Pantheon Community

Now live: Advanced CDN!

Hey, y’all!

We’re pleased to announce the launch of our Advanced CDN!

Advanced Global CDN extends our Global CDN offering—both powered by Fastly.

  • Manage groups of websites without subdomains and unlock personalization and targeted messaging at scale.
  • Let teams drive growth by enabling iterative testing and WebOps (website operations).
  • Regain control over messaging and intellectual property with location-based blocking and redirection, a customizable WAF (web application firewall), and IP blacklisting.

Learn more here!

Happy Thursday! :pantheon:


So Pantheon plans automatically have Global CDN, but if we want Advanced Global CDN or Advanced Global CDN + WAF/IO, we need to contact sales? I just wonder what the cost looks like (cue the if you have to ask… saying ;)).

The cost varies depends on the need, but the floor is fairly high at the moment (as are most things that require a “contact sales” process). Upwards of $500/mo to start, so definitely not for everyone. However, for sites that can really benefit from these features, it’s money well spent.

1 Like

The copy definitely seems to speak to IT, which may be the decision-makers/spenders in this case. But if I had to translate that to Marketing language to get buy-in from that set, I’m not sure what I’d have it say.

1 Like

That’s a fair point. To-date we’ve mostly been using the AGCDN in highly technical contexts.

There are a bunch of potential benefits for a marketing audience, but that mostly relates to brand consistency, performance, and the ability to handle cookies creatively.

In the future I’m hoping we’ll be able to showcase some of the more explicitly marketing-centric use-cases like content personalization, adtech proxying, etc. Stay tuned for more of that later in the year as we have case studies and examples.


Is that per site or for an agency?

1 Like

Per site.

There are ways to share one implementation across a portfolio, but we haven’t implemented that for any agencies so far. That’s only been done in a couple of special cases.

I’ve been under the impression since day 1 as a customer that we had OWASP & WAF. Did we and this changed or have I been wrong for 4 years?

Hi @joshkoenig

Can you help clarify some things here? It looks like security aspects of what sold us to Pantheon are being moved to the advanced CDN addons. Is this the case? I thought Pantheon already protected sites with OWASP & WAF rules, DDoS protection, and Bot mitigation. Or, are we saying this is only for the edge and not the origin? I just want to make sure I understand what the typical Pantheon plans are covering vs the Advanced Edge plans - which I feel should already be covered in Performance and up plans.

I also feel like charging customers for the advanced CDN in order to get edge logs is questionable. When the traffic at the edge counts against plan usage, and there’s no way for the customer to audit their traffic at the edge, how is it fair that Pantheon could auto upgrade accounts before giving customers a chance to figure out what’s going on with their traffic?

Hey Rob:

We always have and always will provide a lot of security benefits platform-wide as part of the Global CDN. Nothing has been “moved” to the AGDN as part of this release.

However, these are limited to things we can truly do platform-wide. Sites which require custom configurations should use the Advanced Global CDN option. For example, we mitigate a lot of malicious traffic globally (e.g. Drupal SA-2014-005), but dealing with sophisticated attacked that target a specific site’s implementation is different. This often requires shaping that site’s traffic in such a way that would not work for everyone and cannot be done globally.

As for the edge logs, these are not intended as a mechanism for monitoring traffic for pricing purposes. They are a real-time stream for organizations that are looking to ingest them into a system like Splunk. I’d refer specific questions about traffic limit enforcement to the existing thread on that topic. :wink: