Skip to content

HTTP ACCELERATION

Using the HTTP acceleration service, you can reduce the response time of the site, significantly increase the speed of loading static objects and increase the reliability of access to the site. Wherever visitors of your site are, they will instantly load even the “heaviest” pages.

Resource Creation

First you`ll have to create your resource by clicking "CREATE RESOURCE" in the upper right corner.

Choosing a Resource

Please click on the icon "Static content acceleration" to create a CDN resource.

Resource Connecting

You’ll see the dialogue box where you should specify the correct information for the service to work properly in future. Specify any account name you like (but in English).

Content Source

It is important to configure your content source carefully. Afterwards the CDN network will request the mentioned source for content caching:

Content source may be:

Attention

If you`ve got several content sources (primary/backup), you may configure priority for each of them. If the first priority content source is unavailable, CDN network will automatically switch to the next one. Switching back to the first one will happen automatically as well, when it is restored.

If you use hosting providers like Wix, Amazon S3, etc., please pay attention to the next section - “Hostname”.

Hostname

Many virtual hostings (like Amazon S3) commonly serve several websites from the same web server. So CDN network needs to know the precise Hostname to get access to your content.

If you don’t know your Hostname or where to find it, please try to check this service. Specify your website’s domain there and check the “Information” tab - “Resource Name”.

Here is what you should do if you don`t know your Hostname:

  1. Visit your website and copy a link to any image, having clicked at it with the right mouse button.
  2. Paste the link into a new Browser window. The domain you see will be a Content Resource for your website. E.g., if your website is running on Wix, the Content Resource will be the following domain: static.wixstatic.com
  3. Visit the following resource https://check-host.net and enter your website domain (not the one for Content Resource).
  4. Now check the “Information” tab - the “Resource Name” is your very Hostname. E.g., if your website is running on Amazon, your Hostname may look like: ec7-54-151-126-156.eu-west-1.compute.amazonaws.com
  5. Write the figured out Hostname in your account.

Custom SSL-certificate

By default, after the settings are saved, your content will be available via HTTPS and will look like: https://example.a.trbcdn.net If you are going to hide the fact that you use CDN services by configuring CNAME, and you have your own certificate, then the first step before Resource Creation will be uploading the certificate to choose it out of the menu during the creation.

Attention

If you have already started creating your resource, there is also an opportunity to upload and attach the certificate to already created resources.

CNAME Record

CNAME record allows to assign an alias to a host. It usually relates to some functional meaning, or just shortens the host`s name.

Your content will be available by default at example.a.trbcdn.net/images/1.jpg, but you may configure access to your content at cdn.example.com/images/1.jpg. You will need to create a CNAME record using the manual below. The record should be created on the servers to which your domain is delegated.

  1. Open the DNS management page at the website of your DNS hosting company.

  2. Create a CNAME record with the following data (the names of the textboxes may vary depending on the CMS):

  3. Wait until the DNS changes are effective. It may take up to 72 hours.

Additional Configurations

Follow redirects

Only "301 Moved Permanently"/"302 Found" response codes received from your origin are cached by default. Activate this option to follow redirect addresses and cache content.

Use HTTP2

HTTP / 2.0 protocol is supported by default. Deactivate this option if you don't need support of this protocol.

HTTPS-settings

By default, your content will be accessible from CDN network using both HTTP and HTTPS protocols. But you can configure automatic redirection using the option "Switch from HTTP to HTTPS". If you want to use only the HTTPS protocol - activate the option "Use only HTTPS".

Use only modern versions of TLS

All versions of TLS protocol are supported by default. Activate this option if you need to support only modern versions of TLS (v1.2, v1.3).

Search Indexing

Attention!

We exclude CDN links from indexing by default. This way search robots won’t see your mirror website. If they do, it may lead to excluding the website from indexing. This option is recommended only for experienced users.

It may help you customize indexing of your content by search robots. It’s also possible to proxy your robots.txt file or to upload it from your device to our portal. Beforehand we would recommend you to check here if it is filled correct.

Time of content caching

This section provides you an opportunity to specify the caching time, depending on the response code (2xx, 3xx) and set up ignoring cache management headers (Cache-Control and Expires).

Query String

If you enable this option, caching process will take into account the parameters in the link of this type: site.com/img/1.jpg?id=3

Local authorization

A decision on access to a resource is made by means of our network based on criteria indicated by the content owner. In this case, the user request authorization is done exclusively on the CDNvideo network; external resources are not used. At the time when the user is requesting protected resource the content owner should create a special reference.

Example:

http://example.a.trbcdn.net/path/to/file?md5=SMsM5ezVQp79ikyjz9tjUw&e=1387984516

The reference contains two authorization parameters:

  • ‘md5=’ — is a MD5 hash in Base64 format for URL that is generated based on the URI of the requested resource, lifetime of the reference, secret key, user’s IP address (optional);
  • ‘e=’ — is time of reference expiration in the POSIX time format.

When accessing the resource using the generated reference CDN calculates the MD5 value and compares it with the received value. If the MD5 values do not match, a response code ‘403 Forbidden’ (playback is denied) is returned to the user.

If the current time is greater than the “e” value (expires), a response code ‘410 Gone’ (the target is no longer available) is returned to the user.

An algorithm for calculating the MD5 hash using the user’s IP address as one of the input parameters is as follows:

md5 = base64_url(md5(SECRET/path/to/file1.2.3.4expiretime))

Attention

The domain part of the URI while computing the hash is not used!

Example of URL generation:

  1. The following input data is available:

  2. Calculation of the timeline of reference validity. In the above example it is a week from the time of generation.

    $ php -r 'print time() + (7 * 24 * 60 * 60) . «\n»;'
    1387984516
    

  3. Calculation of the MD5 hash in Base64 format for URL:
    $ php -r 'print str_replace("=", "",strtr(base64_encode(md5("zah5Mey9Quu8Ea1k/path/to/file1.2.3.41387984516", TRUE)), "+/", "-_")) . "\n";'
    SMsM5ezVQp79ikyjz9tjUw
    
  4. Resulting reference:

    http://example.a.trbcdn.net/path/to/file?md5=SMsM5ezVQp79ikyjz9tjUw&e=1387984516

Attention!

MD5 hash computed for HTTP is the base for this resource. That is, the same hash will be used for references to the file using HTTP, HTTPS protocols in spite of the fact that the URIs for different protocols may differ slightly.

In local authorization the following parameters are controlled:

  1. URI of the resource being requested. It is verified whether the reference was established for exactly this resource.
  2. Secret key. It is verified whether the reference is established exactly by the content owner.
  3. Expiration time of reference validity (optional). You can cancel time validation via "Do not impose time restrictions".
  4. IP address of the user (optional). It is verified whether the resource is requested exactly from the IP address for which the reference was established. You can cancel IP address validation via "Do not impose IP address filter".

External authorization

External authorization is designed to be able to restrict access to the resource with custom logic described in your authorization script. A decision to access the content is made based on response of your script.

If the authorization script responded with status code = 200, then access to the content is allowed. Otherwise, access is denied.

The following headers are passed to the authorization script:

  • Host: contains the domain name of the server for which the request is intended;
  • X-Request-URI: contains the URI of the requested resource;
  • X-Forwarded-For: contains the real IP address of the user;
  • X-Remote-Addr: contains the IP address of the user or the proxy server.

SSL Certificates

First you have to upload your certificate or to configure a new one. Click “ADD SSL CERTIFICATE” in the upper right corner.

Adding your Certificate

Specify a random name and place your own certificate and a private key into the appropriate text boxes.

Attention!

It is often also required to specify all the chain of intermediate certificates. In this case, you`ll have to place the certificates in the following order: “personal certificate”-”CRM (intermediate certificate, please pay attention, there may be several of them)” - “root (root certificate)”. If you have lost root and intermediate certificates, you need to refer to where you have received it. They are often available for the public. E.g. for AlphaSSL.

After you add a certificate, it will appear in the interface with the following information: your domain or domains covered and beginning and end tags.

Rules

This section is for experienced users, who want to configure the content delivery network operating within their resource in the most precise way. Here you may establish individual rules for any section, specify headers, set up the response codes, caching time period, ignoring cache management headers ("Expires" and "Cache-Control") and configure the rules for switching between content resources.

General

Pick up a resource and if needed, specify path to a directory or to a particular file that the rule is to be applied to.

Timeouts

This section provides you an opportunity to specify acceptable timeouts for CDNvideo nodes requesting from your origin. If the acceptable timeout is exceeded, the CDN network will switch to another content resource, mentioned in the Content Source section.

Response codes

This section provides you an opportunity to specify the caching time, depending on the response code (2xx, 3xx, 4xx, 5xx), set up ignoring cache management headers (Cache-Control and Expires), and enable taking into consideration query string parameters when caching.

CORS

Description

In some cases, a browser may treat a request to access to certain content hosted on a CDN network as a cross-domain request and block it. It is primarily related to fonts. The issue is addressed by setting CORS (Cross-Origin Resource Sharing) headers for cached objects.

There are two options:

  1. You can set CORS headers on the origin server and disable their verification in our network yourself.
  2. You can set up CORS verification in the Your Account section in our network.

Setup in Your Account

The CORS verification procedure provided for configuration is based on our proprietary module operation. Its functionality is based on W3C recommendations.

Module Operation Fundamentals:

  1. Where CORS is enabled, Access-Control-* headers from the origin are always ignored and excluded from the response.

  2. Any request without Origin header is not a cross-resource request, and Access-Control-* headers are not transmitted to the client.

  3. Our module never adds Access-Control-Request-* headers, since they are incoming request headers generated by the browser, same as Origin.

  4. Where there is an Origin header, its contents will be matched against that set by the user. In the absence of restrictions, the Access-Control-Allow-Origin response header will include "*", while where there are any restrictions and where Origin is on the allowed list, then ACAO will include http(s?)://${http_origin}; otherwise, the response will include Access-Control-* headers.

  5. Access-Control-Expose-Headers headers are added, if such headers are set by the user. By default, we state a permission to access Content-Range for the operation of range-requests (for JS-based players).

  6. Access-Control-Allow-Credentials (ACAC) headers are included in accordance to that set by the user.

  7. Access-Control-Allow-Methods, Access-Control-Allow-Headers, and Access-Control-Max-Age headers are included only in a response to a request based on the OPTIONS method.

  8. Access-Control-Allow-Methods header is set to be equal to the contents of the Access-Control-Request-Method header, if such header is present and is on the list of simple requests (GET, HEAD, POST), or a list set by the user. Where the method is not on the allowed list, then the response will not include Access-Control-* headers. If a request does not contain Access-Control-Request-Method, no Access-Control-Allow-Methods will be set.

  9. Access-Control-Allow-Headers is set to be equal to the contents of the Access-Control-Request-Headers header, if such header is present, Access-Control-Request-Method request header is present, and all headers are on the list of simple headers (Accept, Accept-Language, Content-Type, Content-Language) or on the user-set list. Where at least one header is not on the allowed list, then the response will not contain Access-Control-* headers. Where a request does not contain Access-Control-Request-Method and Access-Control-Request-Headers, Access-Control-Allow-Headers will not be stated.

  10. Access-Control-Max-Age header will be stated in accordance with that set by the user, but not by default.

  11. Any additional response header, specified by the client, will be added/overridden after CORS module processing, while, for example, Access-Control-Allow-Origin: * in header sections will be added irrespective of the CORS module operation results.

Module Configuration Process

CORS verification is active by default. If CORS authorization is disabled, all preflight requests will be forwarded to your origin. The headers, described above and set on the origin, will not be affected and will be transmitted unchanged to end users.

You may adjust the module operation by setting the following parameters:

Allowed Domains (not verified by default, all domains are allowed)

Values may set by either of the following methods:

  1. example.com – exact match
  2. *.example.com - all subdomains example.com exclusive of example.com
  3. .example.com – all Level 3 domains inclusive of example.com
  4. ~a\d+\.example.com – regular expression

Secure Request Headers

Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma are allowed by default. You may add your headers to this list.

Upper Level API Accessible Headers (Expose Headers)

Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma are allowed by default. You may add your headers to this list.

Safe Methods

GET, HEAD, POST are allowed by default. You may add your methods to this list.

Access-Control-Allow-Credentials Header

Cookies, sessions, authorizations are incompatible with caching services due to their operating logic. However, if you need to set an Access-Control-Allow-Credentials header, you can do it.

Preflight Request Response Lifetime

A period of time during which a response to a Preflight request is deemed to be relevant.

Attention!

Irrespective of whether CORS authorization is enabled/disabled and its operation results, you may manually redefine any header for responses to end users. To this end, specify its name and desired value in "Headers" section. Authorization header value will be substituted with that specified by you after the CORS verification stage completion.

GZip-compression

We compress some types of files by default to speed up your website loading. Please find below the list of the files types:

  • application/javascript
  • application/json
  • application/vnd.ms-fontobject
  • application/x-font-opentype
  • application/x-font-truetype
  • application/x-font-ttf
  • application/x-javascript
  • application/xml
  • application/xml+rss
  • font/eot
  • font/opentype
  • font/otf
  • image/svg+xml
  • image/vnd.microsoft.icon
  • image/x-icon
  • text/compressible
  • text/css
  • text/javascript
  • text/xml