By default, all files uploaded to Bunny Storage are private. They are only accessible through the API or using one of the storage interfaces by providing the correct password. This guide explains how to publically deliver files stored in Bunny Storage and how to secure public file delivery.
How to make a file publically available?
To make files publically available and accessible, Bunny Storage works in tandem with Bunny CDN. To deliver the files, you need to connect a Pull Zone to your storage zone. That will allow Bunny CDN to authenticate and pull files from the storage and then cache and deliver them to the end user.
There are two ways to connect a Pull Zone to Bunny Storage.
Please be aware that serving files directly from a Storage Zone is a breach of our Terms of Service and may result in the suspension of your account, so all public facing traffic needs to be served through the CDN itself.
From the Manage Storage Zone page
The most straightforward way to connect a Pull Zone to your Storage Zone is through the Manage Storage Zone page:
- Click on the Connect Pull Zone button at the top right
- From the popup, select to either add a new Pull Zone, or connect an existing Pull Zone
- If you decide to connect an existing Pull Zone, simply click on Connect
- If you decide to create a new Pull Zone, click on the Add Pull Zone button
- If creating a new pull zone, this will automatically bring you to the create Pull Zone page
- Next, configure the name for your Pull Zone, and, optionally, the pricing settings
- Finally, click on the Add Pull Zone at the bottom of the page
From the Add Pull Zone page
Alternatively, you can add a Pull Zone following the CDN workflow.
- From the main menu, click on the + Add button and select the Pull Zone option
- On the Add Pull Zone screen, configure the name for your Pull Zone
- Next, in the Origin Type, select Storage Zone. This will show a list of storage zones on your account
- Select the Storage Zone you would like to connect
- Optionally, configure the pricing and performance tier for Bunny CDN. By default, the Standard tier with all regions are selected
- Finally, click on the Add Pull Zone at the bottom of the page
Accessing your files through the Pull Zone
Once your Pull Zone is linked to your Storage zone, it will automatically start to mirror files from your storage. The URL structure will exactly match the file names and paths of the uploaded files, except for the root Storage Zone name which is already automatically included by Bunny CDN when reaching out to Bunny Storage.
For example, a request to your Pull Zone mypullzone to a Storage Zone named mystorage:
https://mypullzone.b-cdn.net/my/image.jpg
Will automatically get mapped the path in your Storage Zone:
/mystorage/my/image.jpg
Securing access to your files via the Pull Zone
By connecting a Pull Zone to your Storage Zone, all of your files will become publically available. Anyone with the URL, will be able to access and download the files. To control who is able to access files, multiple methods exist to help you fine-tune the access controls.
Edge Rules
By using Edge Rules on your Pull Zone, you can configure specific access controls to your files, such as blocking off folders, or giving access to a specific folder only. You can also achieved advanced behavior such as allowing only specific IPs or user agents to access the files. To learn more about Edge Rules, you can look at our Edge Rule help guide.
Token Authentication
A more advanced access control feature is the Token Authentication. The Token Authentication system allows you to strictly control who and for how long you can access your files. If enabled, Token authentication will only allow requests from your Pull Zone to go through if a valid token is provided, which can only be generated by knowing your secret key.
This effectively turns your Pull Zone into a private connection between Bunny CDN and Bunny Storage, where each URL needs to be specifically authenticated to go through.
To learn more about Token Authentication and how to generate the security tokens, please check the Token Authentication documentation.
Geo-Replication Performance Implications
The main concept of Bunny Storage is our Geo-Replication system. Geo-Replication achieves high data availability and durability by automatically replicating your files to multiple datacenters around the world.
When Bunny CDN is connecting to Bunny Storage, it will automatically measure the performance to each of your selected storage replication points. Bunny CDN will then select the most optimal destination to pull your files from. This achieves excellent performance, even for uncached requests, and is handled completely automatically.
Effectively, having more geographical regions enabled for your Storage Zone will therefore result in better performance when accessing the files from the CDN.