Skip to content

HTTP caching

With this service, you can significantly increase the loading speed of such static objects as pictures, video files, audio files, css, JS, any documents and many others, which will reduce the response time of the site and increase the reliability of access to it. Your website visitors can instantly load even the most heavy pages.

All this will come in handy in games and in the distribution of files not only from the sites, but also social networks via a link. Your customers will download any document, update file or application from any source without delay or interruption.

HTTP resource creation

To get started, you need to create your first resource. To do this, on the left in the side menu, click on the CDN item, the "HTTP caching" tab, and then click on "CREATE RESOURCE" in the upper right corner.

After that, a dialog box will open, in which it is important to specify the correct data so that the service works flawlessly. Enter any resource name (in English).

HTTP resource configuration

Content source

To work correctly, CDN is important to correctly configure the data source. In the future, the CDN will refer to the specified source for caching content.

The source can be:

Attention

If you have multiple content sources (primary/backup), then you can configure the priority of each. If the source with the first priority is not available, the CDN will automatically switch to the next source. Switching back to the priority source will happen automatically when it will work in normal mode again.

You can choose to use HTTPS when querying sources by selecting the appropriate option.

If you use hosting services such as: Wix, Amazon S3, Selectel etc. Please pay particular attention to the Hostname.

Many virtual hostings (such as Amazon S3) have the practice of serving multiple sites from a single web server. In order for the CDN nodes to reach your content, you need to specify the correct Hostname.

If you don't know your Hostname or don't know where to find it, try using [this] (https://check-host.net?lang=en) service. Specify the domain of your site and on the "Information" tab look at the "Resource name" field.

Procedure if you do not know your Hostname:

  1. Go to your website and copy the link to any picture by right-clicking on it.
  2. Paste the link in a new browser window. The resulting domain will be the Source of content for your site. For example, if your site is hosted on Wix, the content source will be the domain [static.wixstatic.com] ()
  3. Go to the resource [https://check-host.net?lang=en] (https://check-host.net) and specify the domain of your site (not the content source).
  4. On the "Information" tab, look at the "Resource Name" - this is your Hostname. For example, if you are hosting on Amazon, then the Hostname may look like this: [ec7-54-151-126-156.eu-west-1.compute.amazonaws.com] ()
  5. Enter the received Hostname in your personal account.

SSL-certificate

By default, after saving the settings, your content will be available via HTTPS and will look like [https://example.a.trbcdn.net] (). If in the future you plan to hide the use of CDN by configuring CNAME, and you have your own certificate, then the first step before creating the resource is to upload your certificate and then select it from the available ones when creating the resource.

Attention

If you started creating a resource and do not want to lose the data already filled in, you can upload your certificate later, after creating the resource, and then attaching it to the resource.

CNAME Record

The CNAME record allows you to assign an alias to the host. This alias usually associates some function with the host, or simply abbreviates its name.

By default, your content will be available at [example.a.trbcdn.net/images/1.jpg] (), but you can configure access to your content at [cdn.example.com/images/1.jpg] () ... To do this, you need to create a CNAME record according to the instructions below. The record should be created on those servers to which your domain is delegated.

  1. Open the DNS management page on the website of the company that provides you with DNS hosting services.

  2. Create a CNAME-record with the following values of fields (in different control panels field names may vary):

    • Name (Host) - "cdn".

      Some control panels require the fully qualified subdomain name as the entry name, for example, [cdn.example.com] ().

    • Value — example.a.trbcdn.net..

  3. Wait for DNS changes to take effect. This process can take up to 72 hours.

Additional settings

Follow redirects

By default, only responses with "301 Moved Permanently"/"302 Found" codes are cached when they are received from your origin. Enable this option to be able to go to addresses and redirect content caching.

Use HTTP2

The HTTP/2.0 protocol is supported by default. Disable this option if support for this protocol is not required.

Use only modern versions of TLS

By default, all versions of the TLS protocol are used, but you can enable the use of only new versions of the TLS protocol (v1.2, v1.3).

HTTPS settings

By default, your content will be available from CDNvideo hosts over both HTTP and HTTPS. But you can set up automatic redirection using the "Automatically redirect HTTP to HTTPS" option. If you want to use only the HTTPS protocol, activate the "Use only HTTPS" option.

Attention

If you have enabled access to content only over HTTPS, then a response with the code "403 Forbidden" will be returned to all HTTP requests.

Search indexing

Attention!

By default, we exclude CDN links from indexing so that search robots do not see a mirror of your site. If a robot catches a mirror of your site, this can lead to the exclusion of the site from indexing. Only advanced users are advised to work with this section.

With this setting, you can fine-tune the indexing of your content by search robots. You can set up proxying your robots.txt file or upload it from your device to our portal. Before proxying or uploading your robots.txt, we recommend that you first check the correctness of its filling on a special [resource] (https://www.websiteplanet.com/webtools/robots-txt/).

Time of content caching

Here you can specify the caching time depending on the response code (2xx, 3xx) and set to ignore the caching control headers ("Expires" and "Cache-Control").

Query String

If this option is enabled, caching content will take into account the parameters in the link of the form: [site.com/img/1.jpg?id=3] ()

Authorization

Local authorization

The decision to access a resource is made by means of our network based on the criteria specified by the content owner. In this case, the authorization of user requests is performed exclusively in the CDNvideo network, external resources are not used. At the moment the user accesses a protected resource, the content owner needs to generate a special link.

Example:

http://example.a.trbcdn.net/path/to/file?md5=SMsM5ezVQp79ikyjz9tjUw&e=1387984516

The link contains two authorization parameters:

‘md5 =’ - MD5 hash in Base64 format for URL, generated based on the URI of the requested resource, link lifetime, secret key, user's IP address (optional); ‘e =’ is the expiration time of the link in POSIX time format (optional).

When accessing content using the generated link, the CDN calculates the MD5 value and compares it with the received one. If the MD5 value does not match, then a ‘403 Forbidden’ response is returned to the user (prohibition of reproduction).

If the current time exceeds the value “e” (expires), then a response with the code ‘410 Gone’ (the target resource is no longer available) is returned to the user.

An example of an algorithm for calculating an MD5 hash using the user's IP address as one of the input parameters:

md5 = base64_url(md5(SECRET/path/to/file1.2.3.4expiretime))

An example of the algorithm for calculating the MD5 hash, if the IP address is not taken into account:

md5 = base64_url(md5(SECRET/path/to/fileexpiretime))

Attention

The domain part of the URI is not used when calculating the hash!

Attention

You can sign part of the path (for example, for /path/to/file, you can sign the file itself, /path/to, /path)

An example of generating a link:

  1. There are the following input data:

  2. We calculate the time of the link. In the given example - a week from the moment of generation.

    $ php -r 'print time() + (7 * 24 * 60 * 60) . "\n";'
    1387984516
    

  3. Calculate the MD5 hash in Base64 format for the URL:
    $ php -r 'print str_replace("=", "",strtr(base64_encode(md5("zah5Mey9Quu8Ea1k/path/to/file1.2.3.41387984516", TRUE)), "+/", "-_")) . "\n";'
    SMsM5ezVQp79ikyjz9tjUw
    
  4. Final link:

    http://example.a.trbcdn.net/path/to/file?md5=SMsM5ezVQp79ikyjz9tjUw&e=1387984516

Attention!

The MD5 hash calculated for HTTP is the baseline for this resource. The same hash will be used for links to a file over the HTTP, HTTPS protocols, despite the fact that the URI for different protocols may differ slightly.

During local authorization, the following parameters are controlled:

  1. The URI of the requested resource. It is checked that the link was generated specifically for this file.
  2. Secret key. It is checked that the link was generated by the content owner.
  3. The expiration time of the link (optional). You can turn off the check by selecting the "Do not limit in time" option.
  4. User's IP address (optional). It is checked that the resource was requested from exactly the IP address for which the link was generated. You can disable the check by selecting the "Ignore IP address" option.
External authorization

External authorization is intended to be able to restrict access to a resource with arbitrary logic described in your authorization script.

The decision on access to content is made based on the response of your script, the link to which you indicate in your personal account when creating/editing a resource.

If the authorization of the script came the reply with a status 200, access to the content is permitted. Otherwise, access is denied.

The authorization script is passed the following headers:

  • Host: contains the domain name for which the request is intended;
  • X-Request-URI: contains the URI of the requested resource;
  • X-Forwarded-For: contains the real IP address of the user who is requesting the resource;
  • X-Remote-Addr: contains the IP address of the user who is requesting the resource, or of the proxy server.

Brotli Compression

This option enables Brotli compression.

Brotli is an open-source lossless data compression algorithm devised by Google in 2015. It uses a dictionary of frequently repeating string sequences in plaintext files (e.g. .css, .js), this allows for a 20% higher level of compression in comparison with gzip. Can be enabled for the resource as a whole as well as only for specific locations matched in the path through the configuration interface. Only functional when using HTTPS.

Compression supports the following MIME-types:

  • application/javascript
  • application/json
  • application/vnd.apple.mpegurl
  • application/vnd.ms-fontobject
  • application/x-font-opentype
  • application/x-font-truetype
  • application/x-font-ttf
  • application/x-javascript
  • application/xml
  • application/xml+rss
  • font/eot - font/opentype
  • font/otf - image/svg+xml
  • image/vnd.microsoft.icon
  • image/x-icon
  • text/compressible
  • text/css
  • text/javascript
  • text/xml

For correct operation, the user's browser should send the Accept-Encoding: br header (Brotli is supported in Chrome 49+, Firefox 44+, Opera 36+).

Image Optimization (WebP)

This service converts images from JPEG, GIF, PNG (.jpg, .jpeg, .png, .gif) to WebP format (.webp) on the fly. WebP is an image encoding format proposed by Google in 2010, right now it is supported by the vast majority of popular browsers. It uses an advanced compression algorithm, which allows the users to get a smaller-sized image without loss in quality.

If the Accept: image/webp header is present in the user's request, the image gets converted and the user receives a response with the Content-Type: image/webp header. If the value of Accept header is empty, contains a different value, or there is no such header, format conversion does not happen and the user receives the original image.

Before enabling the option, a manager will contact you.

Image Modification

This service allows modifying the size and quality of an image. Can be used together with the Image Optimization service.

Only files with extensions jpeg, jpg, gif, png, and webp get processed.

URIs in the forms of /ioss/(resize=...)/ and /ioss(quality=...)/ are interpreted as special and do not get passed to the origin.

The new size is passed in path of request a user sends as the value of the resize= parameter either in the format of <width>x<height>, or width, or x<height>. In the two latter cases, the second value is determined by the dimensions of the original image. Lossless resizing is possible only when the image is scaled down. Values and are positive integers.

The quality is determined by the quality=<value> parameter. is a positive integer number in range 1-100. The higher the value, the higher the quality.

As a result, the user receives the modified image.

If the special URIs are not present in the path to the image, then the user receives the original image.

Before enabling the option, a manager will contact you.

Video converting

Activate this service if you have a video as a MP4-file, , and you need to distribute it via HLS, MSS or MPEG-DASH streaming protocols.

Before enabling the option, a manager will contact you.

Video pirate protection (DRM)

Activate the service if you plan to use technical copyright protection that restricts pirated access to video - DRM (Digital Rights Management).

Before enabling the option, a manager will contact you.

Rules

This section is intended for fine tuning the CDN network operation. After creating a resource, the "Rules" tab will appear on the resource editing page. In this tab, you can edit the base rule (which apply to the entire resource) or create individual rules for any section/path. Rules allow you to control headers, caching, CORS and authorization.

Basic

Specify path to a directory or to a particular file that the rule is to be applied to.

Headers

In this section, you can specify special headers that you want to add when accessing the data source ("to origin" type), or when distributing content to users ("to customer" type).

Timeouts

This section provides you an opportunity to specify acceptable timeouts for CDNvideo nodes requesting from your origin. If the acceptable timeout is exceeded, the CDN network will switch to another content resource, mentioned in the Content source section.

Caching

This section provides you an opportunity to specify the caching time, depending on the response code (2xx, 3xx, 4xx, 5xx), set up ignoring cache management headers (Cache-Control and Expires), and enable taking into consideration query string parameters when caching.

CORS

Description

In some cases, a browser may treat a request to access to certain content hosted on a CDN network as a cross-domain request and block it. It is primarily related to fonts. The issue is addressed by setting CORS (Cross-Origin Resource Sharing) headers for cached objects.

There are two options:

  1. You can set CORS headers on the origin server and disable their verification in our network yourself.
  2. You can set up CORS verification in the Your Account section in our network.

Setup in Your Account

The CORS verification procedure provided for configuration is based on our proprietary module operation. Its functionality is based on W3C recommendations.

Module Operation Fundamentals:

  1. Where CORS is enabled, Access-Control-* headers from the origin are always ignored and excluded from the response.

  2. Any request without Origin header is not a cross-resource request, and Access-Control-* headers are not transmitted to the client.

  3. Our module never adds Access-Control-Request-* headers, since they are incoming request headers generated by the browser, same as Origin.

  4. Where there is an Origin header, its contents will be matched against that set by the user. In the absence of restrictions, the Access-Control-Allow-Origin response header will include "*", while where there are any restrictions and where Origin is on the allowed list, then ACAO will include http(s?)://${http_origin}; otherwise, the response will include Access-Control-* headers.

  5. Access-Control-Expose-Headers headers are added, if such headers are set by the user. By default, we state a permission to access Content-Range for the operation of range-requests (for JS-based players).

  6. Access-Control-Allow-Credentials (ACAC) headers are included in accordance to that set by the user.

  7. Access-Control-Allow-Methods, Access-Control-Allow-Headers, and Access-Control-Max-Age headers are included only in a response to a request based on the OPTIONS method.

  8. Access-Control-Allow-Methods header is set to be equal to the contents of the Access-Control-Request-Method header, if such header is present and is on the list of simple requests (GET, HEAD, POST), or a list set by the user. Where the method is not on the allowed list, then the response will not include Access-Control-* headers. If a request does not contain Access-Control-Request-Method, no Access-Control-Allow-Methods will be set.

  9. Access-Control-Allow-Headers is set to be equal to the contents of the Access-Control-Request-Headers header, if such header is present, Access-Control-Request-Method request header is present, and all headers are on the list of simple headers (Accept, Accept-Language, Content-Type, Content-Language) or on the user-set list. Where at least one header is not on the allowed list, then the response will not contain Access-Control-* headers. Where a request does not contain Access-Control-Request-Method and Access-Control-Request-Headers, Access-Control-Allow-Headers will not be stated.

  10. Access-Control-Max-Age header will be stated in accordance with that set by the user, but not by default.

  11. Any additional response header, specified by the client, will be added/overridden after CORS module processing, while, for example, Access-Control-Allow-Origin: * in header sections will be added irrespective of the CORS module operation results.

Module Configuration Process

CORS verification is active by default. If CORS authorization is disabled, all preflight requests will be forwarded to your origin. The headers, described above and set on the origin, will not be affected and will be transmitted unchanged to end users.

You may adjust the module operation by setting the following parameters:

Allowed Domains (not verified by default, all domains are allowed)

Values may set by either of the following methods:

  1. example.com – exact match
  2. *.example.com - all subdomains example.com exclusive of example.com
  3. .example.com – all Level 3 domains inclusive of example.com
  4. ~a\d+\.example.com – regular expression

Secure Request Headers

Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma are allowed by default. You may add your headers to this list.

Upper Level API Accessible Headers (Expose Headers)

Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma are allowed by default. You may add your headers to this list.

Safe Methods

GET, HEAD, POST are allowed by default. You may add your methods to this list.

Access-Control-Allow-Credentials Header

Cookies, sessions, authorizations are incompatible with caching services due to their operating logic. However, if you need to set an Access-Control-Allow-Credentials header, you can do it.

Preflight Request Response Lifetime

A period of time during which a response to a Preflight request is deemed to be relevant.

Attention!

Irrespective of whether CORS authorization is enabled/disabled and its operation results, you may manually redefine any header for responses to end users. To this end, specify its name and desired value in "Headers" section. Authorization header value will be substituted with that specified by you after the CORS verification stage completion.

Authorization

In this section, you can configure local or external authorization to restrict access to your content.

Others

Brotli Compression

This option enables Brotli compression.

Brotli is an open-source lossless data compression algorithm devised by Google in 2015. It uses a dictionary of frequently repeating string sequences in plaintext files (e.g. .css, .js), this allows for a 20% higher level of compression in comparison with gzip. Can be enabled for the resource as a whole as well as only for specific locations matched in the path through the configuration interface. Only functional when using HTTPS.

Compression supports the following MIME-types:

  • application/javascript
  • application/json
  • application/vnd.apple.mpegurl
  • application/vnd.ms-fontobject
  • application/x-font-opentype
  • application/x-font-truetype
  • application/x-font-ttf
  • application/x-javascript
  • application/xml
  • application/xml+rss
  • font/eot - font/opentype
  • font/otf - image/svg+xml
  • image/vnd.microsoft.icon
  • image/x-icon
  • text/compressible
  • text/css
  • text/javascript
  • text/xml

For correct operation, the user's browser should send the Accept-Encoding: br header (Brotli is supported in Chrome 49+, Firefox 44+, Opera 36+).

GZip-compression

We compress some types of files by default to speed up your website loading. Please find below the list of the files types:

  • application/javascript
  • application/json
  • application/vnd.ms-fontobject
  • application/x-font-opentype
  • application/x-font-truetype
  • application/x-font-ttf
  • application/x-javascript
  • application/xml
  • application/xml+rss
  • font/eot
  • font/opentype
  • font/otf
  • image/svg+xml
  • image/vnd.microsoft.icon
  • image/x-icon
  • text/compressible
  • text/css
  • text/javascript
  • text/xml