mattgrayisok

Bunny CDN wants to cache all of your things in their edge by default, which makes sense because they're a caching proxy.

Today I wanted to use them as a transparent passthrough proxy for DDoS protection only.

This requires some very specific settings to get right.

Bunny has two settings for configuring caching (excluding their Smart Cache feature which just does things according to some internal logic).

1. Edge Caching
2. Browser Caching

Edge Caching can be set to respect origin headers, a specific fixed value, or just no caching. For the purposes of passthrough, we want no caching, and this works fine.

Browser Caching settings replace the cache-control header in the response to the client. For our passthrough we just want to keep it the same as that returned from the origin. In Bunny we can set it to a fixed value (no), no cache (no) or 'match edge setting' (we have this set to no cache, so no).

If you set Edge Caching to 'no cache', Bunny will always mess with the cache control headers sent back to the client.

We can get around this by using edge rules. Firstly set the Edge Cache to 'Respect Origin Headers' and the Browser Caching to 'Match Edge Settings'. This ensures the cache-control headers sent to the end user match those sent from the origin.

Next, create an Edge Rule to disable caching. That looks like this:

Once that's applied, nothing will be cached in Bunny's Edge CDN and origin headers will match those sent from the origin.