Learn how to extract .crt and .key files from a .pfx certificate using OpenSSL.
A .pfx (PKCS#12) file contains your public certificate, private key, and intermediate certificates bundled together.
This guide explains how to extract the certificate (.crt) and private key (.key) using a simple Bash script with OpenSSL.
Prerequisites
Before you begin:
A valid .pfx file provided by the customer.
The password for the .pfx file.
OpenSSL installed on your local machine.
(Optional) Rename the file for clarity using this format:
&#xNAN;domain.pfx — for example: medianova_com.pfx.
1
Create the Extraction Script
Create a new Bash script file named extract-cert.sh and copy the following commands:
#!/bin/bash
# Usage: ./extract-cert.sh <pfx-password>
# 1. Extract encrypted private key
openssl pkcs12 -in domain.pfx -nocerts -out encrypted-domain.key -passin pass:$1 -passout pass:$1
# 2. Decrypt the private key
openssl rsa -in encrypted-domain.key -out domain.key -passin pass:$1
# 3. Extract public certificate
openssl pkcs12 -in domain.pfx -clcerts -nokeys -out domain.crt -passin pass:$1
# 4. Verify that the certificate and key match
first=$(openssl x509 -in domain.crt -modulus -noout | openssl md5)
second=$(openssl rsa -in domain.key -modulus -noout | openssl md5)
if [[ "$first" == "$second" ]]; then
echo "✅ Certificate and Key match."
else
echo "❌ Mismatch between certificate and key."
fi
Save and close the file.
Replace domain.pfx with your actual filename (e.g., medianova_com.pfx).
2
Make the Script Executable
Run the following command to make the script executable:
3
Run the Script
Execute the script using your .pfx password as an argument:
4
Files Generated
After running the script, three files will be generated:
File Name
Description
5
Verify the Output
If extraction is successful, you’ll see one of the following messages in your terminal:
If the certificate and private key do not match:
This procedure automates the extraction of certificate and key files from .pfx bundles.
You can now use the generated .crt and .key files to upload your own SSL certificate in the Medianova Control Panel.
Page Rules Settings
Learn about the actions Medianova CDN can take based on a page rule, and the configuration options for each setting.
Settings control the actions Medianova CDN takes once a request matches the URL pattern defined in a page rule.
The table below outlines all settings available in Page Rules from the Medianova Control Panel.
Medianova can implement custom page rule configuration at your request, for example network rate limit and security headers.
Setting
Description
Packages
Configure edge caching behaviour and TTL
All
Configure cross-origin resource sharing headers
All
Add or remove request and response headers
All
Cache Type
Use the Cache Type setting to control CDN caching.
Select Edge to specify how long the CDN may cache responses.
Select Origin to instruct the CDN to determine the maximum cache duration from origin response headers cache-control or expires .
Select Dynamic to disallow the CDN to cache responses for matching URLs.
CORS
The CORS setting controls the cross-origin resource sharing (CORS) header access-control-allow-origin in responses served by Medianova CDN edge servers.
Option
Description
On
Edge servers use the settings of the feature
Off
Edge servers forward the CORS header from origin
Dynamic
Outgoing CDN responses have the access-control-allow-origin: <origin> CORS header, where <origin> is the value of the Origin header in the incoming request
Custom Header
Set the Custom Header Type to Default to have the CDN inherit the parent settings, as configured in the Headers tab in the Medianova Panel.
Set the Custom Header Type to Custom to disable parent setting inheritance and customize the headers.
Configure the CDN to manipulate headers in requests to origin, or to manipulate headers in responses the CDN sends to clients/browsers.
Option
Description
Add Origin Request Header
Add header to requests to origin
Remove Origin Request Header
Remove header from requests to origin
Add CDN Response Header
Add header to outgoing CDN responses
Downloadable Query String Header
Use the Downloadable Query String Header setting to trigger browsers to download a file instead of displaying it.
In the page rule, toggle the setting on and specify a Downloadable Query String Header Key and a Downloadable Query String Header Value. For example, set the key to download and the value to yes to trigger a browser to download the file when it loads a URL with query string ?download=yes (and the URL matches on File Path and File Extension as configured in the page rule).
The CDN will send the content-disposition response header with in its value the attachment attribute and the path to the file. For example, content-disposition: attachment; filename="manual.pdf"
Exact Match
Turn on Exact Match to disable recursive directory processing.
For example, if the page rule has File Path /dir/ and Exact Match is enabled, only URLs for files in that exact directory will match, while with Exact Match off (default) the page rule would also take action for files in subdirectories like /dir/subdir/ .
Hotlink Protection
If Hotlink Protection is turned on in the parent setting in the Security tab, a new page rule will inherit its status and configuration. The Update a Page Rule screen then shows the Hotlink Protection toggle in the active state and the Hotlink Protection Type is set to Default.
Change the Hotlink Protection Type to Custom to and confgure the Hotlink Protections that must apply to matching URLs.
Hotlink Protection screen in Page Rules
Options Request
Turn on Options Request to have the CDN send edge-generated responses to requests with the OPTION method in case the origin does not respond to OPTION requests.
While a new page rule inherits the parent setting for Query String Caching (as configured in the Caching tab in the Medianova Control Panel), you can customize the CDN query string caching behavior for matching URLs.
Query String Caching in Page Rules has four options:
Option
Description
Retain All
Query string is part of the cache key. /image.jpg?123 is cached separately from /image.jpg?456
Ignore All
All query string parameters are ignored. /image.jpg?123 and /image.jpg?456 are considered the same response
Retain Specific
Only the specified query string parameters are included in the cache key
Learn how Origin SNI Request controls the SNI value used when the CDN establishes TLS connections for dynamic traffic.
The Origin SNI Request feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It ensures the CDN includes the correct Server Name Indication (SNI) during the TLS handshake when forwarding dynamic HTTPS requests to your origin. This enables the origin server to select the appropriate SSL certificate and prevents certificate mismatch issues in multi-domain environments.
For configuration details, expected behavior, and examples, refer to the main documentation:
Learn more in theOrigin SNI Request documentation.
Caching
Edge Cache Expiration
Learn how Edge Cache Expiration determines caching behavior and freshness for dynamic content at CDN edge servers.
The Edge Cache Expiration feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It defines how the CDN caches objects at the edge and how long cached responses remain valid before refreshing from the origin. You can configure cache modes that rely on Panel-defined TTL values, defer to origin headers, or disable caching entirely for dynamic workloads.
For configuration details, cache modes, and examples, refer to the main documentation:
Learn more in theEdge Cache Expiration documentation.
Browser Cache Rule
Learn how Browser Cache Rules define how long dynamic content remains cached in the visitor’s browser.
The Browser Cache Rule feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It controls browser-side caching by defining cache duration, cache modes, and rule priorities for different URL patterns, directories, or file types. These rules determine how browsers store and revalidate dynamic content, independent of CDN edge caching behavior.
For configuration details, rule types, and examples, refer to the main documentation:
Learn more in theBrowser Cache Rule documentation.
Query String Caching
Learn how Query String Caching defines cache key behavior for dynamic URLs containing query parameters.
The Query String Caching feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It determines how the CDN evaluates query parameters when generating cache keys, allowing you to cache each query string variant separately, ignore specific parameters, or build cache keys using only selected values. These configurations provide granular control over caching behavior for dynamic endpoints, APIs, and personalized content.
For configuration details, caching modes, and examples, refer to the main documentation:
Learn more in theQuery String Caching documentation.
Etag Verification
Learn how ETag Verification ensures cached dynamic content remains consistent with the origin.
The ETag Verification feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It compares the ETag value returned by the origin with the ETag of the cached object and refreshes the cache when a mismatch occurs. This ensures the CDN serves the most up-to-date version of dynamic content and prevents stale objects from being delivered to end users.
For configuration details, validation behavior, and examples, refer to the main documentation:
Learn more in theETag Verification documentation.
Error Status Code Cache Expiration
Learn how Error Status Code Cache Expiration defines caching duration for error responses in dynamic workloads.
The Error Status Code Cache Expiration feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It allows you to define custom cache durations for specific HTTP error codes so the CDN can temporarily store repeated error responses, reducing unnecessary load on the origin. Each status code can have its own TTL, and caching can be enabled or disabled per code based on your requirements.
Learn how Shared Cache defines whether dynamic content is cached independently or shared across accounts.
The Shared Cache feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It determines whether CDN edge nodes use an isolated cache namespace for your account (Default) or a shared cache namespace across multiple accounts that use the same Domain Cache Key (Share). When shared mode is enabled, identical content is cached once and reused across participating accounts, improving efficiency and reducing redundant origin requests.
For configuration details, cache modes, and examples, refer to the main documentation:
Learn more in theShared Cache documentation.
Stale Cache
Learn how Stale Cache enables serving previously cached dynamic content when the origin becomes temporarily unavailable.
The Stale Cache feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It allows CDN edge servers to deliver the last cached version of an object when the origin fails to respond or returns specific error codes. You can define which origin conditions—such as timeouts, invalid headers, or 5xx errors—trigger stale delivery. This improves availability for dynamic workloads during short-term origin instability.
For configuration details, supported triggers, and examples, refer to the main documentation:
Learn more in theStale Cache documentation.
Security
Performance / CDN
Origin Settings
Advanced Configuration
Caching
Replace yourPFXpassword with the actual password for your .pfx file.
The script automatically validates whether the .crt and .key match.
domain.crt
Public certificate.
domain.key
Unencrypted private key.
encrypted-domain.key
Encrypted private key (temporary, can be deleted).
If you see a mismatch error, verify the .pfx file and password before re-running the script.
chmod +x extract-cert.sh
./extract-cert.sh yourPFXpassword
✅ Certificate and Key match.
❌ Mismatch between certificate and key.
Disallow Cookie Base Cache
Control CDN caching behavior by excluding requests that contain specific cookie values.
The Disallow Cookie-Based Cache feature allows you to bypass CDN caching for requests that include defined cookie key–value pairs.
This ensures that personalized or session-based content is always fetched from the origin instead of being served from cache.
Use this feature to prevent incorrect caching of dynamic responses while maintaining optimal cache efficiency for all other traffic.
This helps you avoid caching personalized or session-based responses on Dynamic Content Acceleration resources.
How Disallow Cookie-Based Cache Works
When the feature is enabled:
The CDN inspects incoming requests for the configured cookie key–value pairs.
If any defined pair matches, the request bypasses the cache.
The response is fetched directly from the origin and is not stored in the CDN cache.
This behavior applies consistently across all requests for the selected CDN Resource.
Configure Disallow Cookie-Based Cache
You can configure this feature from the .
1
Enable the Feature
In the Caching tab of your Dynamic CDN Resource, set Disallow Cookie-Based Cache to On.
The cookie rule inputs become available.
2
Define Cookie Rules
Cache bypass is triggered if any defined cookie rule matches.
Cookie matching is exact; both key and value must match.
This feature affects cache eligibility only and does not modify headers or routing logic.
Troubleshooting
Issue: Responses are still cached.
Cause: The incoming cookie value does not exactly match the configured key-value pair.
Fix: Capture the request cookies from the client and confirm the exact key and value.
Issue: Cache hit ratio drops unexpectedly.
Cause: Too many cookie pairs are configured, or a widely present cookie is included.
Fix: Remove non-essential cookies and keep only cookies that must bypass cache.
Issue: Configuration does not take effect.
Cause: Changes were not saved.
Fix: Confirm you selected Submit and re-check the setting state in the Caching tab.
Cookie Base Cache
Control CDN caching behavior by varying cache entries based on specific cookie values.
The Cookie Base Cache feature allows you to include selected cookies in the CDN cache key for Dynamic Content Acceleration resources.
This ensures that different user sessions or states receive the correct cached response without disabling caching entirely.
This feature is available only for Dynamic CDN Resources.
How Cookie Base Cache Works
When Cookie Base Cache is enabled:
The CDN inspects incoming requests for the configured Cookie Key values.
The specified cookies are included as part of the cache key.
Requests with different cookie values are cached separately.
This allows dynamic and personalized content to be cached safely without serving incorrect responses across users.
Configure Cookie Base Cache
You can configure this feature from the .
1
Open the Caching Settings
Go to CDN → CDN Resources, select a Dynamic CDN Resource, and open the Caching tab.
2
Enable Cookie Base Cache
Set Status to On.
Each unique cookie value creates a separate cache entry.
Cookie matching is based on the cookie name only; values are evaluated dynamically.
This feature affects cache key generation, not cache bypass.
Common Use Cases
Cache dynamic pages per user role or session type
Serve different cached responses for logged-in vs logged-out users
Safely cache HTML or JSON responses that depend on cookie state
Header Base Cache
Control CDN caching behavior by varying cache entries based on specific HTTP request headers.
The Header Base Cache feature allows you to include selected HTTP request headers in the CDN cache key for Dynamic Content Acceleration resources.
This enables the CDN to create separate cached objects for different header combinations, ensuring correct delivery of dynamic or personalized content without disabling caching.
This feature is available only for Dynamic CDN Resources.
How Header Base Cache Works
When Header Base Cache is enabled:
The CDN inspects incoming requests for the configured HTTP header keys.
The specified headers and their values are included in the cache key.
Requests with different header values are cached as separate variants.
This approach allows safe caching of responses that vary based on request headers such as language, device hints, or custom application headers.
Configure Header Base Cache
You can configure this feature from the .
1
Open the Caching Settings
Log in to the Medianova Control Panel, navigate to CDN → CDN Resources, select a Dynamic CDN Resource, and open the Caching tab.
2
Enable Header Base Cache
Set
Each unique header value creates a separate cache entry.
Header matching is based on the header name; values are evaluated dynamically.
This feature affects cache key generation, not cache bypass behavior.
Common Use Cases
Cache responses per language using Accept-Language
Separate cache entries for feature flags or tenant identifiers
Cache dynamic HTML or JSON responses that vary by request metadata
Header Value Base Cache
Control CDN caching behavior by allowing or denying cache based on specific HTTP header name–value pairs.
The Header Value Base Cache feature allows you to explicitly allow or deny caching when a request contains a specific HTTP header value.
This provides precise control over caching behavior for Dynamic Content Acceleration resources where certain header values determine whether content should be cached.
This feature is available only for Dynamic CDN Resources.
How Header Value Base Cache Works
When Header Value Base Cache is enabled:
Medianova CDN inspects incoming requests for the configured Header and Value.
If the request matches the defined rule:
Allow — the response is eligible for caching.
This mechanism allows cache decisions to be enforced conditionally, rather than only by cache key variation.
Configure Header Value Base Cache
You can configure this feature from the .
1
Open the Caching Settings
Log in to the Medianova Control Panel, navigate to CDN → CDN Resources, select a Dynamic CDN Resource, and open the Caching tab.
2
Enable Header Value Base Cache
Set
Only one header value-based rule can be active at a time.
Header matching is exact; both header name and value must match.
This feature controls cache eligibility, not cache key variation.
Common Use Cases
Prevent caching when a request contains a debug or preview header
Allow caching only when a specific feature-flag header is present
Enforce cache bypass for internal or authenticated traffic
Control caching behavior based on application-specific headers
MNUID Cookie Base Cache
Learn how to configure MNUID Cookie Base Cache for Dynamic CDN Resources to create session-aware cached content.
MNUID Cookie Base Cache generates separate cached versions of content based on the MNUID cookie value for Dynamic Content Acceleration resources.
This feature enables session-aware caching while maintaining control over cache lifetime through configurable expiry settings.
This feature is available only for Dynamic CDN Resources.
How MNUID Cookie Base Cache Works
When MNUID Cookie Base Cache is enabled:
Medianova CDN checks incoming requests for the MNUID cookie.
The value of the MNUID cookie is included in the cache key.
Requests with different MNUID values are cached as separate variants.
This mechanism allows session-aware caching while maintaining control over cache lifetime.
Configure MNUID Cookie Base Cache
You can manage MNUID Cookie Base Cache using the .
1
Open the Caching Settings
Log in to the Medianova Control Panel, navigate to CDN → CDN Resources, select a Dynamic CDN Resource, and open the Caching tab.
2
Enable MNUID Cookie Base Cache
Set Status to On.
Each unique MNUID value creates a separate cache entry.
Cache variation is based on the cookie value, not just its presence.
Cookie Expiry Time controls cache validity independently of origin headers.
Common Use Cases
Cache dynamic pages per authenticated user session
Improve performance for logged-in users while maintaining correctness
Control cache lifetime for session-based personalization
Reduce origin load for frequently accessed user-specific content
Welcome to the Medianova Knowledge Base
Comprehensive CDN documentation and API references, with integration, troubleshooting, and developer guides across all Medianova services.
Learn how to integrate and optimize your workflows with our detailed API documentation.
Requests that do not match any configured cookie rules continue to follow normal caching logic.
Enter the cookie details:
Cookie Key — Name of the cookie to match
Cookie Value — Value that triggers cache bypass
Select + to add additional cookie rules if required.
3
Save changes
Select Submit to save and apply the changes.
Requests that do not include matching cookies continue to benefit from CDN caching.
Use carefully together with Page Rules to avoid unintended cache bypass.
Medianova is a global provider of Content Delivery Network (CDN) and cloud security services designed to accelerate and secure digital experiences. With over 50 data centers across 21 countries, it helps businesses deliver fast, reliable websites, applications, and APIs while ensuring high performance and robust security.
Key Services and Concepts
1. CDN (Content Delivery Network)
A CDN optimizes content delivery by distributing it across multiple servers around the world. Medianova's CDN service ensures that content such as images, stylesheets, and scripts are delivered efficiently by caching static assets at strategically located servers. This minimizes latency and improves page load times for users.
2. Static CDN
The Static CDN service is specifically designed to optimize the delivery of static content. By caching assets globally, it ensures that users receive content from the nearest server, drastically reducing load times and enhancing performance. Integration is simple, with users needing only to update asset URLs and configure settings via the Medianova platform.
3. Dynamic Content Caching
Dynamic content, generated per user request, can be resource-intensive. Medianova's microcaching system allows for caching dynamic content (e.g., API responses or web pages) for brief periods, thus reducing server load and improving page speeds. This helps reduce bandwidth costs while enhancing the user experience.
4. Live Streaming
Medianova provides high-quality live streaming with adaptive streaming technology. This ensures optimal video quality across devices, from desktop to mobile, while maintaining seamless playback. The platform integrates with major social media platforms for broader reach. Security features, including encryption and access controls, ensure that content is protected and accessible only to authorized users.
5. Private CDN
For organizations requiring greater control, the Private CDN offers flexible, secure, and high-performance content delivery. It provides businesses with tailored solutions that allow enhanced security and content distribution management.
6. Image Optimization
Medianova offers real-time image optimization. This feature allows on-the-fly image transformations such as resizing, cropping, and watermarking through simple URL calls. It also supports responsive images, ensuring that content is tailored for different devices and screen sizes, contributing to faster load times and better user experiences.
7. Stook - Cloud Object Storage
Stook is Medianova's cloud object storage solution that enables businesses to store, manage, and retrieve data quickly and reliably. It is S3-compatible and eliminates the traditional barriers of egress and transaction fees, making it a cost-effective choice for scalable storage needs.
8. SSL Encryption
Secure Socket Layer (SSL) ensures encrypted communication between a server and a client. Websites with SSL certificates are considered secure, and this encryption is critical for e-commerce platforms, where security is a primary concern for users.
9. Medianova WAF (Web Application Firewall)
Medianova's WAF actively monitors all incoming web traffic to detect and block malicious patterns before they can affect web assets. With predefined Managed Rules, enabling these rules offers immediate protection against various security threats.
10. DDoS Protection
Medianova's DDoS protection system is always active, offering continuous defense against common attack types, such as DNS Query Floods, SlowLoris, and HTTP floods. It includes several mitigation strategies, including rate limiting, IP blocking, and geoblocking, ensuring minimal disruption to services during attacks.
Conclusion
Medianova combines advanced caching, acceleration, and security features to help businesses create fast, reliable, and secure digital solutions. With global infrastructure, robust security, and easy integration, Medianova empowers businesses to deliver superior user experiences while ensuring high performance and protection against a wide range of threats.
Website Framework Integrations
Requests without the configured cookies follow the default cache behavior.
The cookie input field becomes active.
3
Define Cookies
Enter the cookie name:
Cookie Key — Name of the cookie to include in the cache key
Use the + button to add multiple cookie keys if required.
4
Apply the Configuration
Select Submit to save and apply the changes.
Use together with Disallow Cookie Base Cache for advanced session-aware caching strategies.
Adding too many cookies may increase cache fragmentation.
Protect your applications and APIs from volumetric and protocol-based attacks with Medianova’s multi-layer, always-on DDoS mitigation system.
A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt normal traffic by overwhelming a target system or network with excessive requests.
Medianova’s DDoS Protection automatically detects and mitigates these attacks without requiring any manual activation.
From rate limiting to IP and Geo blocking, Medianova ensures uninterrupted availability even under heavy attack conditions.
How Medianova DDoS Protection Works
Medianova integrates several protection layers designed to stop attacks before they impact your services.
Medianova DDoS Protection Architecture
Always-On Defense
Your DDoS protection is active by default.
There is no need for additional setup — your web assets are continuously monitored and protected against common attack types such as:
DNS Query Floods
Slowloris Attacks
HTTPS GET / POST Floods
Anycast DNS Infrastructure
Medianova’s global distributes thousands of requests across multiple servers.
This prevents traffic overload on a single endpoint and mitigates large-scale network floods.
Anycast DNS not only improves security but also reduces latency by routing users to the nearest edge location.
IP and Origin Protection
You can reduce the risk of DDoS threats by concealing your origin IP before an attack begins.
Medianova provides an extra layer of protection through Secure Cloud, limiting exposure of your origin infrastructure and filtering harmful traffic before it reaches your servers.
Warning: Exposing your origin IP directly allows attackers to bypass DDoS mitigation layers.
Rate Limiting and Geo Blocking
Edge-level rate limiting and Geo-based filtering restrict malicious or excessive traffic patterns.
This ensures that legitimate users maintain access while harmful requests are dropped early in the network path.
WAF Integration
When combined with Medianova’s , DDoS Protection forms a complete multi-layer defense system.
This integration protects not only against volumetric attacks but also against application-layer threats, such as bot floods or malicious payloads targeting web applications.
Best Practices
Conceal your origin IP using Secure Cloud or Origin Shield.
Combine DDoS Protection with WAF for enhanced multi-layer defense.
Keep critical DNS zones under to distribute load globally.
Medianova DDoS Protection delivers continuous and intelligent protection against both volumetric and application-layer attacks.
By combining global Anycast DNS distribution, adaptive rate limiting, and origin shielding, Medianova ensures your online services remain fast, secure, and always available.
Web Application Firewall (WAF)
Protect your web applications from common exploits and malicious traffic with Medianova’s Web Application Firewall (WAF).
WAF is Medianova’s intelligent web security layer that protects your applications from malicious traffic, bots, and exploits. With real-time filtering, custom rule control, and built-in analytics, it helps you prevent attacks before they reach your origin servers.
Why Choose WAF?
Medianova WAF combines ease of use, robust protection, and edge-level performance to keep your web applications secure. Unlike standard firewalls, WAF protects against both network and application-layer attacks.
Edge-level protection – All traffic is filtered at Medianova’s global CDN edge before it reaches your origin.
Managed Rules – Constantly updated rulesets by Medianova’s Security Team, including OWASP Top 10 protections.
Custom Rules – Define your own rules to block, allow, or log specific requests.
Key Features
OWASP Top 10 Protection – Shields against SQL Injection, XSS, and other common web vulnerabilities.
Custom Rule Engine – Create granular policies based on IP, URI, headers, or user agents.
Monitoring Mode – Observe how rules behave before full activation.
Use Cases
Web Application Security – Protect public websites and portals from injection and XSS attacks.
API Protection – Filter and control requests to your backend APIs.
E-commerce Security – Prevent data breaches, bot abuse, and checkout exploitation attempts.
Built for Modern Web Security
Medianova WAF delivers enterprise-grade web protection that’s easy to deploy and manage through the .
It helps you stay secure without adding complexity — protecting your applications from the edge, in real time.
Use Free SSL Certificates
Learn how to enable and manage free SSL certificates in the Medianova Control Panel.
Free SSL certificates provide an easy and cost-effective way to secure your CDN Resources without purchasing a commercial SSL.
Medianova integrates Let’s Encrypt to automatically issue and renew these certificates through the SSL Management interface.
Free SSL certificates are valid for 90 days and are automatically renewed before expiration.
1
Access the SSL Management
To begin, log in to the and open the SSL Management section.
Navigate to CDN → SSL Management in the left-hand menu.
Review your existing SSL certificates.
Click Add New SSL in the upper-right corner.
2
Select the Free SSL Option
When the dialog appears, choose Free SSL as the certificate type and click Next to continue.
Choose Free SSL when you want to automatically issue and manage a certificate through Medianova’s Let’s Encrypt integration.
3
Fill in Certificate Details
Enter the required information in the form:
Field
Description
4
Complete Let’s Encrypt Verification
Medianova automatically performs domain verification using Let’s Encrypt.
Wait for the verification process to complete.
Once successful, click Confirm to finalize installation.
5
Assign the SSL to a CDN Resource
After installation, assign the certificate to the desired CDN Resource:
Go to CDN → CDN Resources.
Open the SSL (or CNAME & SSL) tab.
Hotlink Protection
Prevent unauthorized use of your media files by blocking external websites from embedding or linking directly to your CDN-hosted assets.
Hotlink Protection restricts access to your CDN Resource by verifying the Referer header in each HTTP request.
When enabled, it ensures that only requests originating from your allowed domains can retrieve content from your CDN.
Requests coming from unauthorized sources — such as external websites directly embedding your files — are blocked or redirected automatically.
Why Use Hotlink Protection?
Hotlink Protection helps you:
Protect bandwidth – Prevent others from using your CDN capacity to serve their own content.
Secure digital assets – Stop unauthorized sharing or embedding of your hosted media.
Reduce server load – Block high-traffic external sites from consuming resources.
Maintain brand control – Ensure your content appears only on trusted domains.
Prevent abuse – Stop third-party sites from monetizing your media.
How Hotlink Protection Works
Hotlink Protection checks the Referer field of every HTTP request.
If the Referer does not match your whitelisted domain list, the CDN automatically denies or redirects the request.
Action
Description
Add multiple allowed domains to the whitelist for multi-site deployments (e.g., www.medianova.com, cdn.medianova.com).
Geoblocking
Restrict or allow access to your CDN Resources based on geographic location by configuring country-based whitelists and blacklists.
Geoblocking allows you to control which countries can access your content through the Medianova Control Panel.
By enabling this feature, you can restrict or allow requests based on the visitor’s geographic origin, helping you comply with regional policies and protect your digital assets.
Geoblocking operates at the CDN edge, preventing unauthorized access before requests reach your origin server.
Why Use Geoblocking?
Use Geoblocking to manage access and enforce content distribution policies efficiently:
Compliance and licensing – Restrict access to regions where content rights do not apply.
Dynamic pricing models – Apply different pricing or service availability by country.
Security enhancement – Block known high-risk regions or malicious traffic.
Combine Geoblocking with IP Restriction for granular, IP-based exceptions within approved countries.
How to Configure Geoblocking
1
Log in to the Medianova Control Panel.
2
Go to CDN → CDN Resources and select the resource you want to manage.
3
Open the Security tab.
IP Restriction
Control access to your CDN Resources by allowing or blocking specific IP addresses through whitelist or blacklist configurations.
IP Restriction (Access Control List – ACL) allows you to manage which IP addresses can access your CDN Resource.
You can choose between two modes: Whitelist or Blacklist, to define how access is granted or denied.
Whitelist Mode: Only the IP addresses you specify are allowed to access your resource. All other IPs are denied.
Blacklist Mode: The IP addresses you specify are denied access. All other IPs are allowed.
Whitelist and Blacklist modes are mutually exclusive — only one can be active at a time.
Why Use IP Restriction?
Use IP Restriction to:
Protect internal or staging environments from unauthorized access.
Restrict API access to trusted partners or corporate networks.
Block known malicious IP ranges or suspicious activity.
Ensure compliance with internal security policies.
Key Features
Whitelist Mode – Only the IP addresses you specify are allowed to access the resource. All other traffic is blocked.
Blacklist Mode – The IP addresses you specify are denied access, while all other IPs are permitted.
Edge-Level Enforcement – Filtering occurs at the CDN edge, ensuring zero impact on origin performance.
Use Whitelist mode for restricted corporate APIs and Blacklist mode for public-facing applications that need selective blocking.
Medianova’s IP Restriction system provides a simple yet powerful way to enforce access control at the CDN level.
By validating requests before they reach your infrastructure, it prevents unauthorized access and improves overall performance stability.
Combined with other Security features such as Rate Limiting, WAF, and Hotlink Protection, it forms a robust multi-layer defense mechanism.
Static Content Delivery
Deliver images, scripts, and other static assets faster and more reliably across the globe with Medianova’s Static CDN service.
Static Content Delivery accelerates websites and applications by distributing static assets—such as images, CSS, and JavaScript files—across Medianova’s globally distributed CDN network.
By caching content at the edge, end-users receive data from the nearest server, reducing latency and improving overall page load performance.
Static CDN is ideal for websites with large amounts of unchanging content that must be delivered consistently to users worldwide.
Why Use Static CDN?
Medianova’s Static CDN provides an optimized way to serve static assets with speed, security, and scalability:
Reduced Latency – Serve content from the nearest CDN edge location.
Improved Page Load Times – Accelerate rendering of images, scripts, and styles.
Lower Origin Load – Cache content at the edge to minimize backend requests.
Combine Static CDN with Dynamic CDN or Image Optimization to maximize performance across your entire website.
Key Features
Edge Caching – Automatically stores and serves static content at geographically distributed edge nodes.
Custom Domain Support – Use your own domain (CNAME) for branded content delivery.
SSL/TLS Encryption – Secure asset delivery with HTTPS support.
Built for Performance
Medianova’s Static CDN combines global edge coverage, intelligent caching, and secure HTTPS delivery to optimize the delivery of static assets.
Whether hosting media, websites, or web applications, this service ensures users experience faster load times and consistent performance anywhere in the world.
Origin Response Timeout
Learn how to configure Origin Response Timeout to control how long the CDN waits for your origin to respond.
Origin Response Timeout defines the maximum time the CDN waits for an HTTP(S) response from your origin server. If the origin does not respond within the configured duration, the CDN returns a 504 Gateway Timeout.
Adjusting this timeout helps maintain predictable performance and prevents long wait times caused by slow origin responses.
In the Medianova Control Panel, go to CDN Resources, select your resource, and navigate to Origin Settings.
Configure Origin Response Timeout
Follow the steps below to set the timeout duration.
1
Set the Timeout Duration
Enter a timeout value between 5 seconds and 300 seconds.
The CDN will wait for the origin response up to the duration you specify.
2
Save the Configuration
Timeout Behavior
The CDN waits for the origin to respond for the configured duration.
If the timeout is reached, the CDN returns 504 Gateway Timeout to the client.
Lower values improve failover speed; higher values allow slow origins more time to respond.
Recommended Settings
5–30 seconds: Fast origins or latency-sensitive applications
30–120 seconds: Moderate response times or variable workloads
120–300 seconds: Heavy processing at the origin (reports, large queries, image generation)
Troubleshooting
Issue: Clients receive 504 responses.
Cause: Origin cannot respond within the configured timeout.
Fix: Increase the timeout value or optimize origin performance.
Issue: Requests feel slow before failing.
Cause: Timeout value is set too high.
Fix: Reduce the timeout to a more suitable duration.
Edge Cache Expiration
Learn how to configure how long content remains cached on CDN edge servers.
Edge Cache Expiration controls whether CDN edge servers cache an object and how long the cached content remains valid before it must be refreshed from the origin.
It defines the caching behavior applied at the edge, including modes that disable caching entirely or defer expiration settings to the origin.
Use this workflow to define how the CDN determines cache duration and applies expiration rules on edge servers.
1
Access the Edge Cache Expiration
This feature is located under the Caching tab in any CDN Resource.
This section includes the Cache Type selector and expiration time fields.
2
Select the Cache Type
Choose how the CDN evaluates cache duration:
A value of 0 disables caching for both Edge and Origin modes.
Dynamic mode always bypasses caching on edge servers.
These settings do not impact browser caching; use for client-side caching behavior.
Best Practices
Apply long TTL values for static assets such as images, fonts, CSS, and JavaScript.
Use shorter TTL values for frequently updated or dynamic endpoints.
Monitor edge cache hit ratios to optimize performance and origin load.
Error Status Code Cache Expiration
Configure how long specific HTTP error responses remain cached on CDN edge servers.
Error Status Code Cache Expiration defines how long selected HTTP error responses (such as 404 or 500) stay valid in the CDN cache. This reduces repeated requests to the origin when the same error occurs frequently.
Select a CDN resource in the CDN section, and navigate to the Caching tab.
Configure Error Status Code Cache Expiration
Add an Error Status Code Definition
Define a cache duration for specific HTTP error codes.
1
Click Add to Create a New Definition
2
Edit an Error Status Code Definition
Modify the cache time or status code.
1
Click the Edit Icon Next to the Definition
2
Delete an Error Status Code Definition
Remove a cache rule so that future error responses bypass CDN cache.
Behaviour
Cached error responses remain valid until the configured cache time expires.
Deleting a definition does not immediately remove already cached error objects; existing cached content remains until expiration.
Setting a low cache duration minimizes the risk of serving error responses for extended periods.
FAQ
Does removing a definition purge already cached error responses?
No. Existing cached content remains until it expires.
Can I cache multiple error codes with different durations?
Yes. Each status code can have its own cache time.
What happens if I set the cache time to zero?
A value of zero disables caching for that error status code.
ETag Verification
Validate cached content using the ETag response header so the CDN can detect when the origin object has changed.
ETag Verification ensures that cached objects remain consistent with the latest version served by the origin. When enabled, the CDN evaluates the ETag header returned by the origin and refreshes the cached object when a mismatch is detected. This prevents outdated or stale content from being delivered to end users.
Select a CDN resource in the CDN section, and navigate to the Caching tab.
Configure ETag Verification
Enable or disable ETag validation to ensure cached content remains synchronized with the origin.
1
Access the ETag Verification Section
Open the ETag Verification section under the Caching tab of the selected CDN resource.
2
Toggle ETag Verification
Enable or disable ETag validation using the ETag Verification toggle.
3
Behaviour
When enabled, the CDN compares the origin’s ETag header with the cached object to determine whether a refresh is required.
When disabled, cached objects are served without ETag-based validation.
ETag validation improves consistency but may result in more origin requests depending on header behavior.
FAQ
Does ETag Verification guarantee that the CDN always serves the latest version?
Yes. When enabled, the CDN validates the cached object using the ETag header and refreshes it if the origin indicates a change.
Does enabling ETag Verification increase origin traffic?
It can. Validation requires comparing ETag values, which may trigger additional revalidation requests depending on origin behavior.
What happens if the origin does not send an ETag header?
The CDN cannot perform ETag-based validation. Normal cache expiration and revalidation rules apply.
Range Based Caching
Cache partial content based on byte ranges so the CDN can serve only the requested portions of large files.
Range Based Caching allows the CDN to cache and deliver content in byte-range segments rather than requiring the entire file to be fetched or cached. This improves performance for large files such as videos, archives, or software downloads by serving only the requested portions.
Select a CDN resource in the CDN section, and navigate to the Caching tab.
Configure Range Based Caching
1
Enable Range Based Caching
Toggle Range Based Caching to On to allow the CDN to cache partial byte-range segments.
2
Select Segment Size
Choose a Segment Size value to define how large each cached byte-range segment should be.
This determines how the CDN partitions and stores partial content.
3
Save the Configuration
Click Submit to apply the Range Based Caching settings.
Behaviour
The CDN caches content in fixed-size byte segments defined by Segment Size.
Requests for ranges within the same segment are served directly from cache.
Useful for video playback, downloads, and large binary files where clients request only parts of a resource.
FAQ
Does Range Based Caching improve video streaming performance?
Yes. It prevents the CDN from fetching the entire file when only a portion is requested, improving responsiveness.
What happens if I change the Segment Size?
New segment size applies only to future cached segments. Existing segments remain until evicted.
Is this feature required for byte-range requests to work?
Byte-range requests work regardless, but enabling Range Based Caching ensures partial responses can come from cache instead of the origin.
Robots.txt File
Define how the CDN serves the robots.txt file to control how search engines crawl and index your content.
The Robots.txt File feature determines whether search engines receive a robots.txt file from the CDN and which source the file is taken from. This allows you to enable crawling for all files or defer crawling rules to your origin.
Log in to the Medianova Control Panel, select a CDN resource in the CDN section, and navigate to the Caching tab.
Configure Robots.txt File
Choose how the CDN should provide the robots.txt file for the selected resource.
1
Select the Robots.txt File Mode
Choose Disabled, Enabled, or Origin from the dropdown.
Mode Behaviors
Disabled — No robots.txt file is served.
Enabled mode always serves MN CDN’s default robots.txt content.
Customers cannot upload or configure a custom robots.txt file through the Panel.
Origin mode delegates full control to your origin server.
Changes propagate immediately but may take a short time to be reflected across all PoPs.
FAQ
Does Medianova allow uploading a custom robots.txt file?
No. In Enabled mode, the CDN serves a predefined robots.txt file that allows all crawling. To use a custom file, select Origin mode and host the file on your origin.
What happens if my origin has no robots.txt file but I choose Origin mode?
The CDN will return 404 Not Found, and search engines will proceed as if no robots.txt file exists.
Does robots.txt affect CDN caching?
No. It only controls search engine bot behavior and does not interact with cache rules.
Custom Header
Learn how to configure Custom Header rules for a CDN Resource.
The Custom Header feature allows you to add, modify, or remove HTTP headers for both origin requests and CDN responses. This configuration enables fine-grained control over how headers are passed, overwritten, or stripped at different stages of the delivery flow.
When Custom Header is enabled, you can define multiple header actions, each with a specific key–value pair and rule type. All rules are executed by CDN edge servers for the selected CDN Resource.
Go to CDN → CDN Resources and select a CDN Resource.
Scroll to the Custom Header section.
2
Enable Custom Header
Toggle Status to enable the Custom Header feature.
Verify that the rule configuration area becomes active.
3
Create Custom Header Rules
Select a header action from the dropdown.
Available Header Actions
You can create header rules using the Add dropdown.
Each option applies to a different stage of the request/response flow.
Add Origin Request Header
Adds a custom header to the request sent from CDN edge to the origin server.
Add CDN Response Header
Adds a custom header to responses delivered from CDN edge to the viewer.
Remove CDN Response Header
Removes a header from the response before it is sent to the viewer.
Raw Header
Creates a raw header rule with a custom directive, without binding it to request or response type logic. (Use only if you require fully custom header behavior.)
Remove Origin Request Header
Removes a header before the request is forwarded to the origin server.
Enter the Key and Value for the header, if the selected action requires one.
4
Select Submit to save
Best Practices
Header keys and values must follow valid HTTP header formatting rules.
If the same header is modified by multiple rules, CDN edge behavior follows the order of applied rules.
Removing headers may affect origin authentication, CORS behavior, or cache control logic.
X-CDN Header
Learn how the X-CDN Header adds CDN-specific information to origin requests in the Medianova Control Panel.
The X-CDN Header feature adds an X-CDN header to requests that are forwarded from the CDN to your origin. This allows your origin to identify that the request is coming through Medianova CDN, which can be useful for logging, routing decisions, and origin-side analytics.
This feature does not modify the response returned to the viewer and does not affect caching or delivery logic.
How X-CDN Header Works
You can configure X-CDN Header in the or via
When the X-CDN Header toggle is enabled:
The CDN adds the X-CDN header to the origin request during the fetch operation.
Your origin receives every request with this header included.
The header allows your origin to distinguish CDN-proxied traffic from direct client traffic.
This feature is passive and does not alter cache decisions, TTL behavior, Page Rules, or viewer-facing responses.
Use Cases
Origin-side analytics
Log whether a request came through the CDN layer by checking for the X-CDN header.
Conditional behavior at the origin
Apply specific logic (e.g., rate limits, routing decisions, request tagging) based on the presence of this header.
Debugging origin fetches
Verify that requests are reaching your origin through the CDN, especially when diagnosing caching or routing flows.
Notes
The header is inserted only on the origin request.
It is not visible to clients and does not appear in viewer-facing responses.
Header values may differ based on internal CDN configuration.
Enabling the header does not change caching rules, request normalization, or delivery performance.
Origin Host Header
Learn how to configure a custom Host header for origin requests in the Medianova Control Panel.
The Origin Host Header feature allows you to define a custom domain to be sent in the Host header of requests forwarded to your origin. Many origin servers rely on the Host header for routing, virtual hosting, or tenant identification.
When this option is enabled and a domain is provided, the CDN replaces the default host value with the one you specify.
The feature does not modify viewer-facing responses and does not affect caching behavior.
How Origin Host Header Works
You can configure X-CDN Header in the or via
When the feature is active:
The CDN overwrites the Host header in the origin request with the domain you provide.
The domain must be entered withouthttp:// or https://.
The purpose of this feature is to ensure compatibility with origins that require a specific hostname, especially in environments where multiple sites share the same origin infrastructure.
Use Cases
Virtual hosting environments
Ensure the correct site is selected when multiple hostnames share the same origin.
Multi-tenant systems
Send a tenant-specific domain in the Host header for proper routing.
Origin behavior validation
Match the exact hostname your origin expects for SSL/SNI evaluation or application routing logic (when applicable to host header usage).
Notes
Enter only the domain name (e.g., subdomain.example.com).
Do not include URL schemes such as http:// or https://.
This feature modifies only the origin-bound request
X-Frame Options
Learn how the X-Frame Options feature controls which sites are allowed to frame your content.
The X-Frame Options feature adds the X-Frame-Options HTTP response header to prevent unauthorized framing of your website. This header is commonly used to mitigate clickjacking attacks by restricting how and where your content can be embedded inside an <iframe>.
When enabled, the CDN includes the header in responses according to the configuration you provide.
How X-Frame Options Works
You can configure X-CDN Header in the or via
When the feature is active:
The CDN adds an X-Frame-Options header to viewer responses.
If no domain is configured, the CDN sets:
which allows framing only from the same domain.
If one or more domains are provided, the CDN applies:
Use Cases
Prevent clickjacking
Block external sites from embedding your pages to protect users from UI redress attacks.
Allow trusted partners
Permit framing only from specific domains that require embedded content (e.g., partner dashboards, internal tools).
Enforce controlled embedding behavior
Define clear, browser-enforced restrictions on how your content is presented in external applications.
Notes
ALLOW-FROM is not supported by all browsers. Modern security policies often prefer CSP frame-ancestors.
X-Frame-Options does not affect API endpoints or non-HTML content.
If multiple allowed domains are configured, behavior may vary by browser due to varying support levels.
X-Content Type Options
Learn how the X-Content-Type-Options header prevents MIME sniffing and enforces strict content-type handling in the browser.
The X-Content-Type-Options feature adds the X-Content-Type-Options header to viewer responses. This header instructs compatible browsers not to perform MIME sniffing and to rely strictly on the Content-Type declared by the server. Disabling MIME sniffing helps reduce exposure to certain injection and cross-site scripting (XSS) vectors.
The feature does not modify origin requests or CDN caching behavior.
How X-Content-Type-Options Works
You can configure X-CDN Header in the or via
When enabled:
The CDN adds the following header to viewer-facing responses:
Browsers that support this header will not attempt to infer content types and will instead enforce the value provided by the origin.
MIME sniffing is disabled for resources such as scripts, stylesheets, and other content types that could be misinterpreted.
Use Cases
Prevent MIME sniffing
Ensure the browser does not guess content types, avoiding scenarios where a file may be interpreted as executable code.
Improve XSS resilience
Reduce attack surfaces where incorrect content-type interpretation could lead to script execution.
Enforce strict content handling
Guarantee consistent behavior across browsers by ensuring content is processed exactly as declared.
Notes
The header is applied only to viewer responses, not to origin-bound requests.
Modern browsers widely support nosniff, but legacy browsers may behave inconsistently.
Enabling this header does not alter your CDN caching logic.
X-XSS Protection
Learn how the X-XSS Protection header controls browser-side filtering of reflected Cross-Site Scripting (XSS) attacks.
The X-XSS Protection feature adds the X-XSS-Protection header to viewer responses. This header instructs compatible browsers to enable their built-in XSS filtering mechanisms. While most modern browsers now ignore this header, the setting can still provide protection for legacy browsers that rely on it.
The feature does not modify origin requests or affect CDN caching behavior.
How X-XSS Protection Works
You can configure X-CDN Header in the or via
When enabled:
The CDN adds the following header to viewer-facing responses:
Browsers that still support the header will block pages that trigger reflected XSS heuristics.
If disabled, the CDN does not include the header, and browsers revert to their default behavior.
This feature is primarily relevant for environments that depend on legacy browser compatibility.
Use Cases
Legacy browser support
Provide reflected-XSS filtering for older browsers that still honor the header.
Controlled security posture
Ensure consistent browser behavior across mixed device environments or corporate networks with outdated browser fleets.
Notes
Modern browsers (Chrome, Edge, Safari) ignore X-XSS-Protection and instead rely on CSP (Content-Security-Policy) for XSS mitigation.
This feature affects only viewer responses, not origin requests.
Enabling the header does not prevent stored or DOM-based XSS attacks.
Page Rules
Learn about Page Rules, how to manage Page Rules and the available settings.
Page Rules trigger one or more actions on an incoming request to Medianova CDN whenever a defined URL pattern is matched.
Page Rules are available in the Medianova Panel for any CDN resource in the Page Rules tab.
Page Rules can be configured foror CDN resources of type Small, Dynamic, Large & VOD.
The default number of allowed page rules depends on the package as shown below.
Free
Pro
Business
Enterprise
Priority Order Matters
Only one Page Rule will trigger per URL, that is the the matching page rule with the highest priority.
In the Medianova Panel, Page Rules are sorted top-to-bottom from highest priority to lowest priority. For this reason, we recommend ordering your rules from most specific to least specific.
Rate Limiting
Control traffic flow, protect resources, and ensure fair usage across your CDN resources with Medianova’s intelligent Rate Limiting feature.
Rate Limiting helps you maintain stable application performance by controlling how many requests a client can make in a given time frame.
It protects against excessive API calls, brute-force attempts, and high-frequency requests that can degrade origin performance or service quality.
With Medianova’s edge-level implementation, rate limits are applied directly at the CDN layer — before the traffic reaches your origin servers — ensuring both reliability and efficiency.
Rate Limiting is available for Dynamic CDN Resources and can be configured per domain, path, or file extension through the .
Configure IP Restriction
Learn how to enable and configure IP Restriction in the Medianova Control Panel to allow or block access from specific IP addresses.
IP Restriction enables you to define which IP addresses can access your CDN Resources by using either whitelist or blacklist rules.
When configured, access control is enforced at the CDN edge, ensuring that unauthorized requests are blocked before they reach your origin server.
You can enable IP Restriction for each CDN Resource in the .
1
How to Activate WAF
Learn how to activate and configure the Web Application Firewall (WAF) for your CDN Resources in the Medianova Control Panel.
WAF (Web Application Firewall) enhances your website’s security by inspecting and filtering incoming HTTP/HTTPS traffic.
You can enable it for any Dynamic CDN Resource, select the protection mode, and create Custom Rules to detect and block malicious requests.
WAF is available only for Dynamic CDN Resources. Ensure your resource is active before proceeding.
1
Configuration Basics
Medianova CDN Configuration Basics document is designed to help you understand and implement the fundamental configurations necessary to leverage the full potential of Medianova's Content Delivery Network (CDN). Whether you are a web developer, content creator, or IT professional, this guide will walk you through essential concepts and steps to optimize content delivery, enhance performance, and improve user experience.
Creating a Medianova CDN Resource
To get started with Medianova CDN, follow these steps:
Rewrite Origin URLs
Learn how to manage Rewrite Origin URLs to modify how request paths are sent to your origin.
Rewrite Origin URLs enables you to transform incoming paths before they are forwarded to origin servers. You can configure Match Mode, Origin URI, Target URI, and Priority to adjust how paths are rewritten for directory changes, API restructuring, or backend routing needs.
You can manage Rewrite Origin URLs using the or .
In the Medianova Control Panel, go to CDN Resources, select your resource, and navigate to Origin Settings
Query String Caching
Control how query strings affect CDN cache behavior for dynamic or parameterized URLs.
Query String Caching defines how URLs containing query parameters are interpreted by the CDN cache. You can cache each query string variant separately, ignore selected query strings, or build the cache key using only specific parameters.
You can manage Query String Caching in the or via .
Log in to the Medianova Control Panel, select a CDN resource in the CDN section, and navigate to the Query String Caching section under the Caching tab.
Configure Query String Caching
Enable Gzip from Origin
Fetch gzip-compressed text-based content from your origin to improve delivery efficiency.
Enable Gzip From Origin allows the CDN to request text-based files from your origin using the Accept-Encoding: gzip header.
This feature is available for Small, Large, and Dynamic CDN Resources.
If the origin supports gzip, the CDN stores the compressed version in cache; otherwise, it stores the uncompressed response.
Stale Cache
Serve stale cached content when the origin returns specific HTTP error responses or enters an Updating state
Stale Cache allows CDN edge servers to deliver the last cached version of an object when the origin becomes temporarily unavailable. This includes conditions such as 500–504 errors, invalid headers, timeouts, forbidden responses, or an Updating status. Enabling Stale Cache helps maintain availability and ensures continuity of service during short-term origin instability.
You can manage Stale Cache in the or via .
Log in to the Medianova Control Panel, select a CDN resource in the CDN section, and navigate to the Stale Cache.
Configure Stale Cache
Mobile Device Cache
Define device-based caching behavior to create separate cached versions for mobile, tablet, and desktop clients.
Mobile Device Cache allows the CDN to generate different cache entries based on the detected device type. This ensures that each device category receives appropriately formatted content without cache conflicts.
The feature also forwards device information to your origin using the X-DEVICE and X-MOBILE headers.
You can manage Mobile Device Cache in the
Log in to the , select a CDN resource in the CDN section, and navigate to the Caching tab.
CORS Header
Learn about the CORS Header and how to enable and configure this feature.
Cross-origin resource sharing (CORS) is a browser security mechanism that determines whether a web page can load resources from a different origin. While browsers allow cross-origin images, CSS files, scripts, iframes, and videos without restrictions, other request types — such as Ajax calls and web fonts — are blocked by default under the same-origin policy.
CORS defines how browsers and servers evaluate cross-origin requests. Medianova CDN can send the access-control-allow-origin header in HTML responses to enable controlled cross-origin access.
By default, Medianova CDN forwards any CORS-related headers sent by your origin. You only need to enable CORS Header if you want CDN edges to set or override this header.
HTTP Strict Transport (HSTS) Protection
Learn how HSTS Protection enforces HTTPS-only access for your CDN Resource.
HTTP Strict Transport Security (HSTS) instructs browsers to connect to your domain only over HTTPS for a defined period of time. When enabled, the CDN adds the Strict-Transport-Security header to HTTPS responses, preventing protocol downgrade attacks and reducing the risk of session or cookie interception.
HSTS can also extend enforcement to subdomains and optionally request inclusion in browser preload lists.
How HSTS Protection Works
Compression
Learn all about Gzip and Brotli compression at Medianova, including which content types are compressed by default and compression of error responses.
Gzip and Brotli compression reduces file sizes by up to 80% for common content types like HTML, CSS and JavaScript, leading to faster load times and improved user experience. This not only enhances website performance and improves SEO / Core Web Vitals, but also decreases bandwidth usage, saving CDN costs and ensuring efficient content delivery.
Compression at the Edge
Gzip compression happens at Medianova Midcache servers, which is then passed on to the Edge servers. Both the Midcache and Edge servers may cache the Gzip compressed content for faster delivery of next responses. Edge servers perform Brotli compression on-the-fly when requested by the client.
How to Prefetch
Perform Prefetch operations through the Control Panel or API to proactively cache files and deliver them instantly to end-users.
Prefetch allows you to pull specific files from your origin into the CDN cache before any user requests them.
Use this feature to eliminate cache misses, reduce origin load, and ensure fast delivery to the first users.
You can initiate Prefetch via the or .
Prefetch does not overwrite existing cached content.
To update a file that is already cached, you must first Purge it and then Prefetch.
Rate Limiting ensures a secure, predictable, and efficient experience for all users by:
Preventing abuse or overload from bots or aggressive clients.
Protecting login endpoints and API gateways from brute-force attacks.
Ensuring fair bandwidth distribution among users.
Preserving origin stability and avoiding unnecessary compute or database load.
Allowing flexible control through customized thresholds and actions.
Key Features
Customizable Limits – Define request thresholds per second or minute to suit your application.
Edge-Level Enforcement – Limit requests at the CDN edge, preventing overload before it reaches your origin.
Burst Control Options – Configure how short bursts of requests are handled:
Burst – Allows short spikes within the limit window.
Burst + No Delay – Permits short bursts without delay enforcement.
None – Strict limit; requests beyond the threshold are immediately blocked.
IP Whitelisting – Exclude trusted IPs, monitoring tools, or partners from rate enforcement.
Flexible Actions – Choose to Block or Challenge clients that exceed limits.
Configurable HTTP Response Codes – Return 429 or 529 errors when limits are exceeded.
Path & Extension Support – Apply rate limits to specific endpoints (e.g., /login, /api/) or file types (e.g., .pdf, .mp4).
Use Cases
API Protection – Prevent abuse of public APIs and ensure consistent response times.
Authentication Endpoints – Limit login attempts to protect user accounts.
Download or Media Control – Restrict large file or video download frequency to optimize CDN performance.
E-commerce Traffic Shaping – Manage checkout or cart requests during high-traffic campaigns.
Bot Mitigation – Reduce load from automated crawlers or scrapers.
Built for Performance
Medianova’s Rate Limiting operates at the edge, ensuring minimal latency and zero impact on normal user experience.
By combining adaptive enforcement, path-based rules, and real-time analytics, it enables granular control over how traffic interacts with your CDN — keeping your applications fast, fair, and secure.
You can configure and monitor Rate Limiting directly through the Medianova Control Panel under the Security section.
Learn how Advanced Origin Settings control granular routing behavior for dynamic traffic within your CDN Resource.
The Advanced Origin Settings feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It allows you to define rule-based origin routing for specific URLs, extensions, or directories, enabling precise control over how dynamic traffic is forwarded to different origins. You can override protocols, ports, host headers, and assign priorities to create complex multi-origin routing behaviors.
For configuration details, match types, and examples, refer to the main Advanced Origin Settings documentation:
Learn more in theAdvanced Origin Settings documentation.
Origin Response Timeout
Learn how Origin Response Timeout controls how long the CDN waits for dynamic origin responses before returning an error.
The Origin Response Timeout feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It defines the maximum time the CDN waits for the origin to return an HTTP(S) response. When the origin exceeds this duration, the CDN stops waiting and returns a 504 Gateway Timeout, ensuring predictable behavior for dynamic workloads and preventing long wait times caused by slow or overloaded origins.
Go to CDN → CDN Resources and select a CDN Resource.
Open the Headers tab.
2
Enable CORS Header
By default, CORS Header is disabled.
Toggle Status to enable the feature.
Confirm that configuration fields are now active
Configure CORS Header
After enabling the feature, Medianova CDN edge servers add the access-control-allow-origin header to HTML responses based on your configuration.
Allow all origins (Wildcard)
If no domains are defined in the allow list, CDN edges return the following header:
The wildcard * allows any origin to load cross-origin resources from the CDN.
Allow specific domains
Add domains to restrict cross-origin access to only approved origins.
For example, if https://www.shop.com loads web fonts from https://fonts.shop.com and you want to prevent external sites from using these fonts, add fonts.shop.com to the allow list.
When a domain is added, CDN edges respond with:
1
Enter a domain into the Allowed Domains field.
Examples: fonts.shop.com, https://fonts.shop.com
2
Select Add to include the domain in the allow list.
Troubleshooting
CORS Header applies only to HTML responses.
If your origin also sets access-control-allow-origin, CDN behavior depends on your Header Override configuration.
Browser console messages provide the most accurate diagnostics for CORS failures.
If you use credentials or custom headers in your requests, additional CORS headers may be required at the origin level.
Medianova delivers content with Gzip compression, Brotli compression or no compression depending on:
Values of the Accept-Encoding header in the request coming into Medianova
Your Medianova configuration (learn how to configure Gzip and Brotli)
Content types
You can customize which content types Medianova serves compressed for Gzip and Brotli, except for content of type text/html : this is always compressed.By default, Medianova compresses the following content types:
Status Codes
For responses coming from customer origin server or CDN cache, Medianova performs compression for any status code.Some MN features like Geoblocking may cause MN CDN to serve lightweight, edge-generated error responses and these are always served uncompressed.
Minimum response size for compression
If compression is enabled for the requested content type, Medianova applies compression to responses with a minimum size of 400 bytes.
Content-Length and No-Transform
Medianova sends compressed responses without the Content-Length header to prevent browsers receiving possibly incorrect length information as a result of dynamic transformation.
Sending Cache-Control: no-transform on the response from origin has no effect on compression.
Compression at Origin
Medianova always requests uncompressed content from the customer origin server. The CDN sends no Accept-Encoding header to the origin and expects to receive the response uncompressed and without a Content-Encoding header.
FAQ
Which compression level does Medianova use for Gzip and Brotli?
MN uses compression level 6 for Gzip and 5 for Brotli. These compression levels provide an optimal balance between compression efficiency and server CPU consumption.
After I disable compression, does Medianova continue to serve compressed from cache?
Yes. When a request is first made, Medianova servers cache the content Gzip compressed. If Gzip is later disabled, the already cached Gzip version will still be served unless a purge is performed or the cached object expires.
When will Medianova support Zstandard (ZSTD) compression?
Currently, Medianova has no plans for supporting Zstandard-encoded content.
(Optional) Enable this option to secure all subdomains under the same domain (e.g., *.example.com).
Domain
Select the domain associated with your CDN Resource.
After filling in the fields, click Add SSL to start the process.
The new SSL certificate will appear in your SSL Management list and can now be assigned to your CDN Resources.
Domain verification may take up to a few minutes depending on DNS propagation.
If domain ownership cannot be verified, the process will fail. Ensure that your DNS settings are correct and that your domain points to Medianova’s CDN.
Choose Shared SSL to apply the Free SSL certificate.
Click Save.
You can verify activation by opening your domain in a browser using https://. The lock icon indicates a valid SSL connection.
SSL Name
A name to identify the certificate in your organization.
To begin configuration, log in to the Medianova Control Panel and navigate to the WAF settings.
Go to Security → WAF in the left-hand menu.
Select the Dynamic CDN Resource where you want to activate WAF.
The WAF configuration page will open.
If you haven’t created a Dynamic CDN Resource yet, go to CDN → Create CDN Resource first, then return to this section.
2
Choose WAF Mode
Select how the firewall will operate for your CDN Resource.
Monitoring Only: Logs all requests but does not block them. Recommended for initial setup and rule tuning.
On: Fully active mode that filters and blocks malicious traffic in real time.
After selecting a mode, click Save to apply the change.
Start with Monitoring Only mode to observe your application’s normal request patterns before enabling full protection.
3
Create Your First Rule
After activation, you can define custom rules to control how WAF handles requests.
For example, you can block requests from specific IP ranges or allow trusted user agents.
Rule configuration is optional at activation. WAF includes predefined Managed Rules that are enabled by default.
4
Verify WAF Activation
Once WAF is enabled, the Status indicator on your resource page will show “Active.”
Incoming requests are now analyzed by the firewall and logged in real time.
You can monitor activity in the Analytics → WAF Dashboard section.
WAF logs and metrics may take up to a few minutes to appear after initial activation.
Best Practices
Always start with Monitoring Only mode for new configurations.
Combine Managed Rules and Custom Rules for optimal coverage.
Review your WAF Analytics regularly to track threats and rule behavior.
Avoid creating overly broad rules to minimize false positives.
Click on the Create CDN Resource tab in the left menu.
Choose any resource type and fill in the necessary fields.
Create a resource and configure the necessary settings.
The resource you created will be in a "pending" status. Below is information about the resource statuses:
About the status of resources
Pending: The URL entered by the user is marked as "Pending" until the DNS resolution is complete. In this state, the domain name provided by the user has not yet been resolved to an IP address. While the DNS resolution process is ongoing, the resources are not yet accessible through the CDN.
Active: Once the DNS resolution for the URL is successfully completed, the resource status changes to "Active." In this state, the domain name has been resolved to an IP address, and the resource is accessible via the CDN. The resource is activated across all data centers and is optimized to provide the best performance to users.
Passive: If the resource becomes unavailable for any reason, the resource status changes to "Passive." In this state, the resource is inactive, and users cannot access it.
Configuration
The CDN URL and the ORIGIN URL below are examples.
Enlarges the table by opening it in a full screen dialogOpen
Origin URL
CDN URL
You must replace the existing domain on website code with the CDN URL for contents that you want to serve from CDN.
Examples of HTML code illustrating how to configure a CDN URL with the Origin URL:
Source codes are replaced with the CDN URL instead of the Origin URL as mentioned above.
Thus, our CDN service becomes active on your site.
In order to access your content, you also need to define our IPs in your firewalls. Click to access the IP list of Medianova.
Manage Rewrite Origin URLs
Follow the steps below to add and manage Rewrite Origin URLs for your CDN Resource.
1
Add a Rewrite Origin URL
Select Add to create a new Rewrite Origin URL.
The Add Rewrite Origin URL popup appears.
2
Configure Parameters
Fill in the required fields in the popup:
Match Mode — Choose how the incoming path is matched.
Options include:
All files
Path
3
Save the Configuration
Select Add, then click Submit.
Your Rewrite Origin URL is added to the list.
Match Mode Behavior
All files: Applies to every incoming request.
Path: Matches only the path portion of the request URI.
Full Path: Matches the exact full URL path.
Wildcard: Enables dynamic pattern matching using wildcard symbols.
Troubleshooting
Issue: Rewrite Origin URL does not apply.
Cause: Incorrect Match Mode or Origin URI format.
Fix: Verify that the incoming request path matches the defined parameters.
Issue: A different Rewrite Origin URL is applied first.
Cause: Priority ordering conflict.
Fix: Assign a lower priority value to the entry you want processed first.
Issue: Origin returns 404 after rewrite.
Cause: Target URI does not exist on the origin.
Fix: Confirm that the target path is valid and reachable at the origin server.
Enable Gzip From Origin instructs the CDN to request text-based files from your origin using:
When enabled:
• The CDN requests gzip-compressed content from the origin.
• If the origin supports gzip, the CDN stores the compressed version in cache.
• If the origin does not support gzip, the CDN stores the uncompressed response.
This improves performance and reduces bandwidth usage between the Origin → CDN path.
How It Works
CDN requests gzip-compressed content from the origin when this feature is enabled.
The CDN sends Accept-Encoding: gzip to the origin.
If the origin supports gzip, compressed content is returned and stored in the cache.
If the origin does not support gzip, the CDN caches the uncompressed response.
Applies only to text-based MIME types (.js, .css, .html, .txt, .xml, .json, …).
Does not apply to images. Use Image Optimization instead.
This section lists all CDN Resources available in your account.
2
Select a CDN Resource.
This feature is available for Small, Large, and Dynamic CDN Resources.
3
Go to Advanced Configuration → Origin Settings.
The tab displays all origin-related configuration options.
4
Enable Gzip from Origin and click Submit.
This action saves your configuration and activates gzip fetching for text files.
Medianova CDN starts sending the Accept-Encoding: gzip header to your origin for eligible file types.
FAQ
Does this feature compress content for end-users?
No. It only optimizes the origin → CDN transfer.
Client-side compression is handled separately by Gzip Delivery and Brotli Delivery.
What if my origin does not support gzip?
The CDN will fetch and cache the uncompressed version of the file.
Does this apply to all file types?
No. The feature applies only to text-based MIME types.
Images are not affected and require Image Optimization.
Accept-Encoding: gzip
This workflow defines which origin responses allow the CDN to serve stale cached content.
1
Select stale cache triggers
Choose one or more conditions from the trigger list. Stale content will be served when any selected condition occurs.
Supported triggers in the Medianova Control Panel:
error — Generic error indicator returned by the origin system.
timeout — The CDN did not receive a timely response from the origin.
invalid_header — The origin returned malformed or unexpected HTTP headers.
http_500 — Internal Server Error.
http_502 — Bad Gateway.
http_503 — Service Unavailable.
http_504 — Gateway Timeout.
http_403 — Forbidden.
http_404 — Not Found.
http_429 — Too Many Requests (rate limit).
updating — The origin is in an update/maintenance state.
2
Save the configuration
Select Submit to apply all changes.
Stale content is served only if a cached version already exists at the edge.
Any selected trigger can activate stale delivery.
When the origin becomes healthy again, normal cache rules resume automatically.
Stale Cache does not refresh or regenerate content; it only delivers the most recent cached copy.
This feature is intended for temporary failures, not extended outages.
FAQ
What happens if no triggers are selected?
Stale content is never served.
Will Stale Cache fetch new content?
No. It serves only what is already cached.
Does enabling all triggers hide origin problems?
It may delay visibility of backend issues. Select triggers based on operational strategy.
Does TTL affect stale delivery?
TTL defines freshness; stale delivery allows fallback after TTL when origin issues occur.
Wildcard paths (e.g. /images/*) are not supported.
2
Execute the Prefetch
Click Prefetch Files to initiate the operation.
Medianova will send an HTTP GET request to your origin for each file and cache the response.
Once complete, those files will be ready for instant delivery from the CDN cache.
Medianova’s Prefetch mechanism performs controlled fetch operations that proactively warm up cache layers.
This eliminates the delay caused by a first-time cache miss and reduces origin load during peak demand.
Monitor Prefetch Requests
All Prefetch operations are listed in the Prefetch Log table below.
Use this view to track the status and results of your Prefetch actions.
Column
Description
Status
Indicates whether the Prefetch operation is Running, Successful, or Failed.
Task ID
A unique identifier assigned to each Prefetch request.
File Path
Type of Prefetch
Click the refresh icon to reload the Prefetch Log and check the latest results.
The Web Application Firewall (WAF) allows you to define Custom Rules that specify how incoming traffic is evaluated.
Each rule can match certain request attributes and apply an action — such as Block, Allow, or Log Only — when conditions are met.
Managed Rules are automatically maintained by Medianova’s Security Team.
Custom Rules are created manually to adapt the WAF to your specific application needs.
1
Access the Rule Management
To manage rules, log in to the :
Go to Security → WAF.
Select your Dynamic CDN Resource.
Open the Rules & Actions tab.
You’ll see a list of existing Custom Rules and the option to create new ones.
Managed Rules are always active by default. You can combine both Managed and Custom Rules for layered protection.
2
Create a New Custom Rule
Follow these steps to add a new rule:
Click Add Rule.
3
Edit or Delete Existing Rules
You can modify or remove existing rules at any time:
Edit: Click the Edit icon next to a rule, adjust the fields or actions, and click
Understand Rule Actions
Each action defines how WAF handles a matched request:
Action
Behavior
Note: “Log Only” is ideal for testing or monitoring potential issues before applying stricter blocking rules.
Handle False Positives
Learn how to identify, analyze, and minimize false positives in the Web Application Firewall (WAF) to ensure accurate protection without disrupting legitimate traffic.
A false positive occurs when the WAF blocks or flags a legitimate request as malicious.
This can happen due to aggressive rule patterns or incomplete exceptions.
Proper handling of false positives helps maintain both security and availability of your applications.
False positives are common during initial WAF configuration.
Always start in Monitoring Only mode to observe behavior before activating full protection.
1
Identify False Positives
Use WAF logs and analytics to locate requests that were incorrectly blocked or flagged.
Open the .
Go to Analytics → WAF Dashboard.
Review blocked requests and event logs.
2
Analyze Rule Behavior
Determine which rule caused the false detection.
You can identify the Rule ID or Rule Name responsible by inspecting the event details in the WAF dashboard.
Common Cause
Example
3
Adjust Rules or Add Exceptions
After identifying the cause, fine-tune your rules to allow legitimate traffic while keeping protection active.
You can:
Modify an existing rule
4
Validate After Adjustments
Once changes are made, monitor the WAF dashboard again:
Keep the affected rule in Log Only mode for several hours or days.
Check if the same requests are still flagged.
CNAME & SSL
Learn how to add and configure a CNAME to map your custom domain and enable secure HTTPS delivery.
A CNAME record (Canonical Name record) allows you to associate your custom domain — for example, cdn.yourdomain.com — with the default hostname provided by Medianova, such as yourzonename.mncdn.com.
Using a CNAME provides consistent brand identity, simplifies DNS management, and enables secure HTTPS delivery through the Medianova Control Panel.
Add a CNAME
1
Open your CDN Resource
From the left menu, go to CDN → CDN Resources, and click the resource for which you want to add a CNAME.
2
Access the CNAME & SSL tab
Select the CNAME & SSL tab from the horizontal navigation menu.
The CNAME input field appears at the top of the tab.
3
Enter the CNAME value
Type your custom domain (for example, cdn.yourdomain.com) in the input field and click Submit.
The CNAME is saved and applied to your selected CDN Resource.
4
Create the DNS mapping
In your DNS provider’s management panel, create a CNAME record that points your custom domain to the Medianova CDN hostname.
Example:
After DNS propagation, requests to your domain will resolve through Medianova’s CDN edge network.
Configure SSL & TLS
1
Select an SSL certificate.
In the SSL Certificate section, choose one of the available options from the Select SSL Certificate dropdown:
Shared SSL – Use Medianova’s shared certificate.
For detailed SSL & TLS configuration instructions, see .
Verification and Troubleshooting
DNS propagation may take several minutes depending on your DNS provider’s TTL configuration.
CNAMEs must be unique and not used by any other services (for example, mail or web hosting).
If you are using a Custom SSL, ensure the certificate covers all configured CNAMEs (via CN or SAN fields).
Example (HTML Integration)
When your CNAME configuration is active, you can replace original URLs in your web assets with the CDN domain:
Your CNAME domain (for example, cdn.yourdomain.com) now resolves to Medianova’s edge network, serving cached content from your CDN Resource.
Your CDN Resource is now accessible through your custom domain (for example, cdn.yourdomain.com).
All requests to this domain are served securely via Medianova’s edge network using the configured SSL and TLS versions.
Browser Cache Rule
Configure browser-side caching behavior for different resource types using Browser Cache Rules.
Browser Cache Rule allows you to control how long different resource types remain cached in the visitor’s browser.
This improves performance by reducing repeated network requests for static or frequently accessed files.
Log in to the Medianova Control Panel, select a CDN resource in the CDN section, and navigate to the Caching tab.
1
Add a Browser Cache Rule
A dialog opens for creating a new Browser Cache Rule.
2
Select the Type for the rule.
Choose how the rule matches content:
Edit a Browser Cache Rule
1
Open the options menu for the rule and select Edit.
2
Modify Type, Priority, or Cache Mode as required.
3
Select
Delete a Browser Cache Rule
1
Open the options menu for the rule and select Delete.
2
Confirm the deletion to remove the rule.
3
Select Submit to apply the update.
Rules are evaluated in order of Priority, where smaller numbers indicate higher precedence.
Browser Cache Rules control browser-side caching only, not CDN edge caching.
The Apply the HTML/JSON files toggle affects all rules globally.
Best Practices
Use file extension rules to cache static assets like .js, .css, and .png for long durations.
Use no cache mode for frequently updated resources (e.g., .html, .json APIs).
SSL/TLS Encryption
Secure your CDN traffic and applications with SSL/TLS encryption to ensure private, authenticated communication between clients and servers.
Secure Socket Layer (SSL) and Transport Layer Security (TLS) are cryptographic protocols that provide encrypted communication between clients and servers.
They ensure data privacy, integrity, and authentication—protecting your website and CDN-delivered assets against interception or tampering.
Over time, the traditional HTTP protocol evolved into HTTPS, which uses SSL/TLS encryption to secure all data exchanged between users and websites.
Medianova CDN supports HTTPS by default and allows you to manage SSL certificates directly through the platform.
TLS is the modern version of SSL. All Medianova services use TLS 1.2 and 1.3 for enhanced security and performance.
WAF Analytics
Learn how to interpret the Web Application Firewall (WAF) dashboard and key analytics metrics in the Medianova Control Panel.
The WAF Analytics Dashboard provides visibility into malicious traffic, rule performance, and blocked requests detected by the Web Application Firewall (WAF).
You can monitor attacks in real time, identify their sources, and adjust your rules to improve detection accuracy.
Analytics data is available when WAF is active in either On or Monitoring Only mode.
Create Small CDN Resource
Learn how to create a Small CDN Resource in the Medianova Control Panel for static content delivery.
A Small CDN Resource is optimized for small-sized static assets such as images, CSS, JavaScript files, and web fonts.
It delivers these assets through Medianova’s global edge network to reduce latency and minimize load on your origin servers.
You can configure a Small CDN Resource to:
Fetch content directly from your own server (Origin Pull), or
Serve content hosted on (Origin Push
Integrating Static CDN Resource
Learn how to integrate your Medianova Small or Large CDN Resource with your website to deliver static assets or large media files through the CDN.
After creating a Small or Large CDN Resource in the , you must integrate it with your website or application so that your static and media assets are delivered through the CDN instead of your origin.
This guide explains how to update your asset URLs, firewall configuration, and CMS settings to ensure seamless content delivery via Medianova CDN.
Prerequisites
Prefetch
Proactively warm up CDN caches by fetching files from your origin before user access, ensuring fast delivery and avoiding cache misses.
Prefetch refers to the process of proactively fetching and caching specific files from your origin before any user request occurs.
It warms up CDN caches so that the first users receive content instantly, avoiding slow cache misses and offloading your origin server.
When you initiate a Prefetch, the CDN pulls the file from your origin and caches it across all CDN POPs.
This is especially effective for the delivery of large static or media files.
Prefetch does not override existing cache entries. If the file is already cached, a prefetch request will not re-fetch it from origin.
To force a refresh, perform a Purge first, followed by Prefetch
Purge
Instantly invalidate outdated cache entries across all Medianova CDN cache layers to ensure the latest content is delivered globally without waiting for TTL expiration.
Purge invalidates cached content across the Medianova CDN before its cache lifetime (TTL) expires.
It ensures that updated content from your origin is immediately reflected and consistently served from all cache layers worldwide.
When a purge is executed, the Medianova purge system distributes invalidation commands across the CDN’s cache hierarchy. Cached objects are marked as expired and fetched again from your origin upon the next user request.
You can trigger a purge from the or via .
Integrate WordPress with Medianova CDN
Learn how to integrate WordPress with Medianova CDN to deliver static and media content faster, improve page load times, and enhance your website’s overall performance.
WordPress is one of the world’s most widely used content management systems (CMS), offering flexibility through open-source development, easy setup, and extensive theme and plugin support.
With Medianova CDN, your WordPress site’s static assets—such as images, scripts, and videos—are served from the nearest CDN edge node instead of your origin server, ensuring faster delivery to global users.
We recommend backing up your WordPress files and database before starting the integration.
Integrate Magento with Medianova CDN
Learn how to integrate your Magento-based e-commerce website with Medianova CDN to improve load speed and ensure high-performance content delivery.
Medianova provides CDN solutions for leading e-commerce companies in Türkiye to enhance performance, scalability, and customer experience.
If your website is built on Magento, you can configure a CDN integration to serve static and media content faster through Medianova’s global edge network.
Before starting, we recommend backing up your Magento files and database.
Medianova IP Blocks
Obtain Medianova’s CDN IP address ranges for firewall allowlisting.
Medianova’s CDN uses specific IP address ranges to fetch content from your origin servers.
If your origin server uses a firewall or IP-based access controls, you must allow all addresses listed below to ensure reliable access from Medianova edge servers.
This allows the CDN to retrieve and deliver your content securely and efficiently.
Available Formats
Format
URL
Whitelist
Only the IP addresses you add will be allowed. All others will be blocked.
Blacklist
The IP addresses you add will be blocked. All others will be allowed.
Created At
Time when the Prefetch was initiated.
Duration
Total time the operation took to complete.
Result
Summary of the Prefetch
Enter a Rule Name for easy identification.
Select a Field (parameter) from the dropdown — such as:
Request Method (GET, POST, etc.)
Client IP
Request URI
User Agent
Referrer
Choose an Operator, such as equals, contains, or matches.
Enter the Value to match.
(Optional) Add additional conditions using the And operator.
Select an Action to perform when the rule conditions are met:
Block – Reject the request and log the event.
Allow – Permit the request to proceed to origin.
Log Only – Record the request for review without blocking.
Click Save to apply the rule.
You can chain up to three conditions in a single rule. Complex logic combinations are not supported.
Use “Log Only” for testing before switching to “Block” to minimize false positives.
Save
.
Delete: Click the Delete icon to permanently remove the rule.
Reorder (if supported): Drag and drop to change rule evaluation priority.
Review logs frequently to ensure that new or modified rules behave as expected.
Block
Immediately rejects the request with an error response.
Allow
Lets the request pass to the origin server.
Log Only
Records the event for analysis without blocking traffic.
Select Priority to determine the rule evaluation order.
4
Select the Cache Mode.
Origin — Uses caching headers from the origin.
No Cache — Disables browser caching.
Cache — Forces caching for a defined duration.
5
Select Add to create the rule.
6
Configure HTML/JSON Application
Enable or disable Apply the HTML/JSON files to define whether rules also apply to .html and .json responses.
7
Select Submit to apply
Submit
to save the changes.
When Cache Mode = Origin, browser caching behavior follows origin headers; No Cache forces revalidation; Cache overrides browser behavior with a fixed duration.
Assign high priority to specific full path or directory rules if they should override global rules.
The 'Add Browser Cache Rule' dialog box appears after clicking Add.
Full Path
Wildcard
Origin URI — Enter the incoming request path to match.
Target URI — Enter the new path that requests will be rewritten to.
Priority — Lower values are evaluated first when multiple Rewrite Origin URLs exist.
Enable Gzip from Origin
Advanced Configuration
Rewrite Origin URLs
Learn how Rewrite Origin URLs modify request paths before forwarding dynamic traffic to origin servers.
The Rewrite Origin URLs feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It rewrites incoming request paths based on defined match rules, allowing you to adjust backend routing for APIs, directory changes, or custom origin mappings. You can configure match modes, origin and target URIs, and rule priority to control how dynamic requests are transformed before reaching the origin.
For configuration details, supported match modes, and examples, refer to the main documentation:
Learn more in theRewrite Origin URLs documentation.
Enable Gzip from Origin
Learn how Enable Gzip from Origin optimizes dynamic traffic by requesting gzip-compressed content from your origin.
The Enable Gzip from Origin feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It instructs the CDN to include Accept-Encoding: gzip when requesting eligible text-based content from your origin. If the origin supports gzip, the CDN stores the compressed response; otherwise, it stores the uncompressed version. This reduces bandwidth usage on the origin → CDN path and improves overall delivery efficiency for dynamic workloads.
For configuration details, supported MIME types, and examples, refer to the main documentation:
Learn more in theEnable Gzip from Origin documentation.
SNI
– Use your organization’s uploaded certificate.
Custom SNI – Apply a specific SSL from your list.
Disabled – Turn off HTTPS for the resource.
2
Apply the changes.
Click Submit to save the configuration.
The selected SSL certificate will secure all CNAMEs assigned to this resource.
3
Configure TLS versions.
At the bottom of the tab, enable supported TLS versions (recommended: TLS 1.2 and TLS 1.3).
Click Submit to confirm.
TLS 1.1 is deprecated and should remain disabled for security compliance.
To verify your configuration, run:
The response should resolve to your Medianova CDN hostname.
Confidentiality: Encrypts all client–server communications.
Integrity: Prevents data alteration or man-in-the-middle attacks.
Authentication: Confirms your site’s identity through trusted Certificate Authorities (CAs).
Trust & SEO: HTTPS improves user confidence and search engine ranking.
Supported SSL Certificate Types
Medianova CDN supports all common SSL/TLS certificates. Choose the one that fits your infrastructure and domain structure.
Certificate Type
Description
Recommended For
Domain Validation (DV)
Validates domain ownership only. Simple and fast to issue.
Blogs, small websites
Organization Validation (OV)
Confirms both domain and company identity.
Corporate or business sites
For setups serving multiple domains or subdomains, consider Wildcard or SAN-supported certificates to simplify management.
Two-Layer Encryption Flow
How SSL/TLS Works on Medianova CDN
A user requests your content via HTTPS.
The CDN edge node presents a valid SSL/TLS certificate.
Encrypted communication is established between the client and the edge server.
The edge communicates securely with your origin server (if origin SSL is configured).
Data is delivered end-to-end through encrypted channels.
Best Practices
Always use HTTPS for all CDN-enabled resources.
Prefer TLS 1.3 for stronger encryption and faster handshakes.
Keep certificates renewed before expiration to avoid service disruption.
Use Wildcard or SAN certificates to simplify certificate management.
Avoid mixed-content warnings by ensuring all assets (images, scripts) load over HTTPS.
Accessing the Dashboard
You can access the WAF analytics from the Medianova Control Panel.
Navigate to Analytics → WAF, then select the CDN Resource for which WAF is enabled.
The dashboard displays real-time charts, tables, and logs that visualize threat activity, blocked requests, and triggered rules.
Metrics update automatically at short intervals, though the refresh rate may vary depending on your resource’s traffic volume.
Key Metrics and Visualizations
1. Attack Histogram
Shows the number of attacks over time, helping you detect spikes or recurring patterns.
You can filter by URL to analyze specific endpoints under attack.
Use it for: spotting attack trends and determining peak hours of malicious traffic.
2. Threats
Displays the total number of requests that triggered WAF rules versus total incoming requests.
Includes summary values such as:
Total: All detected threats since activation
Today: Threats detected in the last 24 hours
This Month / Last Month: Periodic comparison
Use it for: measuring overall WAF effectiveness and identifying sudden spikes that may signal an attack.
3. Top Client IPs
Lists the IP addresses triggering the most WAF rules.
A pie chart provides a quick visual overview of threat sources.
Use it for: detecting potential attackers or regions generating malicious traffic.
Repeated offenders can be blocked or rate-limited via Custom Rules.
4. Top Request URIs
Shows the URLs most frequently targeted by suspicious or blocked requests.
Use it for: identifying vulnerable endpoints or popular attack targets.
If a specific path (e.g., /login, /api/v1/auth) appears repeatedly, consider applying additional rule protections.
5. Top User Agents
Lists browsers, bots, or automated clients generating flagged requests.
Use it for: distinguishing legitimate traffic from malicious bots.
Unusual or outdated User Agents may indicate automated attack tools.
6. Rule Activity
Displays which WAF rules are triggered most often, showing their frequency and relative impact.
Column
Description
Rule ID / Name
Identifier of the triggered rule.
Triggers
Number of times the rule matched incoming requests.
Last Triggered
Most recent occurrence time.
Use it for: assessing rule efficiency and identifying potential false positives.
Frequently triggered rules may need refinement or condition adjustments.
7. Activity Log (Last 300 Requests)
Shows detailed information about the most recent flagged requests, including:
Timestamp
IP address
Request URI
User Agent
Triggered Rule
Use it for: investigating incidents and validating rule accuracy.
Regular review helps fine-tune your security posture.
Best Practices
Review WAF analytics at least weekly to identify trends.
Watch for repeated attacks from the same IPs or regions.
Use the Threats and Rule Activity metrics to detect false positives or over-triggered rules.
Adjust or refine rules based on recurring attack patterns.
Combine analytics data with logs from your origin server for deeper context.
Unsupported file extensions
Small CDN Resources do not support the following file extensions.
Requests for these file types return 403 Forbidden responses.
3gp, 3gpp, aac, asf, asx, avi, f4v, flv, m2p, m4a, m4v, midi, mov, mp3, mp4, mpeg, mpg, ogg, ogv, wav, wm
If your content includes any of these extensions, create a Large & VOD Streaming Resource instead.
1
Access the Create CDN Resource page.
From the left menu, navigate to CDN → Create CDN Resource.
2
Select the resource type.
In Select CDN Resource Type, choose Small.
Selecting Small CDN Resource in the creation form.
This option is optimized for static content such as images, CSS, and JavaScript files.
3
Enter general information.
Enter a CDN Resource Name.
This name appears in your default CDN hostname (for example, example.mncdn.com).
(Optional) Enter a CDN Resource Label for internal reference.
4
Select the origin type
Option 1: My Origin (Origin Pull)
Medianova fetches content directly from your server when users request files.
Select My Origin.
5
Create the resource.
The new resource appears in the CDN Resources list.
Configuration and availability are indicated by status icons:
Config Status: A green icon confirms that the configuration is valid.
6
(Optional) Configure your custom domain (CNAME).
If you want to serve content using your own domain (for example, cdn.yourdomain.com) instead of the default hostname (example.mncdn.com), configure a CNAME record.
To use your own domain instead of the default CDN hostname, add a CNAME under the CNAME & SSL tab of your CDN Resource.
For detailed steps, see
Use Small only for static assets. For large files, video, or downloadable content, use Large & VOD Streaming instead.
Config Status and Resource Status icons confirm that your setup is complete.
If configuration fails, verify origin accessibility and port settings.
Validate CDN delivery
After creating the resource, test CDN connectivity using the following command:
Replace example.mncdn.com with your CDN URL.
Use the Custom CNAME if it is configured.
Use a URL path that returns 200 OK.
This command sends a GET request to the CDN.
The output shows:
Remote IP address
HTTP request and response headers
The response body is intentionally discarded.
If validation fails, verify that the origin server is reachable and that the configured port is accessible from the CDN.
Troubleshooting
If configuration fails, verify origin accessibility and port settings.
Ensure DNS updates (especially Custom CNAME) have propagated before testing.
For SSL errors, confirm that the certificate matches the domain and is active.
Access to your website’s HTML, CSS, JS, or CMS configuration.
Ability to modify firewall rules on your origin server.
For websites with both static and video content, you can use separate CDN Resources (Small + Large) under the same account and domain structure.
1
Identify assets for CDN delivery
List all assets that can benefit from CDN acceleration:
For Small CDN Resource: images, CSS, JavaScript, fonts, and similar static content.
For Large CDN Resource: videos, downloadable files, or other large media assets.
2
Update URLs in HTML code
Replace existing URLs with the corresponding CDN URLs.
Before
After
3
Update CSS file references
Update references inside CSS files (e.g., images, fonts, or icons).
4
Update JavaScript file references
Ensure that all script sources are loaded from the CDN.
Before
After
5
Check relative paths
Confirm that relative paths continue to work correctly after switching to CDN URLs. Adjust directory structures if required.
6
Verify all resources
Open your website and confirm that assets load from CDN URLs.
7
Update CMS or framework settings
If you use a CMS (WordPress, Drupal, Joomla, etc.), configure its CDN or performance plugin to automatically replace static URLs with CDN URLs.
8
Allow Medianova IPs in your firewall
Add Medianova’s CDN IP ranges to your origin’s firewall allowlist to permit content fetches from edge servers.
See
9
Test in all environments
Test both staging and production environments to ensure the CDN works correctly and does not break content delivery.
10
Monitor and optimize performance
Use to monitor cache hits, latency, and traffic volume.
Refine cache rules or resource paths if needed.
11
Review SEO and canonical tags
When assets move to CDN URLs, update sitemaps and if required.
Ensure that canonical tags still point to your main domain to prevent duplicate content indexing.
Preload content before a scheduled event, campaign, or content release
Ensure large static files (e.g., videos, software downloads) load instantly
Avoid cache-miss latency for the first user(s)
Offload your origin by serving assets from CDN edge locations
How Prefetch Works
You submit one or more file paths via the Medianova Control Panel or API.
Medianova CDN initiates an HTTP GET request to your origin for each file.
If the file is not already cached, it is fetched and stored across CDN edge locations.
The file is then available to be served instantly to users from cache.
Prefetch attempts to populate the file across all CDN edge caches to reduce latency globally.
Prefetch Propagation & Behavior
When you initiate a Prefetch, the CDN issues an HTTP GET request to your origin and stores the file in cache across all CDN POPs (Points of Presence).
This ensures that the file is readily available globally, without waiting for actual user traffic to trigger cache population.
Unlike Purge, which invalidates cached content, Prefetch only populates caches if the file is not already cached. If the file already exists in cache, Prefetch will not re-fetch it from origin.
Behavior
Description
Single-file fetching
Each Prefetch request targets one specific file path
CDN-wide propagation
Files are cached across all POPs
TTL adherence
Cache duration respects the file's Cache-Control or configured TTL settings
Prefetch Type
Medianova supports single-file Prefetch, which allows fetching and caching a specific file from your origin.
Type
Description
Example
Single File Prefetch
Fetches and caches one specific file from your origin.
/videos/intro.mp4
Wildcard operations are not supported.
Each Prefetch request must target a single file path.
Best Practice Highlights
Prefetch only frequently accessed static files, such as videos, images, or large downloads.
Use Purge + Prefetch together to refresh caches after file updates.
Schedule Prefetch operations during off-peak hours to minimize origin load.
Avoid prefetching non-cacheable or dynamic resources.
Verify operation results in the Prefetch Logs section.
Updated HTML, CSS, JS, images, or video files must be reflected immediately.
Outdated or sensitive content needs to be removed from CDN caches.
New deployments or configuration changes require instant cache refresh.
Consistency across all cache layers is required after a content update.
Combine purge operations with shorter TTL values for dynamic or frequently changing content.
Types of Purge
Medianova supports multiple purge methods to give you flexibility and control:
Type
Description
Example
Single File Purge
Removes one specific file from all CDN caches.
/images/banner.jpg
Wildcard Purge
Removes multiple files using pattern matching.
/images/*
Wildcard purge operations are recursive and affect all subdirectories.
To use wildcard patterns, the Wildcard Purge Suffix option must be enabled under CDN Settings.
How Purge Works
A purge request is initiated via the Medianova Control Panel or API.
Medianova’s purge system distributes invalidation commands to all cache layers.
Cached objects matching the path are marked as invalid and no longer served.
On the next user request, the CDN retrieves the fresh content from the origin and re-caches it.
Cache propagation completes rapidly, depending on node density, region count, and network conditions.
Purge Propagation & Behavior
Purge requests propagate through all layers of Medianova’s caching infrastructure extremely quickly – typically completing across our global network in under 5 seconds – ensuring that outdated content is swiftly replaced with fresh content worldwide.
Behavior
Description
Instant Global Invalidation
Cache invalidations propagate rapidly across all CDN cache layers.
Parallel Distribution
Purge commands are broadcast concurrently to all cache nodes for faster execution.
Independent Caches
Each CDN node manages its local cache separately; purge ensures global synchronization.
A full purge (/*) removes all cached files for that resource and should be used only when necessary.
Best Practices
Purge only what’s needed. Avoid full purges to reduce cache refill load.
Use specific paths instead of broad wildcard patterns whenever possible.
Automate with API purge to clear cache after deployments or content updates.
Monitor purge logs to verify completion (see Manage Purge).
Coordinate with TTL strategy. If content changes often, use shorter cache durations.
Optional: Separate CDN resources for static images (Small Resource) and large media files such as videos (Large Resource)
Integration Steps
1
Create a CDN Resource
Log in to the Medianova Control Panel.
Create a Small Resource for static assets (e.g., .jpg, .png) and a Large Resource for video files (e.g., .mp4).
→ Copy the CDN URLs of your created resources; they will be used in plugin configuration.
2
Install the Medianova CDN Plugin
Log in to your WordPress Admin Panel.
3
Configure the Plugin
After activation, go to Settings → CDN Medianova from the left menu.
Tips and Best Practices
To include multiple file extensions, separate them with commas (,).
Example: jpg, png, gif, svg
You can view your CDN Resource URLs in the Medianova Control Panel under CDN → Resources or by visiting Medianova CDN Integration Docs.
Troubleshooting
Problem
Cause
Solution
CDN URLs not applied to static files
Plugin not configured or cache not cleared
Recheck the CDN URLs in plugin settings and clear the WordPress cache.
Site shows mixed content warnings
HTTPS not enabled on CDN resource
Configure Shared SSL or Custom SSL in the Medianova Control Panel before enabling HTTPS.
Prerequisites
An active Medianova CDN Resource
Access to your Magento Admin Panel (Administrator role)
Optional: A configured Shared SSL or Custom SSL in the Medianova Control Panel if HTTPS is required
Integration Steps
1
Create a CDN Resource
Log in to the Medianova Control Panel.
Create a new CDN Resource for your Magento domain.
→ Once created, copy the Zone URL (for example: https://example.mncdn.com).
2
Access Magento Configuration
Log in to your Magento Admin Panel.
3
Configure Base URLs
Open the Base URLs section.
4
Save and Clear Cache
Click Save Config to apply the changes.
Verify Integration
After completing these steps, Magento will deliver static and media files via Medianova CDN.
To confirm integration, check the HTML source code of your website.
All asset URLs should begin with your CDN Zone domain (for example: https://example.mncdn.com).
Optional: Configure HTTPS
If your Magento site uses HTTPS, repeat the Base URL configuration steps for the Secure section as well.
Ensure that you have configured Shared SSL or Custom SSL in the Medianova Control Panel before enabling HTTPS.
Troubleshooting
Problem
Cause
Solution
CDN URLs not visible in HTML
Magento cache not refreshed
Go to System → Cache Management and flush all caches.
Mixed content warning (HTTP/HTTPS)
HTTPS not configured properly in Medianova
Configure Shared SSL or Custom SSL before updating secure URLs.
Description
JSON
Structured format with separate IPv4 and IPv6 lists. Useful for automation and API integrations.
Plain Text
Simple text file where each IP block is listed on a separate line. Suitable for manual import or quick reference.
CSV
Comma-separated values file suitable for importing IP blocks into spreadsheets or scripts.
Only allow traffic from Medianova’s IP ranges to reach your origin server (block all other sources). This practice secures your origin by preventing direct attacks and bypass attempts. Also ensure you include every address (both IPv4 and IPv6) in the allowlist. If any Medianova IP is omitted or blocked, the CDN cannot retrieve content from your origin.
Configure Rate Limiting
Rate Limiting helps manage client request traffic by defining thresholds on how many requests a user or IP can make within a specified time window.
This feature operates at the CDN edge, preventing excessive traffic from reaching your origin servers and maintaining stable performance.
To begin configuration, log in to the Medianova Control Panel and follow these steps:
Navigate to Security → Rate Limiting.
Select the Dynamic CDN Resource where you want to enable Rate Limiting.
The configuration panel for that resource will open.
If you don’t have a Dynamic CDN Resource yet, create one under CDN → Create CDN Resource, then return to the Security section.
2
Enable Rate Limiting
Toggle the Rate Limiting option to On to activate the feature.
Once enabled, you can define custom thresholds and actions for your selected resource.
Disabling Rate Limiting immediately removes active enforcement rules but retains your configuration for future use.
3
Set Request Limits
Specify the number of requests allowed per client within a given time interval.
Field
Description
4
Choose Rate Limit Option
Define how bursts of traffic are handled when the limit is reached.
Select one of the following modes from the dropdown:
Option
Description
5
Configure IP Whitelisting (Optional)
Add trusted IP addresses or networks that should bypass rate enforcement.
Click Add Whitelist Entry.
Enter the IP address or range (e.g., 192.168.0.0/24
6
Define Actions for Exceeded Limits
Specify what happens when a user exceeds the defined rate limit.
Action
Description
7
Save and Apply Configuration
After defining all parameters, click Save to activate your Rate Limiting settings.
The configuration takes effect immediately at the CDN edge.
Test your configuration with real traffic or API calls to ensure it behaves as expected.
8
Verify and Monitor
To confirm that Rate Limiting is working:
Send multiple requests exceeding your threshold to trigger enforcement.
Check the response code (429 or
Path & Extension Based Rate Limiting
Some parts of your application may require different rate limits — for example, to protect login endpoints or limit access to downloadable files — without affecting the entire CDN resource.
With Path & Extension Based Rate Limiting, you can define request thresholds that apply only to specific URL paths (such as /login or /api/) or file types (like .pdf, .jpg, or .mp4).
These rules are managed under the Page Rules section in the Medianova Control Panel and allow more granular control over how traffic is handled at the edge.
Use this feature when you need to:
Apply stricter limits to sensitive routes such as /auth/, /checkout, or /login.
Restrict access to large media or document files.
Combine global rate limits with
Learn more: See for configuration steps and advanced examples.
Dynamic Content Acceleration
Accelerate personalized, database-driven, or API-based content with Medianova’s Dynamic CDN. Cache dynamic responses at the edge to reduce origin load and deliver faster user experiences.
Dynamic Content Acceleration delivers time-sensitive and user-specific content faster by intelligently caching dynamic responses at the CDN edge.
Unlike static assets, dynamic content (such as personalized dashboards, API responses, or search results) is generated for each request, which can increase server load.
Medianova’s microcaching technology allows these responses to be cached for very short durations — even a few seconds — dramatically improving responsiveness while keeping data up to date.
This feature is available for Dynamic CDN Resources and can be managed through the Medianova Control Panel.
Why Use Dynamic CDN?
Dynamic content caching enhances both speed and efficiency for high-traffic applications. It helps you:
Use Dynamic CDN for applications where content changes often but not on every request — such as product listings, search results, or pricing data.
Key Features
Microcaching – Cache dynamic responses for seconds or minutes to optimize performance.
Full Page Caching (FPC) – Cache entire HTML pages to reduce origin queries.
API Caching – Store API responses for repetitive or frequent calls.
How It Works
The origin server generates dynamic content in response to user requests.
The Dynamic CDN edge caches the response for a short, configurable duration (e.g., 5 seconds).
Repeated requests within that duration are served instantly from the edge cache.
A product API returning inventory counts can be cached for 10 seconds — enough to handle hundreds of identical requests without stressing your database.
Important Configurations
Setting
Description
Setting cache time too low may reduce cache efficiency, while setting it too high can risk serving outdated data. Start small and adjust gradually based on analytics.
Best Practices
Exclude personalized or transactional pages (like /checkout or /profile) from caching.
Cache short-lived API responses to improve responsiveness.
Regularly monitor cache hit ratios to fine-tune TTLs and rules.
Integrate CakePHP with Medianova CDN
Learn how to integrate CakePHP with Medianova CDN to deliver static assets such as images, CSS, and JavaScript files faster and improve website performance.
CakePHP is an open-source PHP framework based on the MVC (Model-View-Controller) pattern, similar to Zend, Laravel, and Symfony.
This guide explains how to configure Medianova CDN for CakePHP version 2.4 and later, enabling your application to serve static content from the nearest CDN edge node instead of the origin server.
Before starting the integration, back up your CakePHP project files and database.
Prerequisites
A configured CDN Resource.
A running CakePHP 2.4+ application
Write access to your ./Config/bootstrap.php file
Integration Steps
1
Create a CDN Resource
Log in to the .
Troubleshooting
Problem
Cause
Solution
Integrate Phalcon with Medianova CDN
Learn how to integrate Phalcon, a high-performance PHP framework, with Medianova CDN to serve static assets efficiently and enhance website performance.
Phalcon is an open-source PHP framework designed for speed and efficiency.
Unlike traditional PHP frameworks, Phalcon is implemented as a C extension, providing exceptional execution performance with MVC architecture support.
This guide explains multiple integration methods for connecting Phalcon-based applications with Medianova CDN to deliver static files (CSS, JS, images) from the nearest CDN edge.
Before integration, back up your project files and database.
Prerequisites
A configured CDN Resource
Access to the Phalcon project source code
PHP 7.4 or later (recommended)
Integration Methods
1
Use setStaticBaseUri
The simplest way to integrate your Phalcon application with Medianova CDN is by defining a static base URI.
This approach ensures that dynamic content stays on your origin, while static files (CSS, JS, images) are delivered via CDN.
Troubleshooting
Problem
Cause
Solution
Create Dynamic Resource
Aksela can integrate support for CNAME records, allowing domain mapping to another hostname instead of an IP address. However, some DNS providers do not support CNAME records at the root domain (example.com → ddd.mncdn.com) due to DNS standards. In such cases, only subdomains (e.g., www.example.com→ ddd.mncdn.com) can use CNAME records.
Example:Supported (Subdomain CNAME):
www.example.com → example.mncdn.com
cdn.example.com → example.mncdn.com
Not Supported by Some DNS Providers (Root Domain CNAME):
example.com → ddd.mncdn.com
For root domains, ANAME or ALIAS records (if supported by the DNS provider) can be an alternative solution to achieve similar functionality.
Aksela is a micro-caching platform developed by Medianova. Micro caching ensures that your content can be cached even for seconds. It serves static & dynamic content and API requests on your website through edge servers closest to end users.
By laying between the origin server and the end user, Aksela both increases performance and provides an additional layer of security. In addition to the security measures provided by Aksela, WAF (Web Application Firewall) can be provided as an additional security service.
You can access the by logging in with your username and password at
Click on “CDN → Create CDN Resource” option from the menu on the left side of the panel.
In the next screen, Dynamic CDN Resource is selected from the “Start building your CDN”
Fill in the requested information for Dynamic CDN Resource.
Your Origin URL and Website URL cannot be identical. To differentiate your Origin URL from your Website URL, you can follow one of the two following methods:
Login to your DNS hosting provider’s client panel and add an A record that points your origin address (different than the Website URL) on your DNS server. This will be the origin URL for Aksela to retrieve your site’s content.
5 . When all the information is filled in correctly, the Dynamic CDN Resource is created by clicking the “Create CDN Resource” button. It will take a few minutes to be active on all edge servers. (When the “ping ” command is run, getting a response from an IP address means that the CDN Resource is active).
Origin SNI Request
Learn how to configure Origin SNI Request to ensure secure SSL/TLS connections between the CDN and your origin server.
Origin SNI Request enables the CDN to send the correct Server Name Indication (SNI) value when establishing SSL/TLS connections with your origin. This ensures that the origin server selects the appropriate SSL certificate, especially when hosting multiple domains on the same IP address.
Enabling this feature improves compatibility and prevents certificate mismatch errors during HTTPS communication.
In the Medianova Control Panel, go to CDN Resources, select your resource, and navigate to Origin Settings.
Configure Origin SNI Request
Follow the steps below to enable and configure Origin SNI Request for your CDN Resource.
1
Enable Origin SNI Request
Toggle Origin SNI Request to On.
The domain input field becomes active.
2
Enter the SNI Domain
How SNI Works
During an SSL/TLS handshake, the CDN includes the SNI extension, which specifies the domain name requested by the client.
This allows the origin server to:
Select the correct SSL certificate
Support multiple domains on a shared IP
Avoid certificate mismatch errors
When to Enable Origin SNI Request
Use this setting when:
Your origin serves multiple HTTPS domains from the same IP
The origin requires SNI to present the correct SSL certificate
You encounter HTTPS 421 or certificate mismatch errors
What Happens if the Setting is Disabled
If SNI is not sent:
The origin may return the wrong SSL certificate
HTTPS validation may fail
Dynamic requests may intermittently fail under multi-domain hosting setups
Troubleshooting
Issue: HTTPS requests fail with certificate mismatch.
Cause: The origin returned the default certificate instead of the certificate for the requested domain.
Fix: Enable Origin SNI Request and enter the correct domain.
Issue: Origin returns 421 Misdirected Request.
Cause: The origin requires SNI to route the request to the correct virtual host.
Fix: Ensure the SNI domain matches the vhost configuration on the origin.
Issue: Requests fail after enabling SNI.
Cause: Incorrect domain entered in the Origin SNI Request Domain field.
Fix: Confirm that the domain matches a valid certificate installed on the origin.
How to Configure Gzip and Brotli
Step-by-step instructions for how to enable and configure Gzip compression and Brotli compression.
We recommend to always turn on Gzip and Brotli compression for small object delivery and dynamic content acceleration. All modern browsers support these content encodings and clients not supporting compression will receive the uncompressed version. Learn more about compression at Medianova.
In the Medianova Panel, select the appropriate CDN resource, navigate to the Optimization tab and select Text Optimization.
The page shows two content blocks, one for Brotli Compression and one for Gzip Compression:
The following steps apply to both Brotli Compression and Gzip Compression.
1
Toggle the Status to ON
Click the Status toggle to turn on compression.
Changing the toggle does not immediately change the CDN's behavior. You need to click Submit to push the updated config to the CDN
2
Shared Cache
Define whether a CDN resource uses its own cache or shares a common cache structure across multiple accounts using the Domain Cache Key.
Shared Cache allows multiple accounts or domains to use the same cache structure by applying a Domain Cache Key. When set to Share, identical content is cached only once and served across participating accounts, improving efficiency and reducing redundant origin requests.
When set to Default, each account maintains its own isolated cache.
Log in to the Medianova Control Panel, select a CDN resource in the CDN section, and navigate to the Caching tab.
Configure Shared Cache
1
Select the Cache Status
Choose one of the following options:
Default — Each account maintains a separate cache structure.
Behaviour
When set to Share, CDN edge nodes use the same cache namespace for resources that match the Domain Cache Key.
Cache hits increase across accounts that serve identical content.
Changing the status does not purge existing cache; behavior changes apply to future caching operations.
FAQ
Does enabling Shared Cache expose content from one customer to another?
No. Shared Cache only applies where explicit Domain Cache Key alignment exists and is intentionally configured.
Does switching from Default to Share purge existing cache?
No. Existing cached content expires naturally according to its TTL.
When should Shared Cache be enabled?
It is beneficial when multiple accounts deliver the same static assets (e.g., white-label platforms, partner domains).
Create Large CDN Resource
Learn how to create a Large CDN Resource in the Medianova Control Panel for large file delivery, video-on-demand (VOD), or streaming content caching.
A Large CDN Resource is designed for large-sized objects such as video files, audio files, archives, and executable downloads.
It provides optimized caching and delivery behavior for large payloads while reducing load on origin servers.
Depending on your use case, you can configure one of the following delivery modes:
Large Content Caching for static large files
VOD Content Caching
Advanced Origin Settings
Define advanced origin routing rules by matching requests to specific origins based on URI patterns, protocols, domains, ports, and priority.
Advanced Origin Settings allow you to configure granular origin-routing behavior for specific URIs, file types, or directories. By defining rule-based conditions, you can route selected traffic to different origins, override ports, set custom host headers, or assign priorities for complex routing environments.
You can manage Advanced Origin Settings in the or via .
Log in to the Medianova Control Panel, select a CDN resource in the CDN section, and navigate to the Origin Settings tab.
Advanced Origin Settings use rule-based logic. Each rule defines what request pattern to match and how the CDN should route that traffic.
Aksela Test Steps
The IP address of the CDN URL shared with you by the Medianova Technical Sales team or created via a Free trial can be found as follows.
The CDN URL is pinged by opening the Command Prompt. (CDN URL = <zone_name>.mncdn.com)
Example: ping <zone_name>.mncdn.com
Redirect Handle From Origin
Learn how Redirect Handle From Origin manages origin-generated redirects and applies custom header logic for dynamic traffic.
The Redirect Handle From Origin feature for Dynamic Content Acceleration operates the same way as in Static Content Delivery.
It allows the CDN to process selected 3xx redirect responses returned by your origin and apply custom request or response headers. This provides consistent redirect behavior for dynamic workloads and ensures greater control over how clients receive redirected responses.
For configuration details, supported redirect codes, and examples, refer to the main documentation:
Learn more in the.
Share — Cache is shared across accounts using the Domain Cache Key.
2
Submit the Configuration
Click Submit to apply the selected cache status.
When set to Default, each account's cache becomes isolated again.
Origin-safe
No effect if the file is already cached unless purged first
Full CDN Resource Purge
Clears all cached files for a specific CDN Resource.
/*
Auto Revalidation
After purge, next requests trigger fresh pulls from the origin.
In the left-hand menu, go to Plugins → Add New.
In the search bar, type Medianova and press Enter.
Install the Medianova CDN plugin and click Activate.
Enter your CDN URLs, specify the folders to include, and list file extensions to exclude.
Click Save Changes to apply your configuration.
CDN plugin not found in search
Outdated WordPress version
Update WordPress to the latest version and try again.
Scale efficiently – Handle large traffic spikes with consistent response times.
Balance freshness and performance – Configure cache rules to keep data relevant without overloading the origin.
Edge-based Caching – Execute caching at CDN edge locations to minimize latency.
Custom Page Rules – Exclude sensitive or real-time pages such as checkout or admin panels.
Granular Cache Control – Configure individual TTLs (cache durations) for different endpoints.
Once the TTL expires, the CDN refreshes the data from the origin to ensure freshness.
Combine Dynamic CDN with Rate Limiting and WAF for performance and protection.
Use Compression and WebP Optimization to further reduce load times.
Cache Time (TTL)
Determines how long dynamic responses are cached before being refreshed. Shorter TTLs maintain freshness; longer TTLs improve performance.
Page Rules
Define which paths should or should not be cached (e.g., exclude /checkout, /admin, or highly dynamic pages).
API Endpoints
Apply caching selectively to repetitive API calls (e.g., product listings, autocomplete, or pricing).
Medianova Dynamic CDN
Example:
Origin URL - yourdomain.com
Fill in the Origin URL field using the IP address information instead of a URL. In that case, the Website URL has to be filled in the Origin Set header. This can be configured in CDN Resources → Headers settings, after Aksela CDN Resource is created.
Example: Origin URL - https://IP.IP.IP.IP
Origin Set Header - yourdomain.com
Enter the domain name that should be included as the SNI value during SSL/TLS handshake.
Ensure this domain corresponds to a valid SSL certificate installed on your origin server.
3
Save the Configuration
Click Submit to apply your settings.
Origin SNI Request is now enabled for the CDN Resource.
Extended Validation (EV)
Highest validation level; displays organization name in browser UI.
E-commerce, financial platforms
Wildcard SSL
Secures a domain and all its subdomains (e.g., *.yourdomain.net).
Multi-subdomain services
SAN (Subject Alternative Name)
Covers multiple domains under a single certificate.
Multi-domain architectures
Code Signing SSL
Used by developers to verify the integrity of software or drivers.
Application signing, APIs
Update the content types (optional)
The page now shows a list of content types (or: MIME types) that are served compressed by default. You can add content types by typing the content-type in the Add Content Type field and clicking the + button.
Remove a content type by clicking the small x icon to the right of the content-type.
3
Submit the changes
Click the Submit button to push the updated config to the CDN.
The period within which requests are counted (e.g., per second, per minute).
Start with conservative thresholds and gradually adjust them based on traffic analytics.
Permits short bursts instantly, without waiting for enforcement delay.
None
Strict enforcement. Requests exceeding the limit are immediately blocked.
“Burst” modes are useful for high-traffic APIs or login pages where short spikes are expected.
).
Click Save to apply.
Whitelist internal monitoring systems or administrative users to prevent accidental blocking.
Sends a verification challenge to the client before allowing further requests.
You can also define the HTTP response code to be returned:
429 — Too Many Requests
529 — Custom throttling response
Use Challenge mode only if you have challenge verification integrated on your frontend (e.g., CAPTCHA).
529
).
Review request logs and metrics in Analytics → Rate Limiting Dashboard.
Metric visibility may take a few minutes after activation depending on traffic volume.
path-level overrides
for flexible traffic management.
Request Limit
The maximum number of requests allowed (e.g., 100).
Burst
Allows short spikes within the limit window before throttling begins.
Block
Rejects the request and returns an error response (default).
Enable Shared SSL or Custom SSL in the before using HTTPS URLs.
<?php
$url = new Phalcon\Mvc\Url();
// Dynamic URIs remain on your origin server
$url->setBaseUri('/');
// Static resources go through Medianova CDN
$url->setStaticBaseUri('https://<CDN_ZONE_URL>/');
Assets are still served from the origin
The CDN prefix is not applied in code.
Verify that setStaticBaseUri() or $css->setPrefix() includes your correct CDN Resource URL.
Invalid asset paths
The CDN prefix or local directory structure is incorrect.
Check the path structure inside your assets directory and ensure the CDN path matches the file hierarchy.
SSL-related warnings
for media that requires adaptive streaming preparation
Streaming Content Caching for already packaged streaming protocols or live ingest with RTMP Push
Use a Large CDN Resource when delivering:
Large static files (for example, video files, audio files, .zip, .exe)
From the left menu, go to CDN → Create CDN Resource.
2
Select the resource type.
In Select CDN Resource Type, choose Large, VOD & Streaming.
Three configuration tabs appear:
Large Content Caching
VOD Content Caching
Streaming Content Caching
3
Configure delivery mode
Choose the configuration tab that matches your content type.
4
Large Content Caching
Use Large Content Caching for static large files such as videos, music, .zip, and .exe.
CDN Resource Name – Enter a short, descriptive name for your resource.
→ This name will appear in your default CDN hostname (for example, example.mncdn.com).
5
VOD Content Caching
Use VOD Content Caching if you plan to deliver video content and need automatic packaging for streaming protocols.
CDN Resource Name – Provide a name for the VOD resource.
Source of Your Files
6
Streaming Content Caching
Use Streaming Content Caching for packaged streaming protocols such as HLS, DASH, and Microsoft Smooth Streaming. It also supports RTMP Push for live stream ingest.
CDN Resource Name – Enter a short, descriptive name for your resource.
→ This name will appear in your default CDN hostname (for example, example.lg.mncdn.com).
7
Create the resource.
Review the configuration.
Click Create CDN Resource.
The resource appears in the CDN Resources list.
8
(Optional) Configure your custom domain (CNAME).
If you want to serve content using your own domain (for example, cdn.yourdomain.com) instead of the default hostname (example.mncdn.com), configure a CNAME record.
To use your own domain, add a CNAME under the CNAME & SSL tab of your CDN Resource.
For detailed steps, see
Use Large Content Caching for large, static files, VOD Content Caching for media that needs adaptive packaging, and Streaming Content Caching for packaged streaming protocols or live ingest with RTMP Push.
Config Status and Resource Status icons confirm that setup is complete.
If configuration fails, verify origin connectivity and port settings.
Validate CDN delivery
After creation, verify connectivity using the following command:
Replace example.mncdn.com with your CDN URL.
Use the Custom CNAME if configured.
Use a URL path that returns 200 OK.
A successful response confirms that the resource is active and accessible through Medianova’s edge network.
Troubleshooting notes
If configuration fails, verify origin connectivity and port settings.
Ensure DNS changes (especially Custom CNAME records) have fully propagated before testing.
For SSL errors, confirm that the certificate matches the domain and is active.
If multiple rules match the incoming request, the CDN applies the rule with the highest priority.
If no rules match, the CDN uses the default origin configuration.
Routing decisions consider:
URI match pattern
Origin protocol selection
Domain/IP
Ports
Host header
This allows precise routing for APIs, media directories, file extensions, or multi-origin deployments.
FAQ
What happens if multiple rules match the same request?
The rule with the highest priority (lowest priority number) is applied.
Do regex or prefix rules impact performance?
Regex rules are more expensive than prefix or extension matches. Use them only when necessary.
What if no Advanced Origin rule matches the request?
The request is sent to the default origin defined in the main Origin Settings section.
Streaming Content Caching
For Streaming Content Caching resources, Advanced Origin Settings use a different structure based on Origin Groups and URI Match Rules.
Instead of defining individual origin rules directly, you first create origin groups containing one or more origins, then create URI match rules that route traffic to those groups.
Advanced Origin Settings for Streaming Content Caching – Origin Groups and URI Match Rules sections
The page has two sections:
Origin Groups – Define groups of origins for load balancing and failover.
URI Match Rules – Assign URI patterns to origin groups to route traffic.
You must create at least one origin group before you can add URI match rules.
Create an Origin Group
You can create up to 50 origin groups, and each group can contain up to 25 origins.
1
Open the Add Origin Group Dialog
Click Add group in the Origin Groups section.
Add Origin Group Settings dialog
2
Configure the Origin Group
Fill in the following fields:
Group Name – Enter a descriptive name for the group.
Protocol – Choose HTTP, HTTPS, or Same as Request.
Domain or IP – Specify the origin server address.
HTTP Port / HTTPS Port – Enter the port numbers for origin communication.
Host Header – (Optional) Define a custom Host header if the origin requires it.
Weight – Set a weight value for traffic distribution within the group.
Priority – Choose Primary or Backup to define failover behavior.
Click Add to add the origin to the group.
3
Submit Origin Groups
After adding all origins, click Submit groups to save the configuration.
You can add more origins to the same group or create additional groups by clicking Add group again.
Add a URI Match Rule
After creating origin groups, define URI match rules to route traffic to the appropriate group.
1
Open the Add Rule Dialog
Click Add rule in the URI Match Rules section.
Add Rule dialog – select match mode, enter rule, and assign an origin group
2
Configure the Rule
Fill in the following fields:
URI Match Mode – Choose File Extension, Exact Path, Prefix, or Regex.
URI Match Rule – Enter the pattern to match (for example, .m3h8 for HLS manifest files).
Origin Group – Select the origin group that should handle matched requests.
Click Add to create the rule.
3
Submit URI Match Rules
You can reorder rules by dragging the handle icon (≡) on the left side of each rule — the rule at the top has the highest priority.
Click Submit rules to apply the URI match rules to the CDN resource.
The IP address retrieved above is written to the “host” file of your computer.
Open the Run tab by pressing the Windows key + R.
Type system32 in the search bar and click ok.
On the screen that opens, navigate to the drivers folder and open it.
Navigate to the etc folder in the “drivers” folder and open it.
Right-click on your “host” file and choose open with. Edit it with one of the applications such as Notepad or Notepad++.
Add the IP address you obtained in the first step and the website you want to reach using this IP address and save the file as shown below.
Clear the browser cache. Make a request to the page by typing yourdomain.com in the address bar. After opening the page, right-click on an empty area and select inspect. The Network tab will open. Verify that the .html file comes from Medianova when you see the MNCDN description under the Server tab.
Upload and Manage SSL Certificates
Learn how to upload and manage SSL certificates in the Medianova Control Panel.
SSL/TLS certificates enable encrypted HTTPS communication between users and CDN Resources.
You can upload your own certificate, use Medianova’s shared SSL, or activate a free certificate provided by Let’s Encrypt.
TLS is the modern version of SSL. All Medianova services support TLS 1.2 and TLS 1.3 by default.
1
Access the SSL Management Page
To start managing SSL certificates, open the and navigate to the SSL Management section.
Go to CDN → SSL Management in the left-hand menu.
Review the list of existing certificates in your organization.
Click Add New SSL to begin adding a certificate.
2
Add a New SSL Certificate
When adding a certificate, you will be asked to choose the SSL type and format.
Choose SSL Type
Option
Description
3
Assign SSL to a CDN Resource
After uploading or creating your certificate, assign it to a specific CDN Resource.
Go to CDN → CDN Resources.
Open the SSL tab (or CNAME & SSL for Small and Large resources).
4
Manage and Validate SSL Certificates
From the SSL Management page, you can:
Edit SSL Name – Rename an existing certificate.
Replace SSL – Upload a new certificate to replace an expired one.
Redirect Handle From Origin
Learn how to manage Redirect Handle From Origin to control how 3xx redirect responses from your origin are processed by the CDN.
Redirect Handle From Origin allows the CDN to modify request or response headers when the origin returns a 3xx redirect.
You can select which redirect codes to handle and optionally add or modify headers sent during redirection.
This provides greater control over origin-driven redirects and ensures consistent client behavior.
In the Medianova Control Panel, go to CDN Resources, select your resource, and navigate to Origin Settings
Redirect Handle From Origin
Follow the steps below to enable and configure redirect handling for your CDN Resource.
1
Enable Redirect Handling
Toggle Status to On.
Additional configuration options become active.
2
Select Redirect Codes to Handle
Redirect Handling Logic
When the origin returns a selected 3xx status code:
CDN intercepts the response.
CDN adds or modifies headers based on your configuration.
The redirect is returned to the client with the updated headers.
Header Processing
Request Header Key / Value modifies the header sent from CDN → Origin.
Add Header Key / Value appends additional headers in redirection processing.
Status Toggle
When On, CDN evaluates redirect codes and applies your header settings.
When Off, CDN forwards redirect responses without modification.
Troubleshooting
Issue: Redirect handling does not apply.
Cause: Status toggle is disabled or no redirect codes are selected.
Fix: Enable Status and choose at least one code under Handle Origin Redirection Error.
Issue: Headers are not appearing in redirected responses.
Cause: Header Key or Value fields are empty.
Fix: Ensure both fields are filled before selecting Add.
Issue: Redirect behavior is inconsistent.
Cause: Origin and CDN redirect configurations conflict.
Fix: Review origin redirect rules and ensure the CDN's configured headers do not override necessary behavior.
How to Purge
Learn how to invalidate cached content instantly across all Medianova CDN
Log in to the Medianova Control Panel, select a CDN Resource in the CDN section, and navigate to the Purge tab.
Purge Cached Files
Purge instantly invalidates cached content across all Medianova CDN cache layers.
Use this feature when updated content is not yet reflected or when outdated assets need to be refreshed.
1
Enter File Path
In the Path field, type the exact file or directory path you want to purge.
You can specify multiple paths by entering one per line.
Example:
2
Use Wildcards
You can use the * symbol to purge multiple files within a directory.
Examples:
3
Execute the Purge
Click Purge Files to start the invalidation.
Medianova CDN will distribute the purge request to all cache layers and mark the specified objects as expired.
The next request will automatically fetch the latest version from your origin.
Medianova’s purge mechanism rapidly invalidates content across every cache layer (from edge nodes to core caches), usually finishing propagation within seconds under normal conditions. This near-immediate purge completion means users around the world see the updated content almost instantly after you purge.
Monitor Purge Requests
All recent purge operations are listed in the Purge Log table below.
Use this view to track the status of your requests.
Column
Description
Click the refresh icon to reload the log and check the latest results.
Analytics
Static CDN is primarily used for delivering fixed content, such as images, CSS files, and JavaScript files. These resources are typically unchanged, which allows for faster delivery through a CDN. The Static CDN Analytics section provides key metrics that help monitor, analyze, and optimize the performance of static content delivery. These metrics focus on the caching effectiveness, the amount of traffic being served from the cache versus the origin server, and the overall bandwidth usage.
Traffic
Total Traffic: This chart displays the total amount of traffic delivered during a selected time range. Users can view the traffic over a
Path & Extension Based Rate Limiting
Overview
Path & Extension Based Rate Limiting allows you to define traffic limits based on specific URL paths and/or file extensions (e.g., /api , /login, .pdf, .jpg). This enables targeted protection for sensitive endpoints or static resources by enforcing custom request limits per rule.
Manage Page Rules
Learn how to add, edit, clone and delete page rules in the Medianova Panel.
You can manage Page Rules in the or via .
Log in to the , select a CDN resource in the CDN section and navigate to the Page Rules tab.
Turn on Page Rules
By default, Page Rules is disabled. Click the Status toggle to turn on Page Rules.
Open Handle Origin Redirection Error and choose one or more redirect status codes that the CDN should process.
These codes determine which 3xx responses from your origin will trigger redirect handling logic. When a selected code is returned by the origin, the CDN applies your configured header settings and processes the redirect instead of simply passing it through unchanged.
Supported redirect codes:
301 — Permanent redirect
302 — Temporary redirect
303 — See Other
307 — Temporary redirect (method is preserved)
308 — Permanent redirect (method is preserved)
The CDN will apply your redirect-handling configuration only to the selected status codes, giving you granular control over how different redirect types are processed.
3
Configure Request Headers (Optional)
Enter a Request Header Key and Request Header Value if you want to include or modify request headers when a redirect occurs.
Examples:
Request Header Key: User-Agent
Request Header Value: Custom-UA
If you do not need to change request headers, leave these fields empty.
4
Add Custom Headers (Optional)
Use Add Header Key and Add Header Value to specify additional headers that should be appended during redirect handling.
Examples:
Add Header Key: X-Debug-Redirect
Add Header Value: true
These headers are included in redirected requests or responses depending on your configuration.
5
Save the Configuration
Select Add to register your header definitions.
Then click Submit to apply the Redirect Handle From Origin settings.
Redirect handling is now active for your CDN Resource.
Origin group with added origins – click Submit groups to save
URI match rules list – drag the ≡ handle to reorder priority, then click Submit rules to apply
/images/* — removes all files and subdirectories inside /images/
/images/im* — removes files starting with “im”
Time the purge was initiated.
URLs
Number of URLs affected.
Running / Successful / Failed
Summary of the operation result.
Status
Shows whether the purge is Running, Successful, or Failed.
Upload your own SSL/TLS certificate issued by a Certificate Authority (CA).
custom time range
or compare it with the
previous time range
to understand the trends and fluctuations in traffic. A significant increase in traffic indicates that the content is being accessed more frequently, which can be beneficial for scaling infrastructure and improving cache efficiency.
Traffic in Time: This chart provides insights into traffic variations over time. By analyzing traffic patterns, you can identify spikes in demand, possibly caused by promotions, seasonal events, or viral content. It also helps determine when content delivery peaks, assisting in optimizing server performance during high-traffic periods.
Cached vs Non-Cached: This chart compares traffic served from the cache versus traffic retrieved from the origin server. High cache traffic indicates that most of the data is being served efficiently from the CDN, reducing load on the origin server and speeding up delivery to end-users. A low cache hit ratio might indicate a need for better cache configuration or optimization.
Cached Data: This chart shows the breakdown of cached data into hits, updating, and stale categories:
Hits: Content successfully retrieved from the cache.
Updating: Content that is currently being updated in the cache.
Stale: Content served from the cache that is outdated because the origin server did not respond in time.
These metrics are crucial for understanding cache freshness and the efficiency of the content delivery process.
Non-Cached Data: This chart shows the amount of data retrieved from the origin server, broken down into miss and expired categories:
Miss: Content that was not found in the cache and had to be fetched from the origin server.
Expired: Cached content that has expired and needs to be fetched again from the origin server.
A higher proportion of non-cached data suggests that caching is not being utilized effectively, which could lead to higher latency and bandwidth usage.
Bandwidth
Bandwidth: This chart shows the total bandwidth used for delivering static content. High bandwidth usage might indicate large file sizes or a high volume of requests, which can be optimized through compression, better cache utilization, or content delivery strategies.
Cached vs Non-Cached: This chart compares the bandwidth used for cached versus non-cached data. Ideally, cached data should consume most of the bandwidth, as it reduces the need for repetitive fetching from the origin server, resulting in faster load times and reduced network strain.
Requests
Total Requests: This chart displays the total number of requests made for static content. A high number of requests indicates active content consumption, which is useful for monitoring content popularity and server load.
Hits vs Misses: This chart compares the number of requests that resulted in a cache hit versus a cache miss. A higher hit ratio is ideal, as it indicates that the CDN is effectively serving content from the cache, reducing the need to contact the origin server.
Request Hits: This chart shows detailed information on hits, broken down into hit, updating, stale, and revalidated categories:
Updating: The content is in the process of being updated.
Stale: The content is outdated and served while awaiting a response from the origin server.
Revalidated: The cached content has been successfully revalidated with the origin server and is now fresh.
These metrics provide insights into the cache's efficiency and freshness.
Request Misses: This chart shows detailed information on misses, broken down into miss and expired categories:
Miss: The content was not found in the cache and was fetched from the origin server.
Expired: The cached content expired and had to be retrieved from the origin server again.
Analyzing this data helps in understanding the reasons for cache misses and optimizing cache configurations.
Tier Filter
A Tier Filter dropdown is available next to the All Resources selector.
This filter defines which CDN layers are included in the request data.
Option
Description
Edge only(default)
Displays requests from end users. Excludes internal CDN tiers.
All
Displays total requests from Edge + Mid + Origin layers. May include repeated counts of the same request across tiers.
Tooltips appear on hover for desktop and via an info icon on mobile.
The selected filter is also reflected in exported reports.
Example report titles:
Requests - Edge only
Requests - All
API parameter:tier=edge or tier=all (default = edge)
Status Codes
Total Requests: This chart displays the total number of requests, helping you track overall activity and performance.
Status Code Structure: This chart compares the distribution of different HTTP status codes:
2xx: Successful responses (e.g., 200 OK).
3xx: Redirects (e.g., 301, 302).
4xx: Client errors (e.g., 404, 403).
5xx: Server errors (e.g., 500, 502).
Monitoring these status codes helps identify potential issues in content delivery and client-side or server-side errors.
Successful Responses (2xx): This chart shows the distribution of successful responses, particularly focusing on the 200 OK code and other 2xx codes. High 2xx responses indicate that the CDN is successfully delivering content.
Redirects (3xx): This chart displays the distribution of redirect codes (301, 302, etc.). Redirects can indicate changes in content location, which should be minimized for optimal performance.
Client Errors (4xx): This chart shows errors on the client side, such as 403 (Forbidden), 404 (Not Found), and 429 (Too Many Requests). A high number of client errors suggests that users are requesting unavailable content or facing access issues.
Server Errors (5xx): This chart shows server-side errors, such as 500 (Internal Server Error), 502 (Bad Gateway), and 504 (Gateway Timeout). These errors indicate issues on the origin server and require attention to ensure smooth content delivery.
Tier Filter
Status code metrics also reflect the selected Tier Filter.
You can view codes for Edge only or include All CDN tiers.
When All is selected, totals may increase because the same request can appear multiple times across tiers.
Exported reports and visual charts indicate the active filter in their titles.
API parameter:tier=edge or tier=all (default = edge)
Error Logs
Error logs provide a detailed record of requests that resulted in errors. By selecting a specific error code, users can view logs that include the request path, method, protocol, and hit status. The logs are invaluable for identifying patterns and resolving recurring issues in content delivery.
Tier Filter
The Tier Filter applies to all error log data.
Users can toggle between Edge only and All, depending on whether they want to see only end-user–level errors or logs from all CDN layers.
Selecting Edge only isolates actual user errors, while All shows cumulative errors from Edge, Mid, and Origin.
API parameter:tier=edge or tier=allDefault:edge
Path & Extension Based Rate Limiting is available under Page Rules for Small, Large and Dynamic accounts. It remains OFF by default and must be explicitly enabled per rule, even when global Rate Limiting is ON.
Activation Requirements
Rate Limiting must be enabled globally under the Security tab.
Path & Extension Based Rate Limiting is disabled by default, even when Rate Limiting is ON.
Rules are created under the Page Rules section of the panel.
You can define different rate limits for each path or file type, separate from the base rule.
Whitelist IPs are managed from a single global pool; no separation exists between general Rate Limiting and Path & Extension Based Rate Limiting.
Rule Behavior
Each Path & Extension Based Rate Limiting rule inherits global Rate Limiting settings (request limit, burst, time window, etc.), but allows you to scope limits to a specific path or file extension.
Configuration Fields
Field
Description
Path
Target path (e.g., /api/login)
File Extension
Target extensions (e.g., .pdf, .jpg, .html)
Request Limit
Requests per second/minute (inherited from global config)
If the account's default Cache Type is dynamic or edge, you must explicitly define the same Cache Type in the Page Rule when applying Path & Extension Based Rate Limiting; otherwise, caching for that path or extension will fall back to origin, and response behavior will rely on origin headers.
How to Configure
Navigate to the Page Rules section in the Medianova panel.
Click Add Rule.
In the rule editor, define:
Path (e.g., /login)
File Extensions (e.g., .pdf, .jpg)
Select and enable Rate Limiting toggle inside the rule.
Set:
Request Limit (100–1000)
Time Window (Per Second or Per Minute)
If your account’s default Cache Type is dynamic or edge, add the same Cache Type field to this rule explicitly.
Page Rules are processed in order, from top to bottom. If multiple rules match the same path or file, only the first matching rule is applied. Make sure your rate limiting rule is placed before broader or less restrictive rules.
Example Rule
This rule limits .pdf file requests under /reports to 100 per minute, allowing 20 additional burst requests before applying the rate limit.
Use Cases
Limit file downloads by extension:
Apply rate limits to .pdf, .zip, .jpg files regardless of path.
Protect API endpoints by path:
Limit access to paths like /api/auth, /api/login, /checkout.
Combine path + extension filtering:
Limit requests to /reports/*.pdf or /downloads/*.zip.
Restrict access to static assets:
Control access to large files or images under /media/ or /static/.
Prevent scraping of product/category pages:
Apply limits to paths like /products/, /categories/.
Rate-limit search endpoints:
Protect /search or /filter paths from abuse.
Limitations
Path & Extension Based Rate Limiting is disabled by default and must be activated per rule
Only functional when resource Rate Limiting is enabled
Whitelisted IPs cannot be scoped per rule
Request Limit Range: 100 - 1000
Path: /reports
File Extensions: .pdf
Request Limit: 100
Time Window: Per Minute
Burst: 20
Page Rules start screen
The screen now shows a Create Page Rule button, enabling you to get started with your first page rule.
File Path and File Extension
Page Rules match on a combination of file path and file extension.
Field
Available options
File Path
Directory, wildcard and regex pattern
File Extensions
Any, one or more
Directory is recursive (unless using the Exact Match setting), meaning /dir/ matches all URLs for files in the /dir/ directory and its subdirectories.
Wildcard is for example * to match on any URL path and /*/images/ matches URLs in any second-level images directory.
When using regex pattern, only the * . / () [] $ symbols are supported. You cannot use other symbols, including ? ! + ^.
From the drop down menu, select a setting and click the Add a Setting button. Configure the setting using the options that appear below the drop down menu.
Repeat this step if you want the page rule to trigger multiple actions.
4
Deploy to CDN
Push the page rule to the CDN by clicking the Create button.
View Page Rule Details
Find the page rule in the table, click the three dots and select Page Rule Details. The new window shows the status of every setting and details for each setting.
Page rule details screen
Clone a Page Rule
If you want to create a new page rule that is very similar to an existing rule, the easiest way is to clone the existing rule, and then apply changes to the clone.
1
Select the Page Rule to Clone
Find the page rule in the table, click the three dots and select Clone Page Rule. A new window appears for editing the cloned rule:
Clone a Page Rule screen
2
Set the File Path and File Extensions
Set a combination of file path and file extensions that is different from the rule you just cloned.
3
Deploy to CDN
Push the new page rule to the CDN by clicking the Clone button.
Edit a Page Rule
Change the page rule in three steps:
1
Select the Page Rule to Edit
Find the page rule in the table, click the three dots and select Edit Page Rule. A new window appears for editing the rule.
2
Change the File Path and File Extensions
If you only want to change page rule settings, do not edit the file path and file extensions
3
Change Page Rule Settings
From the drop down menu, select a setting you want to change and click the Add a Setting button. Configure the setting using the options that appear below the drop down menu.
Repeat this step if you want to change another setting.
4
Deploy to CDN
Push the page rule to the CDN by clicking the Update button.
Delete a Page Rule
Find the page rule in the table, click the three dots, select Delete Page Rule and click Yes, Delete in the confirmation window. This triggers an immediate update to CDN servers.
Medianova’s DDoS protection works through integrated strategies like rate limiting, IP blocking, geoblocking, Anycast DNS, Origin Shield, and WAF integration to prevent overload, block threats, and protect your origin server.
Does CDN Reduce DDoS Attacks?
Yes, a CDN reduces DDoS attacks by distributing traffic across multiple servers, using Anycast DNS, rate limiting, and shielding the origin server. It minimizes the attack impact and improves resilience.
Do I need to manually activate DDoS protection on Medianova?
Medianova’s Always-On DDoS Protection is active by default, providing automatic protection for your web assets against common DDoS attack types, including DNS Query Floods, SlowLoris, HTTPS GET requests, and HTTPS POST requests. No additional activation or manual configuration is required.
What types of SSL certificates are supported by Medianova CDN?
Medianova CDN supports a wide range of SSL certificates, including:
Wildcard SSL Certificates
SAN-supported SSL Certificates
Code Signing SSL Certificates
Domain SSL, Organization Validated SSL, and Extended SSL Certificates
How can I upload and manage SSL Certificates?
Yes, it is possible. For detailed instructions, please refer to the "How to Upload and Manage SSL Certificates" documentation.
What file formats are supported for SSL certificates?
Medianova supports standard SSL certificate formats, including .crt for certificates and .key for private keys.
Can I add multiple SSL certificates to my organization?
Yes, you can add multiple SSL certificates to your organization. Each certificate can be associated with different resources or domains.
How can I use Free SSL?
Yes, you can use Free SSL. For detailed steps, please refer to the "How Can I Use Free SSL?" documentation.
Does Medianova support TLS 1.3?
Yes, Medianova CDN supports TLS 1.3, the latest version of the TLS protocol, which offers enhanced security and faster performance compared to its predecessors.
What are the differences between “SNI” and “Shared SSL”?
SNI (Server Name Indication): This option allows you to use your own SSL certificate uploaded via the panel for a specific CDN Resource.
Shared SSL: If you don’t have your own SSL certificate, Medianova provides a shared SSL option that can be used for secure connection
Can I edit an uploaded SSL certificate?
You can only rename an SSL certificate in the SSL Management menu. Other edits, such as updating the certificate or private key, are not allowed. If changes are needed, delete the existing certificate and upload a new one.
How do I delete an SSL certificate?
To delete an SSL certificate:
Go to “CDN → SSL Management”.
Click on the “Delete” option next to the certificate.
Confirm the action in the pop-up window that appears.
What is a Private Key, and why is it important?
The Private Key is a critical part of the SSL certificate that ensures secure communication. It is based on asymmetric encryption and must be kept secret:
The Private Key stays on the web server and is never shared.
The Public Key is shared openly to establish secure communication.
What happens if I don’t own an SSL certificate?
If you don’t have your own SSL certificate, you can:
Use the “Shared SSL” option provided by Medianova.
Utilize the “Free SSL” option, which generates a certificate through Let’s Encrypt.
What is the difference between "Monitoring Only" and "On" modes in WAF?
Monitoring Only: In this mode, WAF monitors all incoming traffic for potential threats without blocking any traffic. It provides insights into your security posture and allows you to fine-tune rules before enforcing them.
On: In this mode, WAF actively filters and blocks malicious traffic, providing full protection for your web assets.
Can I view real-time threats blocked by WAF?
Yes, the WAF service provides real-time monitoring and logging of blocked threats, which can be viewed under Analytics → WAF in the panel.
Can I configure WAF for Dynamic CDN Resources?
Yes, you can configure the WAF for Dynamic CDN Resources. When creating a Dynamic CDN Resource, follow the steps to activate and configure the WAF as per your security requirements.
How do I create a custom rule in WAF?
To create a custom rule in WAF, please refer to the "How to Activate WAF" documentation for detailed guidance.
How can I handle false positives in WAF?
To handle false positives in WAF, enable Monitoring-Only mode to analyze traffic. Disable the specific rule causing the issue or create custom rules to prevent it, ensuring security remains intact.
Can I edit or delete a custom rule in WAF?
Yes, you can edit or delete custom rules by clicking the Edit or Delete icons and submitting the changes.
How can I configure Rate Limiting?
To configure Rate Limiting, please refer to the "Rate Limiting" documentation for detailed steps, where you will find instructions on how to log in, select resources, and configure settings in the Security tab.
How do I set the request limits?
Under the Request Limit section, specify the maximum number of requests allowed per second or minute.
Adjust the values based on your traffic volume and server capacity.
What is the difference between the "Burst" and "Burst + No Delay" options?
Burst allows a burst of requests but applies throttling once the threshold is exceeded.
Burst + No Delay allows a burst of requests without any initial delay, providing quicker responsiveness before applying throttling.
What is the "Burst Value" and how is it used?
The Burst Value defines the threshold for the burst limit when the Burst or Burst + No Delay option is selected. It specifies how many requests are allowed in a burst before throttling is applied.
What HTTP status codes can be configured for Rate Limiting?
You can choose one of the following HTTP status codes to return when the rate limit is exceeded:
429 Too Many Requests: Indicates that the client has exceeded the allowed number of requests within the specified time window.
529 Site Overloaded: Used when the server is overloaded and unable to process requests due to excessive traffic.
How can I define actions for excessive requests?
Block: Deny requests that exceed the rate limit.
Challenge: Present a CAPTCHA to validate the request.
How can I enable Hotlink Protection for my CDN Resource?
To enable Hotlink Protection, please refer to the "Hotlink Protection" documentation for detailed instructions on configuring it in the Medianova Control Panel.
How do I whitelist domains for Hotlink Protection?
In the Hotlink Protection section, you can add whitelisted domains that are allowed to access your CDN resources.
These domains will be granted permission to link to or embed your resources.
What happens if a request comes from a non-whitelisted domain?
If a request comes from a non-whitelisted domain (i.e., a blacklisted or unauthorized source), the server will:
Block access to the resource.
Optionally, you can configure the server to redirect the request to a specific page or serve a placeholder image.
How can I disable Hotlink Protection?
If you want to disable Hotlink Protection, simply toggle the Hotlink Protection option to Off in the Security menu of your selected CDN Resource.
What is the difference between Whitelist and Blacklist?
Whitelist: Only devices with IP addresses listed in the whitelist are allowed access to the designated resources. All other IP addresses are denied access.
Blacklist: Devices with IP addresses listed in the blacklist are denied access to the resources. All other devices are allowed access.
What happens if an IP address is not in the Whitelist or Blacklist?
If Whitelist is selected, only the listed IP addresses will have access, and all other IP addresses will be denied.
If Blacklist is selected, all IP addresses except those in the blacklist will have access to the resources
Why would I use the Whitelist option?
You would use the Whitelist option if you want to grant access to specific, trusted IP addresses (e.g., business partners, internal network) and deny all other requests.
Why would I use the Blacklist option?
The Blacklist option is useful if you want to block specific IP addresses that are known for malicious activity or unwanted access, while allowing all other devices to access the resources.
What happens if I make changes to the IP Restriction ACL settings?
After making changes to the IP Restriction ACL settings, click Save Changes to apply the new access control policy. The changes will immediately take effect.
How do I enable Geoblocking on Medianova Control Panel?
To enable Geoblocking, please refer to the "Geoblocking" documentation for detailed steps on configuring country-based restrictions in the Medianova Control Panel.
Can I update my Geoblocking settings after enabling it?
Yes, you can update your whitelist and blacklist at any time. Simply move the countries between the whitelist and blacklist boxes, and click Save Changes to apply the updates.
Can I block or allow specific IP addresses using Geoblocking?
Yes, in addition to country-based restrictions, you can also manage IP-based restrictions. Scroll to the IP Restriction section at the bottom of the page to whitelist or blacklist specific IP addresses.
How do I add or remove countries from the whitelist or blacklist?
To add a country, drag it from the country list on the left to either the Whitelist or Blacklist pane.
To remove a country, simply drag it out of the whitelist or blacklist pane and into the country list.
Can I apply Geoblocking to a specific CDN resource?
Yes, Geoblocking can be applied to individual CDN resources. You can configure the settings for each CDN resource separately.
Can I enable Geoblocking without using the IP Restriction section?
Yes, you can enable Geoblocking without using the IP Restriction section. The IP Restriction section is optional and can be used for more granular control over access.
Set FTP Password and Confirm Password for uploads.
Upload a .pfx file containing your certificate, key, and chain. Provide a password if required.
Private Key
Private key matching the certificate.
Certificate Password
Password for encrypted key or .pfx file.
CA Chain / Intermediate Certificates
Certificates linking your domain to the root authority.
Burst
value (optional)
Burst
Number of extra allowed requests before enforcing limits
HTTP Response Codes
The HTTP protocol defines a standardized set of status codes to communicate the outcome of a client’s request. These codes indicate at which stage the request stands or why it may have failed. They fall into five primary categories:
Category
Description
1xx Informational
Indicates that the request was received and the process is continuing.
2xx Success
1xx Informational
These codes indicate that the request was received and the process is continuing. They do not finalize the HTTP transaction — the client must wait for or send more data.
Code
Meaning
2xx Success
These codes indicate that the client’s request was successfully received, understood, and accepted.
Code
Meaning
3xx Redirection
These codes indicate that further action needs to be taken by the client in order to complete the request. Usually involves following a different URI.
Code
Meaning
4xx Client Error
These codes indicate that the client seems to have made an error. The server understood the request, but it cannot or will not process it due to something that is perceived to be a client problem.
Code
Meaning
5xx Server Error
These codes indicate that the server failed to fulfill a valid request. The problem is on the server side, not the client's.
Code
Meaning
References
RFC 7231: HTTP/1.1 Semantics and Content
(core HTTP methods, standard status codes)
RFC 6585: Additional HTTP Status Codes
(defines 429 Too Many Requests
204 No Content
The server successfully processed the request and is not returning any content. Useful for operations that do not need to change the current page (like clearing a form via JS).
205 Reset Content
The server processed the request successfully, but asks the client to reset the document view (like clearing form inputs).
206 Partial Content
The server is delivering only part of the resource due to a Range header sent by the client. Used for resumable downloads or streaming.
207 Multi-Status
(WebDAV) Conveys information about multiple resources, returning XML that contains multiple status codes.
208 Already Reported
(WebDAV) Used inside a DAV: propstat response element to avoid repeatedly enumerating the same internal members.
304 Not Modified
Indicates that the resource has not been modified since the version specified by the If-Modified-Since or If-None-Match headers. Client can use cached version.
307 Temporary Redirect
The resource resides temporarily at a different URI, and the client should repeat the request using the same method. Unlike 302, it guarantees the same method (POST stays POST).
308 Permanent Redirect
The resource has been permanently moved to a new URI. The client should use the new URI and repeat the request with the same method. POST stays POST.
404 Not Found
The server can not find the requested resource. This is the most common client error.
405 Method Not Allowed
The method specified in the request (e.g. POST, GET, DELETE) is not allowed for the resource.
406 Not Acceptable
The requested resource is capable of generating only content not acceptable according to the Accept headers sent by the client.
407 Proxy Authentication Required
The client must authenticate itself with the proxy before the request can be served.
408 Request Timeout
The client did not produce a request within the time that the server was prepared to wait.
409 Conflict
The request could not be completed due to a conflict with the current state of the resource. Typical in REST APIs when there is a version conflict.
410 Gone
The requested resource is no longer available and will not be available again. Typically used to indicate intentionally removed resources.
411 Length Required
The server refuses to accept the request without a defined Content-Length header.
412 Precondition Failed
One or more conditions given in the request header fields evaluated to false when tested on the server.
413 Content Too Large
The request entity is larger than limits defined by the server. (Previously called Payload Too Large).
414 URI Too Long
The URI provided was too long for the server to process. Often happens with overly large query strings.
415 Unsupported Media Type
The media format of the requested data is not supported by the server (e.g., sending XML where JSON is expected).
416 Range Not Satisfiable
The range specified by the Range header field in the request can't be fulfilled; the requested range is outside the size of the target resource.
417 Expectation Failed
The server cannot meet the requirements of the Expect request-header field.
418 I'm a teapot
Defined in RFC 2324, returned by teapots requested to brew coffee. Not actually used in production systems.
421 Misdirected Request
The request was directed at a server that is not able to produce a response (commonly seen in HTTP/2 multiplexed connections).
422 Unprocessable Content
The server understands the content type of the request and the syntax is correct but was unable to process the contained instructions. (Common in REST validation errors).
423 Locked
The resource that is being accessed is locked. (WebDAV).
424 Failed Dependency
The request failed due to failure of a previous request. (WebDAV).
425 Too Early
Indicates that the server is unwilling to risk processing a request that might be replayed. Used in early TLS handshake.
426 Upgrade Required
The server refuses to perform the request using the current protocol but might be willing if the client upgrades to a different protocol (e.g., switch to TLS/1.2).
428 Precondition Required
The server requires the request to be conditional. Intended to prevent the 'lost update' problem.
429 Too Many Requests
The user has sent too many requests in a given amount of time (rate limiting).
431 Request Header Fields Too Large
The server is unwilling to process the request because its header fields are too large.
444 No Response
The server closes the connection without sending any HTTP response to the client. Typically used to drop malicious or unwanted requests silently. Logged in access.log as 444.
451 Unavailable For Legal Reasons
The server is denying access to the resource as a consequence of a legal demand (for example, geo-blocking or copyright takedown).
494 Request Header Too Large
The client sent HTTP headers that exceed the server’s configured maximum (large_client_header_buffers). The server closes the connection.
495 SSL Certificate Error
The server failed to verify the client’s SSL certificate during the handshake (invalid or untrusted client cert).
496 SSL Certificate Required
The server expected a client SSL certificate (mutual TLS), but the client did not provide one.
497 HTTP Request Sent to HTTPS Port
The client sent a plain HTTP request to an HTTPS port (like port 443). The server detects this mismatch.
499 Client Closed Request
The client closed the connection before the server could send a response. This code appears in access.log; it is not sent back to the client.
504 Gateway Timeout
The server, while acting as a gateway or proxy, did not receive a timely response from the upstream server it needed to access.
505 HTTP Version Not Supported
The server does not support the HTTP protocol version used in the request (like HTTP/1.0 vs HTTP/2).
506 Variant Also Negotiates
Transparent content negotiation for the request results in a circular reference. Very rare.
507 Insufficient Storage
The server is unable to store the representation needed to complete the request (typically in WebDAV scenarios).
508 Loop Detected
The server detected an infinite loop while processing a request (also seen in WebDAV collections).
510 Not Extended
Further extensions to the request are required for the server to fulfill it. Very uncommon.
511 Network Authentication Required
The client needs to authenticate to gain network access, often used by captive portals (Wi-Fi login pages).
RFC 8470: HTTP 103 Early Hints
(specifies 103 Early Hints for resource preloading)
Indicates that the request was successfully received, understood, and accepted.
3xx Redirection
Instructs the client to perform additional actions to complete the request (typically follow a different URL).
4xx Client Error
Indicates that the error is due to something the client sent (invalid request, missing auth, etc.).
5xx Server Error
Indicates that the server failed to fulfill a valid request.
100 Continue
The server has received the initial request headers and the client should proceed to send the request body (used with Expect: 100-continue).
101 Switching Protocols
The server agrees to switch protocols as requested by the client (for example upgrading from HTTP to WebSocket).
102 Processing
(WebDAV) The server has received and is processing the request, but no response is available yet. Prevents client timeouts on long operations.
103 Early Hints
200 OK
The standard response for successful HTTP requests. The actual response depends on the request method (GET returns a resource, POST might return confirmation, etc).
201 Created
The request was successful and resulted in the creation of a new resource. Often includes a Location header pointing to the new resource.
202 Accepted
The request has been accepted for processing, but the processing is not complete. Typically used for async workflows.
203 Non-Authoritative Information
300 Multiple Choices
Indicates multiple options for the resource that the client may follow (for example, different file formats). Rarely used in practice.
301 Moved Permanently
The resource has been permanently moved to a new URI. Clients should update their references. Future requests should use the new URL.
302 Found
The resource resides temporarily under a different URI. The client should continue to use the original URI for future requests. (Most common for standard redirects, but technically should use 303/307).
303 See Other
400 Bad Request
The server could not understand the request due to invalid syntax (malformed JSON, missing required parameters, invalid query strings, etc).
401 Unauthorized
Authentication is required and has failed or has not yet been provided. The client should provide valid authentication credentials.
402 Payment Required
Reserved for future use. Intended to be used for digital payment systems but rarely implemented.
403 Forbidden
500 Internal Server Error
A generic error message indicating an unexpected condition was encountered and the server cannot fulfill the request. No more specific message is suitable.
501 Not Implemented
The server does not support the functionality required to fulfill the request (e.g. an unsupported HTTP method).
502 Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from the upstream server.
503 Service Unavailable
Used to return some response headers before the final HTTP message, typically to allow the client to start preloading resources (via Link headers) while the server prepares the final response.
The server successfully processed the request but is returning information from another source (like a proxy or transformation) that might not be exactly the original.
The server directs the client to get the requested resource at another URI using a GET request, typically after a POST.
The client does not have access rights to the content. Unlike 401, authentication will not help; it is an explicit refusal.
The server is currently unable to handle the request due to temporary overload or scheduled maintenance. Usually a temporary condition.
Integrating Dynamic CDN Resource
Click on the CDN Resource menu, select the CDN Resource you created and move to the Caching menu.
First you need to configure the Cache Settings at the bottom of the page. Cache Type field provides two options.
If you would like to use the cache time defined on the origin with the cache-control header, you can select “Origin”. If you would like to set custom cache time, you can select “Edge”.
When you select Edge, you should set the cache time, which indicates the maximum age of your cached content. Then you should also specify if you would like to cache dynamic content such as your HTML files and click the Save Changes button.
Next, you need to check your Query String Caching settings. You can leave the Query String setting disabled, if you would like to cache your files by ignoring query strings; or you can enable it to treat each query string as a cacheable item.
If “Cache Dynamic Pages” option under Cache Settings has been enabled at Step 4.1, that means all HTML files served by your origin and all resources (CSS, images, JavaScript) found in HTML files, will be cached and served through Medianova CDN.
However, it is recommended to exclude some of the HTML files which contain private information (such as account details, credit card information on check out page etc.). Below are two options to disallow caching, either by defining paths or by using cookies.
a. Page Rule Cache Type:
Go to the Page Rules menu and select dynamic cache type for the desired paths and/or extensions.
b. Disallow Caching by Using Cookies:
Go to the Caching menu and enter Cookie Key & Cookie Value to bypass caching under “Disallow Cookie Base Cache” setting.
Go to the SSL menu and upload your SSL certificate.
You can test your Aksela account before redirecting your Website URL to your CDN URL, and serving traffic through our platform.
To start testing, first you need to find the IP address of the CDN URL. In order to do that, you can ping your CDN URL on Command prompt.
Example: ping cdnresource_name.mncdn.com
b. Then, you need to add this IP address to your hosts file.
- Open the Run tab by pressing Windows key + R.
- Type system32 in the search bar and click ok.
- On the screen, go to the “drivers” folder and then to the “etc” folder.
- Under the “etc” folder, you can right-click on your “hosts” file and select open and edit with application such as Notepad or Notepad++.
- Please add the IP address you obtained in the first step and the website you want to reach using this IP address to the file and save it.
c. Clear your browser cache. Make a request to the page by typing yourdomain.com in the address bar. On the page that opens, right-click on an empty area and select “inspect”. Go to the “Network” tab and find your Website URL within the list of requests. Click on it and and display the information in the “Headers -> Response Headers” area. Seeing “MNCDN” next to the “Server” field shows that the .html file is served from Medianova.
After completing the test successfully, login to your DNS hosting provider’s client panel and add a CNAME record for redirecting your Site URL to the CDN URL you have created.
yourdomain.com IN CNAME cdnresource_name.mncdn.com
Your traffic is now served through Medianova Aksela.
