Edge

Getting started with Acquia Edge Powered by Cloudflare

Important

If you are a new customer who started with Acquia Edge after January 1, 2021, see Understanding a managed CNAME setup.

The process of getting started with Acquia Edge Powered by Cloudflare requires that you prepare your application by making changes to the following settings:

Configuring your domain settings

As part of Acquia Edge, your team must configure your DNS using either of the following methods:

  • Authoritative DNS (Full setup) requires you to:

    • Move your DNS to Acquia Edge which becomes your full, authoritative DNS service.

    • Add your domain to Acquia Edge and update your name servers to the name servers Acquia Edge provides.

    • Manually add subdomains to your DNS records with Acquia Edge.

    For more information, see Authoritative DNS Implementation on Acquia Academy.

  • Partial CNAME setup requires:

    • No changes to your DNS or DNS provider.

    • Authoritative DNS remains outside of Acquia Edge.

    • Subdomains (such as www.domain.com) point to Acquia Edge using a CNAME record.

    For more information about this method, see CNAME DNS Implementation on Acquia Academy.

    To send traffic for your bare domain to Acquia Edge, add a redirect on your webserver using a .htaccess file to forward traffic to the subdomains you have proxied through Acquia Edge.

    Limitations of the Partial CNAME setup

    Domains using the Partial CNAME setup for Acquia Edge have the following limitations:

    • Distributed denial of service (DDoS) protection for attacks against DNS infrastructure is available only for the domain records you delegate to Acquia Edge.

    • Security and acceleration benefits are available only for the subdomain records (such as www.example.com) you delegate to Acquia Edge. Bare, or root, domains (such as example.com) cannot be protected or accelerated using Acquia Edge due to the DNS RFC (Request for Comment) 1033, which requires root domains to use A records instead of CNAMEs.

Configuring your SSL settings

When setting up Acquia Edge, your team must configure your SSL settings, and the SSL option you select depends on the nature of your website’s content. Use the information in the following table to help you select the appropriate SSL option for your needs:

SSL Option

Description

Off

For websites that don’t contain sensitive information (such as a personal blog), the Off option will normally suffice, due to secure connections not being required.

Flexible

Acquia does not recommend the Flexible option if your website stores any sensitive information.
Although selecting this option may seem to be safe, doing so can lead to security risks. With this setting enabled, a fully-secure connection exists only between the visitor and Acquia Edge; not between Acquia Edge and your origin server.
Visitors will access your website using HTTPS and assume there is a fully-secure connection, which isn’t the case. With the website indicated as secure, a user may share personal or sensitive information, which puts the user at risk of disclosing secure information over an insecure connection.

Full, Full (strict)

For use with any website that contains sensitive information. Acquia recommends at least the use of Full, if not Full (strict). The Full (strict) option is the most secure option because it requires a valid and certificate authority-signed SSL certificate, which ensures the maximum level of certificate authenticity.