1. Home
  2. Docs
  3. Website Firewall
  4. Website Firewall
  5. Sucuri CDN

Sucuri CDN

Built-in the network, Sucuri CDN is responsible for caching your website on its edges automatically. With zero configuration, the CDN is able to speed your website by 70%.

You can find out the CDN edges locations on the Sucuri Firewall Locations article.

How Sucuri CDN Works

Let’s assume your hosting server is located at Los Angeles (USA). A Europe visitor from Paris (France) would need to travel the Atlantic to reach your hosting server, adding 0.1 to 0.3 seconds to the loading time of each asset of your website (images, icons, videos, JavaScript, CSS, etc). Depending on his/her Internet service provider, the connection could even go the way around and cross the Pacific, adding more time.

When a good CDN is in place, most of your website – if not all of (depends on the type of your website) – will be transferred directly from a PoP (point of presence) of the CDN, which is a fancy name for "one of the data centers" used by the CDN network.

In a few words, if the Sucuri Firewall was activated (and automatically the CDN as well), the Paris visitor would get the website assets from the Sucuri Firewall Europe data centers, decreasing the page load time and the server resource usage (such as bandwidth).


Discovering The Nearest Cluster

You don’t need to do anything to activate the CDN except for activating the Website Firewall itself, however you can discover which data center/cluster you’re accessing. There are a couple tools you could use, but the simplest one is a tool called curl.

If you are using Microsoft® Windows, install Git for Windows before proceeding.

Open the Terminal/Git for Windows and run the following command:

curl -IL http://yourdomain.com/

In this example, we’ll be requesting the HTTP headers of Sucuri KB. Don’t worry, although it seems technical, it’s pretty simple:

$ curl -IL https://kb.sucuri.net/
HTTP/2 200 
server: nginx
date: Wed, 27 Dec 2017 18:51:37 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-sucuri-cache: HIT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
x-sucuri-id: 14016

Here are the lines we need to pay attention to for the purpose of this article:

x-sucuri-cache: HIT
x-sucuri-id: 14016

According to "x-sucuri-cache" header, the page requested (kb.sucuri.net) was served straight from Sucuri CDN and answered by "14016" PoP (CDN edge). The first two digits (14) identify the PoP (CDN edge) reached, which was the Washington data center.

The curious part here is that Washington data center is not the closest one to my region, but it’s the data center with the best network connectivity and lower latency.

That’s what an Anycast CDN network does, it "guides" the connections to the PoP (CDN edge) with the best/shortest network path, which happens to be the closest data center most of the time. It also allows Sucuri’s engineers to re-route traffic in case of a maintenance or congestion with minimal or no impact.

Instead of using curl, you can also use a Visual Traceroute tool, such as The Dazzlepod IP Address Lookup and Monitis Visual Trace Route Tool, that with a certain success rate is able to demonstrate the network path on a map.

When opening a support ticket regarding blocks, connection issues, etc, you can inform which cluster you’re reaching to speed the troubleshooting process.

Was this article helpful to you?