zone.
  4. In the slider, click Crypto. Here you can
    1. (Optional) Add a certificate to a zone or add a certificate to a proxy zone
    2. (Optional) Set a TLS level. Enabling TLS 1.3 (beta) enables the TLS 1.3 protocol based on the latest IETF drafts. TLS 1.3 is only supported on a limited number of browsers. This setting isn't recommended for Production environments.
  5. In the slider, click Firewall.
    1. Specify the Security Level.

      The Security Level uses the IP reputation of a visitor to decide whether to present a challenge. When challenged, a visitor solves a CAPTCHA before logging in. The IP reputation is calculated by an internal algorithm. The following are the security levels:

      • Low: Threat scores greater than 24 are challenged.
      • Medium: Threat scores greater than 14 are challenged.
      • High: Threat scores greater than 0 are challenged.
      • Under Attack: All visitors are challenged.
        Note: Under Attack mode presents a CAPTCHA to every unique user before they're allowed to see the storefront. Use this mode only as a last chance effort to stop an attempted DDoS attack.

      Adjust the Security Level for your domain in the Firewall app.

    2. (Optional) In the Firewall> section, click Add Group.

      The Add Group button lets you define a whitelisting group. A whitelisting group specifies a set of IP addresses that should be whitelisted by the embedded CDN.

      If an IP address is whitelisted, the address is never blocked by the embedded CDN.

      Configuring whitelist groups is important if you have an external CDN deployed in front of the embedded CDN. By whitelisting the IP addresses of your external CDN, you ensure that the embedded CDN doesn't misinterpret a large number of requests from a small set of IP addresses as a Denial of Service (DoS) attack.

      When you click Add Group, the Add Group window opens.
    3. Select a value in the Scope field.

      Possible values are as follows:

      • Global: The embedded CDN applies the whitelist to all zones in your organization.
      • Zone: The embedded CDN applies the whitelist only to the current zone.
    4. In the Group Name field, enter a name for the whitelisting group.
    5. In the Records field, enter one or more IP address records.
      You can specify one record per line. A record consists of an IPv4 IP address or a range of IPv4 addresses in CIDR (Classless Inter-Domain Routing) format. If you use CIDR format, the embedded CDN only accepts block sizes of /16 and /24.
    6. Click Validate to validate and save your whitelist group, or Cancel to discard your changes.
  6. In the slider, click Speed.
    1. (Optional) In the Auto Minify section, select one or more of the following options:
      • JavaScript
      • CSS
      • HTML

      These options control if the eCDN removes unnecessary characters (such as whitespace or comments) from JavaScript, CSS, and HTML responses.

      Removing these characters can reduce the amount of data to be transferred and thus improve page load time.

      Even though this feature shouldn't change functionality, you should test your site with minification enabled before you enable it for zones with production traffic.

      Note: The feature only works on eCDN responses. Third-party scripts and code are not minified.
      Note: For cached responses: the cache must expire before the settings are reflected. The eCDN does not separately cache minified responses. Code will only be minified if it is W3C compliant.
    2. (Optional) In the Polish Level section, select one of the following values:
      • Polish Level Off: Doesn't modify image files.
      • Polish Level Basic: Reduces the size of image files without impacting visual quality. This option removes metadata for PNG, GIF, and JPEG files. It also results in lossless compression of PNG and GIF files.
      • Polish Level Basic+JPEG: In addition to the features included in the basic level, the file size of JPEG images is reduced using lossy compression, which can reduce visual quality. Large JPEG images are converted to progressive images. Visitors see an increasingly detailed image as the file is downloaded. The functionality is only applied to images served through the embedded CDN, that is, images served by the Commerce Cloud instance and Dynamic Imaging Service (DIS). Images retrieved from third-party sites are not modified.

      The polish level applies to all images served from hostnames within the zone. It isn't possible to use different polish levels for different images or a device type-specific polish level. Commerce Cloud recommends that you test a new Polish Level with a zone without production traffic before you enable it for a zone with production traffic.

    3. Also in the Polish Level section, you can check WebP for WebP image support.
      Cloudflare supports the WebP image format, which can be used with supported clients for additional performance benefits. See Cloudflare documentation.
  7. In the slider, click Customize.
    1. In the Custom Pages: 500 Class Errors section, enter the URL for an HTML page you want shown when the embedded CDN generates a 500 class error.
      The HTML page must embed the 500 error class token (for example, <p>::CLOUDFLARE_ERROR_500S_BOX::</p>).
    2. In the Custom Pages: 1000 Class Errors section, enter the URL for an HTML page you want shown when the embedded CDN generates a 1000 class error.
      The HTML page must embed the 500 error class token (for example, <p>::CLOUDFLARE_ERROR_1000S_BOX::</p>).
    Click Preview to see what an error page looks like when it's shown to a site visitor. Click Publish to inform the embedded CDN that this page is ready to be used for all subdomains in the zone. To set a new eCDN custom error page, the page template must be made available under a publicly accessible URL. You can use the Commerce Cloud instance for that. During the publishing step, the eCDN downloads the error page template and stores it in their infrastructure. You must repeat the publishing step whenever the template changes.