FAQs

Medianova’s DDoS protection works through integrated strategies like rate limiting, IP blocking, geoblocking, Anycast DNS, Origin Shield, and WAF integration to prevent overload, block threats, and protect your origin server.

Yes, a CDN reduces DDoS attacks by distributing traffic across multiple servers, using Anycast DNS, rate limiting, and shielding the origin server. It minimizes the attack impact and improves resilience.

Medianova’s Always-On DDoS Protection is active by default, providing automatic protection for your web assets against common DDoS attack types, including DNS Query Floods, SlowLoris, HTTPS GET requests, and HTTPS POST requests. No additional activation or manual configuration is required.

Medianova CDN supports a wide range of SSL certificates, including:

• Wildcard SSL Certificates

• SAN-supported SSL Certificates

• Code Signing SSL Certificates

• Domain SSL, Organization Validated SSL, and Extended SSL Certificates

Yes, it is possible. For detailed instructions, please refer to the "How to Upload and Manage SSL Certificates" documentation.

Medianova supports standard SSL certificate formats, including .crt for certificates and .key for private keys.

Yes, you can add multiple SSL certificates to your organization. Each certificate can be associated with different resources or domains.

Yes, you can use Free SSL. For detailed steps, please refer to the "How Can I Use Free SSL?" documentation.

Yes, Medianova CDN supports TLS 1.3, the latest version of the TLS protocol, which offers enhanced security and faster performance compared to its predecessors.

SNI (Server Name Indication): This option allows you to use your own SSL certificate uploaded via the panel for a specific CDN Resource.

Shared SSL: If you don’t have your own SSL certificate, Medianova provides a shared SSL option that can be used for secure connection

You can only rename an SSL certificate in the SSL Management menu. Other edits, such as updating the certificate or private key, are not allowed. If changes are needed, delete the existing certificate and upload a new one.

To delete an SSL certificate:

1. Go to “CDN → SSL Management”.

2. Click on the “Delete” option next to the certificate.

3. Confirm the action in the pop-up window that appears.

The Private Key is a critical part of the SSL certificate that ensures secure communication. It is based on asymmetric encryption and must be kept secret:

• The Private Key stays on the web server and is never shared.

• The Public Key is shared openly to establish secure communication.

If you don’t have your own SSL certificate, you can:

• Use the “Shared SSL” option provided by Medianova.

• Utilize the “Free SSL” option, which generates a certificate through Let’s Encrypt.

• Monitoring Only: In this mode, WAF monitors all incoming traffic for potential threats without blocking any traffic. It provides insights into your security posture and allows you to fine-tune rules before enforcing them.

• On: In this mode, WAF actively filters and blocks malicious traffic, providing full protection for your web assets.

Yes, the WAF service provides real-time monitoring and logging of blocked threats, which can be viewed under Analytics → WAF in the panel.

Yes, you can configure the WAF for Dynamic CDN Resources. When creating a Dynamic CDN Resource, follow the steps to activate and configure the WAF as per your security requirements.

To create a custom rule in WAF, please refer to the "How to Activate WAF" documentation for detailed guidance.

To handle false positives in WAF, enable Monitoring-Only mode to analyze traffic. Disable the specific rule causing the issue or create custom rules to prevent it, ensuring security remains intact.

Yes, you can edit or delete custom rules by clicking the Edit or Delete icons and submitting the changes.

To configure Rate Limiting, please refer to the "Rate Limiting" documentation for detailed steps, where you will find instructions on how to log in, select resources, and configure settings in the Security tab.

Under the Request Limit section, specify the maximum number of requests allowed per second or minute.

Adjust the values based on your traffic volume and server capacity.

Burst allows a burst of requests but applies throttling once the threshold is exceeded.

Burst + No Delay allows a burst of requests without any initial delay, providing quicker responsiveness before applying throttling.

The Burst Value defines the threshold for the burst limit when the Burst or Burst + No Delay option is selected. It specifies how many requests are allowed in a burst before throttling is applied.

You can choose one of the following HTTP status codes to return when the rate limit is exceeded:

• 429 Too Many Requests: Indicates that the client has exceeded the allowed number of requests within the specified time window.

• 529 Site Overloaded: Used when the server is overloaded and unable to process requests due to excessive traffic.

• Block: Deny requests that exceed the rate limit.

• Challenge: Present a CAPTCHA to validate the request.

To enable Hotlink Protection, please refer to the "Hotlink Protection" documentation for detailed instructions on configuring it in the Medianova Cloud Panel.

In the Hotlink Protection section, you can add whitelisted domains that are allowed to access your CDN resources.

These domains will be granted permission to link to or embed your resources.

If a request comes from a non-whitelisted domain (i.e., a blacklisted or unauthorized source), the server will:

• Block access to the resource.

• Optionally, you can configure the server to redirect the request to a specific page or serve a placeholder image.

If you want to disable Hotlink Protection, simply toggle the Hotlink Protection option to Off in the Security menu of your selected CDN Resource.

Whitelist: Only devices with IP addresses listed in the whitelist are allowed access to the designated resources. All other IP addresses are denied access.

Blacklist: Devices with IP addresses listed in the blacklist are denied access to the resources. All other devices are allowed access.

If Whitelist is selected, only the listed IP addresses will have access, and all other IP addresses will be denied.

If Blacklist is selected, all IP addresses except those in the blacklist will have access to the resources

You would use the Whitelist option if you want to grant access to specific, trusted IP addresses (e.g., business partners, internal network) and deny all other requests.

The Blacklist option is useful if you want to block specific IP addresses that are known for malicious activity or unwanted access, while allowing all other devices to access the resources.

After making changes to the IP Restriction ACL settings, click Save Changes to apply the new access control policy. The changes will immediately take effect.

To enable Geoblocking, please refer to the "Geoblocking" documentation for detailed steps on configuring country-based restrictions in the Medianova Cloud Panel.

Yes, you can update your whitelist and blacklist at any time. Simply move the countries between the whitelist and blacklist boxes, and click Save Changes to apply the updates.

Yes, in addition to country-based restrictions, you can also manage IP-based restrictions. Scroll to the IP Restriction section at the bottom of the page to whitelist or blacklist specific IP addresses.

To add a country, drag it from the country list on the left to either the Whitelist or Blacklist pane.

To remove a country, simply drag it out of the whitelist or blacklist pane and into the country list.

Yes, Geoblocking can be applied to individual CDN resources. You can configure the settings for each CDN resource separately.

Yes, you can enable Geoblocking without using the IP Restriction section. The IP Restriction section is optional and can be used for more granular control over access.