Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Looking for inexpensive IPv6 and HTTP/3 enabled CDN services
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking for inexpensive IPv6 and HTTP/3 enabled CDN services

fartfart Member
edited November 2023 in General

I'm on the hunt for a reliable CDN service for a website I run. The CDN should be reachable by users over IPv6, and preferably support HTTP/3 as well.

Cloudflare supports both, and it's free too, which would make them a great fit. However, it has a tendency to block requests that have SQL statements or shell scripts. Since my website is oriented towards developers and sysadmins, this ends up blocking their posts. It also tends to block users from accessing websites outright even at the lowest security level settings. There seems to be no way to control either of those behaviors.

I've been using Amazon Cloudfront for some time now, they do kinda have a free tier, but is quite pricey beyond that — I recently discovered I've been paying them $11 just to handle around ~35 million requests; the traffic is an additional cost on top.

BunnyCDN seemed promising; they don't have HTTP/3 support which I can work with, but they also seem to only support IPv6 in very few locations.

Essentially, what I'm hoping to find is a CDN provider which is free or relatively affordable (unlike Cloudfront) that at least supports IPv6 in most locations. HTTP/3 support is not strictly needed, but would be a great to have.

Thanks

Comments

  • lowendclientlowendclient Member

    Try some russian products
    gcore.com
    ddos-guard.net

  • sillycatsillycat Member

    @lowendclient said: ddos-guard.net

    Not free and certainly not relatively affordable.

    @lowendclient said: gcore.com

    This looks pretty promising...

    Thanked by 1fart
  • fartfart Member
    edited November 2023

    @sillycat said:

    @lowendclient said: gcore.com

    This looks pretty promising...

    Nice free tier and the SSL certificate took around an hour to apply, but they couldn't possibly be serious about having to renew SSL certificates manually.

    On IPv6 TLS connections seem to intermittently fail as well, these are two requests made in quick succession:

    ~ $ curl -v6 https://my.web.site 
*   Trying [2a03:90c0:999c::12]:443...
* Connected to my.web.site (2a03:90c0:999c::12) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, internal error (592):
* OpenSSL/3.1.4: error:0A000438:SSL routines::tlsv1 alert internal error
* Closing connection
curl: (35) OpenSSL/3.1.4: error:0A000438:SSL routines::tlsv1 alert internal error

~ $ curl -v6 https://my.web.site 
*   Trying [2a03:90c0:999c::12]:443...
* Connected to my.web.site (2a03:90c0:999c::12) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=my.web.site
*  start date: Nov  5 11:05:50 2023 GMT
*  expire date: Feb  3 11:05:49 2024 GMT
*  subjectAltName: host "my.web.site" matched cert's "my.web.site"
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.

    I think I'll pass on Gcore.

  • niranjanniranjan Member

    Akamai? Fastly? CDN77? Don't know if they have what they need but if you need reliability, you should go with them.

  • sillycatsillycat Member

    @niranjan said: Akamai

    No pricing page. It screams, "you are poor, find something else."

    @niranjan said: Fastly

    Has a minimum of $50 per month. It's neither free nor relatively affordable.

    @niranjan said: CDN77

    Bunny seems to be reselling CDN77 at an even cheaper price than CDN77.

  • fartfart Member

    @niranjan said: CDN77

    Just had a chat with their support. Seems like I need to pay a minimum of $199.

    @sillycat said: Bunny seems to be reselling CDN77

    As I understand they use servers from Datapacket which also owns CDN77, but otherwise isn't a reseller.

    At this point, I do kinda see why Cloudflare has a lot of customers; they seem to be the only CDN service at a reasonable price that around that knows what they're doing instead of half-assing features.

    Thanked by 1sillycat
  • niranjanniranjan Member

    @fart said:

    @niranjan said: CDN77

    Just had a chat with their support. Seems like I need to pay a minimum of $199.

    @sillycat said: Bunny seems to be reselling CDN77

    As I understand they use servers from Datapacket which also owns CDN77, but otherwise isn't a reseller.

    At this point, I do kinda see why Cloudflare has a lot of customers; they seem to be the only CDN service at a reasonable price that around that knows what they're doing instead of half-assing features.

    CF gets the job done.

  • ask_seek_knockask_seek_knock Member
    edited November 2023

    @lowendclient said: gcore.com

    The free tier doesn't offer IPv6 seemingly, but gcore.com is in heavy development.

  • yoursunnyyoursunny Member, IPv6 Advocate

    @fart said:
    Cloudflare supports both, and it's free too, which would make them a great fit. However, it has a tendency to block requests that have SQL statements or shell scripts. Since my website is oriented towards developers and sysadmins, this ends up blocking their posts. It also tends to block users from accessing websites outright even at the lowest security level settings. There seems to be no way to control either of those behaviors.

    There's an Essentially Off button that turns off these nonsense "protection" unless there's high traffic attack.

  • fartfart Member
    edited November 2023

    @yoursunny said:

    @fart said:
    Cloudflare supports both, and it's free too, which would make them a great fit. However, it has a tendency to block requests that have SQL statements or shell scripts. Since my website is oriented towards developers and sysadmins, this ends up blocking their posts. It also tends to block users from accessing websites outright even at the lowest security level settings. There seems to be no way to control either of those behaviors.

    There's an Essentially Off button that turns off these nonsense "protection" unless there's high traffic attack.

    That is how it's supposed to work in theory. In practice, I was asked to turn off Cloudflare when I raised the issue on their forum.

    The main issue is however the blocking of posts, I'll see if there are some workarounds if I decide to move back to Cloudflare.

  • yoursunnyyoursunny Member, IPv6 Advocate

    @fart said:

    @yoursunny said:
    There's an Essentially Off button that turns off these nonsense "protection" unless there's high traffic attack.

    That is how it's supposed to work in theory. In practice, I was asked to turn off Cloudflare when I raised the issue on their forum.

    Please link to the Cloudflare forum post for future reference.

Sign In or Register to comment.