Varnish Logo
SignupLogin
Varnish Logo

Securing your content

Read about how you can secure your content using Varnish CDN

Varnish CDN provides enterprise-grade security features designed to protect your origin and your users. Most of these protections can be enabled with a single toggle in your service configuration.

Data Sovereignty & Privacy

We prioritize European data privacy standards. Unlike many global providers, Varnish CDN is built with regional integrity in mind:

  • EU-Only Infrastructure: Currently, all our Points of Presence (PoPs) are located within Europe. This keeps your data within European jurisdiction and protects it from the US Cloud Act.
  • Opt-in Global Expansion: As we expand our network beyond Europe, your data will remain in the European region by default. Access to PoPs outside of Europe will be strictly opt-in, giving you total control over your data’s physical footprint.

DDoS Protection

All traffic on our network is covered by unmetered L3/L4 DDoS protection. We mitigate volumetric attacks at the edge, ensuring your site remains reachable even during massive, sustained traffic spikes.

Web Application Firewall (WAF)

Protect your applications from common vulnerabilities and exploits. We offer three tiers of WAF protection to match your security requirements:

  • Basic: Essential managed rulesets for common threats.
  • Standard: Industry-standard protection using the OWASP Core Rule Set.
  • Advanced: Premium, high-granularity managed rulesets for complex environments. Provided in cooperation with Atomicorp.

Bot Protection

Manage how automated traffic interacts with your site, from SEO crawlers to malicious scrapers.

  • Free: We verify that known bots (like Googlebot) are legitimate, preventing "bad actors" from spoofing "good bots."
  • Standard: Introduces a Proof of Work challenge. Visitors must solve a background computational task to prove they are a real user, effectively stopping most automated scripts.
  • Advanced: Full-scale behavioral analysis via our DataDome integration. This requires an existing DataDome account.

TLS & Encryption

Ensuring your traffic is encrypted in transit is a core requirement. We support two paths for TLS:

  • Managed TLS: We handle the issuance, renewal, and deployment of certificates for you.
  • Custom Certificates: You can "Bring Your Own Certificate" (BYOC) if your organization has specific compliance or CA requirements.

For a step-by-step guide on implementation, see the TLS Configuration page.

Routing Traffic

Connect your domain to Varnish CDN using CNAME or A/AAAA records and manage DNS-based verification and TLS issuance.

Invalidating Cache

Instantaneously clear cached content across the global edge network using manual purges or API-driven invalidation requests.