How to enforce a CDN server location


Is there a way to enforce the use of a specific CDN location based on the location of the end user? One of my customer’s has a pro account; users are in Turkey, the server is Frankfurt but the CDN ends up being a 3rd location.

Which account type can do an enforcement like this through which type of configuration?

Per privacy rules, we can’t let traffic to cross country boundaries so that’s kind of a deal breaker for us if it is not possible.

Cloudflare doesn’t allow you to choose which data centers host your content that I’m aware of - at least, not without striking an Enterprise plan and specifically requesting only a specific data center handle your requests (this isn’t a config option for Enterprise accounts so you would need to specifically ask for it during contract negotiation).

The way traffic reaches Cloudflare varies based on a lot of factors, but load (relative to the capacity of the DC) being the most important one. Chances are that the Istanbul data center is quite small so most of the time it can’t handle much traffic, thus routing most non-enterprise customers’ websites out to other data centers that can handle the traffic.

Not exactly easy if your server is in Germany and your users are in Turkey. If you’re enforcing HTTPS and your SSL mode is ‘full (strict)’ you can be certain that the traffic traversing countries is encrypted and not readable by any of the intermediate countries, regardless of which Cloudflare DC your users connect to.

If you don’t want even Cloudflare to be able to read your data, then you’d need to use the Enterprise-grade Spectrum product to tunnel regular TCP connections instead of using Cloudflare’s main offerings which do intercept and decrypt/re-encrypt traffic to your site.

Hi Judge thanks for the response. The ‘germany’ case was jusy an example, the country crossing thing is for another project Im planning for right now. It seems cloudflare cant be used with that unless its ab enteprise account :confused:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.