How to defend against Account Takeovers
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
Support FAQ
CDN load balancing improves reliability by moving origin selection closer to the delivery edge. Instead of every request going to one fixed backend, the CDN can choose from a pool of origins, test their health, send traffic to the best available target, and fail over when a target stops serving correctly.
This is different from ordinary server load balancing inside one data center. A CDN sees the public request first. It can combine edge routing, cache behavior, origin pools, health checks, traffic weights, and security policy before the request reaches an application server. That can make a site more resilient, but only if the failover path is as carefully designed as the happy path.
The first layer is edge reachability. A CDN usually has multiple points of presence, so users can reach an edge location even if another location has trouble. Anycast routing, DNS, and provider network policy influence which edge receives the request.
The second layer is cache availability. If a response is already cached and still acceptable to serve, the CDN may answer without contacting the origin. For public content, serving stale content during an origin incident can preserve a usable site while engineers repair the backend. For private or state-changing requests, serving stale content may be unsafe.
The third layer is origin selection. The CDN can route cache misses and dynamic requests to one of several origins. The policy might be active-active, active-passive, weighted, geography-based, latency-based, or priority-based. Each model has tradeoffs. Active-active can use capacity in several places, but it requires data consistency and equivalent security. Active-passive can be simpler, but the standby path must be warm enough to handle real traffic.
Health checks are the foundation of automated failover. A shallow check that only confirms a TCP connection or a generic 200 response may miss the failure users actually see. The application might accept connections while the database is down, a dependency is timing out, or checkout is broken.
Better checks exercise the route that matters. A public page check might validate status code, response body marker, TLS, and response time. An API check might confirm a read-only endpoint returns valid JSON. A health check should not create orders, mutate state, or depend on a fragile third-party service unless that dependency is truly required for the route being protected.
Health checks also need sensible thresholds. If the threshold is too sensitive, traffic can flap between origins. If it is too slow, users see avoidable errors. Recovery thresholds matter too: an origin should not receive full traffic the instant one check passes after a failure.
An origin pool should reflect capacity, data, and operational ownership. Two origins are not equivalent just because they can both serve HTTP. Check whether they have the same application version, database state, object storage, certificates, secrets, security rules, logging, and dependency access.
For static sites or read-heavy applications, multiple origins may be simple. For ecommerce, membership, publishing, or SaaS applications, origin selection can affect carts, sessions, inventory, search indexes, uploads, and admin workflows. Some applications need sticky sessions or shared session storage. Others need writes pinned to one region while reads can be distributed.
Weighted routing can support gradual migration or capacity balancing. For example, a team may send a small percentage of traffic to a new origin before increasing the weight. That only works if monitoring is broken down by origin. A global error-rate graph can hide a failing origin that receives only a small share of traffic.
The most common mistake is failing over to a weaker path. The backup origin may lack WAF rules, bot controls, rate limits, TLS settings, access restrictions, or current application code. During an incident, attackers and automated clients will find the weakest available path quickly.
Another failure mode is hidden shared dependency. Two origins may run in different regions but depend on the same database, DNS provider, object store, identity provider, or payment gateway. Load balancing does not remove a single point of failure unless the dependency path is also considered.
Cold standby capacity is also risky. A backup origin that has never handled production traffic may have empty caches, untested autoscaling, missing firewall rules, or slow database replicas. The first real failover then becomes a load test during an outage.
Cache behavior can complicate diagnosis. Users may see cached successes while dynamic routes fail, or one edge location may continue serving stale content while another has already shifted to the backup origin. That can be acceptable, but support and incident teams need to understand it.
Reliability should be tested deliberately. Run planned failover exercises for important routes. Disable an origin, drain traffic, simulate slow responses, test bad TLS, and confirm that the CDN marks the origin unhealthy for the right reason. Then restore the origin and watch how traffic returns.
Record expected behavior for each route. Public assets may be served stale. Public pages may use a backup origin. Authenticated APIs may fail closed. Uploads may be restricted during failover. Admin routes may stay on the primary region. These decisions should be written before the incident.
Use synthetic monitoring from multiple regions and real user monitoring from production traffic. Include the selected origin, edge location, cache status, response code, origin status, and request ID in logs. Without those fields, teams spend too much time asking whether the problem is at the CDN, network, origin, database, or application layer.
CDN load balancing is a production control plane. Changes to health checks, origin weights, failover order, DNS records, certificates, and bypass rules should have review and rollback steps. Access to those settings should be limited and audited.
Origin protection remains essential. If users can reach the origins directly, CDN health checks and security policy do not define the true delivery path. Restrict direct access where possible and keep backup hostnames out of public use unless they are intentionally protected.
The goal is not to make every request take the most complex path. It is to keep important user journeys available when individual components fail, while preserving correctness, security policy, and enough evidence to explain why traffic moved.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Misuse explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.