We accelerate websites

15 days free trial Sign up

Media Acceleration Stream to the world

15 days free trial Sign up

Extensive Network Excellent world coverage

Custom HTTP headers

Introduction

To add custom HTTP headers to a certain content on your storage (and subsequently on CDN) you can make use of Apache .htaccess file on your storage. Please refer to Apache HTTP Server Tutorial: .htaccess files for more details.

Examples

Setting expiry headers

You can control cache expiry time of your content.

# 30 DAYS
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
    Header add Cache-Control "max-age=2592000, public"
</FilesMatch>

# 2 DAYS
<FilesMatch "\.(xml|txt)$">
    Header add Cache-Control "max-age=172800, public, must-revalidate"
</FilesMatch>

# 2 HOURS
<FilesMatch "\.(html|htm)$">
    Header add Cache-Control "max-age=7200, must-revalidate"
</FilesMatch>

# NO CACHE
<FilesMatch "\.(html|htm)$">
    Header add Cache-Control "no-cache"
</FilesMatch>

After changing origin HTTP headers you might need to purge your content from the CDN cache as it is cached with the old HTTP headers. Please refer to Setting a Cache Expiry Time for more details on cache control on CDN end.

Setting CORS

You can enable Cross Origin Resource Sharing (CORS).

<FilesMatch ".(eot|ttf|otf|woff)$">
	Header set Access-Control-Allow-Origin "*"
</FilesMatch>

After changing origin HTTP headers you might need to purge your content from the CDN cache as it is cached with the old HTTP headers. Please refer here for more details.

Setting MIME type

You can control MIME type of your content.

AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
AddType font/woff .woff    

After changing origin HTTP headers you might need to purge your content from the CDN cache as it is cached with the old HTTP headers. Please refer here for more details.

Force download

To force download of some content (e.g., PDF files) you can use the following.

<FilesMatch "\.pdf$">
        Header set Content-Type "application/octet-stream"
        Header set Content-Disposition "attachment"
</FilesMatch>  

After changing origin HTTP headers you might need to purge your content from the CDN cache as it is cached with the old HTTP headers.

Protection against directories scanning

Let's assume that you store your files on your CDN storage similarly to the following.

/public/b/f/k/bfk.mp3
/public/m/9/0/m90.mp3
/public/z/9/c/z9c.mp3

Let's assume that cdn.mycompany.com is the Service Domain of your push CDN service using the CDN storage as origin and that you have the URL http://cdn.mycompany.com/b/f/k/bfk.mp3 in your HTML source code.

Directories scanning

Attackers may start to scan http://cdn.mycompany.com to find more your files. By default (directory listing disabled) when they access http://cdn.mycompany.com/b/ then 403 (Forbidden) is returned (because directory listing is disabled) and when they access http://cdn.mycompany.com/does-not-exist/ then 404 (Not Found) is returned. This information helps attackers with directories scanning because they are able to find out if a directory exists (returns 403) or not (returns 404).

Protection against directories scanning

With the following you can configure your CDN storage and the corresponding push CDN service using the CDN storage as origin to return 404 (Not Found) for all directories.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [R=404,L]

All your files will still be returning 200 (OK) but all your directories (existing or not) will be returning 404 (Not Found). After changing origin HTTP headers you might need to purge your content from the CDN cache as it is cached with the old HTTP headers.

Notes

Use curl online tool to make sure that your origin content (content on your CDN storage) returns the desired HTTP headers.

Example

curl -I http://u8206939108129.s.push-12.cdnsun.com/photo.jpg
HTTP/1.1 200 OK
Date: Tue, 12 May 2015 14:35:22 GMT
Server: Apache
Last-Modified: Wed, 11 Feb 2015 18:54:49 GMT
ETag: "3b8001e-3395b-50ed489a99040"
Accept-Ranges: bytes
Content-Length: 211291
Cache-Control: public
Expires: Wed, 11 May 2016 14:35:22 GMT
Content-Type: image/jpeg 

Please note that the u8206939108129 in the above origin URL corresponds to the username of your CDN storage used to upload your data to it.

After changing origin HTTP headers you might need to purge your content from the CDN cache as it is cached with the old HTTP headers.

What next?

Read about the following topics.

 
             ___      ______     ___    
  ____      / _ \\   /_   _//   / _ \\  
 |    \\   / //\ \\  `-| |,-   | / \ || 
 | [] ||  |  ___  ||   | ||    | \_/ || 
 |  __//  |_||  |_||   |_||     \___//  
 |_|`-`   `-`   `-`    `-`'     `---`   
 `-`                                    
Europe
  • Amsterdam
  • Athens
  • Bucharest
  • Budapest
  • Chelyabinsk
  • Dubai
  • Dublin
  • Helsingborg
  • Helsinki
  • Istanbul
  • Karlskrona
  • Khabarovsk
  • Kharkov
  • Kiev
  • Kungalv
  • Lisbon
  • London
  • Madrid
  • Milan
  • Moscow
  • Odessa
  • Oslo
  • Paris
  • Polevskoy
  • Rostov-on-Don
  • Samara
  • Stockholm
  • Zagreb
America
  • Arlington
  • Atlanta
  • Chicago
  • Dallas
  • Denver
  • Green Bay
  • Los Angeles
  • Miami
  • Montreal
  • New York
  • Phoenix
  • Portland
  • Provo
  • Queretaro
  • Reston
  • Sacramento
  • San Jose
  • Sao Paulo
  • Seattle
  • Toronto
  • Washington
Contact
  • e-mail: info@cdnsun.com
  • skype: cdnsun.com
  • phone: +1 844 300 9206
  • phone: +420 776 256 872
Blog Twitter LinkedIn Facebook CrunchBase Google+ / Google plus Foursquare Pinterest