http:
and https:
are valid.A content delivery network (CDN) is a service that offers a large distributed network of web servers to increase a web site's availability and performance. This page describes...
TODO: Decide whether to mention some of the easier CDNs like CloudFront, CacheFly, and Rackspace Cloud Files. In this case, "easy" means "easy for HTTPS Everywhere ruleset writing" in the sense that the domain name is sufficient to identify the bucket.
Shared SSL uses the domain a248.e.akamai.net
.
The first subfolder may be the hostname of the origin server (but not always; TODO: explain findings here)
edgekey.net (supports https on custom domain names)
akamaihd.net (*-a.akamaihd.net generally supports HTTPS, but *-f. is used for streaming video and does not (returning 403))
(TODO finish this)
Akamai also owns various domains containing edgesuite
. Most of these do not have valid certificates.
Obsolete |
---|
The HTTPS Everywhere ruleset that contains the |
The type of account that supports shared SSL uses URLs such as
{subdomain}.edgecastcdn.net/{flags}{bucket_id}/{rest_of_path}
Subdomains that validly support HTTPS include at least wac
, ne
, ne1.wpc
, ne.wac
, gp1.wac
, gs1.wac
, and nothing at all (that is, the domain consists entirely of the two levels edgecastcdn.net
). Those that present mismatched certificates include wac.{bucket-id}
(content also on gp1.wac
and gs1.wac
[and possibly also wac
depending on bucket?], but only when flags is 00
); wpc.{bucket-id}
(content also on ne1.wpc
and possibly ne
).
(TODO: Some canonical names are subdomains of v[1-4]cdn.net
instead.)
flags may be 00
or 80
. It is probable that 80
means "pull from customer-defined origin server" and 00
means "push" (i.e., customer uses FTP or a secured version thereof to upload files to an EdgeCast-owned staging server).
bucket_id consists of four hexadecimal digits; letters are capitalized where this appears in the path.
The first folder in rest_of_path may(?) be the hostname of the origin server (if flags is 80
?).
When custom domain names are used (for unencrypted HTTP), the CNAME chain points from the custom name to /w[ap]c\.{bucket-id}\.edgecastcdn\.net
/ and then to a domain of the form mentioned above.
For the service tier that allows HTTPS on custom domain names, the canonical names are usually of the form /cs\d+\.w[ap]c\.edgecastcdn\.net
/. The service tier that allows whole-site acceleration with HTTPS uses /cs\d+\.adn\.edgecastcdn\.net
/. Between two and three digits (inclusive) have been observed; it is unknown whether leading zeros are ever used.
("ADN" may be an abbreviation for "Application Delivery Network". Note that this abbreviation is also used for some service tiers that don't support custom HTTPS)
As an exception, some premium accounts have their domains handled via the SubjectAltName fields in the same certificates that cover the shared-SSL domains.