How to defend against Account Takeovers
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
Support FAQ
An edge server is infrastructure close to users that handles web delivery work before a request reaches the origin. In a CDN, the edge may terminate TLS, check cache, apply security rules, normalize requests, compress responses, redirect traffic, run lightweight logic, and forward cache misses to the origin. The "server" may be a single machine in simple explanations, but in practice it is usually a cluster of systems operating as a nearby service location.
The edge exists to reduce distance and reduce unnecessary origin work. If a user requests a cacheable image, the edge can serve it without crossing the world. If a request is malicious, the edge can block it before it consumes application resources. If a request needs the origin, the edge can still improve the path by reusing connections, enforcing policy, and adding useful request context.
A typical request arrives at the edge after DNS or anycast routing sends the user to a suitable CDN location. The edge negotiates TLS and protocol details, then evaluates request rules. It may redirect HTTP to HTTPS, normalize the host or path, drop unwanted headers, apply bot or WAF policy, and decide whether the method and route are cacheable.
If the response is already cached and fresh, the edge sends it directly to the user. If the object is not cached, expired, or intentionally bypassed, the edge opens or reuses an upstream connection to the origin or to another cache layer. When the origin response returns, the edge decides whether to store it, how long to keep it, which request attributes belong in the cache key, and which headers should be sent back to the visitor.
This path is why edge behavior should be observable. Response headers and logs should show whether the request was a hit, miss, bypass, revalidation, block, redirect, or origin error. Without that evidence, teams often guess whether the edge helped, hurt, or simply passed the request through.
Edge servers are well suited to work that benefits from proximity or early enforcement. Common examples include static asset caching, public HTML caching, TLS termination, compression, image or media delivery, simple redirects, request normalization, WAF checks, bot filtering, rate limiting, and geographic routing. These tasks are useful because they happen before the origin spends CPU, database, or bandwidth.
Some application logic can also run at the edge, but it should be chosen carefully. Lightweight decisions based on path, headers, cookies, language, or geography can be effective. Heavy computation, complex personalization, large database joins, and stateful workflows usually belong closer to the application unless the architecture has been designed around edge data and consistency.
The boundary matters for security. The edge should not become an undocumented second application where critical behavior lives without code review, tests, or rollback. If edge rules decide authentication, authorization, routing, or data exposure, they need the same discipline as application code.
The strongest performance gains come from cache hits. A nearby response avoids origin latency, application processing, and often cloud egress. Even cache misses can improve when the edge keeps persistent upstream connections, uses optimized network routes, or sends misses through a shield cache that reduces duplicate origin fetches.
Edge servers can also reduce browser work. They can negotiate modern protocols, compress text responses, serve smaller variants, and avoid unnecessary redirects. Small improvements early in the request path can compound across a page with many resources.
However, edge presence does not guarantee speed. A request that always bypasses cache and must reach a distant origin may still be slow. A bad cache key can turn a cacheable workload into repeated misses. A regional edge problem can affect only some users, making global averages look normal.
Ask practical questions rather than assuming the edge is helping:
The answers should be route-specific. Static assets, marketing pages, APIs, login, checkout, uploads, and admin paths have different performance and security needs. A single edge policy for all paths is usually either too weak for sensitive flows or too conservative for cacheable content.
Edge servers can amplify configuration mistakes. A broad cache rule can store private content. A narrow cache key can serve the wrong response. A broad bypass rule can send too much traffic to origin. A stale object can hide a production fix. A redirect rule can loop with the application. A security rule can block real users or third-party callbacks.
Regional inconsistency is another common issue. A change may roll out to some locations before others, a cache may be warm in one region and cold in another, or a routing decision may send one ISP to a degraded path. This is why troubleshooting should include tests from multiple regions and networks.
Origin exposure is a security failure that edge deployments sometimes miss. If attackers can reach the origin directly, they can avoid the edge controls that were supposed to protect the application. The origin should reject unapproved paths through network policy, authenticated origin pulls, mutual TLS, or another deliberate control.
Edge configuration changes should be managed as production changes. Cache rules, security policies, redirects, header transforms, origin pools, and edge code can all change user-visible behavior. Keep ownership clear and avoid letting one team change a rule that silently breaks another team's route.
Monitor cache status, edge latency, origin latency, origin request rate, status codes, rule actions, TLS errors, regional availability, and purge volume. Link edge request IDs to origin logs where possible. During incidents, this lets teams identify whether the edge served a cached response, blocked a request, retried an origin, or passed through an application error.
An edge server is most valuable when its role is explicit. It should make common responses faster, reject unwanted traffic earlier, and keep the origin focused on work only the origin can do. Used carelessly, it becomes another hidden layer. Used deliberately, it is one of the most important controls in modern web delivery.
Learn about account takeover threats, protection strategies, and detection methods to secure your digital accounts and prevent unauthorised access.
An overview of Account Takeover Attacks
A practical reference for common AI crawler user agents, operators, purposes, and recommended Peakhour bot-management actions.
AI For Cybersecurity explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Image Generation explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
AI Misuse explains the concept in the context of AI security, with practical checks and mitigation considerations for site operators.
© PEAKHOUR.IO PTY LTD 2026 ABN 76 619 930 826 All rights reserved.