Skip to main content

Request Flow

Every request to an app served by FoundryDB Edge runs through an ordered pipeline of stages before it reaches your origin, and the response runs back through a second, shorter chain on the way out. The order is fixed: each stage either lets the request continue or short-circuits it with a status code, so a request that is denied, redirected, or served from cache never reaches the stages that come after it.

The diagram below walks the pipeline in the order the stages apply. It animates a request travelling the happy path to your origin and back, then shows each gate's early exit in turn. Use pinch, the zoom buttons, or double-click to zoom, and drag to pan.

Edge request pipelinescroll-free · pinch or buttons to zoom · drag to pan
Request pipeline · IP gate → maintenance → redirects → auth → CORS → WAF → rate limit → cache → origin
ClientHTTPS requestGates403 / 503 / 30x / 401WAF · rate limit403 / 429Cachehit / missApp originyour container
Request pathResponse pathServed from edgeDenied / challengedGuard / maintenanceApp originSide-exit (early return)

Request Path, In Order

  1. Allowed methods and max body size are early guards. A request using a disallowed method is rejected with 405, and a body larger than the configured limit is rejected with 413 before it is buffered or forwarded.
  2. IP gate applies the allow list and deny list. A blocked client is rejected with 403 before any further work.
  3. Maintenance mode, when enabled, serves the maintenance page with 503 to every client. Addresses in the bypass list skip it and continue.
  4. Redirects match the request and answer with a 301, 302, 307, or 308 at the edge.
  5. Basic Auth challenges requests with missing or bad credentials with 401 and a WWW-Authenticate header.
  6. CORS answers an OPTIONS preflight with 204 and the access-control headers, so a preflight never reaches the origin.
  7. WAF, in block mode, denies a matching request with 403. In detect mode it logs and lets the request continue.
  8. Rate limit applies a per point-of-presence token bucket. A client over its budget is throttled with 429.
  9. Cache serves a matching request straight from the edge on a hit; a miss continues toward the origin.
  10. Header rules apply request header changes (set and remove) toward the origin.
  11. Origin is your app container. It produces the response.

Response Path

On the way back the response passes through response header rules, then HSTS, then request-id injection, and finally gzip compression before it reaches the client.

For how to configure these stages, see the Edge Overview.