To add one or more domains with the same settings, click Manage Services from the top menu and choose Add Domains.
The next step contains up to seven tabs: Domain Basic, Cache Configs, Access Control, Redirection Rules, HTTP Header Rules, Download Notification, Attack Detection, Custom Origin Rules, and Advanced.
Modify the configuration in each of the tabs as desired. All domains you add to the list will be created with the same configuration.
Click Deploy to have the QUANTIL CDN distribute the content.
If you want to test that content is cached after deploying your domain, refer to our tips on testing cache behavior.
Domain name
In the Domain Basic tab, enter a domain in the "Domain name" field. If you want all subdomains to be cached, enter a domain prefaced by a period symbol, for example, .domain.com. Note that http://www.domain.com is not the same as http://domain.com in the QUANTIL system. If you are not redirecting one to the other and intend the content to be the same, you will need to add as separate domains.
Customize the CNAME for the domain if you wish, and then click Add to list. The CNAME assigned to the domain is what you must configure your DNS server to point to.
Note: If your domains share a CNAME value, they must also share the same acceleration regions and SSL settings. You will not be able to change their acceleration regions later, so please choose the regions carefully when creating the domains. Similarly, if the domains require SSL, choose the SSL certificate while creating the domains.
The CNAME can have a suffix cdn20.com if your domain has an ICP license for acceleration in Mainland China OR whecloud.com if your domain does not have an ICP license.
Click the Add to list button for each domain you wish to create with the same configuration.
If you intend the domains to always have the same configuration, click the "Automatically save domains as a domain set" checkbox, and enter a name for the set. Creating a domain set lets you easily modify the configuration of all domains within the set in the future. The new domain set will be listed in Manage Domain Sets.
Choose a group
If you wish to restrict access to your domains to certain people, then you can place them in an existing domain group. If you need to create a group, log in as an administrator and click Manage Groups from the menu in the upper right corner to access the page letting you define new groups or move domains into groups.
Origin IP addresses or alternate domain name
You must specify an origin. It is where QUANTIL will obtain content from you to distribute to users accessing your domain.
You have the option of entering:
Example: 99.98.97.96;21.20.19.18 OR myorigin.com
Host header to origin
By default, we pass the domain name as the value of the Host header when making requests to your origin server. If you wish to use a different value, enter it in this field.
Origin protocol
By default, we will connect to your origin server using the same protocol used by a client requesting content from your domain. You can override this by choosing HTTPS or HTTP to force us to fetch content using one of those protocols.
Default origin port
By default, we will connect to your origin server using the same port used by a client requesting content from your domain. You can override this by specifying an alternate port here. You can make further customizations using custom origin rules.
Origin should handle non-accelerated traffic
In step 1 you chose the regions that will be accelerated. If your domain receives traffic from non-accelerated regions, you can check this checkbox so that your origin server handles these requests instead of QUANTIL's servers.
Comments
The optional comments field lets you enter notes associated with the new domains.
The optional extended configuration field lets you enter special requirements for domain configuration that are not supported directly by our portal at this time. The information will be relayed to our staff who will try to get it implemented.
The Cache Configs tab lets you define caching rules for your content. For reference, you can review our default cache rules to determine if you need to create custom rules. You can create two types of rules. Cache time rules control how long content is cached. Query String rules control how the query strings of URLs are handled.
Customize how long your content is cached.
You must enter a URL pattern before you can click Add to list to create a rule.
A list of rules you have created appears. Remove a rule by clicking the icon next to the rule, or change the precedence of caching rules by clicking the icon next to a rule to move it up. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add to list after making changes.
If you create multiple rules, the first (topmost) one whose URL pattern applies will be used; the rest will not be used.
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
Use '$' to match files within a specific directory only. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Enter the number of seconds that content should be cached on the server. This setting will apply unless you uncheck the ignore the origin's cache time setting.
Note: setting a cache time of "0" seconds will prevent caching of your content. This is equivalent to the Cache-Control: no-store directive.
If you want the origin to validate requests, you must add an Access control rule.
Ignore Origin's No-Cache directive
Check this option to ignore the no-cache directive of your origin servers and use the QUANTIL cache settings.
Check this option to ignore the origin's cache time and use the QUANTIL cache time setting. In other words, your origin's expires header and max-age directive would be ignored. However, if you uncheck this option intending to respect the origin, but your origin does not specify Cache-Control headers, the QUANTIL cache time setting will be used.
Customize whether query strings factor into what gets cached by QUANTIL.
You must enter a URL pattern before you can click Add to list to create a rule.
A list of rules you have created appears. Remove a rule by clicking the icon next to the rule, or change the precedence of caching rules by clicking the icon next to a rule to move it up. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add to list after making changes.
If you create multiple rules, the first (topmost) one whose URL pattern applies will be used; the rest will not be used.
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
Use '$' to match files within a specific directory only. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Choose whether URL query strings are factored into the cache key used to index your content. Keeping the query strings means more copies of content might be required. Conversely, removing the query strings means visitors share cached content even if URLs they visit have different query strings. This can speed performance. For example, choosing Remove means http://domain.com?a=123 returns the same content as http://domain.com.
Except these query parameters
Specify query parameters which are exceptions to the Query String in Cache Key setting. Multiple query parameters should be separated by semicolons. (i.e., parameter1;parameter2;parameter3)
Also apply to query string to origin
This option let's you specify if the query string rule applies when referencing content from your origin server. Query strings will be kept or removed depending on the rule.
This guide may help you set up the correct rules in the QUANTIL portal.
Expected Behavior |
Query String in Cache Key |
Except these query parameters |
Also apply to query string to origin |
Keep all query string parameters in cache key; Keep all query string parameters in requests to origin. |
Keep |
NA |
Either checked or unchecked |
Remove all query string parameters from cache key; Keep all query string parameters in requests to origin. |
Remove |
NA |
unchecked |
Remove all query string parameters from cache key; Remove all query string parameters from requests to origin. |
Remove |
NA |
checked |
Only remove query string parameters p1, p2, etc. from cache key; Keep all query string parameters in requests to origin. |
Keep |
p1;p2;etc. |
unchecked |
Only remove query string parameters p1, p2, etc. from cache key; Only remove query string parameters p1, p2, etc. from requests to origin. |
Keep |
p1;p2;etc. |
checked |
Only keep query string parameters p1, p2, etc. in cache key; Keep all query string parameters in requests to origin. |
Remove |
p1;p2;etc. |
unchecked |
Only keep query string parameters p1, p2, etc. in cache key; Only keep query string parameters p1, p2, etc. in requests to origin. |
Remove |
p1;p2;etc. |
checked |
Acceleration Type |
Default Cache Rules |
Website Acceleration - Static only |
|
Website Acceleration |
|
Download Acceleration |
|
Video Acceleration |
All files will be cached for one month. |
The Access Control tab lets you define rules to allow or prevent access to your content.
Enter a URL pattern that the restrictions apply to, choose white or black list, and enter any forbidden IPs. Then click Add to list to create the rule. Repeat as desired to control access.
A list of rules you have created appears in the bottom half of the page.
You can remove a rule by clicking the icon next to the rule. Change the precedence of access control rules by clicking the icon next to a rule to move it up. Make a copy of an existing rule by clicking the Copy to Editor icon ; click Add to list after making changes to save your new rule.
If you create multiple access control rules, access will be restricted if any of the rules rejects the request.
Enter a pattern in the URL pattern field to specify the content the rule applies to.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
Use '$' to match files within a specific directory only. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Require origin to authorize requests
You can require that all requests for your content be authorized by your origin servers. To do this, check the 'Require origin server to authorize requests for content' checkbox. Also, check the associated "Ignore URL case when authorizing content requests" if urls should be treated as case insensitive. Now, if a user requests a file and your origin restricts access with, say, a 403 Forbidden HTTP response, the user will not see the content.
Use this setting if you want the equivalent of the Cache-Control: no-cache directive.
Referrer list
Choose 'white' to define allowed referrers. Only referrers in this list will be granted access. Separate multiple referrers using commas, semicolons, or new lines. If you wish to allow an empty referrer, click Allow Empty Referrer.
Choose 'black' to specify which HTTP referrers are not permitted to access your content. Separate multiple referrers using commas, semicolons, or new lines.
Reject visitors from the listed IP addresses. This prevents access to your content. Separate multiple IPs using commas, semicolons, spaces, or enter them on separate lines. You can specify individual IPs or use CIDR notation. For example, 123.45.67.89 and 123.45.67.0/24.
The Redirection Rules tab lets you create rules to redirect or rewrite the URLs that your visitors access. Enter conditions of a rule, and click Add to list to create it. You can delete a rule by clicking the icon and move it up in precedence by clicking the icon. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add to list after making changes. If you create multiple rules, the first (topmost) one whose URL pattern applies will be used; the rest will not be used. Be sure to click the Deploy button to save your new rules.
URL pattern
Enter a pattern in the URL pattern field to specify the content the rule applies to.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
Use '$' to match files within a specific directory only. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Exceptions
Enter a path pattern which is an exception to the URL pattern above. Requests matching the exception pattern will not be redirected or rewritten. This field is case-sensitive.
User agent
Specify a semicolon separated list of user agents that your rule applies to. Use the wildcard character "*" at the beginning or end of the value to do a fuzzy match on user agents. For example, you can specify “*Phone;iPhone*”, but “Ph*ne” is invalid because the wildcard character appeared in the middle of the string. If you leave the field empty, then the rule applies to all user agents.
Countries
Select one or more of your visitors' countries that your rule applies to. If you do not choose a country, then the rule applies to all countries. You can invert the logic by checking "Exclude these countries instead". If you do so, then the rule applies to all countries except the ones you choose.
Request header
Enter the name of an HTTP request header and value to match against separated by a colon character. The value can contain '*' which is the wildcard allowing a match against any character. By default, the value is case sensitive. Spaces are permitted. You can make the match case-insensitive by preceding the value with "-i ".
Syntax:
<Header Name>:<-i> <Header Value>
Example |
Description |
Accept-Language:de* |
The rule applies if the value of the Accept-Language header begins with "de". |
Accept-Language:-i de* |
The rule applies if the value of the Accept-Language header begins with "de", ignoring the case of the value. In other words, values of DE, de, De, and dE are all accepted. |
Cookie:hello there |
The rule applies if the value of the Cookie header is "hello there". |
Rewrite type
Choose "Protocol" if you simply want to switch between HTTP and HTTPS protocols. In this case, also select whether you wish to change from HTTP to HTTPS or from HTTPS to HTTP.
Alternately, choose "URL" to rewrite the URL. In this case, enter the original URL you wish to change in the Before value field, and the rewritten URL in the After value field. Also choose whether or not to ignore the query strings in the rewritten URL. Please note that if your original URL has a query string, you cannot specify a different query string for the rewritten URL.
HTTP response
Choose the HTTP response code to return to the browser.
The HTTP header rules tab lets you customize the HTTP headers for your domains. Enter conditions of a rule, and click Add to list to create it. The rule will appear in the list at the bottom of the page. You can delete a rule by clicking the icon and move it up in precedence by clicking the icon. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add to list after making changes. Be sure to click the Deploy button to save your new rules. If you create multiple rules, all will be processed in the order specified.
URL pattern
Enter a pattern in the URL pattern field to specify the content the rule to applies to.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
Use '$' to match files within a specific directory only. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Operation
Only the following combinations are permitted when creating rules with standard HTTP header names.
Header Name |
Allowed Operation |
Request/Response |
Accept |
Add, modify, delete |
Request only |
Accept-Charset |
Add, modify, delete |
Request only |
Accept-Encoding |
Add, modify, delete |
Request only |
Accept-Language |
Add, modify, delete |
Request only |
Accept-Ranges |
Add, modify, delete |
Request only |
Content-Base |
Modify |
Response only |
Content-Disposition |
Modify |
Response only |
Content-Encoding |
Modify |
Response only |
Content-Language |
Modify |
Response only |
Content-Location |
Modify |
Response only |
Content-MD5 |
Modify |
Response only |
Content-Range |
Modify |
Response only |
Content-Type |
Modify |
Response only |
Cookie |
Add, modify, delete |
Request only |
Referer |
Modify |
Request only |
Server |
Modify |
Response only |
Set-Cookie |
Add, modify, delete |
Response only |
User-Agent |
Modify |
Request only |
Vary |
Add |
Response only |
Note: By default, the Vary header is not returned to the users' browsers. If you choose to create multiple rules adding the Vary header, please note that only the first one applicable to a requested file will be run. In other words, only one Vary header will be added to the response to users.
HTTP header value
Enter the new value of the HTTP header. A number of special keywords are permitted which result in substitution of a corresponding value in real time. Enter the '#' character followed by the keyword. The following keywords are supported:
Keyword |
Actual value |
#cache-ip |
IP address of the edge node serving the user's request |
#client-ip |
IP address of the user's request |
#cookie{xxx} |
This lets you obtain any cookie named xxx. For example, #cookie{account} would retrieve the value of a cookie named 'account'. |
#header{xxx} |
Obtain any HTTP header named xxx from the original request. For example, specify #header{User-Agent} to get the value of User-Agent. |
#origin-ip |
value of the origin IP address |
#request-host |
HOST request header |
#request-uri |
HTTP request uri |
#request-url |
URL of the HTTP request |
#response-header{xxx} |
Get the value from the HTTP response header |
#status-code |
an HTTP response code for the user's request. Example: 200 |
#timestamp |
Current date and time |
The download notification tab lets you create rules which notify you when a user accesses your content. They are like a receipt confirmation. Enter conditions of a rule, and click Add to list to create it. It will appear in the list at the bottom of the page. You can delete a rule by clicking the icon and move it up in precedence by clicking the icon. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add to list after making changes. Be sure to click the Deploy button to save your new rules.
If you create multiple download notification rules and more than one matches, then multiple notifications will be sent.
URL pattern
Enter a pattern in the URL pattern field to specify the content the rule to applies to.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
Use '$' to match files within a specific directory only. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Exceptions
Enter any exceptions to the URL pattern which should be ignored. Use '*' as the wildcard character matching any character. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
Notification URL
Enter the URL that QUANTIL should request when content matching your rule is requested. If the URL contains a hostname only, you must terminate it with a "/" character, for example: http://notify.quantil.com/
Ignore Case
Click Ignore Case if a case insensitive match should be performed.
Notify once every N requests
By default, if you have set up a download notification rule, each visit to your content will notify you. If you wish to reduce the notification frequency, enter a number in this field greater than 1. For example, if you only wish to sample 1% of the notifications, enter 100. You are not guaranteed to see exactly 1%, but it will be close.
HTTP Method
Choose whether to request the notification URL using the GET or POST method.
Notification parameters
Enter at least one parameter to pass to the notification URL. These should be in the format param=value¶m1=value1¶m2=value2...
A parameter value can be either a fixed string OR one of a number of keywords which begin with the character "#".
If you specify a keyword, the actual value that will be passed to the notification URL will be determined in real time based on the request made by the user.
For example, here is a notification parameter setting:
clientIP=#client-ip&userAgent=#header{User-Agent}&account=#cookie{account}
It would pass three parameters to your notification URL:
The following keywords are supported:
Keyword |
Actual value |
#attackflag |
This flag indicates whether the request appears to be associated with an attack on your domain. Refer to the list of possible values of #attackflag. |
#cache-ip |
IP address of edge node serving the user's request |
#cachehit |
HIT indicates the request is handled by an entry in our cache; MISS means the content must be fetched from the origin. |
#cdnplatform |
Indicates the service type. |
#client-ip |
IP address of the user's request |
#client-isp |
Indicates the client's ISP, for example, "chinamobile" or "other". |
#client-tls-cipher |
Indicates the cipher suite used for the TLS (SSL) connection. |
#client-tls-sni-name |
The hostname that a client initiating a TLS (SSL) connection is attempting to connect to. It is only sent by clients supporting SNI (Server Name Indication). |
#client-tls-version |
Indicates the TLS version used for the TLS (SSL) connection. Example versions include "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", and "unknown". |
#cookie{x} |
This lets you obtain any cookie named x. For example, #cookie{account} would retrieve the value of a cookie named 'account'. |
#error-code |
The notification URL will receive a value in the format client error-origin error which indicates any problems that occurred with the request from the client to the CDN or from the CDN to the origin. Refer to the list of possible client error values and the list of possible origin error values. For example, ERR_NONE-ERR_NONE is the ideal value indicating no problems between the client and the CDN and the CDN to the origin. |
#first-byte-served |
1 to indicate the first byte of the object was served to the user, 0 otherwise. |
#header{x} |
Obtain any HTTP header named x from the original request. For example, specify #header{User-Agent} to get the value of User-Agent. |
#last-byte-served |
1 to indicate the last byte of the object was served to the user, 0 otherwise. |
#object-content-length |
The original file size |
#origin-host |
The origin's domain name |
#origin-ip |
The origin's IP address |
#origin-status-code |
The HTTP response code from the origin server |
#protocol |
Indicates the protocol of the user's request ("http" or https"). |
#reply-body-size |
Size of the reply |
#request-host |
HOST request header |
#request-id |
Unique identifier representing the request |
#request-method |
The HTTP request method used to access the origin |
#request-uri |
HTTP request uri |
#request-url |
URL HTTP request |
#request-version |
Indicates the version of HTTP used in the user's request, either "HTTP/1.0", "HTTP/1.1", or "HTTP/2.0". |
#response-header{x} |
Obtain the value of an HTTP header named x that is returned in the origin server's response. For example, #response-header{ETag} would give you the value of the ETag header. |
#response-time |
Response time in milliseconds. It is the time between receiving the request's last byte and serving the last byte of the response. |
#round-trip-time |
The time in microseconds taken by a packet to travel to the destination and back. |
#status-code |
an HTTP response code for the user's request |
#timestamp |
Current date and time |
#time-to-first-byte |
Time in milliseconds between QUANTIL's edge node receiving the first byte of the request and sending out the first response byte to the client. |
#total-bytes-served |
Indicates the total number of bytes in the HTTP response including the size of the response body, the response headers, and the status line. |
Keep in mind that while we will check that you use notification keywords we support, it is up to you to specify URL parameters recognized by your notification URL.
Values supported by #attackflag
Attack flag value |
Description |
NONE |
This indicates the request is not associated with an attack. |
ATTACK_TIMES_TOTAL |
This value is returned if there have been too many requests within a short period of time from a single IP address. |
ATTACK_TIMES_MISS |
This value is returned if there have been too many requests within a short period of time from a single IP address which resulted in cache misses. |
ATTACK_TRAFFIC_TOTAL |
This value is returned if the requests from a single IP address generated an excessive amount of traffic within a short period of time. |
ATTACK_TRAFFIC_MISS |
This value is returned if the requests from a single IP address resulted in cache misses and generated an excessive amount of traffic within a short period of time. |
Client errors supported by #error-code
Client error code |
Description |
ERR_NONE |
There were no problems with the connection from the client to the CDN node. Please note that this code will be returned even if the origin returns a 5xx response to the request or the client request is rejected due to an authorization error because the connection worked as expected. |
ERR_CLIENT_ABORT |
This indicates the client closed the connection, for example, before the CDN has served all the bytes of the response. |
ERR_WRITE_TIMEOUT |
This indicates the CDN node failed to finish a response to the client request. |
Origin error codes supported by #error-code
Origin error code |
Description |
ERR_NONE |
There were no problems with the connection from the CDN node to the origin server. Please note that this code will be returned even if the origin returns a 403 or 404 error because the connection worked as expected. |
ERR_CONNECT_TIMEOUT |
This indicates the CDN could not establish a connection to the origin server. |
ERR_READ_TIMEOUT |
This indicates the CDN connected to the origin server which returned one of the following response codes: 500, 503, 504, 400. |
ERR_UNABLE_TO_GET_ISSUER_CERT |
When verifying the origin certificate, we were unable to look up the issuer certificate. This normally means the list of trusted certificates is not complete. |
ERR_CERT_NOT_YET_VALID |
The origin certificate is not yet valid. The current time is earlier than the notBefore date in the certificate. |
ERR_CERT_HAS_EXPIRED |
The origin certificate has expired. The current time is after the notAfter date in the certificate. |
ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD |
The origin certificate has an invalid notBefore date. |
ERR_ERROR_IN_CERT_NOT_AFTER_FIELD |
The origin certificate has an invalid notAfter date. |
ERR_DEPTH_ZERO_SELF_SIGNED_CERT |
The origin certificate is self signed, and the same certificate cannot be found in the list of trusted certificates. |
ERR_CERT_OTHER |
There is some other error in the origin certificate besides ERR_UNABLE_TO_GET_ISSUER_CERT, ERR_CERT_NOT_YET_VALID, ERR_CERT_HAS_EXPIRED, ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, or ERR_DEPTH_ZERO_SELF_SIGNED_CERT. |
Custom Header
The custom header field lets you specify HTTP header values to pass to your download notification URL. A header name and its value should be separated by a colon while multiple custom headers should be separated by semicolons. For example, header1:value1;header2:value2
Status codes to ignore
Users' requests to your domain may result in errors such as an HTTP status code of 404 if they entered an incorrect URL. You can avoid getting download notifications for such requests by entering the HTTP status codes to ignore. Separate multiple status codes with semicolons.
* The download notification feature is only available to selected customers. Please contact us if you require this feature.
The attack detection tab lets you specify how to identify a malicious attack on your domain.
URL pattern
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". It is case sensitive; click Ignore case if needed. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or". The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". Use '$' to match files within a specific directory only.
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Ignore Case
Click Ignore Case if a case insensitive match should be performed.
Exceptions
Enter any exceptions to the URL pattern which should be ignored. Use '*' as the wildcard character matching any character. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".
Number of requests allowed per IP address
Specify the maximum number of requests allowed from an IP address during the time period.
Number of requests to origin allowed per IP address
Specify the maximum number of requests to origin generated by an IP address during the time period.
Time period
Specify the attack detection period in seconds. The default is 60 seconds.
Allowed IPs
Specify IP addresses whose requests will not be subject to the restrictions you define here. Separate multiple IPs using semicolons. You can specify individual IPs or use CIDR notation. For example, 123.45.67.89 and 123.45.67.0/24.
Action
Specify what to do if there are too many requests from an IP address. Choosing "log" will record the event but not block requests for content. You can specify either 'deny' or 'disconnect' to reject additional requests from the IP address.
Action enforcement period
Specify the number of minutes long the action should apply to future requests from an IP once an attack is detected. Please note that if requests continue to come from an IP address after it is identified as an attacker, the enforcement period will be extended. If you do not specify a value, the action will apply to the remainder of the attack detection period. For example, if the time period is 60 seconds and an attack is detected at 40 seconds, then the enforcement will be for the remaining 20 seconds.
* The attack detection configuration feature is only available to selected customers. Please contact us if you require this feature.
You can create custom rules which let us know to fetch content from non-default locations such as a different port or path on your origin servers.
To add rules, click the Custom Origin Rules tab when adding or editing a domain. Enter conditions of a rule, and click Add to list button to create it. You can delete a rule by clicking the icon and move it up in precedence by clicking the icon. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add to list after making changes.
If you create multiple rules, the first (topmost) one whose URL pattern applies will be used; the rest will not be used.
(Note: at this time, custom origin rules only apply if the default origin you specify in the Domain Basic tab is a domain name not an IP address or addresses.)
URL pattern
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". It is case sensitive; click Ignore case if needed. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or". The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". Use '$' to match files within a specific directory only.
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
File extensions
Enter file extensions that the rule applies to. Separate multiple extensions with semicolons. The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". For example: avi;mov matches all files with extensions .avi or .mov.
You can leave the field empty to match all files including those without extensions. Entering the character '*' matches all files with a file extension.
Ignore case
Click Ignore case if a case insensitive match should be performed.
Header name
Enter the name of an HTTP request header that the rule applies to. Be sure to specify the value to match against in the Header value field.
Header value
Enter the value of the HTTP request header specified in the Header name field that the rule applies to. You can use POSIX compliant regular expressions. For example, a value of "itspod=2.*|itspod=3.*" means you want to match against a header whose value begins with "itspod=2" or "itspod=3". If you need to match a specific value, consider using anchors to ensure that only that value is matched. For example, "^7$" ensures you match on "7" but not "72" or "678".
Origin IPs
Enter
If you omit values here, we will use the setting from the Domains tab of your configuration.
Port
If your content is not on the default port 80, enter the port number here.
For example, if all your content comes from a port 8100, you could create a rule with URL pattern "/*" and port value of 8100.
Host header
You may pass a custom value to the Host header when content is requested from the origin server.
Modify the origin path
If the content on your origin servers is in an alternate path, check this option.
Then enter a value in the Modified Path field and choose one of the three options to control how content will be fetched. The modified path can be a directory or refer to a file depending on the option you choose.
Be sure that the modified path begins with a forward slash (/) character.
Note: When using this option, your rule should not modify the origin IPs, port, or host header.
As an example, let us assume that ‘URL Pattern’ is “/images/*” and ‘Modified Path’ is “/newpath/”.
Fetch from path relative to the modified path.
Files matching the pattern /images/* will be requested from the origin through the path /newpath/images/*
Fetch files from the modified path, ignoring the original path.
Files matching the pattern /images/* will be requested from the origin through the path “/newpath/*”
Fetch from a specific file on the origin server.
Files matching the pattern will result in a request to the origin server for a single file “/newpath”. In other words, requests for images/a.jpg and images/b.jpg both map to a request for /newpath from the origin server.
Note: We recommend against creating custom origin rules along with rewriting requests to the origin server due to the possibility of unexpected behavior. Please contact us at support@quantil.com if you believe you need both.
Several advanced options are common to our acceleration services. Video Acceleration and Download Acceleration each have some additional options.
This option can be used to control whether multiple domains should share a cache entry on QUANTIL’s servers. An advantage of this is reducing traffic to your origin. The default setting, Incoming Host Header, uses the Host request header specified by the browser to select a cache entry selected. Therefore, each domain would have a unique cache entry which must be refreshed from your origin servers.
If you wish to use domain sharding whereby multiple domains share the same origin, you can opt to make them share a same cache entry thereby minimizing requests to your origin servers. You have two options in this case:
Cache key rules let you further customize the cache key by including the value of cookies or certain HTTP headers.
URL pattern
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or". The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". Use '$' to match files within a specific directory only.
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Exception pattern
Enter a path pattern which is an exception to the URL pattern above. Files matching the exception will not use a cache key including the HTTP header defined by the cache key rule.
HTTP Header (and Parameter) for the Cache Key
Enter an HTTP header whose value should be included in the cache key. You can include the value of a cookie by using the format Cookie:<CookieName>. For example: Cookie:MyCookie
Click Add Cache Key Rule for each rule you create.
For debugging purposes, you can check the cache key that is used in a request for content by including the following HTTP header:
Pragma : X-Get-Cache-Key
The cache key will be included as the value of “X-True-Cache-Key” header in the response.
For example:
X-True-Cache-Key:{HTTP/1.1}{GET}{http://testurl.quantil.com/index.htm}{header}
* This feature is only available to selected customers.
Enter the number of days that raw log files will be stored on QUANTIL's log servers. Storing logs longer may result in higher storage costs. The log file size will vary depending on traffic to your domain, of course.
To retrieve your logs, click Reports from the top menu and choose Log Download.
This field lets you specify the time zone relative to GMT for partitioning raw log entries when calculating 'daily' statistics.
This setting allows you to enable gzip compression for particular file types. It applies to files that are at least 2KB. When files are compressed, an additional HTTP response header "Content-Encoding: gzip" is sent to the client.
URL pattern
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". It is case sensitive. Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or". The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". Use '$' to match files within a specific directory only.
For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
The pattern "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
Ignore case
Click Ignore case if a case insensitive match should be performed.
Enabled
Click Enabled to turn the rule on.
MIME file types
Specify a semicolon separated list of MIME types indicating the files to be compressed. Text files are compressed by default. For example, if you specify "application/;image/jpeg", then text files, applications, and JPEGs will be compressed.
* This feature is only available to selected customers. Please contact us if you require this feature.
You can accelerate HTTPS content for your domains. Choose the SSL certificate to use from the ones that you have uploaded or have requested from QUANTIL. See more information about uploading certificates.
Choose Use SNI (Server Name Indication) for a more economical option for SSL which is supported by modern browsers and operating systems.
Select the minimum and maximum TLS version you wish your domain to use. Older TLS versions are less secure, and major browser vendors have already announced plans to deprecate support for both TLS 1.0 and 1.1. TLSv1.2 is an ideal minimum. However, it may prevent users of old browsers from accessing your content.
If you use SSL, you have the option of configuring which cipher suites are permitted when clients negotiate security settings to access your content. If you wish to permit specific cipher suites only, check the Select custom cipher suite checkbox, and then choose the ciphers you permit. If you leave Select custom cipher suite unchecked, a default set of cipher suites (ALL:!LOW, !EXPORT, !aNULL, !RC4, !DH) will be permitted. These cipher suites are a subset of those supported by OpenSSL, https://www.openssl.org/docs/man1.0.2/apps/ciphers.html
By default, QUANTIL has an origin connection timeout of 15 seconds. You can customize this by specifying a different value in the "Origin connection timeout" field.
By default QUANTIL has an origin read timeout of 1 minute for Web Acceleration and Web Acceleration - Static Only domains along with a 2 minute read timeout for Download Acceleration and Video Acceleration domains. You can customize this by specifying a different value in the "Origin read timeout" field.
Choose Verify Origin Certificate if you want QUANTIL to verify the origin server's SSL certificate when we request content from it. Enabling this option causes us to check that the domain is supported by the certificate, that the certificate authority is legal, and that the certificate and chain file have not been revoked. This helps protect against hijacking of traffic between QUANTIL and your origin server. Verification failure means QUANTIL will be unable to retrieve content.
You also have the option of choosing the minimum level of SSL/TLS supported by your origin server. By default, QUANTIL uses SSLv3 when connecting to the origin.
* This feature is only available to selected customers. Please contact us if you require this feature.
For video acceleration domains, you can specify the video drag mode and parameters marking a segment of a video.
URL pattern
Enter a pattern in the URL pattern field to specify the content affected by video drag mode plus start and end flags. The URL pattern should begin with "/". Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". Use '$' to match files within a specific directory only.
For example, "/*.(flv|mp4)" matches all flv and mp4 files.
The pattern "/abc?.mp4" matches files ab.mp4 and abc.mp4.
The URL pattern /*.mp4 would match files /a.mp4 and /dir/a.mp4, but the URL pattern /$.mp4 would only match the file /a.mp4. The pattern /dir/$.mp4 would match all MP4 files within the /dir/ directory including /dir/a.mp4.
Video drag mode
Select time or bytes to control whether navigating through a video clip is based on time or bytes.
Start flag
Specify the URL parameter which identifies the beginning position of a video segment.
End flag
Specify the URL parameter which identifies the ending position of a video segment.
Download acceleration domains include an option to limit download speed by users.
Create a rule by specifying a URL pattern to match on objects in your domain and a speed limit to apply and then click the Add button.
If you create multiple rules, the first (topmost) one whose URL pattern applies will be used; the rest will not be used.
URL pattern
Enter a pattern in the URL pattern field to specify the content affected by the rule.
The URL pattern should begin with "/". Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or".
The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?". Use '$' to match files within a specific directory only.
For example, "/*.(jpg|png)" matches all jpg and png files.
The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.
The pattern "/*\?a=1" matches a URL with a query string of "?a=1".
The URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.
Speed limit
Specify the download limit in kilobytes per second.
You can delete a download speed rule by clicking its icon. Make a copy of an existing rule by clicking the Copy to Editor icon , and click Add Speed Limit after making changes.
Be sure to click the Deploy button to save your new rules.
QUANTIL supports additional advanced configuration options. Please contact us at support@quantil.com to discuss your needs.