HTTP caching

With this service, you can significantly increase the loading speed of such static objects as pictures, video files, audio files, css, JS, any documents and many others, which will reduce the response time of the site and increase the reliability of access to it. Your website visitors can instantly load even the most heavy pages.

All this will come in handy in games and in the distribution of files not only from the sites, but also social networks via a link. Your customers will download any document, update file or application from any source without delay or interruption.

HTTP resource creation

To get started, you need to create your first resource. To do this, on the left in the side menu, click on the CDN item, the "HTTP caching" tab, and then click on "CREATE RESOURCE" in the upper right corner.

After that, a dialog box will open, in which it is important to specify the correct data so that the service works flawlessly. Enter any resource name (in English).

Attention!

There is a limit of 100 resources. If you need more resources, please contact your personal manager or support.

HTTP resource configuration

Content source

To work correctly, CDN is important to correctly configure the data source. In the future, the CDN will refer to the specified source for caching content.

The source can be:

Domain, e.g.: www.example.com
IP-address, e.g.: 86.86.87.88

Attention

If you have multiple content sources (primary/backup), then you can configure the priority of each. If the source with the first priority is not available, the CDN will automatically switch to the next source. Switching back to the priority source will happen automatically when it will work in normal mode again.

To create S3 domain source, you should specify a permitted bucket in a corresponding field.

You can choose to use HTTPS when querying sources by selecting the appropriate option.

You can enable source certificate verification by selecting the appropriate option.

Attention

This option "Check source certificate" is only available together with "Use HTTPS when requesting sources" option.

You can choose AWS authorization when requesting origins. To do this, you should select the appropriate checkbox and enter two keys: the access key and the secret key.

If you use hosting services such as: Wix, Amazon S3, Selectel etc. Please pay particular attention to the Hostname.

Many virtual hostings (such as Amazon S3) have the practice of serving multiple sites from a single web server. In order for the CDN nodes to reach your content, you need to specify the correct Hostname.

If you don't know your Hostname or don't know where to find it, try using [this] (https://check-host.net?lang=en) service. Specify the domain of your site and on the "Information" tab look at the "Resource name" field.

Procedure if you do not know your Hostname:

Go to your website and copy the link to any picture by right-clicking on it.
Paste the link in a new browser window. The resulting domain will be the Source of content for your site. For example, if your site is hosted on Wix, the content source will be the domain [static.wixstatic.com] ()
Go to the resource [https://check-host.net?lang=en] (https://check-host.net) and specify the domain of your site (not the content source).
On the "Information" tab, look at the "Resource Name" - this is your Hostname. For example, if you are hosting on Amazon, then the Hostname may look like this: [ec7-54-151-126-156.eu-west-1.compute.amazonaws.com] ()
Enter the received Hostname in your personal account.

Distribution optimization

Tou should select one of the options for optimizing the distribution of content:

"Static files (default)" - optimization of distribution images, video files, JavaScript files, CSS files, etc. Text files are compressed (gzip by default) before distribution to users.
"Large files (> 20 MBytes)" - optimization of large files distribution. Files from the origin are downloaded in parts (HTTP Range requests). Compression is not performed on the CDN side.
"Segmented video stream" - optimization of HTTP LIVE streams (HLS, MPEG-DASH, MSS) distribution.

For the "Large files (> 20 MBytes)" optimization option, the slice size (the size of the range request part) can be specified as an integer MB from 1 to 1024. Default value: 16 MB.

Attention

We recommend to clear the resource cache after change the slice size

Important

There are restrictions for various types of distribution optimizations:

Static files (default) - only one of the options (image optimization and modification, video converting, Brotli compression) can be enabled in the rules.
Large files (> 20 MBytes) - in resource and rules can't enable image optimization and modification, video converting and Brotli compression options.
Segmented video stream - in the resource and rules can enable Brotli compression and can't enable image optimization and modification and video converting options.

SSL-certificate

By default, after saving the settings, your content will be available via HTTPS and will look like [https://example.a.trbcdn.net] (). If in the future you plan to hide the use of CDN by configuring CNAME, and you have your own certificate, then the first step before creating the resource is to upload your certificate and then select it from the available ones when creating the resource.

Attention

If you started creating a resource and do not want to lose the data already filled in, you can upload your certificate later, after creating the resource, and then attaching it to the resource.

CNAME Record

The CNAME record allows you to assign an alias to the host. This alias usually associates some function with the host, or simply abbreviates its name.

By default, your content will be available at [example.a.trbcdn.net/images/1.jpg] (), but you can configure access to your content at [cdn.example.com/images/1.jpg] () ... To do this, you need to create a CNAME record according to the instructions below. The record should be created on those servers to which your domain is delegated.

Open the DNS management page on the website of the company that provides you with DNS hosting services.
Create a CNAME-record with the following values of fields (in different control panels field names may vary):
- Name (Host) - "cdn".
  
  Some control panels require the fully qualified subdomain name as the entry name, for example, [cdn.example.com] ().
- Value — example.a.trbcdn.net..
Wait for DNS changes to take effect. This process can take up to 72 hours.

Additional settings

Follow redirects

By default, only responses with "301 Moved Permanently"/"302 Found" codes are cached when they are received from your origin. Enable this option to be able to go to addresses and redirect content caching.

Use HTTP2

The HTTP/2.0 protocol is supported by default. Disable this option if support for this protocol is not required.

Use only modern versions of TLS

By default, all versions of the TLS protocol are used, but you can enable the use of only new versions of the TLS protocol (v1.2, v1.3).

Use strong SSL ciphers

You can enable the use of strong SSL ciphers.

Attention

The option is only available together with "Use only modern versions of TLS" option.

HTTPS settings

By default, your content will be available from CDNvideo hosts over both HTTP and HTTPS. But you can set up automatic redirection using the "Automatically redirect HTTP to HTTPS" option.

Attention

If you have configured HTTP to HTTPS redirection, HTTP requests will be returned with a "301 Redirected" response code.

If you want to use only the HTTPS protocol, activate the "Use only HTTPS" option.

Attention

If you have enabled access to content only over HTTPS, then a response with the code "403 Forbidden" will be returned to all HTTP requests.

Search indexing

Attention!

By default, we exclude CDN links from indexing so that search robots do not see a mirror of your site. If a robot catches a mirror of your site, this can lead to the exclusion of the site from indexing. Only advanced users are advised to work with this section.

With this setting, you can fine-tune the indexing of your content by search robots. You can set up proxying your robots.txt file or upload it from your device to our portal. Before proxying or uploading your robots.txt, we recommend that you first check the correctness of its filling on a special [resource] (https://www.websiteplanet.com/webtools/robots-txt/).

Time of content caching

Here you can specify the caching time depending on the response code (2xx, 3xx) and set to ignore the caching control headers ("Expires" and "Cache-Control").

Query String

If this option is enabled, caching content will take into account the parameters in the link of the form: [site.com/img/1.jpg?id=3] ()

Authorization $

Local authorization $

Description:

Authorization of user requests is performed exclusively in the CDN network, external resources are not used. The decision to access a resource is made by means of our network based on the criteria specified by the content owner:

Secret key. It is checked that the link was generated by the content owner.
The URI of the requested resource. It is checked that the link was generated specifically for this file.
User's IP address (optional). It is checked that the resource was requested from exactly the IP address for which the link was generated. You can disable the check by selecting the "Do not impose IP address filter" option.
The expiration time of the link (optional). You can turn off the check by selecting the "Do not impose time restrictions" option.

At the moment the user accesses a protected resource, the content owner needs to generate a special link.

Example:

http://example.a.trbcdn.net/md5(kymJ2w55VH4LUMSKGb6ZqA,1704067200)/path/to/file

The link contains authorization parameter md5(<md5 hash>[,<expires>]):

<md5 hash> - MD5 hash in Base64 format for URL, generated based on secret key, URI of the requested resource, user's IP address (optional) and link lifetime (optional);
<expires> is the expiration time of the link in POSIX time format (optional).

When accessing content using the generated link, the CDN calculates the MD5 value and compares it with the received one. If the MD5 value does not match, then a 403 Forbidden response is returned to the user (access is denied).

If the current time exceeds the value <expires>, then a response with the code 410 Gone (the target resource is no longer available) is returned to the user.

Algorithm for generating an MD5 hash (<md5_hash>) for signing links:

Form the signature string <secret_word><path_to_file><ip><expire_time>. The <ip> and/or <expire_time> elements are not added to the signature string if Do not impose IP address filter and/or Do not impose time restrictions is specified in the local authorization settings.
Generate base64_url via base64_url(md5(<signature string>)).
Generate the <md5 hash> signature by performing the following substitutions in base64_url:
- replace the = character with the empty string ''.
- replace the + character with -
- replace the / character with _
Form the link using the obtained signature <md5 hash>.

Attention

The domain part of the URI is not used when calculating the hash!
You can sign part of the path (for example, for /path/to/file, you can sign the file itself, /path/to, /path)
When generating MD5, the URL should not contain urlencoded characters, but should contain the original characters: cyrillic, spaces, percentages, etc. Then you should request the urlencoded version of the URL with this hash.
The MD5 hash calculated for HTTP is the baseline for this resource. The same hash will be used for links to a file over the HTTP, HTTPS protocols, despite the fact that the URI for different protocols may differ slightly.

Example of link generation:

There are the following input data:
- Secret key: zah5Mey9Quu8Ea1k
- User IP address: 1.2.3.4
- File URI: http://example.a.trbcdn.net/path/to/file
- Expiration time of the link: 1704067200
Form the signature string <secret_word><path_to_file><ip><expire_time>. Let's assume that we include both IP address and link expiration time.

Then the signature string looks like this: zah5Mey9Quu8Ea1k/path/to/file1.2.3.41704067200

Generate <md5 hash>:

PHP example:

$ php -r 'print str_replace("=", "",strtr(base64_encode(md5("zah5Mey9Quu8Ea1k/path/to/file1.2.3.41704067200", TRUE)), "+/", "-_")) . "\n";'
kymJ2w55VH4LUMSKGb6ZqA

Python example:

#!/usr/bin/python3
import base64
import hashlib

secret_word = 'zah5Mey9Quu8Ea1k'
path = '/path/to/file'
ip_address = '1.2.3.4'
expiration_timestamp = 1704067200

def generate_local_signature(secret_word, path, ip_address=None, timestamp=None):
    string_to_sign = f'{secret_word}{path}'
    if ip_address is not None:
        string_to_sign = f'{string_to_sign}{ip_address}'
    if timestamp is not None:
        string_to_sign = f'{string_to_sign}{timestamp}'

    hashed_string = hashlib.md5(string_to_sign.encode()).digest()
    decoded_base64_string = base64.b64encode(hashed_string).decode()
    local_signature = decoded_base64_string.replace('+', '-').replace('/', '_').replace('=', '')
    return local_signature

print(generate_local_signature(secret_word, path, ip_address, expiration_timestamp))
# kymJ2w55VH4LUMSKGb6ZqA

Result link:

http://example.a.trbcdn.net/md5(kymJ2w55VH4LUMSKGb6ZqA,1704067200)/path/to/file

External authorization $

External authorization is intended to be able to restrict access to a resource with arbitrary logic described in your authorization script.

The decision on access to content is made based on the response of your script, the link to which you indicate in your personal account when creating/editing a resource.

If the authorization of the script came the reply with a status 200, access to the content is permitted. Otherwise, access is denied.

The authorization script is passed the following headers:

Host: contains the domain name for which the request is intended;
X-Request-URI: contains the URI of the requested resource;
X-Forwarded-For: contains the real IP address of the user who is requesting the resource;
X-Remote-Addr: contains the IP address of the user who is requesting the resource, or of the proxy server.

Limitations $

Description

In this section you can set up limitations by country and region, IP address, referer or useragent

Module Configuration Process

Activate the type of limitation you need and select the default rule (deny or allow).
Add exceptions to the default rule. For geo limitations, also select the rule for the exclusion itself. Thus, you can, for example, deny traffic for the entire country, while allowing it for a specific region.
Set the time intervals for the rule if required. The intervals must not overlap.
You can add several rules of each type, but their time intervals must not overlap.

Brotli Compression $

This option enables Brotli compression.

Brotli is an open-source lossless data compression algorithm devised by Google in 2015. It uses a dictionary of frequently repeating string sequences in plaintext files (e.g. .css, .js), this allows for a 20% higher level of compression in comparison with gzip. Can be enabled for the resource as a whole as well as only for specific locations matched in the path through the configuration interface. Only functional when using HTTPS.

Compression supports the following MIME-types:

application/javascript
application/json
application/vnd.apple.mpegurl
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/xml
application/xml+rss
font/eot - font/opentype
font/otf - image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/compressible
text/css
text/javascript
text/xml

For correct operation, the user's browser should send the Accept-Encoding: br header (Brotli is supported in Chrome 49+, Firefox 44+, Opera 36+).

Image Optimization and Modification $

By switching on this option, you can optimize image distribution and its on-the-fly modification.

Important

There is a file size limit - up to 2 MB. Files larger than 2 MB are not processed and will be returned unchanged. If you need to process files larger than 2 MB, please contact your personal manager or support.

Image distribution optimization $

This service allows you to convert JPEG, GIF, PNG (.jpg, .jpeg, .png, .gif) images to WEBP (.webp) file format on the fly. WebP is a file format that features an advanced compression algorithm that allows you to reduce the size of the image by 25-35% without visible loss in quality. The WebP format is supported by most modern browsers.

Our solution parses the HTTP Accept header from the user data request and identifies if the user's browser supports the WebPformat:

if it does, the image is presented in WebP format;
if it does not, the image is presented in its original format.

Conversion to the WebP format occurs automatically in asynchronous mode. It means that:

You do not need to change the web resource code and/or image link type (format) beforehand.
The first request from an end user owning an image supporting WebP format signals that the image conversion to WebP format can be started. In this case, an image in its original format can be returned in response to the first request to avoid conversion delay. When the conversion is complete, all subsequent requests to this image will return images in WebP format if supported by end-user browsers.

You can change the image quality at the same time with the quality modifier. If the modifier is not specified, then the default is quality = 75.

Image modification $

The service allows you to modify images on the fly at the time of request. Only images with jpeg, jpg, gif, png and webp file extensions are processed.

URIs of /ioss(<modification parameter>=<value>)/ type are interpreted as special and are not passed to the source, they are used to return the modified image. The result of the transformation is a modified image received by the user. If there are no special URIs in the image path when requested, the original image is presented to the user.

Available modifications:

Modification	Modification parameter	Possible values
Quality change	`quality`	`1-100` `integer`
Size change	`resize=<width>x<height>`, `resize=<width>`, `resize=x<height>`	`1-4000` `integer (pixels)` `for <width>, <height>`
Progressive JPEG	`progressive`	`y/n`

quality

This option allows you to change the quality of an image.

The value is an integer in the range of 1 to 100. The greater the value, the higher the quality.

Request examples:

https://example.a.trbcdn.net/ioss(quality=70)/example.jpg

https://example.a.trbcdn.net/ioss(quality=1)/example.jpg

resize

This option allows you to change the size of an image. The new size is set in user requests as the resize parameter either in <width>x<height> or <width> or x<height> formats. In the last two cases, the second dimension is based on the aspect ratio of the original image. Lossless resizing is possible only downwards. Dimensions are given as integers.

Request examples:

https://example.a.trbcdn.net/ioss(resize=400x300)/example.jpg

https://example.a.trbcdn.net/ioss(resize=x200)/example.jpg

progressive

This option allows you to first render the image at a lower quality and then improve it during the loading process.

Request example:

https://example.a.trbcdn.net/ioss(progressive=y)/example.jpg

Video converting

Activate this service if you have a video as a MP4-file, and you need to distribute it via HLS or MPEG-DASH streaming protocols. The service can be enabled for the entire resource, or for a specific path (rule).

Important

We don`t support the Fragmented MP4 container for this option. You can check the file container with the command MP4Box -info test.mp4

Examples of requests for playing MP4 files using streaming protocols can be found on the "Setup instructions" tab on the resource editing page.

Video pirate protection (DRM)

Activate the service if you plan to use technical copyright protection that restricts pirated access to video - DRM (Digital Rights Management).

Before enabling the option, a manager will contact you.

Rules

This section is intended for fine tuning the CDN network operation. After creating a resource, the "Rules" tab will appear on the resource editing page. In this tab, you can edit the base rule (which apply to the entire resource) or create individual rules for any section/path. Rules allow you to control headers, caching, CORS and authorization.

Basic

Specify path to a directory or to a particular file that the rule is to be applied to.

Headers

In this section, you can specify special headers that you want to add when accessing the data source ("to origin" type), or when distributing content to users ("to customer" type).

Timeouts

This section provides you an opportunity to specify acceptable timeouts for CDNvideo nodes requesting from your origin. If the acceptable timeout is exceeded, the CDN network will switch to another content resource, mentioned in the Content source section.

Caching

This section provides you an opportunity to specify the caching time, depending on the response code (2xx, 3xx, 4xx, 5xx), set up ignoring cache management headers (Cache-Control and Expires), and enable taking into consideration query string parameters when caching.

CORS

Description

In some cases, a browser may treat a request to access to certain content hosted on a CDN network as a cross-domain request and block it. It is primarily related to fonts. The issue is addressed by setting CORS (Cross-Origin Resource Sharing) headers for cached objects.

There are two options:

You can set CORS headers on the origin server and disable their verification in our network yourself.
You can set up CORS verification in the Your Account section in our network.

Setup in Your Account

The CORS verification procedure provided for configuration is based on our proprietary module operation. Its functionality is based on W3C recommendations.

Module Operation Fundamentals:

Where CORS is enabled, Access-Control-* headers from the origin are always ignored and excluded from the response.
Any request without Origin header is not a cross-resource request, and Access-Control-* headers are not transmitted to the client.
Our module never adds Access-Control-Request-* headers, since they are incoming request headers generated by the browser, same as Origin.
Where there is an Origin header, its contents will be matched against that set by the user. In the absence of restrictions, the Access-Control-Allow-Origin response header will include "*", while where there are any restrictions and where Origin is on the allowed list, then ACAO will include http(s?)://${http_origin}; otherwise, the response will include Access-Control-* headers.
Access-Control-Expose-Headers headers are added, if such headers are set by the user. By default, we state a permission to access Content-Range for the operation of range-requests (for JS-based players).
Access-Control-Allow-Credentials (ACAC) headers are included in accordance to that set by the user.
Access-Control-Allow-Methods, Access-Control-Allow-Headers, and Access-Control-Max-Age headers are included only in a response to a request based on the OPTIONS method, which is processed locally and not forwarded to the origin.
Access-Control-Allow-Methods header is set to be equal to the contents of the Access-Control-Request-Method header, if such header is present and is on the list of simple requests (GET, HEAD, POST), or a list set by the user. Where the method is not on the allowed list, then the response will not include Access-Control-* headers. If a request does not contain Access-Control-Request-Method, no Access-Control-Allow-Methods will be set.
Access-Control-Allow-Headers is set to be equal to the contents of the Access-Control-Request-Headers header, if such header is present, Access-Control-Request-Method request header is present, and all headers are on the list of simple headers (Accept, Accept-Language, Content-Type, Content-Language) or on the user-set list. Where at least one header is not on the allowed list, then the response will not contain Access-Control-* headers. Where a request does not contain Access-Control-Request-Method and Access-Control-Request-Headers, Access-Control-Allow-Headers will not be stated.
Access-Control-Max-Age header will be stated in accordance with that set by the user, but not by default.
Any additional response header, specified by the client, will be added/overridden after CORS module processing, while, for example, Access-Control-Allow-Origin: * in header sections will be added irrespective of the CORS module operation results.

Module Configuration Process

CORS verification is active by default. If CORS authorization is disabled, all preflight requests will be forwarded to your origin. The headers, described above and set on the origin, will not be affected and will be transmitted unchanged to end users.

You may adjust the module operation by setting the following parameters:

Allowed Domains (not verified by default, all domains are allowed)

Values may set by either of the following methods:

example.com – exact match
*.example.com - all subdomains example.com exclusive of example.com
.example.com – all Level 3 domains inclusive of example.com
~a\d+\.example.com – regular expression

Secure Request Headers

Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma are allowed by default. You may add your headers to this list.

Upper Level API Accessible Headers (Expose Headers)

Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma are allowed by default. You may add your headers to this list.

Safe Methods

GET, HEAD, POST are allowed by default. You may add your methods to this list.

Access-Control-Allow-Credentials Header

Cookies, sessions, authorizations are incompatible with caching services due to their operating logic. However, if you need to set an Access-Control-Allow-Credentials header, you can do it.

Preflight Request Response Lifetime

A period of time during which a response to a Preflight request is deemed to be relevant.

Attention!

Irrespective of whether CORS authorization is enabled/disabled and its operation results, you may manually redefine any header for responses to end users. To this end, specify its name and desired value in "Headers" section. Authorization header value will be substituted with that specified by you after the CORS verification stage completion.

Limitations $

Limitations for a specific path (rule) are activated in the same way as limitations for the entire resource.

Authorization $

In this section, you can configure local or external authorization to restrict access to your content.

Others

Brotli Compression $

This option enables Brotli compression.

Brotli is an open-source lossless data compression algorithm devised by Google in 2015. It uses a dictionary of frequently repeating string sequences in plaintext files (e.g. .css, .js), this allows for a 20% higher level of compression in comparison with gzip. Can be enabled for the resource as a whole as well as only for specific locations matched in the path through the configuration interface. Only functional when using HTTPS.

Compression supports the following MIME-types:

application/javascript
application/json
application/vnd.apple.mpegurl
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/xml
application/xml+rss
font/eot - font/opentype
font/otf - image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/compressible
text/css
text/javascript
text/xml

For correct operation, the user's browser should send the Accept-Encoding: br header (Brotli is supported in Chrome 49+, Firefox 44+, Opera 36+).

Image Optimization and Modification $

Image Optimization and Modification for a specific path (rule) works in the same way as option for the entire resource.

Video converting

Activate this service if you have a video as a MP4-file, and you need to distribute it via HLS or MPEG-DASH streaming protocols. The service can be enabled for the entire resource, or for a specific path (rule).

Important

This option is incompatible with the "Image optimization and modification" option. If you need to use both options, then you need to enable them for different rules (file paths).
We don`t support the Fragmented MP4 container for this option. You can check the file container with the command MP4Box -info test.mp4

Examples of requests for playing MP4 files using streaming protocols can be found on the "Setup instructions" tab on the resource editing page.

GZip-compression

We compress some types of files by default to speed up your website loading. Please find below the list of the files types:

application/javascript
application/json
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/xml
application/xml+rss
font/eot
font/opentype
font/otf
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
text/compressible
text/css
text/javascript
text/xml