Overview
IAM
CDN
Managed DNS
Cloud
DDoS Protection
FastEdge
WAAP
Streaming
Object Storage
Resellers
import os
from gcore import Gcore
client = Gcore(
api_key=os.environ.get("GCORE_API_KEY"), # This is the default and can be omitted
)
cdn_resource = client.cdn.resources.create(
cname="cdn.site.com",
origin="example.com",
origin_group=132,
)
print(cdn_resource.id){
"id": 220,
"cname": "cdn.site.com",
"active": true,
"enabled": true,
"status": "active",
"deleted": false,
"client": 170,
"name": "Resource for images",
"description": "My resource",
"created": "2017-06-10T10:30:04.954354Z",
"updated": "2017-06-14T05:05:42.065221Z",
"originGroup": 132,
"originGroup_name": "Resource origin group",
"originProtocol": "HTTPS",
"secondaryHostnames": [
"first.example.com",
"second.example.com"
],
"shielded": false,
"shield_dc": null,
"shield_enabled": false,
"shield_routing_map": null,
"sslEnabled": false,
"sslData": 192,
"proxy_ssl_enabled": false,
"proxy_ssl_ca": null,
"proxy_ssl_data": null,
"preset_applied": false,
"vp_enabled": false,
"full_custom_enabled": false,
"can_purge_by_urls": false,
"suspend_date": null,
"suspended": false,
"primary_resource": null,
"is_primary": null,
"waap_domain_id": "123",
"rules": [],
"options": {
"allowedHttpMethods": {
"enabled": true,
"value": [
"GET",
"POST"
]
},
"bot_protection": {
"enabled": true,
"bot_challenge": {
"enabled": true
}
},
"brotli_compression": {
"enabled": true,
"value": [
"text/html",
"text/plain"
]
},
"browser_cache_settings": {
"enabled": true,
"value": "3600s"
},
"cache_http_headers": {
"enabled": false,
"value": [
"vary",
"content-length",
"last-modified",
"connection",
"accept-ranges",
"content-type",
"content-encoding",
"etag",
"cache-control",
"expires",
"keep-alive",
"server"
]
},
"cors": {
"enabled": true,
"value": [
"domain.com",
"domain2.com"
],
"always": true
},
"country_acl": {
"enabled": true,
"policy_type": "allow",
"excepted_values": [
"GB",
"DE"
]
},
"disable_cache": {
"enabled": true,
"value": false
},
"disable_proxy_force_ranges": {
"enabled": true,
"value": true
},
"edge_cache_settings": {
"enabled": true,
"value": "43200s",
"custom_values": {
"100": "43200s"
}
},
"fastedge": {
"enabled": true,
"on_request_headers": {
"enabled": true,
"app_id": "1001",
"interrupt_on_error": true
}
},
"fetch_compressed": {
"enabled": true,
"value": false
},
"follow_origin_redirect": {
"enabled": true,
"codes": [
302,
308
]
},
"force_return": {
"enabled": true,
"code": 301,
"body": "http://example.com/redirect_address",
"time_interval": {
"start_time": "09:00",
"end_time": "20:00",
"time_zone": "CET"
}
},
"forward_host_header": {
"enabled": false,
"value": false
},
"gzipOn": {
"enabled": true,
"value": true
},
"hostHeader": {
"enabled": true,
"value": "host.com"
},
"http3_enabled": {
"enabled": true,
"value": true
},
"ignore_cookie": {
"enabled": true,
"value": true
},
"ignoreQueryString": {
"enabled": true,
"value": false
},
"image_stack": {
"enabled": true,
"avif_enabled": true,
"webp_enabled": false,
"quality": 80,
"png_lossless": true
},
"ip_address_acl": {
"enabled": true,
"policy_type": "deny",
"excepted_values": [
"192.168.1.100/32"
]
},
"limit_bandwidth": {
"enabled": true,
"limit_type": "static",
"speed": 100,
"buffer": 200
},
"proxy_cache_key": {
"enabled": true,
"value": "$scheme$uri"
},
"proxy_cache_methods_set": {
"enabled": true,
"value": false
},
"proxy_connect_timeout": {
"enabled": true,
"value": "4s"
},
"proxy_read_timeout": {
"enabled": true,
"value": "10s"
},
"query_params_blacklist": {
"enabled": true,
"value": [
"some",
"blacklisted",
"query"
]
},
"query_params_whitelist": {
"enabled": true,
"value": [
"some",
"whitelisted",
"query"
]
},
"query_string_forwarding": {
"enabled": true,
"forward_from_file_types": [
"m3u8",
"mpd"
],
"forward_to_file_types": [
"ts",
"mp4"
],
"forward_only_keys": [
"auth_token",
"session_id"
],
"forward_except_keys": [
"debug_info"
]
},
"redirect_http_to_https": {
"enabled": true,
"value": true
},
"redirect_https_to_http": {
"enabled": false,
"value": true
},
"referrer_acl": {
"enabled": true,
"policy_type": "deny",
"excepted_values": [
"example.com",
"*.example.net"
]
},
"request_limiter": {
"enabled": true,
"rate_unit": "r/s",
"rate": 5,
"burst": 5,
"delay": 0
},
"response_headers_hiding_policy": {
"enabled": true,
"mode": "hide",
"excepted": [
"my-header"
]
},
"rewrite": {
"enabled": true,
"body": "/(.*) /additional_path/$1",
"flag": "break"
},
"secure_key": {
"enabled": true,
"key": "secretkey",
"type": 2
},
"slice": {
"enabled": true,
"value": true
},
"sni": {
"enabled": true,
"sni_type": "custom",
"custom_hostname": "custom.example.com"
},
"stale": {
"enabled": true,
"value": [
"http_404",
"http_500"
]
},
"static_response_headers": {
"enabled": true,
"value": [
{
"name": "X-Example",
"value": [
"Value_1"
],
"always": true
},
{
"name": "X-Example-Multiple",
"value": [
"Value_1",
"Value_2",
"Value_3"
],
"always": false
}
]
},
"staticHeaders": {
"enabled": true,
"value": {
"X-Example": "Value_1",
"X-Example-Multiple": [
"Value_2",
"Value_3"
]
}
},
"staticRequestHeaders": {
"enabled": true,
"value": {
"Header-One": "Value 1",
"Header-Two": "Value 2"
}
},
"tls_versions": {
"enabled": true,
"value": [
"SSLv3",
"TLSv1.3"
]
},
"use_default_le_chain": {
"enabled": true,
"value": true
},
"use_dns01_le_challenge": {
"enabled": true,
"value": true
},
"use_rsa_le_cert": {
"enabled": true,
"value": true
},
"user_agent_acl": {
"enabled": true,
"policy_type": "allow",
"excepted_values": [
"UserAgent Value",
""
]
},
"waap": {
"enabled": true,
"value": true
},
"websockets": {
"enabled": true,
"value": true
}
}
}Create CDN resource
import os
from gcore import Gcore
client = Gcore(
api_key=os.environ.get("GCORE_API_KEY"), # This is the default and can be omitted
)
cdn_resource = client.cdn.resources.create(
cname="cdn.site.com",
origin="example.com",
origin_group=132,
)
print(cdn_resource.id){
"id": 220,
"cname": "cdn.site.com",
"active": true,
"enabled": true,
"status": "active",
"deleted": false,
"client": 170,
"name": "Resource for images",
"description": "My resource",
"created": "2017-06-10T10:30:04.954354Z",
"updated": "2017-06-14T05:05:42.065221Z",
"originGroup": 132,
"originGroup_name": "Resource origin group",
"originProtocol": "HTTPS",
"secondaryHostnames": [
"first.example.com",
"second.example.com"
],
"shielded": false,
"shield_dc": null,
"shield_enabled": false,
"shield_routing_map": null,
"sslEnabled": false,
"sslData": 192,
"proxy_ssl_enabled": false,
"proxy_ssl_ca": null,
"proxy_ssl_data": null,
"preset_applied": false,
"vp_enabled": false,
"full_custom_enabled": false,
"can_purge_by_urls": false,
"suspend_date": null,
"suspended": false,
"primary_resource": null,
"is_primary": null,
"waap_domain_id": "123",
"rules": [],
"options": {
"allowedHttpMethods": {
"enabled": true,
"value": [
"GET",
"POST"
]
},
"bot_protection": {
"enabled": true,
"bot_challenge": {
"enabled": true
}
},
"brotli_compression": {
"enabled": true,
"value": [
"text/html",
"text/plain"
]
},
"browser_cache_settings": {
"enabled": true,
"value": "3600s"
},
"cache_http_headers": {
"enabled": false,
"value": [
"vary",
"content-length",
"last-modified",
"connection",
"accept-ranges",
"content-type",
"content-encoding",
"etag",
"cache-control",
"expires",
"keep-alive",
"server"
]
},
"cors": {
"enabled": true,
"value": [
"domain.com",
"domain2.com"
],
"always": true
},
"country_acl": {
"enabled": true,
"policy_type": "allow",
"excepted_values": [
"GB",
"DE"
]
},
"disable_cache": {
"enabled": true,
"value": false
},
"disable_proxy_force_ranges": {
"enabled": true,
"value": true
},
"edge_cache_settings": {
"enabled": true,
"value": "43200s",
"custom_values": {
"100": "43200s"
}
},
"fastedge": {
"enabled": true,
"on_request_headers": {
"enabled": true,
"app_id": "1001",
"interrupt_on_error": true
}
},
"fetch_compressed": {
"enabled": true,
"value": false
},
"follow_origin_redirect": {
"enabled": true,
"codes": [
302,
308
]
},
"force_return": {
"enabled": true,
"code": 301,
"body": "http://example.com/redirect_address",
"time_interval": {
"start_time": "09:00",
"end_time": "20:00",
"time_zone": "CET"
}
},
"forward_host_header": {
"enabled": false,
"value": false
},
"gzipOn": {
"enabled": true,
"value": true
},
"hostHeader": {
"enabled": true,
"value": "host.com"
},
"http3_enabled": {
"enabled": true,
"value": true
},
"ignore_cookie": {
"enabled": true,
"value": true
},
"ignoreQueryString": {
"enabled": true,
"value": false
},
"image_stack": {
"enabled": true,
"avif_enabled": true,
"webp_enabled": false,
"quality": 80,
"png_lossless": true
},
"ip_address_acl": {
"enabled": true,
"policy_type": "deny",
"excepted_values": [
"192.168.1.100/32"
]
},
"limit_bandwidth": {
"enabled": true,
"limit_type": "static",
"speed": 100,
"buffer": 200
},
"proxy_cache_key": {
"enabled": true,
"value": "$scheme$uri"
},
"proxy_cache_methods_set": {
"enabled": true,
"value": false
},
"proxy_connect_timeout": {
"enabled": true,
"value": "4s"
},
"proxy_read_timeout": {
"enabled": true,
"value": "10s"
},
"query_params_blacklist": {
"enabled": true,
"value": [
"some",
"blacklisted",
"query"
]
},
"query_params_whitelist": {
"enabled": true,
"value": [
"some",
"whitelisted",
"query"
]
},
"query_string_forwarding": {
"enabled": true,
"forward_from_file_types": [
"m3u8",
"mpd"
],
"forward_to_file_types": [
"ts",
"mp4"
],
"forward_only_keys": [
"auth_token",
"session_id"
],
"forward_except_keys": [
"debug_info"
]
},
"redirect_http_to_https": {
"enabled": true,
"value": true
},
"redirect_https_to_http": {
"enabled": false,
"value": true
},
"referrer_acl": {
"enabled": true,
"policy_type": "deny",
"excepted_values": [
"example.com",
"*.example.net"
]
},
"request_limiter": {
"enabled": true,
"rate_unit": "r/s",
"rate": 5,
"burst": 5,
"delay": 0
},
"response_headers_hiding_policy": {
"enabled": true,
"mode": "hide",
"excepted": [
"my-header"
]
},
"rewrite": {
"enabled": true,
"body": "/(.*) /additional_path/$1",
"flag": "break"
},
"secure_key": {
"enabled": true,
"key": "secretkey",
"type": 2
},
"slice": {
"enabled": true,
"value": true
},
"sni": {
"enabled": true,
"sni_type": "custom",
"custom_hostname": "custom.example.com"
},
"stale": {
"enabled": true,
"value": [
"http_404",
"http_500"
]
},
"static_response_headers": {
"enabled": true,
"value": [
{
"name": "X-Example",
"value": [
"Value_1"
],
"always": true
},
{
"name": "X-Example-Multiple",
"value": [
"Value_1",
"Value_2",
"Value_3"
],
"always": false
}
]
},
"staticHeaders": {
"enabled": true,
"value": {
"X-Example": "Value_1",
"X-Example-Multiple": [
"Value_2",
"Value_3"
]
}
},
"staticRequestHeaders": {
"enabled": true,
"value": {
"Header-One": "Value 1",
"Header-Two": "Value 2"
}
},
"tls_versions": {
"enabled": true,
"value": [
"SSLv3",
"TLSv1.3"
]
},
"use_default_le_chain": {
"enabled": true,
"value": true
},
"use_dns01_le_challenge": {
"enabled": true,
"value": true
},
"use_rsa_le_cert": {
"enabled": true,
"value": true
},
"user_agent_acl": {
"enabled": true,
"policy_type": "allow",
"excepted_values": [
"UserAgent Value",
""
]
},
"waap": {
"enabled": true,
"value": true
},
"websockets": {
"enabled": true,
"value": true
}
}
}Authorizations
API key for authentication. Make sure to include the word apikey, followed by a single space and then your token.
Example: apikey 1234$abcdef
Body
Delivery domains that will be used for content delivery through a CDN.
Delivery domains should be added to your DNS settings.
"cdn.site.com"
Origin group ID with which the CDN resource is associated.
You can use either the origin or originGroup parameter in the request.
132
IP address or domain name of the origin and the port, if custom port is used.
You can use either the origin or originGroup parameter in the request.
"example.com"
Enables or disables a CDN resource.
Possible values:
- true - CDN resource is active. Content is being delivered.
- false - CDN resource is deactivated. Content is not being delivered.
true
Protocol used by CDN servers to request content from an origin source.
Possible values:
- HTTPS - CDN servers will connect to the origin via HTTPS.
- HTTP - CDN servers will connect to the origin via HTTP.
- MATCH - connection protocol will be chosen automatically (content on the origin source should be available for the CDN both through HTTP and HTTPS).
If protocol is not specified, HTTP is used to connect to an origin server.
HTTP, HTTPS, MATCH "HTTPS"
CDN resource name.
"Resource for images"
Optional comment describing the CDN resource.
"My resource"
Additional delivery domains (CNAMEs) that will be used to deliver content via the CDN.
Up to ten additional CNAMEs are possible.
["first.example.com", "second.example.com"]Defines whether the HTTPS protocol enabled for content delivery.
Possible values:
- true - HTTPS is enabled.
- false - HTTPS is disabled.
false
ID of the SSL certificate linked to the CDN resource.
Can be used only with "sslEnabled": true.
192
Enables or disables SSL certificate validation of the origin server before completing any connection.
Possible values:
- true - Origin SSL certificate validation is enabled.
- false - Origin SSL certificate validation is disabled.
false
ID of the trusted CA certificate used to verify an origin.
It can be used only with "proxy_ssl_enabled": true.
null
ID of the SSL certificate used to verify an origin.
It can be used only with "proxy_ssl_enabled": true.
null
ID of the main CDN resource which has a shared caching zone with a reserve CDN resource.
If the parameter is not empty, then the current CDN resource is the reserve. You cannot change some options, create rules, set up origin shielding, or use the reserve CDN resource for Streaming.
null
Defines whether the associated WAAP Domain is identified as an API Domain.
Possible values:
- true - The associated WAAP Domain is designated as an API Domain.
- false - The associated WAAP Domain is not designated as an API Domain.
List of options that can be configured for the CDN resource.
In case of null value the option is not added to the CDN resource.
Option may inherit its value from the global account settings.
Show child attributes
Show child attributes
HTTP methods allowed for content requests from the CDN.
{ "enabled": true, "value": ["GET", "POST"] }Allows to prevent online services from overloading and ensure your business workflow running smoothly.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
{
"enabled": true,
"bot_challenge": { "enabled": true }
}Compresses content with Brotli on the CDN side. CDN servers will request only uncompressed content from the origin.
Notes:
- CDN only supports "Brotli compression" when the "origin shielding" feature is activated.
- If a precache server is not active for a CDN resource, no compression occurs, even if the option is enabled.
brotli_compressionis not supported withfetch_compressedorsliceoptions enabled.fetch_compressedoption in CDN resource settings overridesbrotli_compressionin rules. If you enabledfetch_compressedin CDN resource and want to enablebrotli_compressionin a rule, you must specifyfetch_compressed:falsein the rule.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Allows to select the content types you want to compress.
text/html is a mandatory content type.
application/javascript, application/json, application/vnd.ms-fontobject, application/wasm, application/x-font-ttf, application/x-javascript, application/xml, application/xml+rss, image/svg+xml, image/x-icon, text/css, text/html, text/javascript, text/plain, text/xml {
"enabled": true,
"value": ["text/html", "text/plain"]
}Cache expiration time for users browsers in seconds.
Cache expiration time is applied to the following response codes: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308.
Responses with other codes will not be cached.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Set the cache expiration time to '0s' to disable caching.
The maximum duration is any equivalent to 1y.
{ "enabled": true, "value": "3600s" }Legacy option. Use the response_headers_hiding_policy option instead.
HTTP Headers that must be included in the response.
{
"enabled": false,
"value": [
"vary",
"content-length",
"last-modified",
"connection",
"accept-ranges",
"content-type",
"content-encoding",
"etag",
"cache-control",
"expires",
"keep-alive",
"server"
]
}Enables or disables CORS (Cross-Origin Resource Sharing) header support.
CORS header support allows the CDN to add the Access-Control-Allow-Origin header to a response to a browser.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Value of the Access-Control-Allow-Origin header.
Possible values:
- Adds * as the Access-Control-Allow-Origin header value - Content will be uploaded for requests from any domain.
"value": ["*"] - Adds "$
http_origin" as the Access-Control-Allow-Origin header value if the origin matches one of the listed domains - Content will be uploaded only for requests from the domains specified in the field."value": ["domain.com", "second.dom.com"] - Adds "$
http_origin" as the Access-Control-Allow-Origin header value - Content will be uploaded for requests from any domain, and the domain from which the request was sent will be added to the "Access-Control-Allow-Origin" header in the response."value": ["$http_origin"]
Defines whether the Access-Control-Allow-Origin header should be added to a response from CDN regardless of response code.
Possible values:
- true - Header will be added to a response regardless of response code.
- false - Header will only be added to responses with codes: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308.
{
"enabled": true,
"value": ["domain.com", "domain2.com"],
"always": true
}Enables control access to content for specified countries.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Defines the type of CDN resource access policy.
Possible values:
- allow - Access is allowed for all the countries except for those specified in
excepted_valuesfield. - deny - Access is denied for all the countries except for those specified in
excepted_valuesfield.
allow, deny List of countries according to ISO-3166-1.
The meaning of the parameter depends on policy_type value:
- allow - List of countries for which access is prohibited.
- deny - List of countries for which access is allowed.
600255{
"enabled": true,
"policy_type": "allow",
"excepted_values": ["GB", "DE"]
}Legacy option. Use the edge_cache_settings option instead.
Allows the complete disabling of content caching.
{ "enabled": true, "value": false }Allows 206 responses regardless of the settings of an origin source.
Show child attributes
Show child attributes
{ "enabled": true, "value": true }Cache expiration time for CDN servers.
value and default fields cannot be used simultaneously.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Caching time.
The value is applied to the following response codes: 200, 206, 301, 302. Responses with codes 4xx, 5xx will not be cached.
Use 0s to disable caching.
The maximum duration is any equivalent to 1y.
A MAP object representing the caching time in seconds for a response with a specific response code.
These settings have a higher priority than the value field.
- Use
anykey to specify caching time for all response codes. - Use
0svalue to disable caching for a specific response code.
Show child attributes
Show child attributes
Enables content caching according to the origin cache settings.
The value is applied to the following response codes 200, 201, 204, 206, 301, 302, 303, 304, 307, 308, if an origin server does not have caching HTTP headers.
Responses with other codes will not be cached.
The maximum duration is any equivalent to 1y.
{
"enabled": true,
"value": "43200s",
"custom_values": { "100": "43200s" }
}Allows to configure FastEdge app to be called on different request/response phases.
Note: At least one of on_request_headers, on_request_body, on_response_headers, or on_response_body must be specified.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Allows to configure FastEdge application that will be called to handle request headers as soon as CDN receives incoming HTTP request.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
Allows to configure FastEdge application that will be called to handle request body as soon as CDN receives incoming HTTP request.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
Allows to configure FastEdge application that will be called to handle response headers before CDN sends the HTTP response.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
Allows to configure FastEdge application that will be called to handle response body before CDN sends the HTTP response.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
{
"enabled": true,
"on_request_headers": {
"enabled": true,
"app_id": "1001",
"interrupt_on_error": true
}
}Makes the CDN request compressed content from the origin.
The origin server should support compression. CDN servers will not decompress your content even if a user browser does not accept compression.
Notes:
fetch_compressedis not supported withgzipONorbrotli_compressionorsliceoptions enabled.fetch_compressedoverridesgzipONandbrotli_compressionin rule. If you enable it in CDN resource and want to usegzipONandbrotli_compressionin a rule, you have to specify"fetch_compressed": falsein the rule.
{ "enabled": true, "value": false }Enables redirection from origin. If the origin server returns a redirect, the option allows the CDN to pull the requested content from the origin server that was returned in the redirect.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Redirect status code that the origin server returns.
To serve up to date content to end users, you will need to purge the cache after managing the option.
1301, 302, 303, 307, 308 { "enabled": true, "codes": [302, 308] }Applies custom HTTP response codes for CDN content.
The following codes are reserved by our system and cannot be specified in this option: 408, 444, 477, 494, 495, 496, 497, 499.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Status code value.
100 <= x <= 599URL for redirection or text.
255Controls the time at which a custom HTTP response code should be applied. By default, a custom HTTP response code is applied at any time.
Show child attributes
Show child attributes
Time from which a custom HTTP response code should be applied. Indicated in 24-hour format.
"06:00"
Time until which a custom HTTP response code should be applied. Indicated in 24-hour format.
"18:00"
Time zone used to calculate time.
"Europe/Luxembourg"
{
"enabled": true,
"code": 301,
"body": "http://example.com/redirect_address",
"time_interval": {
"start_time": "09:00",
"end_time": "20:00",
"time_zone": "CET"
}
}Forwards the Host header from a end-user request to an origin server.
hostHeader and forward_host_header options cannot be enabled simultaneously.
{ "enabled": false, "value": false }Compresses content with gzip on the CDN end. CDN servers will request only uncompressed content from the origin.
Notes:
- Compression with gzip is not supported with
fetch_compressedorsliceoptions enabled. fetch_compressedoption in CDN resource settings overridesgzipONin rules. If you enablefetch_compressedin CDN resource and want to enablegzipONin rules, you need to specify"fetch_compressed":falsefor rules.
{ "enabled": true, "value": true }Sets the Host header that CDN servers use when request content from an origin server. Your server must be able to process requests with the chosen header.
If the option is null, the Host Header value is equal to first CNAME.
hostHeader and forward_host_header options cannot be enabled simultaneously.
{ "enabled": true, "value": "host.com" }Enables HTTP/3 protocol for content delivery.
http3_enabled option works only with "sslEnabled": true.
{ "enabled": true, "value": true }Defines whether the files with the Set-Cookies header are cached as one file or as different ones.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Possible values:
- true - Option is enabled, files with cookies are cached as one file.
- false - Option is disabled, files with cookies are cached as different files.
{ "enabled": true, "value": true }How a file with different query strings is cached: either as one object (option is enabled) or as different objects (option is disabled.)
ignoreQueryString, query_params_whitelist and query_params_blacklist options cannot be enabled simultaneously.
{ "enabled": true, "value": false }Transforms JPG and PNG images (for example, resize or crop) and automatically converts them to WebP or AVIF format.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Enables or disables automatic conversion of JPEG and PNG images to AVI format.
Enables or disables automatic conversion of JPEG and PNG images to WebP format.
Defines quality settings for JPG and PNG images. The higher the value, the better the image quality, and the larger the file size after conversion.
1 <= x <= 100Enables or disables compression without quality loss for PNG format.
{
"enabled": true,
"avif_enabled": true,
"webp_enabled": false,
"quality": 80,
"png_lossless": true
}Controls access to the CDN resource content for specific IP addresses.
If you want to use IPs from our CDN servers IP list for IP ACL configuration, you have to independently monitor their relevance. We recommend you use a script for automatically update IP ACL. Read more.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
IP access policy type.
Possible values:
- allow - Allow access to all IPs except IPs specified in "
excepted_values" field. - deny - Deny access to all IPs except IPs specified in "
excepted_values" field.
allow, deny List of IP addresses with a subnet mask.
The meaning of the parameter depends on policy_type value:
- allow - List of IP addresses for which access is prohibited.
- deny - List of IP addresses for which access is allowed.
Examples:
192.168.3.2/322a03:d000:2980:7::8/128
600255{
"enabled": true,
"policy_type": "deny",
"excepted_values": ["192.168.1.100/32"]
}Allows to control the download speed per connection.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Method of controlling the download speed per connection.
Possible values:
- static - Use speed and buffer fields to set the download speed limit.
- dynamic - Use query strings speed and buffer to set the download speed limit.
For example, when requesting content at the link
http://cdn.example.com/video.mp4?speed=50k&buffer=500kthe download speed will be limited to 50kB/s after 500 kB.
static, dynamic Maximum download speed per connection.
1 <= x <= 1000000000Amount of downloaded data after which the user will be rate limited.
0 <= x <= 1000000000{
"enabled": true,
"limit_type": "static",
"speed": 100,
"buffer": 200
}Allows you to modify your cache key. If omitted, the default value is $request_uri.
Combine the specified variables to create a key for caching.
- $
request_uri - $scheme
- $uri
Warning: Enabling and changing this option can invalidate your current cache and affect the cache hit ratio. Furthermore, the "Purge by pattern" option will not work.
{ "enabled": true, "value": "$scheme$uri" }Caching for POST requests along with default GET and HEAD.
{ "enabled": true, "value": false }The time limit for establishing a connection with the origin.
{ "enabled": true, "value": "4s" }The time limit for receiving a partial response from the origin. If no response is received within this time, the connection will be closed.
Note: When used with a WebSocket connection, this option supports values only in the range 1–20 seconds (instead of the usual 1–30 seconds).
{ "enabled": true, "value": "10s" }Files with the specified query parameters are cached as one object, files with other parameters are cached as different objects.
ignoreQueryString, query_params_whitelist and query_params_blacklist options cannot be enabled simultaneously.
{
"enabled": true,
"value": ["some", "blacklisted", "query"]
}Files with the specified query parameters are cached as different objects, files with other parameters are cached as one object.
ignoreQueryString, query_params_whitelist and query_params_blacklist options cannot be enabled simultaneously.
{
"enabled": true,
"value": ["some", "whitelisted", "query"]
}The Query String Forwarding feature allows for the seamless transfer of parameters embedded in playlist files to the corresponding media chunk files. This functionality ensures that specific attributes, such as authentication tokens or tracking information, are consistently passed along from the playlist manifest to the individual media segments. This is particularly useful for maintaining continuity in security, analytics, and any other parameter-based operations across the entire media delivery workflow.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
The forward_from_files_types field specifies the types of playlist files from which parameters will be extracted and forwarded.
This typically includes formats that list multiple media chunk references, such as HLS and DASH playlists.
Parameters associated with these playlist files (like query strings or headers) will be propagated to the chunks they reference.
The field specifies the types of media chunk files to which parameters, extracted from playlist files, will be forwarded. These refer to the actual segments of media content that are delivered to viewers. Ensuring the correct parameters are forwarded to these files is crucial for maintaining the integrity of the streaming session.
The forward_only_keys field allows for granular control over which specific parameters are forwarded from playlist files to media chunk files.
By specifying certain keys, only those parameters will be propagated, ensuring that only relevant information is passed along.
This is particularly useful for security and performance optimization, as it prevents unnecessary or sensitive data from being included in requests for media chunks.
The forward_except_keys field provides a mechanism to exclude specific parameters from being forwarded from playlist files to media chunk files.
By listing certain keys in this field, you can ensure that these parameters are omitted during the forwarding process.
This is particularly useful for preventing sensitive or irrelevant information from being included in requests for media chunks, thereby enhancing security and optimizing performance.
{
"enabled": true,
"forward_from_file_types": ["m3u8", "mpd"],
"forward_to_file_types": ["ts", "mp4"],
"forward_only_keys": ["auth_token", "session_id"],
"forward_except_keys": ["debug_info"]
}Enables redirect from HTTP to HTTPS.
redirect_http_to_https and redirect_https_to_http options cannot be enabled simultaneously.
{ "enabled": true, "value": true }Enables redirect from HTTPS to HTTP.
redirect_http_to_https and redirect_https_to_http options cannot be enabled simultaneously.
{ "enabled": false, "value": true }Controls access to the CDN resource content for specified domain names.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Policy type.
Possible values:
- allow - Allow access to all domain names except the domain names specified in
excepted_valuesfield. - deny - Deny access to all domain names except the domain names specified in
excepted_valuesfield.
allow, deny List of domain names or wildcard domains (without protocol: http:// or https://.)
The meaning of the parameter depends on policy_type value:
- allow - List of domain names for which access is prohibited.
- deny - List of IP domain names for which access is allowed.
Examples:
example.com*.example.com
600255{
"enabled": true,
"policy_type": "deny",
"excepted_values": ["example.com", "*.example.net"]
}Option allows to limit the amount of HTTP requests.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Maximum request rate.
x >= 1Units of measurement for the rate field.
Possible values:
- r/s - Requests per second.
- r/m - Requests per minute.
If the rate is less than one request per second, it is specified in request per minute (r/m.)
r/s, r/m {
"enabled": true,
"rate_unit": "r/s",
"rate": 5,
"burst": 5,
"delay": 0
}Hides HTTP headers from an origin server in the CDN response.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
How HTTP headers are hidden from the response.
Possible values:
- show - Hide only HTTP headers listed in the
exceptedfield. - hide - Hide all HTTP headers except headers listed in the "excepted" field.
hide, show List of HTTP headers.
Parameter meaning depends on the value of the mode field:
- show - List of HTTP headers to hide from response.
- hide - List of HTTP headers to include in response. Other HTTP headers will be hidden.
The following headers are required and cannot be hidden from response:
ConnectionContent-LengthContent-TypeDateServer
256128{
"enabled": true,
"mode": "hide",
"excepted": ["my-header"]
}Changes and redirects requests from the CDN to the origin. It operates according to the Nginx configuration.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Path for the Rewrite option.
Example:
/(.*) /media/$1
255Flag for the Rewrite option.
Possible values:
- last - Stop processing the current set of
ngx_http_rewrite_moduledirectives and start a search for a new location matching changed URI. - break - Stop processing the current set of the Rewrite option.
- redirect - Return a temporary redirect with the 302 code; used when a replacement string does not start with
http://,https://, or$scheme. - permanent - Return a permanent redirect with the 301 code.
break, last, redirect, permanent {
"enabled": true,
"body": "/(.*) /additional_path/$1",
"flag": "break"
}Configures access with tokenized URLs. This makes impossible to access content without a valid (unexpired) token.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Key generated on your side that will be used for URL signing.
255Type of URL signing.
Possible types:
- Type 0 - Includes end user IP to secure token generation.
- Type 2 - Excludes end user IP from secure token generation.
0, 2 {
"enabled": true,
"key": "secretkey",
"type": 2
}Requests and caches files larger than 10 MB in parts (no larger than 10 MB per part.) This reduces time to first byte.
The option is based on the Slice module.
Notes:
- Origin must support HTTP Range requests.
- Not supported with
gzipON,brotli_compressionorfetch_compressedoptions enabled.
{ "enabled": true, "value": true }The hostname that is added to SNI requests from CDN servers to the origin server via HTTPS.
SNI is generally only required if your origin uses shared hosting or does not have a dedicated IP address. If the origin server presents multiple certificates, SNI allows the origin server to know which certificate to use for the connection.
The option works only if originProtocol parameter is HTTPS or MATCH.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Custom SNI hostname.
It is required if sni_type is set to custom.
255SNI (Server Name Indication) type.
Possible values:
- dynamic - SNI hostname depends on
hostHeaderandforward_host_headeroptions. It has several possible combinations: - If the
hostHeaderoption is enabled and specified, SNI hostname matches the Host header. - If the
forward_host_headeroption is enabled and has true value, SNI hostname matches the Host header used in the request made to a CDN. - If the
hostHeaderandforward_host_headeroptions are disabled, SNI hostname matches the primary CNAME. - custom - custom SNI hostname is in use.
dynamic, custom {
"enabled": true,
"sni_type": "custom",
"custom_hostname": "custom.example.com"
}Serves stale cached content in case of origin unavailability.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Defines list of errors for which "Always online" option is applied.
error, http_403, http_404, http_429, http_500, http_502, http_503, http_504, invalid_header, timeout, updating {
"enabled": true,
"value": ["http_404", "http_500"]
}Custom HTTP Headers that a CDN server adds to a response.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
50Show child attributes
Show child attributes
HTTP Header name.
Restrictions:
- Maximum 128 symbols.
- Latin letters (A-Z, a-z,) numbers (0-9,) dashes, and underscores only.
128Header value.
Restrictions:
- Maximum 512 symbols.
- Letters (a-z), numbers (0-9), spaces, and symbols (`~!@#%%^&*()-_=+ /|";:?.,><{}[]).
- Must start with a letter, number, asterisk or {.
- Multiple values can be added.
Defines whether the header will be added to a response from CDN regardless of response code.
Possible values:
- true - Header will be added to a response from CDN regardless of response code.
- false - Header will be added only to the following response codes: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308.
{
"enabled": true,
"value": [
{
"name": "X-Example",
"value": ["Value_1"],
"always": true
},
{
"name": "X-Example-Multiple",
"value": ["Value_1", "Value_2", "Value_3"],
"always": false
}
]
}Legacy option. Use the static_response_headers option instead.
Custom HTTP Headers that a CDN server adds to response. Up to fifty custom HTTP Headers can be specified. May contain a header with multiple values.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
A MAP for static headers in a format of header_name: header_value.
Restrictions:
- Header name - Maximum 128 symbols, may contain Latin letters (A-Z, a-z), numbers (0-9), dashes, and underscores.
- Header value - Maximum 512 symbols, may contain letters (a-z), numbers (0-9), spaces, and symbols (`~!@#%%^&*()-_=+ /|";:?.,><{}[]). Must start with a letter, number, asterisk or {.
{
"enabled": true,
"value": {
"X-Example": "Value_1",
"X-Example-Multiple": ["Value_2", "Value_3"]
}
}Custom HTTP Headers for a CDN server to add to request. Up to fifty custom HTTP Headers can be specified.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
A MAP for static headers in a format of header_name: header_value.
Restrictions:
- Header name - Maximum 255 symbols, may contain Latin letters (A-Z, a-z), numbers (0-9), dashes, and underscores.
- Header value - Maximum 512 symbols, may contain letters (a-z), numbers (0-9), spaces, and symbols (`~!@#%%^&*()-_=+ /|";:?.,><{}[]). Must start with a letter, number, asterisk or {.
Show child attributes
Show child attributes
{
"enabled": true,
"value": {
"Header-One": "Value 1",
"Header-Two": "Value 2"
}
}List of SSL/TLS protocol versions allowed for HTTPS connections from end users to the domain.
When the option is disabled, all protocols versions are allowed.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
List of SSL/TLS protocol versions (case sensitive).
SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 {
"enabled": true,
"value": ["SSLv3", "TLSv1.3"]
}Let's Encrypt certificate chain.
The specified chain will be used during the next Let's Encrypt certificate issue or renewal.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Possible values:
- true - Default Let's Encrypt certificate chain. This is a deprecated version, use it only for compatibilities with Android devices 7.1.1 or lower.
- false - Alternative Let's Encrypt certificate chain.
{ "enabled": true, "value": true }DNS-01 challenge to issue a Let's Encrypt certificate for the resource.
DNS service should be activated to enable this option.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Possible values:
- true - DNS-01 challenge is used to issue Let's Encrypt certificate.
- false - HTTP-01 challenge is used to issue Let's Encrypt certificate.
{ "enabled": true, "value": true }RSA Let's Encrypt certificate type for the CDN resource.
The specified value will be used during the next Let's Encrypt certificate issue or renewal.
Show child attributes
Show child attributes
{ "enabled": true, "value": true }Controls access to the content for specified User-Agents.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
User-Agents policy type.
Possible values:
- allow - Allow access for all User-Agents except specified in
excepted_valuesfield. - deny - Deny access for all User-Agents except specified in
excepted_valuesfield.
allow, deny List of User-Agents that will be allowed/denied.
The meaning of the parameter depends on policy_type:
- allow - List of User-Agents for which access is prohibited.
- deny - List of User-Agents for which access is allowed.
Use an empty string "" to allow/deny access when the User-Agent header is empty.
600255{
"enabled": true,
"policy_type": "allow",
"excepted_values": ["UserAgent Value", ""]
}Allows to enable WAAP (Web Application and API Protection).
{ "enabled": true, "value": true }Enables or disables WebSockets connections to an origin server.
{ "enabled": true, "value": true }Response
Successful.
CDN resource ID.
220
Delivery domains that will be used for content delivery through a CDN.
Delivery domains should be added to your DNS settings.
"cdn.site.com"
Enables or disables a CDN resource.
Possible values:
- true - CDN resource is active. Content is being delivered.
- false - CDN resource is deactivated. Content is not being delivered.
true
Enables or disables a CDN resource change by a user.
Possible values:
- true - CDN resource is enabled and can be changed. Content can be delivered.
- false - CDN resource is disabled and cannot be changed. Content can not be delivered.
true
CDN resource status.
Possible values:
- active - CDN resource is active. Content is available to users.
- suspended - CDN resource is suspended. Content is not available to users.
- processed - CDN resource has recently been created and is currently being processed. It will take about fifteen minutes to propagate it to all locations.
- deleted - CDN resource is deleted.
active, suspended, processed, deleted "active"
Defines whether CDN resource has been deleted.
Possible values:
- true - CDN resource is deleted.
- false - CDN resource is not deleted.
false
ID of an account to which the CDN resource belongs.
170
CDN resource name.
"Resource for images"
Optional comment describing the CDN resource.
"My resource"
Date of CDN resource creation.
"2017-06-10T10:30:04.954354Z"
Date of the last CDN resource update.
"2017-06-14T05:05:42.065221Z"
Origin group ID with which the CDN resource is associated.
You can use either the origin or originGroup parameter in the request.
132
Origin group name.
"Resource origin group"
Protocol used by CDN servers to request content from an origin source.
Possible values:
- HTTPS - CDN servers will connect to the origin via HTTPS.
- HTTP - CDN servers will connect to the origin via HTTP.
- MATCH - connection protocol will be chosen automatically (content on the origin source should be available for the CDN both through HTTP and HTTPS).
If protocol is not specified, HTTP is used to connect to an origin server.
HTTP, HTTPS, MATCH "HTTPS"
Additional delivery domains (CNAMEs) that will be used to deliver content via the CDN.
Up to ten additional CNAMEs are possible.
["first.example.com", "second.example.com"]Defines whether origin shielding feature is enabled for the resource.
Possible values:
- true - Origin shielding is enabled.
- false - Origin shielding is disabled.
false
Name of the origin shielding location data center.
Parameter returns null if origin shielding is disabled.
null
Defines whether origin shield is active and working for the CDN resource.
Possible values:
- true - Origin shield is active.
- false - Origin shield is not active.
false
Defines whether the origin shield with a dynamic location is enabled for the CDN resource.
To manage origin shielding, you must contact customer support.
null
Defines whether the HTTPS protocol enabled for content delivery.
Possible values:
- true - HTTPS is enabled.
- false - HTTPS is disabled.
false
ID of the SSL certificate linked to the CDN resource.
Can be used only with "sslEnabled": true.
192
Enables or disables SSL certificate validation of the origin server before completing any connection.
Possible values:
- true - Origin SSL certificate validation is enabled.
- false - Origin SSL certificate validation is disabled.
false
ID of the trusted CA certificate used to verify an origin.
It can be used only with "proxy_ssl_enabled": true.
null
ID of the SSL certificate used to verify an origin.
It can be used only with "proxy_ssl_enabled": true.
null
Defines whether the CDN resource has a preset applied.
Possible values:
- true - CDN resource has a preset applied. CDN resource options included in the preset cannot be edited.
- false - CDN resource does not have a preset applied.
false
Defines whether the CDN resource is integrated with the Streaming Platform.
Possible values:
- true - CDN resource is configured for Streaming Platform. Changing resource settings can affect its operation.
- false - CDN resource is not configured for Streaming Platform.
false
Defines whether the CDN resource has a custom configuration.
Possible values:
- true - CDN resource has a custom configuration. You cannot change resource settings, except for the SSL certificate. To change other settings, contact technical support.
- false - CDN resource has a regular configuration. You can change CDN resource settings.
false
Defines whether the CDN resource can be used for purge by URLs feature.
It's available only in case the CDN resource has enabled ignore_vary_header option.
false
Date when the CDN resource was suspended automatically if there is no traffic on it for 90 days.
Not specified if the resource was not stopped due to lack of traffic.
null
Defines whether the CDN resource has been automatically suspended because there was no traffic on it for 90 days.
Possible values:
- true - CDN resource is currently automatically suspended.
- false - CDN resource is not automatically suspended.
You can enable CDN resource using the active field. If there is no traffic on the CDN resource within seven days following activation, it will be suspended again.
To avoid CDN resource suspension due to no traffic, contact technical support.
false
ID of the main CDN resource which has a shared caching zone with a reserve CDN resource.
If the parameter is not empty, then the current CDN resource is the reserve. You cannot change some options, create rules, set up origin shielding, or use the reserve CDN resource for Streaming.
null
Defines whether a CDN resource has a cache zone shared with other CDN resources.
Possible values:
- true - CDN resource is main and has a shared caching zone with other CDN resources, which are called reserve.
- false - CDN resource is reserve and it has a shared caching zone with the main CDN resource. You cannot change some options, create rules, set up origin shielding and use the reserve resource for Streaming.
- null - CDN resource does not have a shared cache zone.
The main CDN resource is specified in the primary_resource field. It cannot be suspended unless all related reserve CDN resources are suspended.
null
The ID of the associated WAAP domain.
"123"
Rules configured for the CDN resource.
[]List of options that can be configured for the CDN resource.
In case of null value the option is not added to the CDN resource.
Option may inherit its value from the global account settings.
Show child attributes
Show child attributes
HTTP methods allowed for content requests from the CDN.
{ "enabled": true, "value": ["GET", "POST"] }Allows to prevent online services from overloading and ensure your business workflow running smoothly.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
{
"enabled": true,
"bot_challenge": { "enabled": true }
}Compresses content with Brotli on the CDN side. CDN servers will request only uncompressed content from the origin.
Notes:
- CDN only supports "Brotli compression" when the "origin shielding" feature is activated.
- If a precache server is not active for a CDN resource, no compression occurs, even if the option is enabled.
brotli_compressionis not supported withfetch_compressedorsliceoptions enabled.fetch_compressedoption in CDN resource settings overridesbrotli_compressionin rules. If you enabledfetch_compressedin CDN resource and want to enablebrotli_compressionin a rule, you must specifyfetch_compressed:falsein the rule.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Allows to select the content types you want to compress.
text/html is a mandatory content type.
application/javascript, application/json, application/vnd.ms-fontobject, application/wasm, application/x-font-ttf, application/x-javascript, application/xml, application/xml+rss, image/svg+xml, image/x-icon, text/css, text/html, text/javascript, text/plain, text/xml {
"enabled": true,
"value": ["text/html", "text/plain"]
}Cache expiration time for users browsers in seconds.
Cache expiration time is applied to the following response codes: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308.
Responses with other codes will not be cached.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Set the cache expiration time to '0s' to disable caching.
The maximum duration is any equivalent to 1y.
{ "enabled": true, "value": "3600s" }Legacy option. Use the response_headers_hiding_policy option instead.
HTTP Headers that must be included in the response.
{
"enabled": false,
"value": [
"vary",
"content-length",
"last-modified",
"connection",
"accept-ranges",
"content-type",
"content-encoding",
"etag",
"cache-control",
"expires",
"keep-alive",
"server"
]
}Enables or disables CORS (Cross-Origin Resource Sharing) header support.
CORS header support allows the CDN to add the Access-Control-Allow-Origin header to a response to a browser.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Value of the Access-Control-Allow-Origin header.
Possible values:
- Adds * as the Access-Control-Allow-Origin header value - Content will be uploaded for requests from any domain.
"value": ["*"] - Adds "$
http_origin" as the Access-Control-Allow-Origin header value if the origin matches one of the listed domains - Content will be uploaded only for requests from the domains specified in the field."value": ["domain.com", "second.dom.com"] - Adds "$
http_origin" as the Access-Control-Allow-Origin header value - Content will be uploaded for requests from any domain, and the domain from which the request was sent will be added to the "Access-Control-Allow-Origin" header in the response."value": ["$http_origin"]
Defines whether the Access-Control-Allow-Origin header should be added to a response from CDN regardless of response code.
Possible values:
- true - Header will be added to a response regardless of response code.
- false - Header will only be added to responses with codes: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308.
{
"enabled": true,
"value": ["domain.com", "domain2.com"],
"always": true
}Enables control access to content for specified countries.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Defines the type of CDN resource access policy.
Possible values:
- allow - Access is allowed for all the countries except for those specified in
excepted_valuesfield. - deny - Access is denied for all the countries except for those specified in
excepted_valuesfield.
allow, deny List of countries according to ISO-3166-1.
The meaning of the parameter depends on policy_type value:
- allow - List of countries for which access is prohibited.
- deny - List of countries for which access is allowed.
600255{
"enabled": true,
"policy_type": "allow",
"excepted_values": ["GB", "DE"]
}Legacy option. Use the edge_cache_settings option instead.
Allows the complete disabling of content caching.
{ "enabled": true, "value": false }Allows 206 responses regardless of the settings of an origin source.
Show child attributes
Show child attributes
{ "enabled": true, "value": true }Cache expiration time for CDN servers.
value and default fields cannot be used simultaneously.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Caching time.
The value is applied to the following response codes: 200, 206, 301, 302. Responses with codes 4xx, 5xx will not be cached.
Use 0s to disable caching.
The maximum duration is any equivalent to 1y.
A MAP object representing the caching time in seconds for a response with a specific response code.
These settings have a higher priority than the value field.
- Use
anykey to specify caching time for all response codes. - Use
0svalue to disable caching for a specific response code.
Show child attributes
Show child attributes
Enables content caching according to the origin cache settings.
The value is applied to the following response codes 200, 201, 204, 206, 301, 302, 303, 304, 307, 308, if an origin server does not have caching HTTP headers.
Responses with other codes will not be cached.
The maximum duration is any equivalent to 1y.
{
"enabled": true,
"value": "43200s",
"custom_values": { "100": "43200s" }
}Allows to configure FastEdge app to be called on different request/response phases.
Note: At least one of on_request_headers, on_request_body, on_response_headers, or on_response_body must be specified.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Allows to configure FastEdge application that will be called to handle request headers as soon as CDN receives incoming HTTP request.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
Allows to configure FastEdge application that will be called to handle request body as soon as CDN receives incoming HTTP request.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
Allows to configure FastEdge application that will be called to handle response headers before CDN sends the HTTP response.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
Allows to configure FastEdge application that will be called to handle response body before CDN sends the HTTP response.
Show child attributes
Show child attributes
The ID of the application in FastEdge.
"1001"
Determines if the FastEdge application should be called whenever HTTP request headers are received.
true
Determines if the request execution should be interrupted when an error occurs.
true
Determines if the request should be executed at the edge nodes.
true
Determines if the request should be executed at the shield nodes.
false
{
"enabled": true,
"on_request_headers": {
"enabled": true,
"app_id": "1001",
"interrupt_on_error": true
}
}Makes the CDN request compressed content from the origin.
The origin server should support compression. CDN servers will not decompress your content even if a user browser does not accept compression.
Notes:
fetch_compressedis not supported withgzipONorbrotli_compressionorsliceoptions enabled.fetch_compressedoverridesgzipONandbrotli_compressionin rule. If you enable it in CDN resource and want to usegzipONandbrotli_compressionin a rule, you have to specify"fetch_compressed": falsein the rule.
{ "enabled": true, "value": false }Enables redirection from origin. If the origin server returns a redirect, the option allows the CDN to pull the requested content from the origin server that was returned in the redirect.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Redirect status code that the origin server returns.
To serve up to date content to end users, you will need to purge the cache after managing the option.
1301, 302, 303, 307, 308 { "enabled": true, "codes": [302, 308] }Applies custom HTTP response codes for CDN content.
The following codes are reserved by our system and cannot be specified in this option: 408, 444, 477, 494, 495, 496, 497, 499.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Status code value.
100 <= x <= 599URL for redirection or text.
255Controls the time at which a custom HTTP response code should be applied. By default, a custom HTTP response code is applied at any time.
Show child attributes
Show child attributes
Time from which a custom HTTP response code should be applied. Indicated in 24-hour format.
"06:00"
Time until which a custom HTTP response code should be applied. Indicated in 24-hour format.
"18:00"
Time zone used to calculate time.
"Europe/Luxembourg"
{
"enabled": true,
"code": 301,
"body": "http://example.com/redirect_address",
"time_interval": {
"start_time": "09:00",
"end_time": "20:00",
"time_zone": "CET"
}
}Forwards the Host header from a end-user request to an origin server.
hostHeader and forward_host_header options cannot be enabled simultaneously.
{ "enabled": false, "value": false }Compresses content with gzip on the CDN end. CDN servers will request only uncompressed content from the origin.
Notes:
- Compression with gzip is not supported with
fetch_compressedorsliceoptions enabled. fetch_compressedoption in CDN resource settings overridesgzipONin rules. If you enablefetch_compressedin CDN resource and want to enablegzipONin rules, you need to specify"fetch_compressed":falsefor rules.
{ "enabled": true, "value": true }Sets the Host header that CDN servers use when request content from an origin server. Your server must be able to process requests with the chosen header.
If the option is null, the Host Header value is equal to first CNAME.
hostHeader and forward_host_header options cannot be enabled simultaneously.
{ "enabled": true, "value": "host.com" }Enables HTTP/3 protocol for content delivery.
http3_enabled option works only with "sslEnabled": true.
{ "enabled": true, "value": true }Defines whether the files with the Set-Cookies header are cached as one file or as different ones.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Possible values:
- true - Option is enabled, files with cookies are cached as one file.
- false - Option is disabled, files with cookies are cached as different files.
{ "enabled": true, "value": true }How a file with different query strings is cached: either as one object (option is enabled) or as different objects (option is disabled.)
ignoreQueryString, query_params_whitelist and query_params_blacklist options cannot be enabled simultaneously.
{ "enabled": true, "value": false }Transforms JPG and PNG images (for example, resize or crop) and automatically converts them to WebP or AVIF format.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Enables or disables automatic conversion of JPEG and PNG images to AVI format.
Enables or disables automatic conversion of JPEG and PNG images to WebP format.
Defines quality settings for JPG and PNG images. The higher the value, the better the image quality, and the larger the file size after conversion.
1 <= x <= 100Enables or disables compression without quality loss for PNG format.
{
"enabled": true,
"avif_enabled": true,
"webp_enabled": false,
"quality": 80,
"png_lossless": true
}Controls access to the CDN resource content for specific IP addresses.
If you want to use IPs from our CDN servers IP list for IP ACL configuration, you have to independently monitor their relevance. We recommend you use a script for automatically update IP ACL. Read more.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
IP access policy type.
Possible values:
- allow - Allow access to all IPs except IPs specified in "
excepted_values" field. - deny - Deny access to all IPs except IPs specified in "
excepted_values" field.
allow, deny List of IP addresses with a subnet mask.
The meaning of the parameter depends on policy_type value:
- allow - List of IP addresses for which access is prohibited.
- deny - List of IP addresses for which access is allowed.
Examples:
192.168.3.2/322a03:d000:2980:7::8/128
600255{
"enabled": true,
"policy_type": "deny",
"excepted_values": ["192.168.1.100/32"]
}Allows to control the download speed per connection.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Method of controlling the download speed per connection.
Possible values:
- static - Use speed and buffer fields to set the download speed limit.
- dynamic - Use query strings speed and buffer to set the download speed limit.
For example, when requesting content at the link
http://cdn.example.com/video.mp4?speed=50k&buffer=500kthe download speed will be limited to 50kB/s after 500 kB.
static, dynamic Maximum download speed per connection.
1 <= x <= 1000000000Amount of downloaded data after which the user will be rate limited.
0 <= x <= 1000000000{
"enabled": true,
"limit_type": "static",
"speed": 100,
"buffer": 200
}Allows you to modify your cache key. If omitted, the default value is $request_uri.
Combine the specified variables to create a key for caching.
- $
request_uri - $scheme
- $uri
Warning: Enabling and changing this option can invalidate your current cache and affect the cache hit ratio. Furthermore, the "Purge by pattern" option will not work.
{ "enabled": true, "value": "$scheme$uri" }Caching for POST requests along with default GET and HEAD.
{ "enabled": true, "value": false }The time limit for establishing a connection with the origin.
{ "enabled": true, "value": "4s" }The time limit for receiving a partial response from the origin. If no response is received within this time, the connection will be closed.
Note: When used with a WebSocket connection, this option supports values only in the range 1–20 seconds (instead of the usual 1–30 seconds).
{ "enabled": true, "value": "10s" }Files with the specified query parameters are cached as one object, files with other parameters are cached as different objects.
ignoreQueryString, query_params_whitelist and query_params_blacklist options cannot be enabled simultaneously.
{
"enabled": true,
"value": ["some", "blacklisted", "query"]
}Files with the specified query parameters are cached as different objects, files with other parameters are cached as one object.
ignoreQueryString, query_params_whitelist and query_params_blacklist options cannot be enabled simultaneously.
{
"enabled": true,
"value": ["some", "whitelisted", "query"]
}The Query String Forwarding feature allows for the seamless transfer of parameters embedded in playlist files to the corresponding media chunk files. This functionality ensures that specific attributes, such as authentication tokens or tracking information, are consistently passed along from the playlist manifest to the individual media segments. This is particularly useful for maintaining continuity in security, analytics, and any other parameter-based operations across the entire media delivery workflow.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
The forward_from_files_types field specifies the types of playlist files from which parameters will be extracted and forwarded.
This typically includes formats that list multiple media chunk references, such as HLS and DASH playlists.
Parameters associated with these playlist files (like query strings or headers) will be propagated to the chunks they reference.
The field specifies the types of media chunk files to which parameters, extracted from playlist files, will be forwarded. These refer to the actual segments of media content that are delivered to viewers. Ensuring the correct parameters are forwarded to these files is crucial for maintaining the integrity of the streaming session.
The forward_only_keys field allows for granular control over which specific parameters are forwarded from playlist files to media chunk files.
By specifying certain keys, only those parameters will be propagated, ensuring that only relevant information is passed along.
This is particularly useful for security and performance optimization, as it prevents unnecessary or sensitive data from being included in requests for media chunks.
The forward_except_keys field provides a mechanism to exclude specific parameters from being forwarded from playlist files to media chunk files.
By listing certain keys in this field, you can ensure that these parameters are omitted during the forwarding process.
This is particularly useful for preventing sensitive or irrelevant information from being included in requests for media chunks, thereby enhancing security and optimizing performance.
{
"enabled": true,
"forward_from_file_types": ["m3u8", "mpd"],
"forward_to_file_types": ["ts", "mp4"],
"forward_only_keys": ["auth_token", "session_id"],
"forward_except_keys": ["debug_info"]
}Enables redirect from HTTP to HTTPS.
redirect_http_to_https and redirect_https_to_http options cannot be enabled simultaneously.
{ "enabled": true, "value": true }Enables redirect from HTTPS to HTTP.
redirect_http_to_https and redirect_https_to_http options cannot be enabled simultaneously.
{ "enabled": false, "value": true }Controls access to the CDN resource content for specified domain names.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Policy type.
Possible values:
- allow - Allow access to all domain names except the domain names specified in
excepted_valuesfield. - deny - Deny access to all domain names except the domain names specified in
excepted_valuesfield.
allow, deny List of domain names or wildcard domains (without protocol: http:// or https://.)
The meaning of the parameter depends on policy_type value:
- allow - List of domain names for which access is prohibited.
- deny - List of IP domain names for which access is allowed.
Examples:
example.com*.example.com
600255{
"enabled": true,
"policy_type": "deny",
"excepted_values": ["example.com", "*.example.net"]
}Option allows to limit the amount of HTTP requests.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Maximum request rate.
x >= 1Units of measurement for the rate field.
Possible values:
- r/s - Requests per second.
- r/m - Requests per minute.
If the rate is less than one request per second, it is specified in request per minute (r/m.)
r/s, r/m {
"enabled": true,
"rate_unit": "r/s",
"rate": 5,
"burst": 5,
"delay": 0
}Hides HTTP headers from an origin server in the CDN response.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
How HTTP headers are hidden from the response.
Possible values:
- show - Hide only HTTP headers listed in the
exceptedfield. - hide - Hide all HTTP headers except headers listed in the "excepted" field.
hide, show List of HTTP headers.
Parameter meaning depends on the value of the mode field:
- show - List of HTTP headers to hide from response.
- hide - List of HTTP headers to include in response. Other HTTP headers will be hidden.
The following headers are required and cannot be hidden from response:
ConnectionContent-LengthContent-TypeDateServer
256128{
"enabled": true,
"mode": "hide",
"excepted": ["my-header"]
}Changes and redirects requests from the CDN to the origin. It operates according to the Nginx configuration.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Path for the Rewrite option.
Example:
/(.*) /media/$1
255Flag for the Rewrite option.
Possible values:
- last - Stop processing the current set of
ngx_http_rewrite_moduledirectives and start a search for a new location matching changed URI. - break - Stop processing the current set of the Rewrite option.
- redirect - Return a temporary redirect with the 302 code; used when a replacement string does not start with
http://,https://, or$scheme. - permanent - Return a permanent redirect with the 301 code.
break, last, redirect, permanent {
"enabled": true,
"body": "/(.*) /additional_path/$1",
"flag": "break"
}Configures access with tokenized URLs. This makes impossible to access content without a valid (unexpired) token.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Key generated on your side that will be used for URL signing.
255Type of URL signing.
Possible types:
- Type 0 - Includes end user IP to secure token generation.
- Type 2 - Excludes end user IP from secure token generation.
0, 2 {
"enabled": true,
"key": "secretkey",
"type": 2
}Requests and caches files larger than 10 MB in parts (no larger than 10 MB per part.) This reduces time to first byte.
The option is based on the Slice module.
Notes:
- Origin must support HTTP Range requests.
- Not supported with
gzipON,brotli_compressionorfetch_compressedoptions enabled.
{ "enabled": true, "value": true }The hostname that is added to SNI requests from CDN servers to the origin server via HTTPS.
SNI is generally only required if your origin uses shared hosting or does not have a dedicated IP address. If the origin server presents multiple certificates, SNI allows the origin server to know which certificate to use for the connection.
The option works only if originProtocol parameter is HTTPS or MATCH.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Custom SNI hostname.
It is required if sni_type is set to custom.
255SNI (Server Name Indication) type.
Possible values:
- dynamic - SNI hostname depends on
hostHeaderandforward_host_headeroptions. It has several possible combinations: - If the
hostHeaderoption is enabled and specified, SNI hostname matches the Host header. - If the
forward_host_headeroption is enabled and has true value, SNI hostname matches the Host header used in the request made to a CDN. - If the
hostHeaderandforward_host_headeroptions are disabled, SNI hostname matches the primary CNAME. - custom - custom SNI hostname is in use.
dynamic, custom {
"enabled": true,
"sni_type": "custom",
"custom_hostname": "custom.example.com"
}Serves stale cached content in case of origin unavailability.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Defines list of errors for which "Always online" option is applied.
error, http_403, http_404, http_429, http_500, http_502, http_503, http_504, invalid_header, timeout, updating {
"enabled": true,
"value": ["http_404", "http_500"]
}Custom HTTP Headers that a CDN server adds to a response.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
50Show child attributes
Show child attributes
HTTP Header name.
Restrictions:
- Maximum 128 symbols.
- Latin letters (A-Z, a-z,) numbers (0-9,) dashes, and underscores only.
128Header value.
Restrictions:
- Maximum 512 symbols.
- Letters (a-z), numbers (0-9), spaces, and symbols (`~!@#%%^&*()-_=+ /|";:?.,><{}[]).
- Must start with a letter, number, asterisk or {.
- Multiple values can be added.
Defines whether the header will be added to a response from CDN regardless of response code.
Possible values:
- true - Header will be added to a response from CDN regardless of response code.
- false - Header will be added only to the following response codes: 200, 201, 204, 206, 301, 302, 303, 304, 307, 308.
{
"enabled": true,
"value": [
{
"name": "X-Example",
"value": ["Value_1"],
"always": true
},
{
"name": "X-Example-Multiple",
"value": ["Value_1", "Value_2", "Value_3"],
"always": false
}
]
}Legacy option. Use the static_response_headers option instead.
Custom HTTP Headers that a CDN server adds to response. Up to fifty custom HTTP Headers can be specified. May contain a header with multiple values.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
A MAP for static headers in a format of header_name: header_value.
Restrictions:
- Header name - Maximum 128 symbols, may contain Latin letters (A-Z, a-z), numbers (0-9), dashes, and underscores.
- Header value - Maximum 512 symbols, may contain letters (a-z), numbers (0-9), spaces, and symbols (`~!@#%%^&*()-_=+ /|";:?.,><{}[]). Must start with a letter, number, asterisk or {.
{
"enabled": true,
"value": {
"X-Example": "Value_1",
"X-Example-Multiple": ["Value_2", "Value_3"]
}
}Custom HTTP Headers for a CDN server to add to request. Up to fifty custom HTTP Headers can be specified.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
A MAP for static headers in a format of header_name: header_value.
Restrictions:
- Header name - Maximum 255 symbols, may contain Latin letters (A-Z, a-z), numbers (0-9), dashes, and underscores.
- Header value - Maximum 512 symbols, may contain letters (a-z), numbers (0-9), spaces, and symbols (`~!@#%%^&*()-_=+ /|";:?.,><{}[]). Must start with a letter, number, asterisk or {.
Show child attributes
Show child attributes
{
"enabled": true,
"value": {
"Header-One": "Value 1",
"Header-Two": "Value 2"
}
}List of SSL/TLS protocol versions allowed for HTTPS connections from end users to the domain.
When the option is disabled, all protocols versions are allowed.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
List of SSL/TLS protocol versions (case sensitive).
SSLv3, TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 {
"enabled": true,
"value": ["SSLv3", "TLSv1.3"]
}Let's Encrypt certificate chain.
The specified chain will be used during the next Let's Encrypt certificate issue or renewal.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Possible values:
- true - Default Let's Encrypt certificate chain. This is a deprecated version, use it only for compatibilities with Android devices 7.1.1 or lower.
- false - Alternative Let's Encrypt certificate chain.
{ "enabled": true, "value": true }DNS-01 challenge to issue a Let's Encrypt certificate for the resource.
DNS service should be activated to enable this option.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
Possible values:
- true - DNS-01 challenge is used to issue Let's Encrypt certificate.
- false - HTTP-01 challenge is used to issue Let's Encrypt certificate.
{ "enabled": true, "value": true }RSA Let's Encrypt certificate type for the CDN resource.
The specified value will be used during the next Let's Encrypt certificate issue or renewal.
Show child attributes
Show child attributes
{ "enabled": true, "value": true }Controls access to the content for specified User-Agents.
Show child attributes
Show child attributes
Controls the option state.
Possible values:
- true - Option is enabled.
- false - Option is disabled.
User-Agents policy type.
Possible values:
- allow - Allow access for all User-Agents except specified in
excepted_valuesfield. - deny - Deny access for all User-Agents except specified in
excepted_valuesfield.
allow, deny List of User-Agents that will be allowed/denied.
The meaning of the parameter depends on policy_type:
- allow - List of User-Agents for which access is prohibited.
- deny - List of User-Agents for which access is allowed.
Use an empty string "" to allow/deny access when the User-Agent header is empty.
600255{
"enabled": true,
"policy_type": "allow",
"excepted_values": ["UserAgent Value", ""]
}Allows to enable WAAP (Web Application and API Protection).
{ "enabled": true, "value": true }Enables or disables WebSockets connections to an origin server.
{ "enabled": true, "value": true }Was this page helpful?