Loading...

CDN.com.tr Help

Write cache behavior with Add Rule

Configure domain/path cache key, TTL, methods/statuses, headers/cookies, optimization, and rate-limit rules.

Write cache behavior with Add Rule

Configure domain/path cache key, TTL, methods/statuses, headers/cookies, optimization, and rate-limit rules.

Panel path

  1. Management Panel
  2. CDN Accounts
  3. Advanced Management
  4. Add Rule
  5. Save / Apply Changes

What does Add Rule solve?

These examples use safe WordPress-origin scenarios for static files, query strings, headers/cookies, and sensitive session paths.

Static asset cache

Cache CSS/JS aggressively

Speed up assets with GET/HEAD, 200/301/302/304 responses, and a 1-day or longer TTL; remove campaign tracking parameters from the cache key.

Pull / Push / Hosting Default, CNAME, or Full DNS
WordPress session

Bypass admin, login, cart, and checkout

Bypass cache when a session or cart cookie is present; wp-admin and wp-login paths should never enter shared cache.

WordPress platform Custom domain
Header hygiene

Clean origin headers and debug safely

Ignore Set-Cookie or Cache-Control for cache decisions, hide X-Origin-Debug/X-Powered-By from users, and enable upstream debug only temporarily.

Pull CDN Every delivery method
Expensive endpoint

Rate-limit and allow-list query params

For API-like paths, include only content-changing query parameters in the cache key and set a request limit.

Dynamic origin Default, CNAME, or Full DNS

Prerequisites

  • An account and hostname must be selected.
  • Saving an Add Rule can trigger live deploy/apply flow; review path, domain, and rule order first.
  • Screenshots use values such as `www.example.com` instead of real customer domains.
  • For session-based apps such as WordPress, write admin/login/cart bypass rules before caching broadly.

Decision model

Scope first

Narrow the rule by domain, protocol, and path regex before changing behavior; broad `/` rules need deliberate review.

  • Service domain: which hostname is affected?
  • Type: is HTTP and/or HTTP-2 needed?
  • Path Regex: exact file, folder, or endpoint?

Cache key query model

Keep query parameters in the cache key only when they change the content; tracking parameters usually get removed.

  • Full query: every parameter creates a separate cache object.
  • Ignore all/listed: collapses campaign parameters.
  • Allow listed: keeps only parameters such as `lang` or `v`.

Bypass or TTL?

Personalized, cart, and admin content should bypass cache; static and anonymous content can receive TTL.

  • Bypass Cache: session/admin/cart paths.
  • Cache Expire Time: static and anonymous content.
  • Response TTL: separate durations for 404/500 and other statuses.

Header and cookie behavior

Ignoring an origin header for cache decisions is different from hiding it from the client.

  • Ignore Headers: remove headers from CDN cache decisions.
  • Hide Headers: do not expose response headers to the browser.
  • Bypass by Cookie: skip cache when the cookie is present.

Step-by-step guide

1

Open Add Rule from Advanced Management

Account-level presets set the broad behavior; Add Rule writes precise behavior for a domain/path.

  • Select the target account from CDN Accounts.
  • Open Advanced Management.
  • Click Add Rule.

Expected result: The rule modal opens and the new rule is prepared within the selected account scope.

cdnctl equivalent
cdnctl accounts list
export ACCOUNT_UUID=<selected_account_uuid>
cdnctl cdn advanced-rules list --account "$ACCOUNT_UUID" --format table
2

Narrow domain, protocol, and path regex scope

These fields decide which requests the rule matches; an overly broad regex can change the whole site.

  • Choose the hostname in Service Domain Name.
  • Select HTTP and/or HTTP-2.
  • Enter a file, folder, or endpoint pattern in Path Regex.
  • Choose a cache preset if needed.

Expected result: The rule matches only the target hostname and paths.

cdnctl equivalent
cat > rule-static-assets.json <<EOF
{"server_domain_names":["www.example.com"],"type":["http","http2"],"path_regex":"^/cdn-help/rules/(cache-demo\\.css|query-demo\\.json)$"}
EOF
cdnctl cdn advanced-rules validate --account "$ACCOUNT_UUID" --file rule-static-assets.json
3

Set cache key, TTL, methods, and statuses

For static files, remove tracking query parameters from the cache key and keep only real variants.

  • Choose Ignore listed params or Allow listed params in Cache Key Query Params.
  • Enter Cache Expire Time.
  • Limit Allowed Cache Methods and Allowed Cache Responses.
  • Add per-status TTL values when needed.

Expected result: Anonymous CSS/JSON objects are cached without splitting cache by unnecessary query parameters.

cdnctl equivalent
jq '. + {"cache_query_mode":"ignore_list","cache_query_params":["utm_*","gclid","fbclid","msclkid"],"cache_valid_time":"1 day","allowed_cache_methods":["GET","HEAD"],"allowed_cache_responses":["200","301","302","304"],"response_cache_times":{"200":"1 day","301":"1 week","302":"2 hours","304":"1 day"}}' rule-static-assets.json > rule-static-assets-cache.json
cdnctl cdn advanced-rules validate --account "$ACCOUNT_UUID" --file rule-static-assets-cache.json
4

Keep WordPress session paths out of cache

Admin, login, cart, and checkout paths should preserve origin behavior instead of returning cache hits.

  • Scope Path Regex to `/wp-admin`, `wp-login.php`, `cart`, or `checkout` paths.
  • Turn Bypass Cache ON.
  • Enter session/cart cookies line by line in Bypass by Cookie.
  • Add Request Limit or hotlink rules if needed.

Expected result: Session requests do not return shared cached content to another user.

cdnctl equivalent
cat > rule-wordpress-sensitive.json <<EOF
{"server_domain_names":["www.example.com"],"type":["http","http2"],"path_regex":"^/(wp-admin|wp-login\\.php|cart|checkout)(/.*)?$","bypass":"on","bypass_by_cookie":"wordpress_logged_in\nwoocommerce_cart_hash\nwp_woocommerce_session_","limit":30,"per_time":10}
EOF
cdnctl cdn advanced-rules validate --account "$ACCOUNT_UUID" --file rule-wordpress-sensitive.json
5

Connect headers, cookies, optimization, and debug

Decide separately whether origin headers affect cache decisions and whether they are exposed to browsers.

  • Use Ignore Headers for headers that should not affect cache decisions.
  • Use Hide Headers for headers that should not be exposed to clients.
  • Add request Custom Headers when needed.
  • Enable Debug upstream headers only during temporary testing.
  • Test Image optimization and Google pagespeed only on scoped paths.

Expected result: Origin headers are controlled deliberately and debug is not left enabled in production traffic.

cdnctl equivalent
jq '. + {"ignore_headers":["Cache-Control","Set-Cookie"],"hide_headers":["X-Origin-Debug","X-Powered-By"],"custom_headers":"X-Forwarded-Host: $host\nX-CDN-Rule-Debug: temporary","debug_upstream_headers":true,"image_optimization":"on","white_space":"on"}' rule-static-assets-cache.json > rule-headers-debug.json
cdnctl cdn advanced-rules validate --account "$ACCOUNT_UUID" --file rule-headers-debug.json
6

Save, watch deploy, and verify the public URL

Because Save can trigger live apply flow, the final check is path/domain/TTL/header based.

  • Review changed fields and rule order before saving.
  • After Save, watch Operations or Apply Changes status.
  • Test status, cache headers, hidden headers, and cookie bypass on the public URL.

Expected result: After operation success, matching requests show the new cache/header/rate-limit behavior.

cdnctl equivalent
cdnctl cdn advanced-rules create --account "$ACCOUNT_UUID" --file rule-headers-debug.json
cdnctl operations list --account "$ACCOUNT_UUID"
curl -I "https://www.example.com/cdn-help/rules/cache-demo.css?utm_source=test"
curl -I -H "Cookie: wordpress_logged_in=redacted" "https://www.example.com/wp-admin/"

Verification

  • Rule order and changed fields are reviewed.
  • Broad `/` regexes require explicit confirmation.
  • Debug upstream headers are turned off after testing.
  • After apply, public URL, status code, cache-key query behavior, and header/cookie result are verified with curl or browser devtools.
  • If cdnctl 0.1.2 does not expose advanced-rule commands yet, send the same payload through the public `/api/advanced_managements/{account_uuid}/store` API flow.

Use cases

WordPress admin/cart bypasses cache while static assets and anonymous JSON paths are cached deliberately.

Quick workflow

  1. Open Advanced Management.
  2. Scope the request with Add Rule.
  3. Fill cache, header/cookie, and security fields.
  4. After Save, verify operations and the public URL.

Checks

  • Rule order is clear.
  • Path regex is not wider than needed.
  • Debug headers are disabled after testing.
  • Changed fields are visible before save.

Related pages

Read WAF logs

Use WAF logs to explain blocked or challenged traffic without exposing internal log systems.

Purge cached content

Purge a path, saved path, or the whole account and separate CDN cache from browser cache.