Configure a Zone
When you configure a zone, the settings apply to all hostnames within the zone, regardless of where the hostname was configured (instance or realm).
Zone settings are organized into four categories:
Category | Description |
---|---|
Crypto | Contains settings related to security and cryptography, such as SSL/TLS and certificates. |
Firewall | Contains settings related to trusted IP list. |
Speed | Contains settings related to the speed of your ecommerce site, such as minification and polish (reducing the size of images). |
Customize | Contains settings related to the creation of custom HTML pages used for errors from the embedded CDN. |
To configure a zone:
-
Select Administration > Sites > Embedded CDN Settings > Configure Zones.
Note:
If there's no embedded CDN enabled for your instance, the following message appears:
The embedded CDN has not been enabled
.A slider opens from the right side of the page. The slider contains an entry for each zone listed on the page. -
To see the verification record, click the Verified label.
For example, the Verification Value is
cloudflare-verify.redcliff.de INTXT '123456789-87654321'
.The verification value enables communication with the provider after a forced verification, regardless of whether the zones have already been verified. The value also enables you to replace the record if you deleted it.
- Select a zone.
-
In the slider, click Crypto.
- Add a certificate to a zone or add a certificate to a proxy zone.
- (Optional) Set a TLS level. This setting enables the TLS 1.3 protocol. If the requesting browser does not support TLS 1.3, it typically falls back to using the TLS 1.2 protocol.
- (Optional) Configure HSTS. This option appears only after you enable the HSTS feature switch.
-
In the slider, click Firewall.
-
Specify a Security Level.
Security Level Description Low Threat scores greater than 24 are challenged. Medium Threat scores greater than 14 are challenged. High Threat scores greater than 0 are challenged. Under Attack All visitors are challenged. Note: Under Attack mode presents a CAPTCHA to every unique user before they're allowed to see the storefront. During an attempted DDoS attack, use this mode only as a last resort to stop the attack.The Security Level uses the IP reputation of a visitor to decide whether to present a challenge. When challenged, a visitor solves a CAPTCHA before logging in. An internal algorithm calculates the IP reputation.
- Adjust the Security Level for your domain in the Firewall app.
-
(Optional) In the Firewall section, click Add
Group.
The Add Group window opens.
The Add Group button enables you to define an trusted IP list group. An trusted IP list group specifies a set of IP addresses that the eCDN never blocks.
Configuring trusted IP list groups is useful when you have an external CDN deployed in front of the eCDN. Addin IP addresses of your external CDN to the trusted IP list ensures against misinterpreting numerous requests from small sets of IP addresses as a Denial of Service (DoS) attack.
-
Select a value in the Scope field.
Scope Value Description Global The eCDN applies the trusted IP list to all zones in your organization. Zone The eCDN applies the trusted IP list only to the current zone. - In the Group Name field, enter a name for the trusted IP listing.
-
In the Records field, enter one or more IP address
records.
You can specify one record per line. A record consists of a single IPv4 address or a range of IPv4 addresses in CIDR (Classless Inter-Domain Routing) format. If you use CIDR format, the embedded CDN accepts only /16 and /24 subnets.
- To validate and save your trusted IP list group, click Validate.
-
Specify a Security Level.
-
In the slider, click Speed.
-
(Optional) In the Auto Minify section, select one or more response types
(JavaScript, CSS, or HTML).
Minification controls whether the eCDN removes unnecessary characters (for example, extra space or comments) from selected response types. Removing unnecessary characters can reduce the amount of transferred data and improve page load time.
When using minification, keep the following in mind:
- Minification works only on eCDN responses. Third-party scripts and code are not minified.
- For cached responses, the cache must expire before settings are reflected. The eCDN does not separately cache minified responses.
- Code is minified only if it is W3C compliant.
- We recommend that you test your site with minification enabled before you enable it for zones with production traffic.
-
(Optional) In the Polish Level section, select one of the following options:
Polish Level Option Action Polish Level Off No images modification occurs. Polish Level Basic Image file size is reduced without impacting visual quality. This option removes metadata for PNG, GIF, and JPEG files. It also results in lossless compression of PNG and GIF files. Polish Level Basic+JPEG In addition to the actions for the basic level, file size of JPEG images is reduced using lossy compression, which can reduce visual quality. Large JPEG images are converted to progressive images (site visitors see an increasingly detailed image as the file is downloaded). This functionality is applied only to images served through the eCDN (that is, images served by the Commerce Cloud instance and Dynamic Imaging Service [DIS}). Images retrieved from third-party sites are not modified. The polish level applies to all images served from hostnames within the zone. It isn't possible to use different polish levels for different images or a device type-specific polish level. We recommend that you test a new Polish Level with a zone without production traffic before you enable it for a zone with production traffic.
-
(Optional) In the Polish Level section, check WebP to enable
WebP image support.
The eCDN supports the
WebP
image format, which can be used with supported clients for added performance benefits.
-
(Optional) In the Auto Minify section, select one or more response types
(JavaScript, CSS, or HTML).
-
In the slider, click Customize.
-
In the Custom Pages: 500 Class Errors section, enter the URL for an HTML page you
want shown when the embedded CDN generates a 500 class error.
The HTML page must embed the 500 error class token (for example,
<p>::CLOUDFLARE_ERROR_500S_BOX::</p>
). -
In the Custom Pages: 1000 Class Errors section, enter the URL for an HTML page you
want shown when the embedded CDN generates a 1000 class error.
The HTML page must embed the 500 error class token (for example,
<p>::CLOUDFLARE_ERROR_1000S_BOX::</p>
).
-
In the Custom Pages: 500 Class Errors section, enter the URL for an HTML page you
want shown when the embedded CDN generates a 500 class error.
- To see what an error page looks like when it's shown to a site visitor, click Preview.
-
To inform eCDN that this page is ready to be used for all subdomains in the zone, click
Publish.
To set a new eCDN custom error page, you can use the Commerce Cloud instance to make the page template available under a publicly accessible URL. During the publishing step, the eCDN downloads the error page template and stores it in the infrastructure.Note: Repeat the publishing step whenever the template changes.
Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.