1 of 100

Knowledge Base

Welcome to the Medianova Knowledge Base

Product documentation, guides, troubleshooting and API documentation.

Learn how to integrate and optimize your workflows with our detailed API documentation.

Getting Started

Concepts

Introduction

Medianova is a global provider of Content Delivery Network (CDN) and cloud security services designed to accelerate and secure digital experiences. With over 50 data centers across 21 countries, it helps businesses deliver fast, reliable websites, applications, and APIs while ensuring high performance and robust security.

Key Services and Concepts

1. CDN (Content Delivery Network) A CDN optimizes content delivery by distributing it across multiple servers around the world. Medianova's CDN service ensures that content such as images, stylesheets, and scripts are delivered efficiently by caching static assets at strategically located servers. This minimizes latency and improves page load times for users.

2. Static CDN The Static CDN service is specifically designed to optimize the delivery of static content. By caching assets globally, it ensures that users receive content from the nearest server, drastically reducing load times and enhancing performance. Integration is simple, with users needing only to update asset URLs and configure settings via the Medianova platform.

3. Dynamic Content Caching Dynamic content, generated per user request, can be resource-intensive. Medianova's microcaching system allows for caching dynamic content (e.g., API responses or web pages) for brief periods, thus reducing server load and improving page speeds. This helps reduce bandwidth costs while enhancing the user experience.

4. Live Streaming Medianova provides high-quality live streaming with adaptive streaming technology. This ensures optimal video quality across devices, from desktop to mobile, while maintaining seamless playback. The platform integrates with major social media platforms for broader reach. Security features, including encryption and access controls, ensure that content is protected and accessible only to authorized users.

5. Private CDN For organizations requiring greater control, the Private CDN offers flexible, secure, and high-performance content delivery. It provides businesses with tailored solutions that allow enhanced security and content distribution management.

6. Image Optimization Medianova offers real-time image optimization. This feature allows on-the-fly image transformations such as resizing, cropping, and watermarking through simple URL calls. It also supports responsive images, ensuring that content is tailored for different devices and screen sizes, contributing to faster load times and better user experiences.

7. Stook - Cloud Object Storage Stook is Medianova's cloud object storage solution that enables businesses to store, manage, and retrieve data quickly and reliably. It is S3-compatible and eliminates the traditional barriers of egress and transaction fees, making it a cost-effective choice for scalable storage needs.

8. SSL Encryption Secure Socket Layer (SSL) ensures encrypted communication between a server and a client. Websites with SSL certificates are considered secure, and this encryption is critical for e-commerce platforms, where security is a primary concern for users.

9. Medianova WAF (Web Application Firewall) Medianova's WAF actively monitors all incoming web traffic to detect and block malicious patterns before they can affect web assets. With predefined Managed Rules, enabling these rules offers immediate protection against various security threats.

10. DDoS Protection Medianova's DDoS protection system is always active, offering continuous defense against common attack types, such as DNS Query Floods, SlowLoris, and HTTP floods. It includes several mitigation strategies, including rate limiting, IP blocking, and geoblocking, ensuring minimal disruption to services during attacks.

Conclusion

Medianova combines advanced caching, acceleration, and security features to help businesses create fast, reliable, and secure digital solutions. With global infrastructure, robust security, and easy integration, Medianova empowers businesses to deliver superior user experiences while ensuring high performance and protection against a wide range of threats.

Start your Free Trial

You can try Medianova for 1 month without needing a credit card or any commitments. Your account will be activated automatically. If you need more features or help, our sales team is ready to assist you.

The trial includes important features like Static CDN and Dynamic CDN, which make sure your website content loads faster by delivering it from the closest server. The Web Application Firewall (WAF) lets you create custom security rules to protect your site from harmful traffic. You also get Standard DDoS Protection to keep your website safe from attacks that try to overload it with too much traffic.

The Global Anycast DNS feature improves your site’s DNS performance by directing traffic to the nearest server, which helps reduce loading times. The Purge feature allows you to quickly remove outdated content from all servers so your website shows updates instantly. You can also use page rules to control how your content is cached, forwarded, and secured, giving you more control over how the CDN handles your site.

How to Activate Your Free Trial:

Fill in the fields for your name, email address, and password.
Click the Next button.
Enter the verification code sent to your email.
For your CDN resource, select Website. Make sure that the Origin URL and the Website URL are different.
The package will be displayed as Free Trial. Click the Proceed to Purchase button.
Finally, fill in your billing address and click the Complete Purchase button.

Your Free Trial has now started successfully.

Key Features to Explore:

Static CDN
Dynamic CDN
Web Application Firewall
DDoS Protection
Global Anycast DNS
Purge

Need a Helping Hand?

Products

Security

DDoS Protection

Understanding DDoS Attacks

Distributed Denial of Service (DDoS) attacks involve overwhelming a target system or network with a flood of traffic, rendering it unavailable to users.

How Medianova DDoS Protection Works

Mitigation Strategies

A variety of mitigation strategies are integrated into Medianova's DDoS protection. From Rate limiting to IP blocking or Geoblocking, our service ensures minimal disruption to your services.

Always-on DDoS Defense

Your DDoS defense is always on. You don’t need an extra activation process to protect your web assets against common attack types such as;

DNS Query Floods
SlowLoris
HTTPS GET
HTTPS POST, and more.

Anycast DNS Infrastructure

Our Anycast DNS network distributes thousands of requests across multiple servers that might overwhelm a single server and mitigates DDoS attacks.

IP Protection

You can mitigate the likelihood of DDoS threats preemptively by concealing your origin IP address before an attack can be initiated.

Origin Shield

Medianova provides you an extra layer of security for your origin and limits its exposure to possible DDoS attacks with our Secure Cloud.

Web Application Firewall (WAF) Integration

By combining DDoS Protection with WAF, Medianova provides a multi-layered defense mechanism, offering protection not only against DDoS attacks but also against application layer threats.

SSL/TLS Encryption

Secure Socket Layer(SSL) provides secure, encrypted communications between a server and client. A website with an SSL certificate is considered safe. Generally, The most important reason for e-commerce sites to be preferred by users is whether they are secure.

The Http protocol has been used for many years to provide communication in the Internet world. But http is not very secure and has turned into HTTPS over time. Https is a protocol used to secure data exchange on the network. This protocol in order to provide security performs an encrypted connection with SSL / TLS.

We have explained the types of certificates you can choose for you first, and then the steps that should be followed to define SSL certificate via Medianova CDN in the cases where the SSL certificate received is .pfx.

Certificate Types

There are many different types of SSL certificates. Below you can find explanations about the most common types of certificates.

1. Wildcard SSL Certificate

Wildcard SSL Certificate is a type of certificate that can be used for all of the subdomains of a certain domain. Wildcard SSL also supports Sub-names of the domain. For example; http://www.yourdomain.net , http://yourdomain.net , http://admin.yourdomain.com , *.yourdomain.net.This type of certificate is supported by all browsers such as Internet Explorer, Mozilla, Chrome. The wildcard is the type of certificate which is ideal for e-commerce and sites requiring a secure login.

2. SAN supported SSL

Certificates are generally purchased for a hostname (main domain). However, there is another type of certificate that supports more than a domain name, and its called SAN. SAN-hosted certificates may vary in hostname permissions. It will be wise to obtain a SAN-supported SSL certificate after you have decided about the number of domains to be served and the type of service you will be serving.

3. Code Signing SSL Certificate

The code signing certificate usually is used by software developers and they digitally sign aps and other software to verify the end-users that the code they are receiving hasn’t been altered or compromised by a third party.If you want to request an SSL certificate for your own server or a code/driver, you need to create a certificate signing request (CSR). This defines both the server that will use your certificate and the domain names (known names) that you will use for SSL certificates.

4. Other Types of SSL Certificates

There are also Domain SSL, Extended SSL, and Organization SSL certificate types.

Domain SSL: An SSL certificate service that can be used to protect and secure only a domain name. Single or multiple domain options are also available depending on your need. ‏‏‏‏‏‏
Organization Validated SSL: Organization Validated SSL is the type of SSL Certificate that turns the browser’s address bar entirely green or displays the name of your organization alongside a green lock. ‏ ‏‏‏‏
Extended SSL: Extended SSL is the type of certificate service that has more credibility than Domain SSL. The green branded address bar is the most highly recognizable sign of an EV-secured webpage. It shows visitors your website is a safe place to enter their sensitive data. ‏‏‏‏‏‏‏‏

How to upload and manage SSL Certificates?

Navigating to SSL Management

Click on the “CDN → SSL Management” option in the left menu of the panel.
The SSL Certificates added to your organization are displayed on this page. If you don’t own an SSL certificate, proceed to Step 5.

Adding a New SSL Certificate

To add a new SSL certificate to your organization:

Click on the “Add New SSL” button on the SSL Management page.
Fill in the following fields:
- SSL Name: Specifies the name of the SSL certificate for your organization.
- Certificate: Upload the CRT file, which enables website verification and secure communication.
- Private Key: Upload the private key, which is part of the asymmetric encryption used for SSL. This key must be securely stored and is only available on the web server.
- Certificate Password: Enter the password used to protect the private key.
After completing the fields, click the “Add New SSL” button to upload the certificate.

Applying an SSL Certificate to a CDN Resource

To use the SSL certificate you uploaded or to choose the “Shared SSL” option:

Navigate to the “CDN → CDN Resources” option in the left menu.
Select the specific CDN Resource from the listed resources.
Navigate to the SSL tab:
- For Small and Large resource types, this tab is labeled as “CNAME & SSL”.
- For Streaming, VOD, and Dynamic resource types, it is labeled as “SSL”.
On the SSL tab:
- Choose the “SNI” option to apply the SSL certificate you uploaded.
- Or, select the “Shared SSL” option if you don’t own an SSL certificate.
Save your changes.

Managing SSL Certificates

In the SSL Management menu, you can also perform the following actions:

Edit: Allows you to rename the SSL certificate. Note that no other edits are allowed.
Delete: Prompts a confirmation pop-up before allowing you to delete the certificate.

Supporting Customers with Certificate Chains

If your SSL certificate requires a certificate chain (e.g., Intermediate or Root certificates) and you need to complete it:

Use the Certificate Chain Completion Tool available at [link-to-tool]. This tool helps you generate and complete the required chain for your certificate.
After generating the complete chain, upload the updated certificate file using the steps outlined above.

This additional support ensures your SSL configuration is accurate and prevents potential issues caused by incomplete or incorrect chain entries.

Web Application Firewall (WAF)

Medianova WAF watches all the web traffic coming in, finds any malicious pattern, and thwarts potential threats before they can compromise web assets. It offers pre-defined Managed Rules and enabling these managed rulesets grants immediate protection against a wide range of security threats.

Once you have activated your WAF, you can start configuring your managed rulesets and custom rules based on your requirements.

Enable / Disable a Managed Ruleset

You can toggle the switch beside a managed ruleset to activate or deactivate it.

Enable / Disable a Specific Rule

You can click on the managed ruleset and see the specific rules that are tied to the ruleset. You can toggle the switch beside a specific rule to activate or deactivate it.

Creating a Custom Rule

You can create customized rules using parameters such as user agent, request protocol, request URI, client IP, referrer, and request method. You should enter a rule name, define the appropriate condition, select the WAF action and submit your changes to create a custom rule.

Handle False Positives

If you come across a false positive resulting from a managed rule, you take one of the following actions:

You can start by activating your WAF in Monitoring-Only mode, to observe underlying traffic, analyze your security posture and derive valuable insights without impeding traffic flow. According to these insights, you can tune your WAF by properly configuring your managed rulesets and custom rules.
You can disable the associated managed rule. While this approach can help prevent false positives, it does come with the trade-off of diminishing the overall security of the site.
If a particular rule is responsible for false positives, you may consider to deactivate that individual rule rather than the entire ruleset.
You can create custom rules for tailored defense and preventing false positives.

How to activate WAF?

Activating the Web Application Firewall (WAF) in the Medianova Cloud Panel enhances your website's security by protecting against potential threats. Whether you’re setting up a new Dynamic CDN Resource or configuring an existing one, the process is straightforward. This guide provides step-by-step instructions to activate WAF, customize its settings, and choose between "Monitoring Only" or full protection modes to safeguard your applications effectively.

Click on the “CDN → Create CDN Resource” option on the left menu of the panel if you haven’t created a Dynamic CDN Resource yet. Skip Step 2 and proceed to Step 3, if you have a Dynamic CDN Resource already.

Select Dynamic CDN Resource in the “Start building your CDN” area.

Fill in the requested information and click on the “Create CDN Resource” button.

Click on the “Security → WAF” option on the left menu of the panel and press on one of the listed resources to configure and activate your WAF service.

You need to change the WAF status to “Monitoring Only” or “On”, to proceed with adding custom rules based on your specific requirements. In the “Monitoring Only” mode, our WAF provides real-time monitoring for potential threats, while allowing all traffic to pass through uninterrupted, providing you with valuable insights into your website’s security posture without affecting its functionality.
Next, you can define custom rules based on a wide range of parameters. These are;

Request Method: Represents the different request methods (GET, POST, PUT, DELETE, etc.) used in the HTTP protocol. It can properly limit the methods of requests to the web application and increase the security of the application.
Client IP: Represents the IP address of the user connecting to the web application. This information can improve the web application’s ability to verify the origin of requests and perform security checks.
Referrer: Represents the URL of the previous page that redirects to the web page. This information can help the web application learn more about the origin of its requests and increase security controls.
Args: Represents the arguments in the HTTP request. These arguments contain the information required for the Web application to function correctly. However, malicious arguments submitted by malicious users can cause security vulnerabilities in the application.
Request URI: Represents the destination URL of the HTTP request. This information can help the Web application determine how it handles requests and perform security checks.
Request Protocol: Represents the HTTP protocol used (HTTP/1.1, HTTP/2 etc.). Using the correct protocol version can ensure that the web application functions correctly and performs security checks.
User Agent: Represents information of the agent (usually a browser) making the HTTP request. This information can help the Web application determine how it handles requests and perform security checks.

5.1. Fill in a “Rule Name” for your custom rule.

5.2 Click on the “Field” dropdown menu and select the parameter you would like to use.

5.3 Choose the corresponding “Operator” and “Value”.

5.4 Press the “And” button if you would like to create a chain of conditions. Please note that current WAF version supports maksimum 3 chain of conditions.

5.5 Select the action you want your WAF to take, when incoming requests match your chain of conditions.

5.6 When you finish entering the required information for your custom rule, press the “Add Rule” button. You can continue to add rules according to your needs.

5.7 When you are done adding rules, please press the “Submit” button.

You can edit or delete a custom rule by clicking on the “Edit” and “Delete” icons. When you click on the “Edit” icon, you will see the following screen. Press the “Submit” button after editing your rule.
After activating your WAF in “On” or “Monitoring Only” mode, you can monitor metrics by clicking on “Analytics → WAF” option on the left menu of the panel. Select your WAF resource to display the following metrics;

Threats: The number of requests made to the WAF rules among the requests made to the website.
Top 10 Client IPs: User IP addresses from which requests plugged into WAF rules come from.
Top 50 Request Uri: Addresses where requests stuck in WAF rules are made.
Top 50 User Agent: Device information from which requests plugged into WAF rules are made.
Rule: Information on which rule the requests stuck in WAF rules are stuck on.
Last 300 Activity Log: Detailed information of the last 300 requests stuck in WAF rules.

Analytics

Overview

A Web Application Firewall (WAF) provides an essential layer of security for your website, protecting it from malicious attacks by analyzing incoming traffic and blocking harmful requests. To efficiently manage this security layer, it is crucial to regularly monitor and analyze the WAF’s analytics data.

Once your WAF is activated in either "On" or "Monitoring Only" mode, you can access detailed metrics by navigating to the Analytics → WAF section in the panel. This data provides you with valuable insights into the security status of your website, enabling you to make informed decisions about how to enhance your protection.

This document explains the key metrics and charts available in the WAF analytics dashboard, and how to interpret and use them effectively.

Dashboard Visualizations

The WAF analytics dashboard also includes various charts and tables that make it easier to understand and interpret the data. These visualizations help you quickly spot trends, patterns, and anomalies in your website's traffic and security.

1. Attack Histogram

The Attack Histogram displays the number of attacks over time, helping you identify patterns and trends in security incidents. This chart can be filtered by URL to provide a more granular view of attacks targeting specific pages or resources on your website.

2. Threats

The Threats metric represents the number of requests that have triggered WAF rules relative to the total number of requests made to your website. This data helps you understand the volume of potentially malicious traffic your site is receiving and how effective your WAF is at blocking harmful requests.

When analyzing this metric, pay attention to sudden spikes in threat volume, as they may indicate an attack or a change in traffic patterns. Tracking the Threats metric over time will allow you to gauge the overall effectiveness of your security rules and identify if any adjustments are necessary to improve threat detection and mitigation.

The Threats Table breaks down threat data into several time periods:

Total: The total number of threats detected since the WAF was activated.
Today: The number of threats detected today.
This Month: The number of threats detected in the current month.
Last Month: The number of threats detected in the previous month.

3. Top 10 Client IPs

The Top 10 Client IPs table displays the IP addresses responsible for triggering the most WAF rules. This metric helps identify potential sources of malicious traffic or attackers. By reviewing this data, you can take proactive measures, such as blocking or rate-limiting suspicious IPs. It also helps recognize patterns, such as bot-driven traffic or targeted attacks from specific regions or entities. The accompanying Pie Chart provides a visual breakdown of these IPs, making it easier to identify high-risk sources and take swift action to mitigate potential threats.

4. Top 50 Request URIs

The Top 50 Request URIs table displays the URLs on your website most frequently targeted by requests that trigger WAF rules. This metric helps identify which parts of your site are under the most attack, allowing you to pinpoint areas that may be more vulnerable. By analyzing the Request URIs, you can detect patterns in attack vectors, such as specific endpoints or resources being targeted, and adjust your security measures accordingly. If certain URLs are consistently attacked, you may consider implementing more tailored WAF rules to strengthen protection for those areas.

5. Top 50 User Agents

The Top 50 User Agents table provides insight into the devices and browsers generating requests that are being blocked by WAF rules. This data can help you identify anomalies in traffic, such as attacks coming from unusual user agents, which may indicate automated bot traffic.

6. Rule

The Rule metric indicates which specific WAF rule is triggered by incoming requests. This helps assess the effectiveness of each rule in detecting and mitigating threats. By analyzing which rules are most frequently triggered, you can identify patterns in attack types and adjust your rule configuration accordingly. If a rule is triggered too often, it may indicate false positives or that the rule needs refinement to better suit your site's needs.

The Rule table displays the most frequently triggered WAF rules. This table allows you to evaluate the performance of each rule and understand which threats are being blocked most effectively. Frequent triggers suggest the rule is successfully mitigating a particular type of attack, but if the rule is ineffective, it may require adjustments.

7. Last 300 Activity Log

The Last 300 Activity Log displays detailed information on the most recent 300 requests flagged by WAF rules. This log allows you to dive deeper into recent security incidents, providing crucial insights for further investigation and threat mitigation.

Conclusion

By regularly monitoring these WAF analytics metrics and reviewing the dashboard charts, you gain valuable insights into the security of your website. This data allows you to detect potential threats early, identify patterns in malicious traffic, and fine-tune your WAF rules to ensure maximum protection.

For further assistance or to customize your WAF settings, please refer to the help section in the panel or contact support.

Rate Limiting

The Rate Limiting feature in the Medianova Cloud Panel provides a robust mechanism to control incoming traffic volume, protect your resources from abuse, and optimize overall system performance. By defining request limits and actions, you can effectively manage excessive requests, ensure fair usage, and maintain stability for your CDN services.

Rate Limiting allows you to restrict the number of requests made to your CDN resource within a specified time window (seconds or minutes). It is particularly useful for:

Preventing abuse: Protect resources from malicious traffic or bots.
Traffic optimization: Ensure fair access by limiting excessive requests from individual clients.
Resource protection: Reduce the load on your origin servers and avoid unnecessary bandwidth consumption.

The feature also supports additional actions, IP whitelisting, and configurable HTTP status codes to manage traffic behavior efficiently.

Key Features

Customizable Request Limits
- Define the number of requests allowed within a time window:
  - Seconds: Fine-tune request limits for short intervals.
  - Minutes: Broader control for longer time windows.
Rate Limit Options
- Configure the behavior of rate limits:
  - Burst + No Delay: Allows an initial burst of requests without any delays, ensuring immediate responsiveness.
  - Burst: Allows a burst of requests but applies delays or throttling once the threshold is exceeded.
  - None: Disables burst handling and enforces a strict limit.
IP Whitelisting
- Enable the Whitelist IP Status to exclude specific IP addresses from Rate Limiting rules. This is useful for trusted clients or internal testing purposes.
Configurable HTTP Status Codes
- Choose the response status code when the rate limit is exceeded:
  - 429 Too Many Requests: Indicates the client has sent too many requests within the time window.
  - 529 Site Overloaded: Used when the server is unable to process requests due to excessive load.
Action Management (Dynamic CDN Only)
- Define actions for excessive requests:
  - Block: Reject requests that exceed the rate limit.
  - Challenge: Present a challenge (e.g., CAPTCHA) to validate whether the client is legitimate.

How to Configure Rate Limiting

Follow these steps to configure Rate Limiting for your CDN resources in the Medianova Cloud Panel:

Access the Configuration
- Log in to the Medianova Cloud Panel.
- Click on the CDN Resources section in the left-hand menu.
- Select the relevant resource you want to configure.
- Navigate to the Security tab.
- Scroll down to the Rate Limiting section.
Enable Rate Limiting
- Locate the Status option.
- Toggle the Status to On to activate the Rate Limiting feature.
Set Request Limits
- Under the Request Limit section:
  - Specify the maximum number of requests allowed per second or minute.
  - Adjust these values based on your traffic volume and server capacity.
Configure Rate Limit Options
- Select a Rate Limit Option from the following:
  - Burst + No Delay: Allows a temporary spike in requests with no initial delay.
  - Burst: Allows a burst of requests but applies throttling afterward.
  - None: Disables burst handling, enforcing a strict rate limit.
- If Burst or Burst + No Delay is selected, enter a Burst Value to define the threshold for the burst limit.
Whitelist IPs (Optional)
- To exclude specific IP addresses from Rate Limiting:
  - Toggle the Whitelist IP Status to On.
  - Add the trusted IP addresses to the whitelist.
- This ensures that trusted clients or internal traffic are not affected by rate limits.
Set Status Codes
- Choose the HTTP status code to be returned when the rate limit is exceeded:
  - 429 Too Many Requests
  - 529 Site Overloaded
Define Actions (Dynamic CDN Only)
- Under the Actions section, select one of the following options:
  - Block: Deny requests that exceed the rate limit.
  - Challenge: Present a challenge (e.g., CAPTCHA) to validate the request.
Save Your Configuration
- Click the Submit button to save your changes.
- The Rate Limiting rules will now be applied to your selected resource.

Hotlink Protection

If you wish to restrict access to your CDN Resource exclusively through links on your website, you have the option to establish hotlink protection for that specific CDN Resource. The functionality of hotlink protection relies on the "Referer:" header present in each HTTP request.

Hotlink protection is a security feature to prevent unauthorized use of hosted media files, such as images, videos, or other static content. The term "hotlinking" refers to the practice of directly embedding or linking to these files from external websites, without the owner's permission.

Hotlink protection works by checking the "Referer" header in the HTTP request. The "Referer" header indicates the URL of the webpage making the request. When hotlink protection is enabled, the server verifies whether the request is coming from an allowed source (whitelisted domains) or a restricted source (blacklisted domains). If the request is from an unauthorized source, the server can take various actions, such as blocking access, redirecting to a specified page, or serving a placeholder image.

This feature helps website owners and content providers control how their resources are used, preventing others from using their bandwidth and server resources to display content on external sites without permission. Hotlink protection is particularly useful for conserving bandwidth, reducing server load, and maintaining control over the distribution of digital assets.

This feature can be conveniently configured by selecting your CDN Resource and navigating to the Security menu.

IP Restriction

IP Restriction ACL, short for Access Control List, regulates access by controlling which IP addresses are allowed or denied access to specific network resources.

This type of ACL typically offers two main options:

Whitelist: In this mode, only devices with specific IP addresses are allowed access to designated resources. IP addresses added to the whitelist are granted access, while all others are denied.
Blacklist: In contrast, devices with IP addresses listed in the blacklist are denied access to designated resources, while all other devices are allowed access.

Multiple IP addresses can be added to either the whitelist or the blacklist, depending on the desired access control policy. For example, you might whitelist IP addresses belonging to trusted partners or blacklist IP addresses associated with malicious activity.

However, it's important to note that you cannot use the whitelist and blacklist options simultaneously. They are mutually exclusive. You must choose one mode or the other, as they serve conflicting purposes.

This type of IP Restriction ACL is commonly employed to enhance network security by restricting access to critical resources and mitigating unauthorized access attempts.

To access the IP Restriction ACL setting in the Medianova Cloud Panel, follow these steps:

Start by clicking on CDN in the left-hand menu, then select CDN Resources from the submenu.
From the list of CDN Resources, choose the one for which you wish to configure the IP Restriction ACL setting.
Navigate to the Security tab within the selected CDN Resource.
Within the Security tab, you'll find the IP Restriction ACL setting.
When you enable IP Restriction ACL, two options will appear: Whitelist and Blacklist.
If you want to allow specific IP addresses and block others, select Whitelist. Enter the allowed IP addresses and click on the + icon.
If you want to block specific IP addresses and allow others, select Blacklist. Enter the blocked IP addresses and click on the + icon.
Click on the Save Changes button.

Geoblocking

Geo-Blocking allows you to control which countries can directly access your content. You can restrict the countries you choose from the list by dragging them to the whitelist and blacklist boxes. You can also define certain IP addresses to be in the whitelist and blacklist from the IP Restriction section.

While geo-blocking is often used as a blocking tool due to copyrights and licenses, it can also be used to enforce different pricing policies for end-users. Another common use is to prevent malicious traffic and illegal applications such as gambling and betting on the internet.

How to manage Geoblocking on Medianova Cloud Panel

You can reach the Geoblocking setting by clicking on the CDN Resource you would like to edit by following the CDN → CDN Resources path on the left side of the panel and navigating to Security tab.
After turning on the status of the Geoblocking setting, you can carry out the operation by moving the countries you want from the country list on the left to the whitelist or blacklist pane.
You can update your whitelist and blacklist and save changes any time.

You can also perform the same operation over IPs from the IP Restriction section at the bottom of the page.

FAQs

How does Medianova’s DDoS protection work?

Medianova’s DDoS protection works through integrated strategies like rate limiting, IP blocking, geoblocking, Anycast DNS, Origin Shield, and WAF integration to prevent overload, block threats, and protect your origin server.

Does CDN Reduce DDoS Attacks?

Yes, a CDN reduces DDoS attacks by distributing traffic across multiple servers, using Anycast DNS, rate limiting, and shielding the origin server. It minimizes the attack impact and improves resilience.

Do I need to manually activate DDoS protection on Medianova?

Medianova’s Always-On DDoS Protection is active by default, providing automatic protection for your web assets against common DDoS attack types, including DNS Query Floods, SlowLoris, HTTPS GET requests, and HTTPS POST requests. No additional activation or manual configuration is required.

What types of SSL certificates are supported by Medianova CDN?

Medianova CDN supports a wide range of SSL certificates, including:

Wildcard SSL Certificates
SAN-supported SSL Certificates
Code Signing SSL Certificates
Domain SSL, Organization Validated SSL, and Extended SSL Certificates

How can I upload and manage SSL Certificates?

Yes, it is possible. For detailed instructions, please refer to the "How to Upload and Manage SSL Certificates" documentation.

What file formats are supported for SSL certificates?

Medianova supports standard SSL certificate formats, including .crt for certificates and .key for private keys.

Can I add multiple SSL certificates to my organization?

Yes, you can add multiple SSL certificates to your organization. Each certificate can be associated with different resources or domains.

How can I use Free SSL?

Yes, you can use Free SSL. For detailed steps, please refer to the "How Can I Use Free SSL?" documentation.

Does Medianova support TLS 1.3?

Yes, Medianova CDN supports TLS 1.3, the latest version of the TLS protocol, which offers enhanced security and faster performance compared to its predecessors.

What are the differences between “SNI” and “Shared SSL”?

SNI (Server Name Indication): This option allows you to use your own SSL certificate uploaded via the panel for a specific CDN Resource.

Shared SSL: If you don’t have your own SSL certificate, Medianova provides a shared SSL option that can be used for secure connection

Can I edit an uploaded SSL certificate?

You can only rename an SSL certificate in the SSL Management menu. Other edits, such as updating the certificate or private key, are not allowed. If changes are needed, delete the existing certificate and upload a new one.

How do I delete an SSL certificate?

To delete an SSL certificate:

Go to “CDN → SSL Management”.
Click on the “Delete” option next to the certificate.
Confirm the action in the pop-up window that appears.

What is a Private Key, and why is it important?

The Private Key is a critical part of the SSL certificate that ensures secure communication. It is based on asymmetric encryption and must be kept secret:

The Private Key stays on the web server and is never shared.
The Public Key is shared openly to establish secure communication.

What happens if I don’t own an SSL certificate?

If you don’t have your own SSL certificate, you can:

Use the “Shared SSL” option provided by Medianova.
Utilize the “Free SSL” option, which generates a certificate through Let’s Encrypt.

What is the difference between "Monitoring Only" and "On" modes in WAF?

Monitoring Only: In this mode, WAF monitors all incoming traffic for potential threats without blocking any traffic. It provides insights into your security posture and allows you to fine-tune rules before enforcing them.

On: In this mode, WAF actively filters and blocks malicious traffic, providing full protection for your web assets.

Can I view real-time threats blocked by WAF?

Yes, the WAF service provides real-time monitoring and logging of blocked threats, which can be viewed under Analytics → WAF in the panel.

Can I configure WAF for Dynamic CDN Resources?

Yes, you can configure the WAF for Dynamic CDN Resources. When creating a Dynamic CDN Resource, follow the steps to activate and configure the WAF as per your security requirements.

How do I create a custom rule in WAF?

To create a custom rule in WAF, please refer to the "How to Activate WAF" documentation for detailed guidance.

How can I handle false positives in WAF?

To handle false positives in WAF, enable Monitoring-Only mode to analyze traffic. Disable the specific rule causing the issue or create custom rules to prevent it, ensuring security remains intact.

Can I edit or delete a custom rule in WAF?

Yes, you can edit or delete custom rules by clicking the Edit or Delete icons and submitting the changes.

How can I configure Rate Limiting?

To configure Rate Limiting, please refer to the "Rate Limiting" documentation for detailed steps, where you will find instructions on how to log in, select resources, and configure settings in the Security tab.

How do I set the request limits?

Under the Request Limit section, specify the maximum number of requests allowed per second or minute.

Adjust the values based on your traffic volume and server capacity.

What is the difference between the "Burst" and "Burst + No Delay" options?

Burst allows a burst of requests but applies throttling once the threshold is exceeded.

Burst + No Delay allows a burst of requests without any initial delay, providing quicker responsiveness before applying throttling.

What is the "Burst Value" and how is it used?

The Burst Value defines the threshold for the burst limit when the Burst or Burst + No Delay option is selected. It specifies how many requests are allowed in a burst before throttling is applied.

What HTTP status codes can be configured for Rate Limiting?

You can choose one of the following HTTP status codes to return when the rate limit is exceeded:

429 Too Many Requests: Indicates that the client has exceeded the allowed number of requests within the specified time window.
529 Site Overloaded: Used when the server is overloaded and unable to process requests due to excessive traffic.

How can I define actions for excessive requests?

Block: Deny requests that exceed the rate limit.
Challenge: Present a CAPTCHA to validate the request.

How can I enable Hotlink Protection for my CDN Resource?

To enable Hotlink Protection, please refer to the "Hotlink Protection" documentation for detailed instructions on configuring it in the Medianova Cloud Panel.

How do I whitelist domains for Hotlink Protection?

In the Hotlink Protection section, you can add whitelisted domains that are allowed to access your CDN resources.

These domains will be granted permission to link to or embed your resources.

What happens if a request comes from a non-whitelisted domain?

If a request comes from a non-whitelisted domain (i.e., a blacklisted or unauthorized source), the server will:

Block access to the resource.
Optionally, you can configure the server to redirect the request to a specific page or serve a placeholder image.

How can I disable Hotlink Protection?

If you want to disable Hotlink Protection, simply toggle the Hotlink Protection option to Off in the Security menu of your selected CDN Resource.

What is the difference between Whitelist and Blacklist?

Whitelist: Only devices with IP addresses listed in the whitelist are allowed access to the designated resources. All other IP addresses are denied access.

Blacklist: Devices with IP addresses listed in the blacklist are denied access to the resources. All other devices are allowed access.

What happens if an IP address is not in the Whitelist or Blacklist?

If Whitelist is selected, only the listed IP addresses will have access, and all other IP addresses will be denied.

If Blacklist is selected, all IP addresses except those in the blacklist will have access to the resources

Why would I use the Whitelist option?

You would use the Whitelist option if you want to grant access to specific, trusted IP addresses (e.g., business partners, internal network) and deny all other requests.

Why would I use the Blacklist option?

The Blacklist option is useful if you want to block specific IP addresses that are known for malicious activity or unwanted access, while allowing all other devices to access the resources.

What happens if I make changes to the IP Restriction ACL settings?

After making changes to the IP Restriction ACL settings, click Save Changes to apply the new access control policy. The changes will immediately take effect.

How do I enable Geo-Blocking on Medianova Cloud Panel?

To enable Geo-Blocking, please refer to the "Geo-Blocking" documentation for detailed steps on configuring country-based restrictions in the Medianova Cloud Panel.

Can I update my Geo-Blocking settings after enabling it?

Yes, you can update your whitelist and blacklist at any time. Simply move the countries between the whitelist and blacklist boxes, and click Save Changes to apply the updates.

Can I block or allow specific IP addresses using Geo-Blocking?

Yes, in addition to country-based restrictions, you can also manage IP-based restrictions. Scroll to the IP Restriction section at the bottom of the page to whitelist or blacklist specific IP addresses.

How do I add or remove countries from the whitelist or blacklist?

To add a country, drag it from the country list on the left to either the Whitelist or Blacklist pane.

To remove a country, simply drag it out of the whitelist or blacklist pane and into the country list.

Can I apply Geo-Blocking to a specific CDN resource?

Yes, Geo-Blocking can be applied to individual CDN resources. You can configure the settings for each CDN resource separately.

Can I enable Geo-Blocking without using the IP Restriction section?

Yes, you can enable Geo-Blocking without using the IP Restriction section. The IP Restriction section is optional and can be used for more granular control over access.

Performance / CDN

Static Content Delivery

Medianova's Static CDN service is a tailored solution designed for websites and applications to efficiently deliver static content, focusing on elements like images, style sheets, and script files. The primary goal is to enhance the speed and effectiveness of content delivery by strategically distributing static assets across a global network of servers. Leveraging this globally distributed infrastructure, the service ensures that end-users receive content from the nearest server, thereby minimizing latency and optimizing page loading times.

The Static CDN by Medianova boasts key features, including global accessibility, high availability, and seamless scalability to accommodate varying levels of web traffic. To integrate this service, users can sign up for a Medianova account, configure CDN settings within the platform, and update the URLs of their static assets to point to the CDN. This straightforward integration empowers content providers to enhance website performance and deliver an optimized user experience.

For advanced configurations, users can set up a custom domain for a branded experience, enable SSL/TLS support for secure content delivery, and fine-tune compression settings to optimize file sizes. The service also provides monitoring and analytics tools, offering detailed usage statistics and real-time monitoring to ensure optimal performance and user satisfaction.

In summary, Medianova's Static CDN is a comprehensive solution catering to the specific needs of content providers seeking to accelerate static content delivery, improve website performance, and elevate the overall user experience on a global scale.

Create Small Resource

There are two different methods that can be preferred while creating a Small CDN Resource: Origin Pull and Origin Push.

The Origin Pull Method: It requires a domain or an IP address that belongs to your server where you store your contents. Your contents will be pulled from the source URL and cached at the edge server nearest to the end-user.
The Origin Push Method: It caches contents similar to the origin pull method. The only difference is the source of your content. Your contents will be stored on Medianova Cloud Storage and it will act as an origin to the Small CDN Resource.

Following file extensions are not allowed in a Small CDN Resource. The service will return a 403 error when calling these type of flies.

| 3gp | 3gpp | asf | asx | mp3 | wm | wav | midday | mpg | mov | mpeg | m2p | flv | f4v | avi | ogv |ogg | aac | mp4 | m4a | m4v |

How to Create a Small CDN Resource?

In the next screen, Small CDN Resource is selected from the “Start building your CDN” field.
Fill in the requested information for Small CDN Resource.

Source of Your Files (when My Origin is selected):
- My Origin: Select this option if your CDN Resource will use Origin Pull method.
- Origin URL: In this field, the origin URL from which the content will be extracted is specified. (http(s)://www.example.com).
- CDN Resource Label: In this field, a label describing your CDN Resource is entered.
  ‏‏‏‏‏‏‏‏
Source of Your Files (when CDN Storage is selected):
- CDN Storage: Select this option to host your content on Medianova servers and serve it to the end user with the Origin Push method.
- FTP Password: It is the password you will set for the FTP user to be created to upload your content.
- FTP Password Confirmation: Enter the FTP password again.
- CDN Resource Label: In this field, a label describing your CDN Resource is entered.
  ‏‏‏‏‏‏

Create Large Resource

Large CDN Resource is the type of resource you should use to serve your large content such as video, music, zip, exe files.

Note: Following file extensions are not allowed in a Large CDN Resource. The service will return a 403 error when calling these type of files.

gif | jpg | jpeg | png | bmp | swf | psd | tif | tiff | txt | html | jsp | js | css | ico | aspx | php | woff | ttf | eot | otf | htm | xml | pdf | psb | ashx | swz | cur | svg | jpr | webp

Click on the “CDN > Create CDN Resource” option on the menu on the left of the panel screen that will open after logging in.
On the next screen, select Large & VOD Streaming CDN Resource from the “Start building your CDN” field. The VOD option can be used to transcode video content (mp4 files..) to streaming protocols.
Make a selection between Large or VOD CDN Resource options according to your needs. Fill in the requested information for the selected CDN Resource.‏‏‏‏‏‏‏‏
1. Source of Your Files (when CDN Storage is selected): CDN Storage: Select this option to host your content on Medianova servers and serve it to the end user with the Origin Push method.
  FTP Password: It is the password you will set for the FTP user to be created to upload your content.
  FTP Password Confirmation: Enter the FTP password again.
  CDN Resource Label: In this field, a label describing your CDN Resource is entered.

Integrating Static CDN Resource

Identify Static Assets:

Identify the static assets on your website that can benefit from CDN acceleration. These may include images, stylesheets, scripts, and other static files.

Update URLs in HTML Code:

Replace the URLs of static assets in your HTML code with the corresponding CDN URLs. Update the "src" or "href" attributes of image tags, script tags, link tags, etc., to point to the CDN.

HTML

Before CDN Integration →

<img src="https://yourdomain.com/images/example.jpg"alt="Example Image">

After CDN Integration →

<imgsrc="https://CDN_URL/images/example.jpg" alt="Example Image">

Update CSS File References:

If your stylesheets are hosted locally, update the references to these files in your HTML to point to the CDN. Similarly, replace any background images or other assets within your CSS files.

CSS

Before CDN Integration →

background-image: url('/images/background.jpg');

After CDN Integration →

background-image: url('https://CDN_URL/images/background.jpg');

Update JavaScript File References:

If your website includes JavaScript files, update references to these files to use the CDN URLs. This ensures that scripts are served through the CDN for improved performance.

HTML

Before CDN Integration →

<script src="/scripts/example.js"></script>

After CDN Integration →

<script src="https://CDN_URL/scripts/example.js"></script>

Consider Relative Paths:

If your URLs are currently specified with relative paths, ensure that they remain functional after CDN integration. Adjust paths as needed to maintain proper file references.

Verify Links and Resources:

Review your website thoroughly to confirm that all links and resources are properly updated to use the CDN. Check for any broken links or missing assets.

Update Content Management Systems (CMS):

If your website uses a CMS (Content Management System) such as WordPress, update any relevant settings or plugins to ensure that URLs are correctly replaced for CDN delivery.

Define IPs in your Firewalls:

Test Across Environments:

Test your website across different environments, including staging and production, to ensure that CDN integration works seamlessly and doesn't introduce any issues.

Monitor and Optimize:

After integration, monitor the CDN's performance using analytics tools provided by your CDN provider. Optimize as needed for improved content delivery and user experience.

Update SEO Considerations:

Consider the impact of CDN integration on SEO. Ensure that search engines are aware of the change and update sitemaps and robots.txt accordingly.

Configuration Basics

Medianova CDN Configuration Basics document is designed to help you understand and implement the fundamental configurations necessary to leverage the full potential of Medianova's Content Delivery Network (CDN). Whether you are a web developer, content creator, or IT professional, this guide will walk you through essential concepts and steps to optimize content delivery, enhance performance, and improve user experience.

Creating a Medianova CDN Resource

To get started with Medianova CDN, follow these steps:

Click on the Create CDN Resource tab in the left menu.
Choose any resource type and fill in the necessary fields.
Create a resource and configure the necessary settings.
The resource you created will be in a "pending" status. Below is information about the resource statuses:

About the status of resources

Pending: The URL entered by the user is marked as "Pending" until the DNS resolution is complete. In this state, the domain name provided by the user has not yet been resolved to an IP address. While the DNS resolution process is ongoing, the resources are not yet accessible through the CDN.
Active: Once the DNS resolution for the URL is successfully completed, the resource status changes to "Active." In this state, the domain name has been resolved to an IP address, and the resource is accessible via the CDN. The resource is activated across all data centers and is optimized to provide the best performance to users.
Passive: If the resource becomes unavailable for any reason, the resource status changes to "Passive." In this state, the resource is inactive, and users cannot access it.

Configuration

The CDN URL and the ORIGIN URL below are examples.

Enlarges the table by opening it in a full screen dialogOpen

Origin URL

CDN URL

You must replace the existing domain on website code with the CDN URL for contents that you want to serve from CDN.

Examples of HTML code illustrating how to configure a CDN URL with the Origin URL:

Origin URL

<img src=”/images/logos/logo.jpg” alt=”” />

CDN URL

Source codes are replaced with the CDN URL instead of the Origin URL as mentioned above.

Thus, our CDN service becomes active on your site.

Medianova IP Blocks

The IP list required for your CDN (Content Delivery Network) configuration contains the server addresses necessary for your CDN to be configured correctly and securely. This IP list should be configured in collaboration with your CDN provider. Please ensure that these IP addresses are accurately communicated to your CDN provider.

This list may include specific IP blocks or ranges.

This list presents individual IP addresses in a text format. Each line may contain a single IP address.

This list is presented as a CSV file containing IP blocks or ranges.

Advanced Configuration

Origin Settings

Advanced Origin Settings

The Advanced Origin Settings feature enables users to set up intricate rules for origin configuration, providing a highly customizable and efficient way to optimize content routing. This functionality supports flexible routing by allowing you to define specific matching criteria for URIs, protocols, domains, ports, and more.

Key Features

URI Matching Criteria: Configure rules to match specific file extensions or directories.
Protocols: Choose the protocol (HTTP, HTTPS, or same as request) to route traffic.
Domain/IP Settings: Define specific domains or IPs for origin requests.
Port Configuration: Specify HTTP and HTTPS ports to communicate with the origin server.
Host Header Customization: Set custom host headers to align with origin requirements.
Priority Levels: Assign priority to rules, ensuring the correct settings are applied in case of overlaps.

How to Configure Advanced Origin Settings

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Origin Settings tab.
Navigate to the Advanced Origin Settings section in the Medianova Cloud Panel.

Click the Add button to open the configuration popup.
Fill in the following fields:
- URI Match Mode: Select the matching mode for URIs (e.g., exact match, prefix, or regex).
- URI Match Rule: Define the URI pattern based on the selected mode.
- Protocols: Choose between HTTP, HTTPS, or Same as Request to determine how the traffic should be routed.
- Domain or IP: Enter the domain or IP address of the origin server.
- HTTP Port: Specify the HTTP port to use for connections.
- HTTPS Port: Specify the HTTPS port to use for secure connections.
- Host Header: Provide a custom host header if required for the origin server.
- Priority: Assign a priority level to this rule to determine its precedence in case of multiple matching configurations.
Click the Add button.
Click the Submit button.

Rewrite Origin URLs

The Rewrite Origin URLs feature allows users to define rules for rewriting origin URLs. This provides enhanced control over how requests are routed and redirected, ensuring flexibility and optimization in URL management.

Key Features

Match Mode Options: Select specific modes to match URL patterns for rewriting.

Origin URI: Specify the original URI that triggers the rewrite rule.

Target URI: Define the new URI to which requests should be redirected. Priority Settings: Assign priorities to rules to control their execution order.

How to Configure Rewrite Origin URLs

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Origin Settings tab.
Navigate to the Rewrite Origin URLs section in the Medianova Cloud Panel.

Click the Add button to open the configuration popup.
Fill in the required fields:
- Match Mode: Choose from the following options:
  - All files: Apply the rule to all files.
  - Path: Match a specific path.
  - Full Path: Match the exact full path of the URL.
  - Wildcard: Use wildcards for broader matching patterns.
- Origin URI: Enter the URI that should be rewritten.
- Target URI: Provide the URI where requests should be redirected.
- Priority: Assign a priority to this rule to determine its execution order when multiple rules are defined.
Click the Add button.
Click the Submit button.

Origin SNI Request

The Origin SNI Request feature ensures that Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connections to your origin server use the correct domain name during the handshake process. This is achieved by sending the Server Name Indication (SNI) extension as part of the connection request. The SNI is crucial when your origin server hosts multiple domains under the same IP address, as it allows the server to present the appropriate SSL certificate for the requested domain.

This feature is particularly important for dynamic content delivery, where secure connections are established frequently and need to support multiple domains efficiently. By enabling Origin SNI Request, you enhance the compatibility of your CDN with your origin server, ensuring smooth SSL/TLS connections.

How to Configure Origin SNI Request

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Origin Settings tab.
Navigate to the Origin SNI Request section in the Medianova Cloud Panel.
Enable the Origin SNI Request setting by toggling it to On.

Provide the required Origin SNI Request Domain:

Enter the domain name for which SSL/TLS connections should be established.
Ensure the domain corresponds to a valid SSL certificate on the origin server.

Click Submit to save the configuration.

Redirect Handle From Origin

The Redirect Handle From Origin setting in the Medianova Cloud Panel provides enhanced control over how redirects are managed for your origin server. Enabling this setting allows you to customize specific parameters related to redirection, ensuring a more precise and tailored redirect process.

Key Features

3xx Error Codes Configuration
- Manage and customize responses for HTTP status codes in the 3xx range (e.g., 301, 302, 307).
- Fine-tune redirect behaviors to meet your specific requirements.
Request Headers Management
- Specify which request headers should be included or excluded during the redirect process.
- Maintain consistency in header data passed to your origin server.
Additional Headers Handling
- Add or modify custom headers that need to be appended during redirection.
- Ensure compatibility with client or server-specific needs.

How to Enable Redirect Handle From Origin

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Origin Settings tab.
Enable this setting.
Fill in the required fields.
- Handle Origin Redirection Error: Select which HTTP status codes (301, 302, 303, 307, 308) to handle for origin redirections. You can choose one or multiple options depending on the behavior you want to implement.
- Request Header Key: Specify the name of the request header you want to manage during the redirection process.
- Request Header Value: Provide the value for the corresponding request header key.
- Add Header Key: Specify the name of the custom header to be appended during the redirection.
- Add Header Value: Provide the value for the custom header key to ensure it is correctly appended.
Click the Add button.
Click the Submit button.

Origin Response Timeout

The Origin Response Timeout setting in the Medianova Cloud Panel allows you to control how long the system will wait for a response from your origin server before considering the request as failed. By adjusting this timeout, you can manage server response times more effectively, ensuring a better user experience and reducing unnecessary delays.

Key Features

Customizable Timeout Duration Set a specific time (in seconds) that the system will wait for a response from the origin server.
- Min: 5 seconds
- Max: 300 seconds
Efficient Request Handling Define a timeout that suits your needs, balancing between faster responses and allowing enough time for slower origin servers.
Improved User Experience Avoid excessive wait times for users by setting a reasonable timeout value to handle delayed responses effectively.

How to Configure Origin Response Timeout

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Origin Settings tab.
Navigate to the Origin Response Timeout section in the Medianova Cloud Panel.

Set the Timeout Duration: In the Origin Response Timeout section, set the timeout value between 5 seconds and 300 seconds, according to your needs.
After adjusting the timeout, click Save to apply the new settings.

By configuring the Origin Response Timeout, you can optimize the time the system waits for a response, ensuring that requests are handled efficiently without unnecessary delays.

CNAME

Canonical Name (CNAME) is the nickname given to URL records.

Instead of the CDN URL provided to you by Medianova, you can use a URL determined by you. We have explained below for you how to set CNAME on Medianova Cloud panel.

You can reach the settings screen by clicking on the Streaming Resource you want to edit by following the CDN > CDN Resources path on the left side of the panel screen that will open after logging in.

If you are using SSL, in order to use CNAME, you must define the relevant information under the SSL tab at the bottom of the page.
For the CDN configuration process, you have to replace the source code that contains your Origin URL with the CDN URL.

Examples of HTML code illustrating how to configure a CDN URL with the Origin URL.

Caching

Edge Cache Expiration

The Edge Cache Expiration setting in the Medianova Cloud Panel allows you to control how long content will be cached on the CDN edge servers before it expires. This setting helps optimize performance by ensuring that frequently accessed content is served quickly, while still allowing for up-to-date content retrieval when needed.

Key Features

Cache Type This cache type ensures that content is cached both at the edge servers and the origin server. The content will be dynamically retrieved from the origin server when necessary, providing flexibility and up-to-date content.
Cache Time Configuration Set the expiration time for content cached on the edge servers. You can define specific cache expiration times based on your content's needs. When both edge and origin cache settings are used, the system will prompt you to define the cache expiration for each.

How to Configure Edge Cache Expiration

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Edge Cache Expiration section in the Medianova Cloud Panel.

Select Cache Type: Choose edge-origin-dynamic as the cache type.
Define Cache Expiration Time: When both edge and origin cache settings are enabled, you will be prompted to specify the cache expiration time for both. Set the expiration time according to your needs.
Once you’ve configured the expiration time, click Save to apply the changes.

By setting the Edge Cache Expiration, you can ensure that content is efficiently cached on the edge servers while still allowing for timely updates from the origin server when required.

Browser Cache Rule

The Browser Cache Rule feature in the Medianova Cloud Panel allows you to configure caching behavior for different types of resources. By setting up specific rules for browser caching, you can optimize content delivery, reduce load times, and ensure the most efficient use of cache for various resource types.

Key Features

Flexible Cache Type Options You can create caching rules based on different criteria, ensuring the correct content is cached efficiently:
- All Files: This rule applies to all files, regardless of their type or location.
- Full Path: Apply the caching rule to files based on their exact full URL path.
- Directory: Apply the caching rule to all files within a specific directory.
- File Extension: Apply the caching rule based on the type of file (e.g., images, JavaScript, CSS) by specifying file extensions like .jpg, .js, .css, etc.
Cache Priority Set the priority for each cache rule to determine which resources are cached first. Prioritize critical resources (e.g., images, JavaScript) over less important ones.
Cache Mode Options Define how each resource should be cached by the browser:
- Origin: The resource is fetched and cached from the origin server.
- No Cache: The resource will not be cached at all, and will always be fetched from the origin server.
- Cache: The resource is cached in the browser for the specified duration, improving performance for subsequent requests.
Apply the HTML/JSON Files You can apply the cache rule specifically to HTML and JSON files by enabling or disabling this setting:
- On: The caching rule will be applied to HTML and JSON files.
- Off: The caching rule will not apply to HTML and JSON files.

How to Configure Browser Cache Rule

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Browser Cache Rule section in the Medianova Cloud Panel.

Click on the Add button to create a new cache rule.
- Configure Cache Rule Settings:
  - Type: Choose the type of cache rule you want to apply:
    All Files: Applies to all files.
    Full Path: Applies to files based on their exact URL path.
    Directory: Applies to all files within a directory.
    File Extension: Applies based on file extensions like .js, .css, .jpg, etc.
  - Priority: Set the priority (e.g., High, Medium, Low) for this cache rule to manage which files are cached first.
  - Cache Mode: Select the cache mode:
    Origin: The resource is cached from the origin server.
    No Cache: The resource is not cached.
    Cache: The resource is cached in the browser for a set duration.
  - Apply the HTML/JSON Files:
    On: Enable this option to apply the rule to HTML and JSON files.
    Off: Disable this option to exclude HTML and JSON files from this cache rule.
Once you've configured the browser cache rule, click Submit to apply the changes.

By configuring the Browser Cache Rule, you can control how different file types are cached, ensuring that critical resources are loaded faster and less important resources are handled according to your specifications. The option to apply or not apply to HTML/JSON files provides further flexibility in caching strategies.

Query String Caching

The Query String Caching feature in the Medianova Cloud Panel provides enhanced control over how query strings are cached by the CDN. When enabled, the CDN caches each query string separately, allowing you to fine-tune caching behavior for different variations of the same URL based on query string parameters.

Key Features

Enable Query String Caching: When Query String Caching is enabled, every query string variation of a URL will be cached separately. This ensures that resources with different query strings are treated as distinct cached items, allowing for more precise control over caching.
Ignore Specific Query Strings: When this option is enabled, you can specify query strings that you don’t want to cache separately. These query strings will be ignored in the caching process, and the CDN will treat requests with these query strings as if they don't exist.
- How It Works:
  - After enabling this option, a field will appear where you can enter the specific query strings you wish to ignore.
  - You can add multiple query strings by clicking the + button.
  - Once set, requests with the specified query strings will not result in separate cached versions.
Cache Specific Query Strings Only: When enabled, you can specify a list of query strings that should be cached separately. Only requests with these specific query strings will create distinct cached versions.
- How It Works:
  - After enabling this option, a field will appear where you can enter the query strings you want to cache separately.
  - You can add multiple query strings by clicking the + button.
  - Once set, only requests with these query strings will be cached separately, while others will be treated as the same resource.

Important Note:

Mutual Exclusivity: Both the Ignore Specific Query Strings and Cache Specific Query Strings Only options cannot be enabled at the same time. Only one of these options can be active at any given time.

How to Configure Query String Caching

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Query String Caching section in the Medianova Cloud Panel.

Choose Caching option.
1. Ignore Specific Query Strings: Enable this option if you want to ignore specific query strings and not cache them separately. Enter the query strings you want to ignore in the provided field. Click the + button to add multiple query strings.
2. Cache Specific Query Strings Only: Enable this option if you want to cache only specific query strings separately. Enter the query strings you want to cache separately in the provided field. Click the + button to add multiple query strings.
After configuring the query string caching settings, click Submit to apply the changes.

By configuring the Query String Caching settings, you gain granular control over how query string variations of your resources are cached, optimizing caching strategies based on your specific needs.

Etag Verification

The Etag Verification feature in the Medianova Cloud Panel helps ensure the consistency and accuracy of cached content by validating it using the Etag header. When enabled, the system checks the Etag value sent by the origin server to determine if the cached version of a resource is still valid or needs to be refreshed. This ensures that users always receive the most up-to-date version of a resource, reducing the chances of serving stale or outdated content.

Key Feature

Etag Validation:
- When enabled, the Etag header is used to verify cached content, ensuring that the content served to users matches the most recent version from the origin server. This prevents issues where outdated or mismatched content might be delivered.

How to Enable Etag Verification

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Etag Verification section in the Medianova Cloud Panel.
Enable Etag Verification: Toggle the Etag Verification setting to On to enable it. This will allow the system to validate the cached content based on the Etag header.
Once enabled, click Submit to apply the changes.

Error Status Code Cache Expiration

The Error Status Code Cache Expiration feature in the Medianova Cloud Panel allows you to cache specified error codes (such as 404, 500, etc.) for a defined duration. By doing so, you can control how long error responses are stored in the CDN cache, reducing the number of requests sent to the origin server. If you don't want certain error codes to be cached, simply remove their definitions, and requests for those error codes will be sent directly to the origin server. However, if the content has already been cached, the cache duration will remain in effect until it expires.

Key Features

Cache Error Status Codes: You can define a set of error codes (e.g., 404, 500, etc.) and specify a cache duration for each. This helps in reducing the load on your origin server by caching error responses for a certain period.
Removal of Caching Definition: If you remove a cached error status code definition, requests for that error will bypass the CDN cache and be sent directly to the origin server. However, cached content will not be affected immediately and will remain in the cache until the cache duration expires.

How to Configure Error Status Code Cache Expiration

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Error Status Code Cache Expiration section in the Medianova Cloud Panel.

Click the Add button to create a new definition.
- Cache Time: Specify the cache duration for the error code (in seconds).
- Status Code: Enter the HTTP status code(s) that you want to cache (e.g., 404, 500, etc.).
- Add Multiple Definitions: You can add multiple error status codes and their respective cache durations by clicking the Add button repeatedly.
Once all necessary error codes and cache times are defined, click Submit to apply the changes.

Shared Cache

The Shared Cache feature in the Medianova Cloud Panel allows you to define a Domain Cache Key that enables the use of the same cache structure across different accounts. This feature is useful when you want multiple accounts or domains to share the same cached content, optimizing content delivery and reducing redundancy. The cache structure is determined based on the defined Domain Cache Key, ensuring that the same cached data is available to all relevant accounts.

Key Features

Domain Cache Key: The Domain Cache Key is defined to allow multiple accounts or domains to share the same cache. This reduces the need to cache identical content separately for each account, improving caching efficiency.
Cache Sharing Across Accounts: By setting the cache to "Shared", you can enable different accounts to access the same cache, ensuring faster content delivery and reduced load on the origin server.

Status Options:

Default (Default Setting): This is the default status for the cache key. The cache is not shared across accounts, and each account has its own separate cache structure.
Share: When set to "Share", the Domain Cache Key will allow multiple accounts to use the same cache structure, enabling shared caching of content.

How to Configure Shared Cache

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Stale Cache section in the Medianova Cloud Panel.
Set the Cache Status:
- To enable shared cache, select the Share option.
- To keep the cache separate, leave it set to the Default option.
Save Your Settings: Once you've selected the desired cache status, click Submit to apply the changes.

Stale Cache

The Stale Cache feature in the Medianova Cloud Panel allows you to serve stale (previously cached) content when certain HTTP error codes or an "Updating" status is encountered. This ensures uninterrupted availability of content during temporary origin server issues or while content is being updated.

Key Features

Maintain Availability: Serve cached content even when the origin server experiences temporary issues or returns specific error codes.
Customizable Error Triggers: Select which HTTP error codes or the "Updating" status should activate the use of stale cached content.
Improved User Experience: Reduces downtime and ensures users continue to access content even during backend disruptions.

Supported Triggers

You can configure the system to serve stale cached content when any of the following statuses are detected:

Updating: Triggered when content is in the process of being updated.
HTTP_500: Internal Server Error.
HTTP_502: Bad Gateway.
HTTP_503: Service Unavailable.
HTTP_504: Gateway Timeout.
HTTP_403: Forbidden.
HTTP_404: Not Found.
HTTP_429: Too Many Requests.

How to Configure Stale Cache

Click on the CDN Resources section in the left-hand menu of the Cloud panel.
Select the relevant resource.
Click on the Caching tab.
Navigate to the Stale Cache section in the Medianova Cloud Panel.
Activate the Stale Cache option to configure the settings.
Select Error Triggers:
- Choose the HTTP error codes (e.g., 500, 502, 503, etc.) or Updating status that will trigger the use of stale cached content.
- Multiple triggers can be selected simultaneously.
Click Submit to apply your configurations.

Robots.txt file

Search engines like Google or Yahoo deploy automated bots that routinely scan websites, seeking out information such as blogs, images etc. and they decide what should be included in their indexes. A robots.txt file provides these search engines with the necessary information to properly crawl and index a website's content.

The robots.txt file empowers website owners to exert control over the crawling and indexing process, offering several valuable advantages such as SEO Optimization and Traffic Control. Robots.txt allows you to prioritize which pages you want search engines to focus on.

This can enhance your website's SEO (Search Engine Optimization) efforts by ensuring that the most valuable and relevant content gets indexed and ranked prominently in search results. Furthermore, by specifying which parts of your site should or should not be crawled, you can manage the flow of search engine bot traffic. This helps prevent the bots from overwhelming your server with excessive requests, ensuring a smoother user experience for your visitors.

To access the robots.txt setting in the Medianova Cloud Panel, follow these steps:

Start by clicking on 'CDN' in the left-hand menu, then select 'CDN Resources' from the submenu.
From the list of CDN Resources, choose the one for which you wish to configure the robots.txt setting.
Navigate to the 'Caching' tab within the selected CDN Resource.
Within the 'Caching' tab, you'll find the robots.txt setting. Selecting “Enable” option activates the Medianova Robots.txt file, allowing indexing of all files.
Alternatively, selecting the 'Origin' option activates the Robots.txt file located on the origin server for indexing all files."

Range Based Caching

The Range-Based Caching feature in the Medianova Cloud Panel allows caching of partial content based on byte ranges. This is particularly useful for large files, as it improves efficiency by serving only the requested portions of a file, reducing unnecessary data transfer and load on the origin server.

Key Features

Partial Content Caching: Caches specific byte ranges of a file instead of the entire file, enabling efficient delivery for large media files or downloads.
Optimized Bandwidth Usage: Only the requested portions of a file are delivered, minimizing bandwidth consumption and improving response times.
Customizable Byte Ranges: Define the maximum size of byte ranges to cache, tailoring the caching behavior to suit your resource requirements.

How to Configure Range-Based Caching

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section from the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to enable range-based caching.
Click on the Caching tab.
Navigate to Range-Based Caching Settings: In the resource settings panel, locate the Range-Based Caching section.
Enable Range-Based Caching: Toggle the setting to On to activate range-based caching.
Select Byte Range Size:
- From the dropdown menu, select the desired byte range size that fits your caching needs.
- The chosen size determines the maximum byte range to cache for each partial content request.
Submit Your Settings: Once configured, click Submit to save and apply your changes.

Headers

CORS Header

Websites usually consist of applications, images, fonts, and many other resources hosted on different servers on the internet. While CORS (Cross-Origin Resource Sharing) stands for cross-origin resource sharing, it is a mechanism that allows such resources hosted on different servers to be received with additional domain names. It aims to stretch the restrictions of Same-Origin-Policy (SOP), which prevents content delivery from different origins by using an additional domain name due to security measures, with legal methods.

Medianova CDN supports this feature for all CDN Resource types. You can manage this feature, which allows content delivery from different origin servers with the same domain name, by following the steps below.

You can reach CORS Header setting by clicking on the CDN Resource you would like to edit by following the CDN > CDN Resources path on the left side of the panel screen and navigating to Headers tab.

The domains you add will be listed as shown below.‏‏‏‏‏‏‏‏

If the CORS Header feature is disabled, content cannot be received from different sources with different domain names. When content is requested from different sources, the content will not be served and will appear as a CORS error on the Development Tools console.
Activating CORS Header allows content to be received from different sources over additional domains. It is possible to define more than one additional domain. You can delete any previously defined additional domain name, as well. If no value is entered in the domain name field while enabling CORS header, the default setting is being set to *, which means requests from all sites and domains will be allowed. This operation is not recommended as it may create security vulnerabilities.
It may take a few minutes for the feature to be active, after adding domains and submitting the changes by clicking on the button.

Custom Header

The Custom Header feature in the Medianova Cloud Panel allows you to define, modify, or manage HTTP headers for requests, providing greater flexibility and control over how headers are handled.

Key Features

Customizable Headers: Add, modify, hide, or delete headers to tailor request handling based on your requirements.
Flexible Management: Define specific key and value pairs for each header action.
Batch Configuration: Add multiple headers using the + button, streamlining the configuration process.

Available Header Actions

Request Header:
- Allows you to add headers to outgoing requests sent to the origin server.
Add Header:
- Adds custom headers to requests, enabling additional metadata or instructions to be included.
Hide Header:
- Hides specified headers from being included in requests sent to the origin server.
Request Header Delete:
- Removes specific headers from requests before they are sent to the origin server.

How to Configure Custom Headers

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section in the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to configure custom headers.
Click on the Headers tab.
Enable Custom Header Settings: Locate the Custom Header section and toggle the setting to On.
Add Header Actions:
- Click the + button to add a new header configuration.
- Choose one of the available actions:
  - Request Header
  - Add Header
  - Hide Header
  - Request Header Delete
- Enter the key and value for the header based on the selected action.
Add Multiple Headers (Optional):
- Click the + button again to add additional header configurations as needed.
Submit Your Configuration: Once all header actions are defined, click the Submit button to save and apply your changes.

X-CDN Header

The X-CDN Header feature in the Medianova Cloud Panel allows you to include the X-CDN header in the response for static content. This header signifies that the content is being delivered through the CDN, helping with performance tracking, debugging, and analytics.

Key Features

Indicates CDN Usage: When enabled, the X-CDN header is added to the response, confirming that the content is served from the CDN edge servers.
Useful for Static Content: This is especially helpful for static resources like images, JavaScript files, and CSS files, providing visibility into the CDN usage for static content.

How to Configure Custom Headers

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section in the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to configure custom headers.
Click on the Headers tab.
Enable X-CDN Header: Locate the X-CDN Header section and toggle the setting to On.
Submit Your Configuration: Click the Submit button to save and apply your changes.

Origin Host Header

The Origin Host Header feature in the Medianova Cloud Panel allows you to specify a custom host domain to be used in the Host header for origin server requests. This can be useful for scenarios where the origin server expects a specific domain for routing or validation purposes.

Key Features

Custom Host Domain: Specify a custom domain to be sent in the Host header for all requests to the origin server.
Flexible Configuration: Supports any valid domain format without including http:// or https://.
Enhanced Compatibility: Useful for multi-tenant or shared hosting environments that rely on domain-specific routing.

How to Configure Origin Host Header

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section from the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to configure the Origin Host Header.
Click on the Headers tab.
Enable the Origin Host Header: Locate the Origin Host Header setting and toggle it to On.
Enter the Host Domain:
- In the input field, specify the domain to be used in the Host header (e.g., subdomain.example.com).
- Ensure the domain is entered without http:// or https://.
Submit Your Configuration: Click the Submit button to save and apply your changes.

By configuring the Origin Host Header, you can ensure compatibility with origin servers that require specific domain headers, improving routing accuracy and server behavior.

HTTP Strict Transport (HSTS) Protection

The HTTP Strict Transport Security (HSTS) Protection feature in the Medianova Cloud Panel enforces secure connections by ensuring that all HTTP requests are redirected to HTTPS. This helps protect against protocol downgrade attacks and cookie hijacking.

Key Features:

Max-Age Setting: Define the duration (in seconds) that browsers should remember to only use HTTPS for your domain.
Include Subdomains: Optionally enforce HSTS for all subdomains of your domain.
Preload Option: Enable inclusion in the HSTS preload list, ensuring strict HTTPS enforcement even before the first visit.

How to Configure HSTS Protection

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section in the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to enable HSTS protection.
Click on the Headers tab.
Enable HSTS Protection: Locate the HSTS Protection setting and toggle it to On.
Configure HSTS Settings:
- Max Age (Seconds): Enter the duration in seconds for which browsers should enforce HTTPS (e.g., 31536000 for one year).
- Include Subdomains: Set to True to apply HSTS to all subdomains, or False to limit it to the main domain.
- Preload: Set to True to include the domain in the HSTS preload list, or False to exclude it.
Submit Your Configuration: Click the Submit button to save and apply your HSTS settings.

By enabling HSTS Protection, you enhance your website's security, ensuring HTTPS is strictly enforced for all connections.

X-Frame Options

The X-Frame Options feature in the Medianova Cloud Panel enhances your website's security by preventing unauthorized embedding of your content on other websites. This is achieved by configuring the X-Frame-Options HTTP header, which protects against clickjacking attacks and unauthorized framing.

Key Features

Control Content Embedding: Prevent your content from being embedded on unauthorized domains.
Domain-Specific Configuration: Specify which domains are allowed to embed your content.
Multiple Domain Support: Add multiple domains as exceptions if needed.

How to Configure X-Frame Options

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section from the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to configure the X-Frame Options.
Enable X-Frame Options: Locate the X-Frame Options setting and toggle it to On.
Add Allowed Domains:
- In the input field, enter the domain you want to allow for embedding (e.g., example.com).
- Click the + button to add additional domains if required.
Submit Your Configuration: Click the Submit button to save and apply your changes.

By enabling X-Frame Options, you can safeguard your content from unauthorized usage, ensuring better security and control over how your resources are utilized.

X-XSS Protection

The X-XSS Protection feature in the Medianova Cloud Panel helps protect your website from Cross-Site Scripting (XSS) attacks by enabling the XSS filter built into modern web browsers. When activated, this feature prevents malicious scripts from executing in the browser, enhancing your website's security.

Key Features

Built-in Browser Protection: Leverages the XSS filter already present in most modern web browsers.
Simple On/Off Toggle: Quickly enable or disable the protection as needed.

How to Configure X-XSS Protection

Log in to the Cloud Panel: Access the Medianova Cloud Panel and navigate to the CDN Resources section from the left-hand menu.
Select the Relevant Resource: Choose the resource where you want to enable X-XSS Protection.
Enable X-XSS Protection: Locate the X-XSS Protection setting and toggle it to On to activate the feature.
Submit Your Configuration: Click the Submit button to save and apply the changes.

Notes:

When On, the browser's XSS filter is activated, blocking or sanitizing malicious scripts.
When Off, the browser does not filter potential XSS attacks, leaving your website more vulnerable.

By enabling X-XSS Protection, you enhance your website’s resilience against XSS vulnerabilities, ensuring a safer browsing experience for your users.

Purge

The efficiency of a Content Delivery Network lies not just in content delivery but also in its ability to swiftly purge outdated or updated content. Purge operation is the process of deleting your content on cache servers in Medianova CDN architecture. If you have made changes to your existing content and you want to make it active immediately without waiting for the cache to expire, you can use the purge operation.

The steps you need to follow are as follows.

You can reach the Purge setting by clicking on the CDN Resource you would like to edit by following the CDN → CDN Resources path on the left side of the panel and navigating to the Purge tab.
After entering the path information of the contents you want to purge in the box, you can perform the purge operation by pressing the Purge Files button.‏‏‏‏‏‏‏

Wildcard Purge

Wildcard Purge is supported. You can use * to specify the path and pattern.

Example: /example/images/im* /example/images/*

Please note that purging /example/images/* will also result in the removal of all subdirectories recursively within example/images, such as example/images/subdirectory/.

Website Framework Integrations

Advanced Configuration

Origin Settings

Caching

Headers

Purge

The steps you need to follow are as follows.

You can reach the Purge setting by clicking on the CDN Resource you would like to edit by following the CDN → CDN Resources path on the left side of the panel and navigating to the Purge tab.
After entering the path information of the contents you want to purge in the box, you can perform the purge operation by pressing the Purge Files button.‏‏‏‏‏‏‏

Wildcard Purge

Wildcard Purge is supported. You can use * to specify the path and pattern.

Example: /example/images/im* /example/images/*

Please note that purging /example/images/* will also result in the removal of all subdirectories recursively within example/images, such as example/images/subdirectory/.