Skip to content

Serverless image content management

Last reviewed: 11 months ago

Introduction

In this reference architecture diagram, we reveal how to leverage various components of Cloudflare’s ecosystem to construct a scalable image management solution. This solution integrates moderation principles via Cloudflare's Workers AI platform and performs image classification through inference at the edge. The storage of images is handled by Cloudflare's R2 product, an S3 API-like object storage system, while metadata is stored in a key/value store to enable content augmentation.

The servicing of images to requesting clients is secured by link signature, resizing based on device type or requested transformations and leveraging Cloudflare’s native security and performance features.

Figure 1: Serverless image content management
Figure 1: Serverless image content management reference architecture diagram

Products included in the recipe

ProductFunction
DDoSVolumetric attack protection
Bot ManagementProtection against scraping and general sophisticated automated abuse
Web Application FirewallProtection against web threats
CDNCache spreading of the images
OptimizationCompression and acceleration of the image delivery
WorkersCompute of the several serverless micro services
AIImage classification
R2S3-type object-storage platform
KVImage metadata storage

Getting started

This reference architecture diagram reveals how to harness the power of the Cloudflare platform to construct a fully serverless image and content management system. This implementation leverages various components of the Cloudflare stack, including edge compute with Cloudflare Workers, KV, and R2 object storage; application performance optimization and caching; application security features such as rate limiting and DDoS mitigation; and artificial intelligence with Workers AI.

The ultimate goal is to create a scalable and accessible platform for storing and serving images globally. This reference architecture will walk you through the key features and mechanisms that you can use with Cloudflare’s native capabilities as well as those that can be built with Cloudflare’s robust computing capabilities.

1. Image servicing

Clients request images with HMAC signatures and any necessary transformations. Transformation parameters can be included in the src-set for HTML content or directly sent alongside HTTP requests.

2. Volumetric protection

Cloudflare's Application Security stack takes a comprehensive approach to shielding the image servicing from malicious activities. By implementing volumetric protection rate limiting controls, we effectively mitigate the risk of abuse and DDoS attacks, ensuring uninterrupted service delivery.

3. Signature validation

A Cloudflare worker function validates incoming signatures to ensure the authenticity and integrity of requests. This security measure helps prevent content evasion and abuse of the service by verifying that the signature accompanying the request is legitimate. The application responsible for generating content and associated signatures can also set expiration dates for links, further guarding against tampering or man-in-the-middle attacks. HMAC (Hash-based Message Authentication Code) is commonly used as the signature mechanism of choice for this purpose.

4. Image optimization and caching

Images are retrieved from cache when available or stored on the server for the first time and delivered to clients upon request. We optimize image delivery by serving the most suitable format for each device, such as WebP or AVIF, while also applying compression to reduce file size. This ensures a smooth and seamless visual experience for users.

4. Image transformations

Cloudflare's image resizing feature will resize the original images requested for transformation, completing the process entirely at the edge from any of our global locations. This fast and efficient process offers a wide range of transformation options.

5. Content moderation and storage

A Cloudflare Worker script meticulously analyzes incoming images, leveraging their classification metadata to ensure compliance with established policy of use. Cloudflare R2 serves as an S3-like object storage solution, storing images and their associated metadata (such as image classification) in a globally accessible and scalable manner. With lightning-fast delivery capabilities and the ability to scale from 0, Cloudflare R2 is an ideal solution for storing and managing large collections of images.

6. Image classification

With Cloudflare AI at its core, our image classification inference model will rapidly inspect each incoming image, classifying them in real-time. This cutting-edge technology allows us to streamline the process of moderating content, significantly reducing the need for a dedicated team to sift through and review every submission.