Configure a Zone

When you configure a zone, the settings apply to all hostnames within the zone, regardless of where the hostname was configured (instance or realm).

Note: Before you can configure a zone, the zone must be created and verified. See Create a Zone for details.

Zone settings are organized into four categories:

Category Description
Crypto Contains settings related to security and cryptography, such as SSL/TLS and certificates.
Firewall Contains settings related to IP allowlists.
Speed Contains settings related to the speed of your ecommerce site, such as minification and polish (reducing the size of images).
Customize Contains settings related to the creation of custom HTML pages used for errors from the embedded CDN.

To configure a zone:

  1. Select Administration > Sites > Embedded CDN Settings > Configure Zones.
    Note:

    If there's no embedded CDN enabled for your instance, the following message appears: The embedded CDN has not been enabled.

    A slider opens from the right side of the page. The slider contains an entry for each zone listed on the page.
  2. To see the verification record, click the Verified label.

    For example, the Verification Value is cloudflare-verify.redcliff.de INTXT '123456789-87654321'.

    The verification value enables communication with the provider after a forced verification, regardless of whether the zones have already been verified. The value also enables you to replace the record if you deleted it.

  3. Select a zone.
  4. In the slider, click Crypto.
    1. Add a certificate to a zone or add a certificate to a proxy zone.
    2. (Optional) Set a TLS level. Enabling TLS 1.3 (beta) enables the TLS 1.3 protocol based on the latest IETF drafts. TLS 1.3 is only supported on a limited number of browsers. This setting isn't recommended for Production environments.
    3. (Optional) Configure HSTS. This option appears only after you enable the HSTS feature switch.
  5. In the slider, click Firewall.
    1. Specify a Security Level.
      Security Level Description
      Low Threat scores greater than 24 are challenged.
      Medium Threat scores greater than 14 are challenged.
      High Threat scores greater than 0 are challenged.
      Under Attack All visitors are challenged.
      Note: Under Attack mode presents a CAPTCHA to every unique user before they're allowed to see the storefront. During an attempted DDoS attack, use this mode only as a last resort to stop the attack.

      The Security Level uses the IP reputation of a visitor to decide whether to present a challenge. When challenged, a visitor solves a CAPTCHA before logging in. An internal algorithm calculates the IP reputation.

    2. Adjust the Security Level for your domain in the Firewall app.
    3. (Optional) In the Firewall section, click Add Group.

      The Add Group window opens.

      The Add Group button enables you to define an allowlisting group. An allowlisting group specifies a set of IP addresses that the eCDN never blocks.

      Configuring allowlist groups is useful when you have an external CDN deployed in front of the eCDN. Allowlisting IP addresses of your external CDN ensures against misinterpreting numerous requests from small sets of IP addresses as a Denial of Service (DoS) attack.

    4. Select a value in the Scope field.
      Scope Value Description
      Global The eCDN applies the allowlist to all zones in your organization.
      Zone The eCDN applies the allowlist only to the current zone.
    5. In the Group Name field, enter a name for the allowlisting group.
    6. In the Records field, enter one or more IP address records.
      You can specify one record per line. A record consists of a single IPv4 address or a range of IPv4 addresses in CIDR (Classless Inter-Domain Routing) format. If you use CIDR format, the embedded CDN accepts only /16 and /24 subnets.
    7. To validate and save your allowlist group, click Validate.
  6. In the slider, click Speed.
    1. (Optional) In the Auto Minify section, select one or more response types (JavaScript, CSS, or HTML).

      Minification controls whether the eCDN removes unnecessary characters (for example, whitespace or comments) from selected response types. Removing unnecessary characters can reduce the amount of transferred data and improve page load time.

      When using minification, keep the following in mind:

      • Minification works only on eCDN responses. Third-party scripts and code are not minified.
      • For cached responses, the cache must expire before settings are reflected. The eCDN does not separately cache minified responses.
      • Code is minified only if it is W3C compliant.
      • We recommend that you test your site with minification enabled before you enable it for zones with production traffic.
    2. (Optional) In the Polish Level section, select one of the following options:
      Polish Level Option Action
      Polish Level Off No images modification occurs.
      Polish Level Basic Image file size is reduced without impacting visual quality. This option removes metadata for PNG, GIF, and JPEG files. It also results in lossless compression of PNG and GIF files.
      Polish Level Basic+JPEG In addition to the actions for the basic level, file size of JPEG images is reduced using lossy compression, which can reduce visual quality. Large JPEG images are converted to progressive images (site visitors see an increasingly detailed image as the file is downloaded). This functionality is applied only to images served through the eCDN (that is, images served by the Commerce Cloud instance and Dynamic Imaging Service [DIS}). Images retrieved from third-party sites are not modified.

      The polish level applies to all images served from hostnames within the zone. It isn't possible to use different polish levels for different images or a device type-specific polish level. We recommend that you test a new Polish Level with a zone without production traffic before you enable it for a zone with production traffic.

    3. (Optional) In the Polish Level section, check WebP to enable WebP image support.
      The eCDN supports the WebP image format, which can be used with supported clients for added performance benefits.
  7. In the slider, click Customize.
    1. In the Custom Pages: 500 Class Errors section, enter the URL for an HTML page you want shown when the embedded CDN generates a 500 class error.
      The HTML page must embed the 500 error class token (for example, <p>::CLOUDFLARE_ERROR_500S_BOX::</p>).
    2. In the Custom Pages: 1000 Class Errors section, enter the URL for an HTML page you want shown when the embedded CDN generates a 1000 class error.
      The HTML page must embed the 500 error class token (for example, <p>::CLOUDFLARE_ERROR_1000S_BOX::</p>).
  8. To see what an error page looks like when it's shown to a site visitor, click Preview.
  9. To inform eCDN that this page is ready to be used for all subdomains in the zone, click Publish.
    To set a new eCDN custom error page, you can use the Commerce Cloud instance to make the page template available under a publicly accessible URL. During the publishing step, the eCDN downloads the error page template and stores it in the infrastructure.
    Note: Repeat the publishing step whenever the template changes.
X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.