Introduction

Laravel Cloud manages all aspects of networking in order to bring enterprise-grade speed, security, and scalability to any Laravel application. There are two main layers to the Cloud’s networking infrastructure: the Cloud Edge Network and the Cloud Compute Network.

Cloud Edge Network

Laravel Cloud has partnered with Cloudflare to offer every application globally distributed caching and network security at the edge.

Incoming HTTP requests are first routed to the nearest edge region (335 cities around the world), pass through DDoS mitigation and Web Application Firewall (WAF) security layers, and are either returned from the cache (if available) or passed on to the Cloud Compute Network to be routed to your aplication’s compute cluster.

Cache Control

An important function of the Cloud Edge Network is caching your application’s static assets. This has two key benefits: it reduces the number of requests that your application’s compute needs to handle and it decreases latency for your users.

Laravel Cloud optimizes your CDN cache through a two-step approach. First, Cloud uses a long cache lifespan to ensure your static assets are served at the edge as much as possible. Second, Cloud clears the CDN cache automatically on every deployment to ensure that no stale files accidentally remain in the cache. Combined, these two steps offer an efficient and safe approach to CDN caching.

See a summary of Laravel Cloud’s CDN cache rules below:

File typeCache duration
Images1 year
SVG1 year
Javascript1 year
CSS1 year
Audio/Video1 year
Favicons1 week
Manifest Files1 week
HTMLNot cached
JSON / XMLNot cached

X-Frame-Options

By default, Laravel Cloud will set an X-Frame-Options: DENY header. This prevents certain types of attacks that can occur if an application is loaded from an iframe.

Applications can override this behavior by setting a value for the X-Frame-Options header. This can be done in a middleware or as part of any application response:

public function handle(Request $request, Closure $next): Response
{
    $response = $next($request);

    // Valid values are "DENY" or "SAMEORIGIN"...
    $response->headers->set('X-Frame-Options', 'SAMEORIGIN');

    return $response;
}

If you need to allow iframe embeds from 3rd parties (and thus cannot use SAMEORIGIN), your application can instruct Laravel Cloud to unset the header using the value unset.

response()->withHeaders('X-Frame-Options', 'unset');

Unsetting this header has security implications and should be used sparingly.

X-Robots-Tag

Since Laravel Cloud domains are often used for testing and staging purposes, a X-Robots-Tag: noindex, nofollow header is automatically set on all *.laravel.cloud domains so that they are not indexed by search engines. To remove this header, you should configure a custom domain for your application. The header will not be set for custom domains.

Cloud Compute Network

Requests that need to be processed by your application will be routed to the Compute Network in the AWS region assigned to your Laravel Cloud application.

The Cloud Compute Network is built for security and scale. Your applications run in private networks and are only made publicly accessible via the Cloud Edge Network. Compute clusters are distributed across multiple availability zones (AZs) to ensure regions remain stable and recover quickly from any interruptions in a single zone.

Compute Network traffic is also intelligently load balanced across all instances in your compute cluster as you horizontally scale up or down.