28 Nov When my CDN delivered cached pages to VPN users with wrong geotargeted offers and the cache key changes that respected VPN origin differences

Posted at 01:00h in Blog by
0 Likes

Content Delivery Networks (CDNs) are one of the foundational pillars of modern web performance. By efficiently serving cached content to users across the globe, they speed up load times, disperse traffic volume, and reduce server load. But as I discovered during a routine post-campaign analysis, CDNs can introduce serious complications when caching is not properly configured—especially when geotargeted content and VPN traffic are involved.

TL;DR

A misconfigured CDN cache key led to VPN users receiving geotargeted offers intended for other regions, causing customer confusion and campaign performance issues. This happened because the CDN did not differentiate between users based on real origin IPs—relying instead on apparent IPs that may have belonged to VPN endpoints. The resolution came through modifying cache key logic to respect user origin and better distinguish requests. This change improved both performance accuracy and customer experience.

Background: The Role of CDNs in Dynamic Content

CDNs are particularly effective at serving static assets like images, scripts, and stylesheets. However, in more advanced setups, CDNs can also be configured to cache dynamic content for further performance benefits—so long as that content doesn’t vary too unpredictably between users.

In our case, we were running a promotional campaign offering location-specific discounts. Depending on the region a user was coming from, the site would render different banner offers and localized content. This worked perfectly for most visitors, until we started noticing troubling discrepancies reported through customer support and user feedback channels.

The Symptoms: Misplaced Offers and Confused Customers

It began subtly: a few support tickets here and there about customers in Germany seeing a UK-only discount promotion. Then more surfaced—visitors from Brazil complaining about Canadian price listings, and so on. Upon scrutiny, a pattern started to emerge. These users were all accessing our site using VPNs.

Common complaints included:

  • “I’m not in the US, but I’m seeing US-only offers”
  • “The currency is wrong for my region”
  • “Why am I getting redirected to the UK version of the site?”

This raised serious alarms. The success of our promotions depended heavily on location relevance. Showing the wrong promotions to the wrong users not only impacted conversion rates but also eroded customer trust.

Root Cause: Cache Key Misconfiguration

Our CDN was caching entire pages to deliver them faster. Normally, this would involve ensuring the content in the cache varies distinctly depending on key identifiers—like device type, language header, or geolocation. However, our cache key at the time only considered the hostname and URL path, ignoring headers and IP-derived data.

That meant once a page version was cached (let’s say for a user seemingly in Canada), every other user hitting that same path—regardless of their actual location—would get served the Canadian version until the cache expired or was purged.

VPNs Magnified the Issue

Users behind VPNs often exit from IP addresses located in entirely different countries. So a user in Italy behind a New York-exit VPN would be considered “from the US” by our CDN at request time. The geotargeting logic would render them an American-promotional page—which would then be cached and served to anyone else hitting that page path.

This led to a scenario where a handful of VPN users could taint the cache for thousands of legitimate users.

The Fix: Correcting the Cache Key Strategy

After confirming the issue and understanding the mechanics behind the mismatch, we set out to reconfigure our CDN’s cache key logic. Our CDN provider supported flexible configuration options, including the ability to customize cache keys using request headers and client IP data.

Core Adjustments We Made:

  1. Geolocation-aware caching: We added the origin country code (derived server-side using the request IP) to the cache key. This ensured that users in different countries would be served different cached versions.
  2. Header Exclusions: We excluded any headers that could vary unnecessarily (like cookies for logged-in users) to strike a balance between caching efficiency and personalization.
  3. Debug Logging: We initially enabled request logs and cache hit/miss tracking to monitor how the new keys performed across regions and over VPNs.

Challenges During Implementation

Implementing a new caching strategy on a production CDN can have ripple effects. We had to carefully roll out the changes in stages, first testing in staging environments and then activating them for a small percentage of global traffic.

Some Unexpected Outcomes:

  • Increased Cache Fragmentation: With a wider variety of keys, the CDN now had to maintain more variants of each page. This slightly increased our cache memory usage and led to marginal increases in origin fetches.
  • False Positives for VPN Detection: A few ISPs were routing through regionally ambiguous IPs, occasionally misclassifying users. We adjusted our geolocation service to use a more accurate and frequently updated IP lookup.
  • User experience auditing: We created automated scripts to test content across simulated geolocations, ensuring what VPN or proxy users saw aligned with expectations.

The Results: Recovered Accuracy and Trust

After full rollout over two weeks, we saw an immediate decrease in geolocation mismatches. The support ticket rate related to regional content errors dropped by over 90%. Conversion as measured per-region showed more consistent patterns again, back in line with historical averages.

More importantly, our confidence in our infrastructure’s behavior during regional campaigns improved. With proper cache key design, our CDN was no longer an unpredictable intermediary—it became a trustworthy performance ally once more.

Lessons Learned

From this incident, we took away several valuable lessons that will inform all future regional campaigns and CDN configurations.

Key Lessons:

  • Always consider VPN behavior when doing geotargeting. VPN traffic is non-trivial and can severely distort location-based caching.
  • Use cache keys carefully and intentionally. What you cache, and how you key it, can have system-wide impacts.
  • Test your personalized content in real-world scenarios. Don’t assume your staging environment or internal network behaves like user traffic in the wild.
  • Monitor and log content mismatches. Listen to users. Anomalies often surface through customer feedback first.

Conclusion

CDNs are indispensable optimization tools, but like all powerful technologies, they must be used with care. Our experience with improperly caching geotargeted content—especially when VPN behavior confounded origin detection—was a humbling reminder of how complex “simple” web delivery can be under the hood.

The solution was not to avoid caching, but to cache smarter. By respecting true user origin in our cache key configurations and validating changes through data and user feedback, we were able to turn a serious conversion risk into a lesson in adaptive infrastructure.

Arthur Brown
arthur@premiumguestposting.com
85ideas.com > Blog > When my CDN delivered cached pages to VPN users with wrong geotargeted offers and the cache key changes that respected VPN origin differences
No Comments

Post A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.