Kingside Castle (O-O)
Protect your Webflow-hosted assets with Sygnal's "short castle" manouvre.
IMPORTANT Sygnal's Kingside Castle manouvre should only be performed when Sygnal Hyperspeed is already installed on your site. Otherwise it has only a short-term benefit, since your new asset URLs will be exposed for leeches to re-acquire and update their asset links.
Goals;
Disconnect "leeches" who are stealing your content by embedding your live Webflow assets directly in their own site, from Webflow's production CDN URLs, at your own bandwidth expense.
Problems;
Webflow's assets CDN uses a Webflow-owned domain, which means...
We cannot directly reverse-proxy it
We cannot directly block access to it from outside parties
We have zero statistics on who is accessing it, or on the referring site
We have no ability to identify anomalies or implement rules via a WAF
Webflow's assets CDN traffic counts towards your plan limit, so leeches count against your bandwidth quota
Approach
Setup a Hyperspeed to rewrite all asset URLs
Obfuscate them so that the underlying Webflow CDN URL is in-determinable by a viewer
Cache them, to offload Webflow traffic
Optionally, secure them from "simple" leeches
via Referrer check
Then, perform the Kingside Castle;
Clone your Webflow site
Move the plan to the clone
Move the domain to the clone
Unpublish the old site
Verify the old asset URLs are now inaccessible
Perform any updates needed for external integrations
Apps installs and configurations
API key generation
Automations
Whalesync
Integrations
CMS ItemID re-synchronization with external systems
etc.
Results
All of the original Webflow CDN URLs are now invalid
All of the new Webflow CDN URLs are un-knowable to leeches
All access control is now centralized in Hyperspeed
Including your Webflow CDN assets
All assets are delivered by cache, so leech traffic no longer impacts your Webflow bandwidth
Leeches can be further blocked with custom asset routing with Hyperspeed customizations
Such as a referrer check
Last updated