Header

Description

Required

Authorization

Authorization string for the request

Yes

Host

URI for the QUANTIL SDK (i.e., api.quantil.com)

Yes

Date

The date and time of the request.

Yes

Accept

Indicates the accepted format (i.e., application/xml)

Yes

Element

Description

domain

container for information about the new domain.  This element must always be specified when creating or updating a domain.  (required)

version

version string, currently always 1.0.0.  This element must be specified as a child of the domain element when creating or updating a domain (required)

domain-name

name of the new domain.  This element must be specified as a child of the <domain> element when creating a new domain. (required)

service-type

type of service.  (required).   Example: web, wsa, download, or vodstream.   It must correspond to one of the QUANTIL products you have purchased.  You can call our API to get a list of services. This element must be specified as a child of the <domain> element when creating a new domain.

service-areas

a semicolon separated list of areas where acceleration applies.  Current legal values are cn, nc, euna, and apac which represent mainland China, near China, Europe/North America, and Asia Pacific, respectively.  The "nc" value should be specified if you require service in China but do not have an ICP license. This element must be specified as a child of the <domain> element when creating a new domain.  (required)

comment

An optional child of the <domain> element, this element lets you add a comment describing the domain.

non-acc-area-back2origin

An optional child of the <domain> element, this element's value can be set to true to indicate that requests in non-accelerated regions (i.e., regions not in the <service-areas> element)  will be handled by your origin servers which are defined in the <origin-config> element.

origin-config

container object describing the origin for your domain's content.  This element must be specified as a child of the <domain> element when creating a new domain. It must contain one <origin-ips> element. (required)   It can also contain one of each of these elements: <adv-origin-configs>, <origin-rules>, <default-origin-host-header>, <origin-protocol>, and <default-origin-port>.

origin-ips

lists either multiple IP addresses separated by semicolons OR a single domain name which serves as the origin. It is a child of the <origin-config> element.  (required)

default-origin-host-header

This optional element lets you specify a value that will be passed in the Host header in requests to the origin server.  This would override the default behavior which is to pass the domain name in the Host header.

origin-protocol

This optional element lets you specify the protocol used when connecting to your origin server. By default, the cache servers will use the same protocol used by a client requesting your content. You can specify either "http" or "https".

default-origin-port

This optional element lets you specify the port used when connecting to your origin server. By default, the cache servers will use the same port used by a client requesting your content.   Further customization can be down by creating custom origin rules using the <origin-rules> element.

adv-origin-configs

An optional container object which allows you to specify advanced origin configuration. It can be added as a child of the <origin-config> element. It can contain one each of the following elements: <detect-url> <detect-period>, and <adv-origin-config>.

detect-url

a URL used to check if the origin server is available. QUANTIL will periodically access this URL. The frequency is controlled by the value of the <detect-period> element.

detect-period

how often (in seconds) that QUANTIL will connect to the URL specified in the <detect-url> element to check if the origin is available.

adv-origin-config

A container object for specifying additional origin configuration. It can contain the following child elements: <master-ips> and <backup-ips>.

master-ips

a list of IP addresses separated by semicolons.  If specified, these IPs override those in the <origin-ips> element.

backup-ips

a list of IP addresses separated by semicolons.  The backup origin IPs are used if master ones are unavailable.

origin-rules

An optional container object for defining custom origin rules. It can be added as a child of the <origin-config> element.  It contains one or more <origin-rule> elements described below. The rules will be processed in the order specified and stop after the first one that applies.

origin-rule

This object describes a custom origin rule. It can contain the following child elements: <origin-rule>, <path>, <ignore-case>, <file-extensions>, <origin-ips>, <origin-port>, <origin-host-header>, <modified-option>, <modified-path>, <header-name>, and <header-value>.

path

Enter a pattern to specify the content affected by the custom origin rule.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character. The "|" character represents "or". Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".  

For example, the URL pattern /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern /$.jpg would only match the file /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1" matches a URL with a query string of "?a=1".

ignore-case

true or false to indicate if a case insensitive match should be performed

file-extensions

A semicolon separated list of file extensions that the origin rule applies to.  The file extensions should not be preceded by the period character.  Example: avi;mov. You can leave the field empty to match on all files. The character '*' can be specified to match on all files with a file extension.

origin-ips

one or more origin IPs separated by semicolons or commas OR a single domain name. If you omit values here, we will use the setting from the <origin-ips> element of the <origin-config> element described above.

origin-port

enter a port to fetch content from your origin server.  This element is useful if you use a non-default port (for example, port 8100 rather than port 80)

origin-host-header

used to pass a custom value for the Host header when content is requested from the origin server.

modified-option

Optional element which lets you choose one of three ways to control how content is fetched from your origin server.  If this element is specified, you must also specify the <modified-path> element.

As an example, let’s assume that <path> for the <origin-rule> is “/images/*” and <modified-path> is “/newpath/”.

Specify '0' for <modified-option> to fetch from a path relative to the modified path.  This means files on the path /images/* will be requested from the origin through the path /newpath/images/*.

Specify '1' for <modified-option> to fetch files from the modified path, ignoring the original path. This means files on the path /images/* will be requested from the origin through the path “/newpath/*”.

Specify "2" for <modified-option> to fetch from a specific file on the origin server. In our example, this means fFiles will be requested from the origin using the single file “/newpath” . In other words, requests for images/a.jpg and images/b.jpg both map to a request for /newpath from the origin server.

modified-path

This element works in conjunction with the <modified-option> element as described above.

header-name

This element lets you specify the name of an HTTP header that must be matched for the origin rule to apply. It works in conjunction with the <header-value> element.

header-value

This is the value of the HTTP header specified in the <header-name> element.  You can use POSIX compliant regular expressions.  For example, a value of "itspod=2.*|itspod=3.*" means you want to match against a header whose value begins with "itspod=2" or "itspod=3".

cache-behaviors

This optional container object lets you define caching rules for your content. It is added as a child of the <domain> element. It contains one or more <cache-behavior> elements. Caching rules are processed in the order listed. Only the first applicable one will be used. If none are specified or none are applicable, QUANTIL will cache using default settings.

cache-behavior

Defines a caching rule.  It contains the following elements:  <path-pattern>, <cache-ttl>, and <ignore-cache-control>.

path-pattern

Enter a pattern in the URL Pattern field to specify the content affected by the caching rule.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or". Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".  

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg. The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

cache-ttl

Enter the number of seconds that content should be cached on the server if the origin response header does not have a max-age directive.  

ignore-cache-control

Can be true or false to specify if you want cache servers to ignore the no-cache directive from your origin servers.  If you set it to true, then the cache-ttl value will always apply. The default value is false.

honor-expires

Set to true to specify that the origin's Expires header and max-age directive are respected. Set to false to ignore those settings and use the cache-ttl value. The default value is false.

query-string-settings

This optional container object lets you specify how URL query strings are handled. It is added as a child of the <domain> element. It can contain one or more <query-string-setting> child elements each defining a rule. These rules are processed in the order listed. Only the first applicable one will be used.  Due to the complexity of this field, we recommend that you use the QUANTIL portal to create your query string setting rules.

query-string-setting

a container object allowing you to define a rule for handling URL query strings.  It contains the following child elements: <path-pattern>, <ignore-query-string>, and <source-with-query>.

path-pattern

Enter a pattern to specify the content affected by the query-string-setting rule.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or". Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.   The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

ignore-query-string

Can be true or false to control whether you want to treat URLs the same regardless of their query strings. For example, true means http://domain.com?a=123 returns the same content as http://domain.com.

ignore-query-string-exception

A semicolon separated list of query parameters that are treated as exceptions. If <ignore-query-string> is true then exceptions would be factored into the URL.  If <ignore-query-string> is false, then exceptions would be excluded. Only alphanumeric and the underscore characters are permitted as query parameter exceptions. For example, <ignore-query-string-exception>parameter1_2</ignore-query-string-exception> is permitted.

source-with-query

Can be true or false. This option is related to the <ignore-query-string> element described above. If you specify true for ignore-query-string, you can also specify whether or not query strings are passed when referencing content from your origin server.

source-with-query-exception

A semicolon separated list of query parameters that are treated as exceptions to <source-with-query> when accessing the origin server. If <source-with-query> is true, the exceptions listed here will be omitted in the request to origin. If <source-with-query> is false, the exceptions listed here will be included in the request to origin.  Only alphanumeric and the underscore characters are permitted as query parameter exceptions.

visit-control-rules

This optional container object lets you define rules to allow or prevent access to your content. It is added as a child of the <domain> element.  Create rules by specifying one or more <visit-control-rule> child elements. Rules are processed in the order specified. If you have created multiple rules, access will be restricted by the first one that rejects the request.

visit-control-rule

A container object defining an access rule which  lists  valid referrers, invalid referrers, or IP addresses forbidden from accessing the content.  It can contain the following child elements: <path-pattern>, <allownullreferer>, <valid-referers>, <invalid-referers>, <forbidden-ips>, <forbidden-area>, <allowed-ips>, <allowed-header-name>, <allowed-header-value>, and <forbidden-header-value>.

path-pattern

Enter a pattern in the URL Pattern field to specify the content affected by the rule.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or". Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

allownullreferer

specify true or false to permit empty referrers.

valid-referers

list of referring domains that are allowed access. Specify each in a <referer> element.

referer

This element lets you specify a domain name. One or more of these elements can appear within a <valid-referers> or <invalid-referers> element.

invalid-referers

list of referring domains which are denied access to the content. Specify each domain in a <referer> element.

forbidden-ips

a semicolon separated list of IP addresses which are denied access.  You can enter an individual IP like 12.34.56.78 or one with a mask  12.34.56.78/24.

forbidden-area

a semicolon separated list of ISO 3166 country codes which are denied access to the content. Refer to the list of supported country codes.

allowed-ips

a semicolon separated list of IP addresses which are allowed access.  You can enter an individual IP like 12.34.56.78 or one with a mask 12.34.56.78/24.

allowed-header-name

This element lets you specify an HTTP header whose value must match what is specified in the <allowed-header-value> element to permit access.  If there is no match, the client will get a 403 Forbidden HTTP response. Instead of specifying the <allowed-header-value> element, you can specify the <forbidden-header-value> element. It is essentially the inverse. If the header matches the value in <forbidden-header-value> then 403 Forbidden is returned rather than the content.

allowed-header-value

This is specified in conjunction with the <allowed-header-name> element. The value of the HTTP header named in that element must match this element's value for the client request to be served. Otherwise, 403 Forbidden is returned.   Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.  For example, if <allowed-header-name> is User-Agent, you could specify the value "*Chrome*"  to accept any request whose User-Agent header contains "Chrome".  If you specify this element, then you cannot specify <forbidden-header-value> within the same rule.

forbidden-header-value

This is specified in conjunction with the <allowed-header-name> element.  If the value of the HTTP header named in that element matches the value specified in this element, then a 403 Forbidden HTTP response is returned. Otherwise, the content is served.   Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.  For example, if <allowed-header-name> is User-Agent, you could specify the value "*Chrome*" to reject any request whose User-Agent header contains "Chrome".  If you specify this element, then you cannot specify <allowed-header-value> within the same rule.

log-option

This required container object lets you control log storage. Specify this element when creating a new domain.  Storing logs longer may result in higher storage costs.  The log file size will vary depending on traffic to your domain, of course. This object should contain a <log-storage-day> element and a <timezone> element. (required)

log-storage-day

Enter the number of days that raw log files will be stored on QUANTIL's log servers.  The value should be an integer between 1 and 60.

timezone

This field lets you specify the time zone to partition raw log entries for calculating 'daily' statistics.

The time zone is relative to GMT, so its value can be -12 to 12.

download-notify-rules

This optional container object describes rules to notify you when your users request content. Think of it as a receipt to confirm downloads. This element is added as a child of the <domain> element.  It can contain one or more <download-notify-rule> elements.  If multiple rules apply to a user's request, each will trigger notification separately according to the rule.

download-notify-rule

This object describes a rule for notifying you when content is accessed. It can contain the following child elements: <path-pattern>, <except-path-pattern>, <non-notify-status-code>, <ignore-case>, <notify-http-method>, <notify-url>, <notify-param>,  <decimation-factor>, and <custom-headers>.

path-pattern

Enter a pattern to specify the content affected by the rule.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or".  Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

except-path-pattern

Enter a pattern for content that are exceptions to the <path-pattern> specified earlier.

non-notify-status-code

a semicolon separated list of HTTP response codes which do not need to trigger notification. For example, 500;501

ignore-case

Specify true or false to indicate whether a case insensitive match should be performed.

notify-http-method

Specify GET or POST to indicate whether the notification URL should be requested using a GET or POST method.

notify-url

Specify the URL which should be requested when content matching the notification rule is accessed. If the URL contains a hostname only, you must terminate it with a "/" character, for example:  http://notify.quantil.com/.

notify-param

Enter parameters to pass to the notification URL.  These should be in the format param=value&param1=value1&param2=value2...

A parameter value can be either a fixed string OR one of a number of keywords which begin with the character "#".   Refer to the list of supported keywords below.

If you specify a keyword, the actual value that will be passed to the notification URL will be determined in real time based on the request made by the user.

For example, take this notification parameter setting:

  clientIP=#client-ip&userAgent=#header{User-Agent}&account=#cookie{account}

It would pass three parameters to your notification URL:

1) a clientIP parameter with the value of the IP address of the user's request

2) a userAgent parameter  with the value of the User-Agent making the request

3) an account parameter with the value of the cookie named 'account'.

decimation-factor

Enter a value between 1 and 32767 to control the frequency you are notified of requests for your content. The default of 1 means each visitor request matching the rule will fetch your <notify-url>.  Changing the value to another number N means you will be notified approximately once every N visits to the content.

custom-headers

This element lets you pass custom HTTP headers to your download notification URL. A header name and its value should be separated by a colon while multiple custom headers should be separated by semicolons. For example,   header1:value1;header2:value2

http-header-rule

An optional object which can contain a <date-update> element and a <header-modify-rules> element.  This element can be added as a child of the <domain> element.

date-update

Specify true or false . By default, the HTTP header "Date" in the response generated by the cache server is the time when the content was cached. If this setting is true, the "Date" header will be the current time when the response was generated.

header-modify-rules

This optional container object allows you to define rules to customize the HTTP headers in requests or responses to your content. It contains one or more <header-modify-rule> elements.  If multiple rules are specified, all will be processed in the order specified.

header-modify-rule

This container object describes a rule which adds, deletes, or modifies an HTTP header.  It contains one of each of these elements: <path-pattern> <header-direction>, <header-name>, <allow-regexp>, <action>,  <header-value>.

path-pattern

Enter a pattern to specify the content affected by the rule.  The pattern should begin with "/". Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.  The '|' character represents "or".   Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

header-direction

Specify cache2origin if the header rule applies to requests to the origin server. Specify cache2visitor if the header rule applies to the response to the web browser.

header-name

Name of the HTTP header to add, delete, or modify. It must match one of the supported headers listed below.   However, if  <action> is delete and the <allow-regexp> field is set to true, then <header-name> will be treated as a regular expression so that all headers that match the regular expression will be deleted.  When specifying a regular expression, the character ^ is used to represent the starting point while the character * is used to indicate a match on any character.  For example, specifying a value of <header-name>^C*</header-name> would cause all headers beginning with 'C' to be deleted.  The regular expression match is case sensitive and would remove headers which normally have restrictions against being deleted.

allow-regexp

true to indicate that the <header-name> field should be treated as a regular expression. This value only applies if the <action> is delete.  <header-name> will NOT be interpreted as a regular expression if <action> is add or set.

action

Specify the value set to modify an HTTP header, delete to remove an HTTP header, or add to add an HTTP header.  The permitted action depends on the header-name.  Refer to the list of headers and actions below.

header-value

Specify the new value of the header if modifying or adding one, i.e.,  <action>set</action> and <action>add</add>, respectively.

cname

This optional element  lets you specify an alternate CNAME to use for your new domain. Its value can be the existing CNAME of another domain, the value 'Random.cdn20.com', the value 'Random.whecloud.com', <domain name>.cdn20.com, or <domain name>.whecloud.com.    The suffix cdn20.com' must be used if your domain has an ICP license for service in China. The suffix whecloud.com must be used if your domain does NOT have an ICP license.   Specifying Random.cdn20.com or Random.whecloud.com means QUANTIL will randomly generate a CNAME  under cdn20.com or whecloud.com.  <domain name> must match the value of the required element <domain-name> described above.  If the <cname> element is unspecified, a  CNAME of the form <domain name>.cdn20.com or <domain name>.whecloud.com will be assigned to your domain.

ssl

This optional container object can be added to the <domain> element if SSL is used.  It can contain one <use-ssl> element, one <use-for-sni> element, one <ssl-certificate-id> element, and, optionally,  <ssl-cipher-suite>, <min-tls-version>, and <max-tls-version> elements.

use-ssl

true or false to indicate whether the domain uses SSL. If true, the <ssl-certificate-id> sibling element must also be specified.

ssl-certificate-id

refers to the id representing an SSL certificate. This ID is returned when adding an SSL certificate. If using SNI, the certificate must be one that you uploaded yourself rather than a QUANTIL shared certificate.

use-for-sni

Specify true or false indicating whether to use SNI (Server Name Indication) to provide SSL support for your domain.

ssl-cipher-suite

This optional object is used to specify a semicolon separated list of cipher suites which are permitted when clients negotiate security settings to access your content. Cipher suites which you can specify are: LOW, ALL:!LOW, HIGH, !EXPORT, !aNULL, !RC4, !DH, !SHA, !MD5, @STRENGTH,  AES128-SHA, AES256-SHA, AES128-SHA256, AES256-SHA256, AES128-GCM-SHA256, AES256-GCM-SHA384, ECDHE-RSA-AES128-SHA, ECDHE-RSA-AES256-SHA, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-SHA384, ECDHE-RSA-AES128-GCM-SHA256, and ECDHE-RSA-AES256-GCM-SHA384. These cipher suites are a subset of those supported by OpenSSL, https://www.openssl.org/docs/man1.0.2/apps/ciphers.html. Please note that !MD5 or !SHA must appear after HIGH.

min-tls-version

This optional element allows you to specify the minimum version of TLS required for visitors to your content. Legal values are TLSv1, TLSv1.1, and TLSv1.2. Older versions are less secure and may be deprecated.  However, specifying a newer version such as TLSv1.2 may prevent some older browsers from accessing your content.  The default minimum is TLSv1.1.

max-tls-version

This optional element allows you to specify the maximum version of TLS supported for visitors to your content. Legal  values are TLSv1, TLSv1.1, TLSv1.2, and nolimit.  Older versions are less secure and may be deprecated.  The default maximum is TLSv1.2.

cache-key-rules

This optional container object lets you customize the cache key used to access an entry in our cache servers by specifying one or more <cache-key_rule> elements.  Rules will be processed in the order specified. You can confirm the cache key used by QUANTIL by passing the request header "Pragma : X-Get-Cache-Key" while requesting your domain's content.  A response header called X-True-Cache-Key will contain the cache key.

cache-key-rule

This element describes a cache key rule.  It includes a <path-pattern> element, an <ignore-case> element, and a <header-name> element.

path-pattern

Enter a pattern to specify the content affected by the cache key rule.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or".

Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

ignore-case

Specify true or false to indicate if a case insensitive match should be performed when matching against <path-pattern>.

header-name

Enter the name of an HTTP header whose value should be incorporated into the cache key.  Cookies are a special case of this. Incorporate a cookie by specifying Cookie:cookieName in the <header-name> element. For example, specify Cookie:mycookie if you want to use the value of mycookie.

cache-host

This optional container can be used to control whether multiple domains should share a cache entry on QUANTIL’s servers.  By default, the cache entry will be selected based on the value of the Host request header specified by the browser.  This means each domain has a unique cache entry which must be refreshed from your origin servers.  If you wish to use domain sharding whereby multiple domains share the same origin, you can make them share the same cache entry thereby minimizing requests to your origin servers. The value you enter here should be your domain name, the origin domain, a subdomain of either domain, or one of the origin IP addresses.  For example, if your domains share the common' origin "origin.com", you can set <cache-host> for each domain to "origin.com" or "subdomain.origin.com".

authorize-request-to-origin-rules

This optional container object can be added to the <domain> element to specify that requests for content must be authorized by your origin servers. It contains one or more <authorize-request-to-origin-rule> elements which describe which content must be authorized.  Your origin server could reject the request with HTTP response code 403.

authorize-request-to-origin-rule

This container object describes content that requires authorization before it can be served to the requester. It contains a <path-pattern> element and an <ignore-letter-case> element.

path-pattern

Enter a pattern in the URL Pattern field to specify the content affected by the <authorize-request-to-origin-rule> element.

The URL pattern should begin with "/".  Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or".

Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?".

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

ignore-letter-case

Ignore the case of the URL when checking the request for the <authorize-request-to-origin-rule> element.

rewrite-rule-settings

This optional container object can be added to the <domain> element to redirect requests from one URL to another. You can define rules to redirect based on geographic location, the path, the value of the User-Agent header, or between HTTPS and HTTP. Specify rules by adding one or more <rewrite-rule-setting> elements. These rules are processed in the order listed. Only the first applicable one will be used. Please refer to our examples to help you configure your domain.

rewrite-rule-setting

This element defines a rule to rewrite the URL. It must contain <path-pattern>, <rewrite-type>, <before-value>, <after-value>, and <ignore-query-string> elements.  The following optional elements allow you to further customize the rewriting of the URL: <rewrite-uas>, <rewrite-area>, <rewrite-method>, <request-header>, and <except-path-pattern>.

path-pattern

Enter a pattern to specify the content affected by the rewrite rule.

Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or".

Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

The pattern "*" matches all URLs.

rewrite-type

Specify protocol if you simply want to switch between HTTP and HTTPs protocols. Specify url to rewrite the URL.

before-value

This element indicates the original protocol or URL. If <rewrite-type> is protocol, then specify either http or https. For example, if you want to force HTTPS to be used then specify http in the <before-value> element and https in the <after-value> element.  If <rewrite-type> is url, then specify a URL beginning with "http://" or "https://". Use the wildcard character "*"  to match any character. For example, if you want to redirect from http://www.domain.com, specify that in this element.

after-value

This element indicates the rewritten protocol or URL. If <rewrite-type> is protocol, then specify either http or https. If <rewrite-type> is url, then specify the URL you wish to redirect to. It should begin with "http://" or "https://". Use the wildcard character "*" to match any character.   Please note that if your original URL in <before-value> has a query string, you cannot specify a different query string for the rewritten URL.

ignore-query-string

If <rewrite-type> is url, then specify true to omit  query strings in the rewritten URL, or false to retain query strings in the rewritten URL.  If <rewrite-type> is protocol, this field is ignored; query strings will be kept in the rewritten URL.

rewrite-uas

This optional element lets you specify a semicolon separated list of user agents that your rewrite rule applies to. Use the wildcard character "*" at the beginning or end of the value to do a fuzzy match on user agents. For example, you can specify “*Phone;iPhone*”, but “Ph*ne” is invalid because the wildcard character appeared in the middle of the string.

rewrite-area

This optional element lets you specify a semicolon separated list of country codes indicating which countries your rewrite rule applies to. Refer to the list of supported country codes. For example, "US;CN" means the rewrite rule applies to visitors from the United States and China.

rewrite-method

This element indicates the HTTP status code to return. It should be either 301, 302, 303, or 307.

request-header

This optional element lets you enter an HTTP header and value to match against.

except-path-pattern

Enter a pattern for content that are exceptions to the <path-pattern> specified earlier.

attack-detection-rule

This optional container can be added as a child of the <domain> element to configure how to detect and handle a malicious attack against your content.  It can contain <path-pattern>, <except-path-pattern>, <ignore-case>, <single-ip-requests>, <single-ip-origin-requests>, <statistics-period>, <allowed-ips>, <action>, and <limit-time> elements.

path-pattern

Enter a pattern to specify the content affected by the attack detection rule.

Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or".

Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

The pattern "*" matches all URLs.

except-path-pattern

Enter a pattern for content that are exceptions to the <path-pattern> specified earlier.

ignore-case

Specify true or false to indicate whether a case insensitive match should be performed when matching on the patterns.

single-ip-requests

Specify the maximum number of requests coming from a single IP during the statistics period before it is identified as an attacker.

single-ip-origin-requests

Specify the maximum number of requests to origin coming from a single IP during the statistics period before it is identified as an attacker.

statistics-period

Specify a time period in seconds.  The default is 60 seconds. Excessive requests from an IP during this period will be considered as an attack.

allowed-ips

Specify IP addresses which should never be considered attackers.  Separate multiple IP addresses using semicolons.  You can enter an individual IP address or use CIDR notation, for example, 123.45.67.89;123.45.67.0/24.

action

Specify what to do if there are too many requests originating from an IP address. You can specify 'log' which will simply log the event internally, or you can specify either 'deny' or 'disconnect' to reject additional requests from the IP address.

limit-time

Specify the number of minutes the action should apply to future requests once an attack is detected. If requests continue to come from an IP address identified as an attacker, the enforcement period will be extended.  If you do not specify a value for <limit-time>, the action will apply to the remainder of the <statistics-period>.  For example, if <statistics-period> is 60 seconds and an attack is identified at 40 seconds, then the enforcement will be for the remaining 20 seconds.

compression-settings

An optional container allowing you to specify which file types should be compressed when responding to clients. When files are compressed, an additional HTTP response header "Content-Encoding: gzip" is sent to the client. It contains the following elements:  <compression-enabled>, <path-pattern>, <ignore-case>, and <file-types>.

compression-enabled

Specify true to enable compression according to your rule.

path-pattern

Enter a pattern to specify the content affected by the attack detection rule.

Fuzzy string matching is supported. Use '*' as the wildcard character which matches any character.   The "|" character represents "or".

Use '$' to match files within a specific directory only.  The character "?" indicates the preceding character is optional. If you want to check for the literal '?', enter it preceded by a backslash as "\?

For example, the URL pattern  /*.jpg would match files /a.jpg and /dir/a.jpg, but the URL pattern  /$.jpg would only match the file  /a.jpg.  The pattern /dir/$.jpg would match all JPEG files within the /dir/ directory including /dir/a.jpg.

The pattern "/*.(jpg|png)" matches all jpg and png files.

The pattern "/abc?.jpg" matches jpg files ab.jpg and abc.jpg.

The pattern "/*\?a=1"  matches a URL with a query string of "?a=1".

The pattern "*" matches all URLs.

ignore-case

Specify true or false to indicate whether a case insensitive match should be performed when matching on the patterns.

file-types

Specify the MIME file types that should be compressed.  Text files are compressed by default.  For example, if you specify "application/;image/jpeg", then text files, applications, and JPEGs will be compressed.

back2origin-read-timeout

This optional child element of the <domain> object lets you specify a custom read timeout in seconds for requests from QUANTIL's servers to your origin. By default, there is an origin read timeout of 1 minute for Web Acceleration and Web Acceleration - Static Only domains along with a 2 minute read timeout for Download Acceleration and Video Acceleration domains.

back2origin-connect-timeout

This optional child element of the <domain> object lets you specify a custom connection timeout in seconds for requests from QUANTIL's servers to your origin. The default is 15 seconds.  You can specify any integer value from 1 to 15 seconds.

Keyword

Actual value

#attackflag

This flag indicates whether the request appears to be associated with an attack on your domain.  Refer to the list of possible values of #attackflag.

#cache-ip

IP address of edge node serving the user's request

#cachehit

HIT indicates the request is handled by an entry in our cache; MISS means the content must be fetched from the origin.

#cdnplatform

Indicates the service type

#client-ip

IP address of the user's request

#client-isp

Indicates the client's ISP, for example, "chinamobile" or "other".

#client-tls-cipher

Indicates the cipher suite used for the TLS (SSL) connection

#client-tls-sni-name

The hostname that a client initiating a TLS (SSL) connection is attempting to connect to. It is only sent by clients supporting SNI (Server Name Indication).

#client-tls-version

Indicates the TLS version used for the TLS (SSL) connection. Example versions include "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2", and "unknown"

#cookie{xxx}

This lets you obtain any cookie named xxx.  For example, #cookie{account} would retrieve the value of a cookie named 'account'.

#error-code

The notification URL will receive a value in the format  client error-origin error  which indicates any problems that occurred with the request from the client to the CDN or from the CDN  to the origin. Refer to the list of possible client error values below and the list of possible origin error values.  For example, ERR_NONE-ERR_NONE is the ideal value indicating no problems between the client and the CDN and the CDN to the origin.

#first-byte-served

1 to indicate the first byte of the object was serviced; 0 otherwise.

#header{xxx}

Obtain any HTTP header named xxx from the original request.  For example, specify #header{User-Agent} to get the value of User-Agent

#last-byte-served

1 to indicate the last byte of the object was serviced; 0 otherwise.

#object-content-length

The original file size

#origin-host

The origin's domain name

#origin-ip

The origin's IP address

#origin-status-code

The HTTP response code from the origin server

#protocol

Indicates the protocol of the user's request ("http" or "https").

#reply-body-size

Size of the reply

#request-host

HOST request header

#request-id

a unique id representing the request

#request-method

The HTTP request method used to access the origin

#request-uri

HTTP request uri

#request-url

URL of the HTTP request

#request-version

Indicates the version of HTTP used in the user's request, either "HTTP/1.0", "HTTP/1.1", or "HTTP/2.0".

#response-time

Response time in milliseconds. It is the time between receiving the request's last byte and serving the last byte of the response.

#round-trip-time

The time in microseconds taken by a packet to travel to the destination and back

#status-code

an HTTP response code for the user's request

#timestamp

Current time

#total-bytes-served

Indicates the total number of bytes in the HTTP response including the size of the response body, the response headers, and the status line.

Attack flag value

Description

NONE

This indicates the request is not associated with an attack.

ATTACK_TIMES_TOTAL

This value is returned if there have been too many requests within a short period of time from a single IP address.

ATTACK_TIMES_MISS

This value is returned if there have been too many requests within a short period of time from a single IP address which resulted in cache misses.

ATTACK_TRAFFIC_TOTAL

This value is returned if the requests from a single IP address generated an excessive amount of traffic within a short period of time.

ATTACK_TRAFFIC_MISS

This value is returned if the requests from a single IP address resulted in cache misses and generated an excessive amount of traffic within a short period of time.

Client error code

Description

ERR_NONE

There were no problems with the connection from the client to the CDN node. Please note that this code will be returned even if the origin returns a 5xx response to the request or the client request is rejected due to an authorization error because the connection worked as expected.

ERR_CLIENT_ABORT

This indicates the client closed the connection, for example, before the CDN has served all the bytes of the response.

ERR_WRITE_TIMEOUT

This indicates the CDN node failed to finish a response to the client request.

Origin error code

Description

ERR_NONE

There were no problems with the connection from the CDN node to the origin server.  Please note that this code will be returned even if the origin returns a 403 or 404 error because the connection worked as expected.

ERR_CONNECT_TIMEOUT

This indicates the CDN could not establish a connection to the origin server.

ERR_READ_TIMEOUT

This indicates the CDN connected to the origin server which returned one of the following response codes: 500, 503, 504, 400.

ERR_UNABLE_TO_GET_ISSUER_CERT

When verifying the origin certificate, we were unable to look up the issuer certificate. This normally means the list of trusted certificates is not complete.

ERR_CERT_NOT_YET_VALID

The origin certificate is not yet valid. The current time is earlier than the notBefore date in the certificate.

ERR_CERT_HAS_EXPIRED

The origin certificate has expired.  The current time is after the notAfter date in the certificate.

ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD

The origin certificate has an invalid notBefore date.

ERR_ERROR_IN_CERT_NOT_AFTER_FIELD

The origin certificate has an invalid notAfter date.

ERR_DEPTH_ZERO_SELF_SIGNED_CERT

The origin certificate is self signed, and the same certificate cannot be found in the list of trusted certificates.

ERR_CERT_OTHER

There is some other error in the origin certificate besides ERR_UNABLE_TO_GET_ISSUER_CERT, ERR_CERT_NOT_YET_VALID, ERR_CERT_HAS_EXPIRED, ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, or ERR_DEPTH_ZERO_SELF_SIGNED_CERT.

Header Name

Allowed Operation

Request/Response

Accept

Add, modify, delete

Request only

Accept-Charset

Add, modify, delete

Request only

Accept-Encoding

Add, modify, delete

Request only

Accept-Language

Add, modify, delete

Request only

Accept-Ranges

Add, modify, delete

Request only

Content-Base

Modify

Response only

Content-Disposition

Modify

Response only

Content-Encoding

Modify

Response only

Content-Language

Modify

Response only

Content-Location

Modify

Response only

Content-MD5

Modify

Response only

Content-Range

Modify

Response only

Content-Type

Modify

Response only

Cookie

Add, modify, delete

Request only

Referer

Modify

Request only

Set-Cookie

Add, modify, delete

Response only

Server

Modify

Response only

User-Agent

Modify

Request only

Vary

Add

Response only

Element

Description

response

container for additional information from the QUANTIL server.

message

a message returned by the QUANTIL server.  If the domain was successfully created, the text will be 'success'.

code

This element appears if an error occurs. The body will be an error message such as "DomainAlreadyExists".  Refer to the error list below.

Error

Description

HTTP status code

DomainAlreadyExists

The domain name you specified is already in our system.

409

ICPNotFound

We are unable to find the ICP number for the domain you specified. An ICP license is required for service in China.

400

InvalidCNAME

The CNAME must match an existing CNAME or be in the format 'Random.cdn20.com', 'Random.whecloud.com', 'DomainName.cdn20.com', or 'DomainName.whecloud.com'. Cdn20.com should be used if your domain has an ICP license for service in China while whecloud.com should be used if your domain does not have an ICP license.

400

InvalidFields

Incorrect values were used for a field.  The response's message will provide more details about the specific problem

400

InvalidOrigin

The origin configuration is not valid

400

MissingBody

This operation requires a body. Ensure that the body is present and the Content-Type header is set.

400

NoSuchCertificate

The certificate id was not found.

404

SSLCertNotSupportDomain

The SSL certificate does not support the domain.  The domain is not listed in the certificate's Common Name or Subject Alternative Name field.

400