Quickstart

Updated 4 days ago•5 min read•v2026.04

Get traffic flowing through Fourwheel in under 10 minutes. This guide walks through provisioning your first hostname, configuring DNS, and validating that your origin is properly shielded.

Prerequisites: A Fourwheel account, control of your domain's DNS records, and a working origin server reachable over HTTPS.

1. Create a hostname

Hostnames are the entry points into Fourwheel. You can create one via the dashboard or programmatically through the API. We'll use the CLI for this guide:

$ fourwheel hostname create \
    --name api.example.com \
    --origin originai.cdnsecurityinc.com \
    --certificate auto

✓ Hostname created: hst_abc123
✓ Edge config provisioned in 142 PoPs
✓ Certificate request submitted
  Certificate will be ready in ~30 seconds

The hostname is created globally in 142 PoPs simultaneously. There's no propagation delay.

2. Configure DNS

Point your hostname at our edge using a CNAME record. The exact target depends on your account region:

Account region	CNAME target
North America	`na.edge.fourwheel.net`
Europe	`eu.edge.fourwheel.net`
Asia Pacific	`apac.edge.fourwheel.net`
Global (recommended)	`global.edge.fourwheel.net`

For most use cases, use the global.edge.fourwheel.net target. Anycast routing will direct each request to the nearest healthy PoP.

3. Configure caching

By default, Fourwheel respects Cache-Control headers from your origin. To override this, define cache rules in your edge config:

version: "2026.04"

routes:
  - match: "/static/*"
    cache:
      ttl: 86400
      stale_if_error: 3600
      stale_while_revalidate: 60

  - match: "/api/*"
    cache: false
    rate_limit: 1000

  - match: "*.html"
    cache:
      ttl: 300
      vary: ["accept-encoding", "accept-language"]

Cache key customization

By default, the cache key is the full URL plus the Host header. You can include or exclude query parameters, headers, and cookies:

cache:
  ttl: 3600
  key:
    include_query: ["v", "lang"]
    include_headers: ["accept-language"]
    include_cookies: ["session_locale"]

4. Enable security

DDoS protection is on by default. To enable WAF and bot management, add a security block:

security:
  ddos: "automatic"
  waf:
    mode: "block"
    rule_sets: ["owasp-2024", "fourwheel-managed"]
  bot_manager:
    mode: "challenge"
    allow: ["googlebot", "bingbot", "slackbot"]
  rate_limit:
    requests_per_minute: 600
    by: "ip"

Tip: Start with mode: "log" instead of "block" to observe what would be blocked before enforcing rules. Switch to block mode after a week of monitoring.

5. Verify the setup

Once DNS has propagated (usually under 60 seconds with low TTLs), verify the hostname is serving through Fourwheel:

$ curl -I https://api.example.com/

HTTP/2 200
server: fourwheel
fw-pop: iad-2
fw-cache: HIT
fw-rule: api-route
age: 1247
cache-control: public, max-age=3600

The server: fourwheel header confirms requests are flowing through the edge. The fw-pop header tells you which PoP served the request, and fw-cache shows whether it was a HIT, MISS, or BYPASS.

Quickstart

1. Create a hostname

2. Configure DNS

3. Configure caching

Cache key customization

4. Enable security

5. Verify the setup

What's next