Support

Find answers, guides, and tutorials to supercharge your content delivery.

How to Use X-Pull

Updated on October 4, 2018

The KeyCDN X-Pull feature allows you to restrict CDN traffic to your origin server. This feature is available for all Pull Zones and can be found within the dashboard by navigating to your Zone settings.

Setting up X-Pull

The following section will step through the process of configuring the X-Pull header with KeyCDN and your origin server. There are various methods that may be used depending on the origin server and framework you are using. The following shows examples for both Apache and Nginx.

  1. Define your secret key within the X-Pull Key setting in your Zone settings. This value can be set up to a custom 15 alphanumeric value.

  2. For users who are using a PHP-based framework, adding the following configuration to your origin server will return a 405 error on Nginx and a Forbidden error on Apache. This configuration links to the PHP-FPM processor thus returning an error for all requests that send the X-Pull header and are associated with PHP such as your CDN pages (e.g. cdn.example.com or example-hexid.kxcdn.com).

    Nginx

    Nginx users can add the following to their configuration file.

    location ~ \.php$ {
        if ($http_x_pull ~* "secretkeyname") {
            return 405;
        }
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
    

    Apache

    Apache users can add the following snippet to the .htaccess file. Ensure that you add the snippet at the top of your .htaccess file, otherwise it may not work. The following configuration will return a 403 Forbidden error for all pages using the CDN URL.

    RewriteEngine On
    RewriteCond %{HTTP:X-Pull} secretkeyname
    RewriteRule \.(html|php)$ - [F]
    
  3. Use the HTTP Header Checker tool to verify if you are receiving the expected response when a request is made with the X-Pull Key.

    Once the steps above are configured on your origin server, be sure to purge your Zone cache and try to access a page using your CDN URL. If you receive a 405 error then you have properly configured X-Pull for this use case.

This logic can be modified for various use-cases depending on which framework is being used and the goal you wish to achieve.

The X-Pull feature can also be used for users who may want to distinguish between KeyCDN traffic and other traffic. For instance, since the X-Pull header is added to all of our HTTP requests, you can use this method to prevent a firewall from blocking KeyCDN.

Supercharge your content delivery 🚀

Try KeyCDN with a free 14 day trial, no credit card required.

Get started
KeyCDN uses cookies to make its website easier to use. Learn more