MaxCDN for XenForo [Deleted]

[Adam Howard]

Adam Howard submitted a new resource:

MaxCDN for XenForo (version 1.0) - Use MaxCDN with XenForo to help speed things along

MaxCDN is a popular CDN Network (Content Delivery Network) which helps speed up your performance.

What is a CDN and how does it work?

A content delivery network (CDN) is a large distributed system of servers deployed in multiple data centers in the Internet The goal of a CDN is to serve content to end-users with high availability and high performance. CDNs serve a large...

Read more about this resource...

 

[TheBigK]

Wow! That's awesome. I think with that idea, I can try and figure out how to configure Rackspace CloudFiles or Amazon CloudFront with XenForo.

 

[DRE]

5 stars bro!

 

[DRE]

How do you delete a pull zone?

 

[DRE]

nvm I found it under settings.

 

[Banana Pup]

Does MaxCDN allow you to set /data to 777? I use Rackspace CDN but only for my styles and JS as they do not offer file permissions to folders.

 

[DRE]

Should we put all of this in our subdomain that we're using for Max CDN?

http://support.netdna.com/knowledgebase/htaccess-examples/

#The top of your .htaccess file
RewriteEngine On
IndexIgnore *
Options +FollowSymLinks -Multiviews -Indexes
######################################################################
# Because some browsers won't really recognize fonts as legetimate files when comeing from CDN
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
<FilesMatch "\.(ttf|otf|eot)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>
######################################################################
<IfModule mod_headers.c>
        # properly handle requests coming from behind proxies
        Header append Vary User-Agent
        <FilesMatch "\.(js|css|xml|gz)$">
                Header append Vary Accept-Encoding
        </FilesMatch>
</IfModule>
######################################################################
# Deflate files to fasten the loading with adding compression
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
</IfModule>
<IfModule mod_headers.c>
    # properly handle requests coming from behind proxies
    Header append Vary User-Agent
    # remove ETags, it's important
    Header unset ETag
    FileETag None    
    Header unset Last-Modified
</IfModule>
<ifModule mod_expires.c>
    #Setting expiry time by content type to 1 day
    ExpiresActive On
    ExpiresDefault "access plus 1 seconds"
    ExpiresByType image/gif "access plus 86400 seconds"
    ExpiresByType image/jpeg "access plus 86400 seconds"
    ExpiresByType image/png "access plus 86400 seconds"
    ExpiresByType text/css "access plus 86400 seconds"
    ExpiresByType text/javascript "access plus 86400 seconds"
    ExpiresByType application/x-javascript "access plus 86400 seconds"
</ifModule>
<IfModule mod_deflate.c>
    # Properly handle old browsers that do not support compression
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Explicitly exclude binary files from compression just in case
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
######################################################################
# Protect your .htaccess file
<Files .htaccess>
        order allow,deny
        deny from all
</Files>

 

[DRE]

So is this the problem with Cloudflare? http://support.netdna.com/knowledgebase/using-maxcdn-with-cloudflare/

 

[Adam Howard]

Does MaxCDN allow you to set /data to 777? I use Rackspace CDN but only for my styles and JS as they do not offer file permissions to folders.

Yes

 

[Adam Howard]

So is this the problem with Cloudflare? http://support.netdna.com/knowledgebase/using-maxcdn-with-cloudflare/

If you're using Cloudflare with MaxCDN, you will need to contact them and have them setup a dynamic ip setup for you, rather than their normal static.

Personally, I would recommend having them switch you to dynamic even if you're not using Cloudflare... Making switching host easier or should you have any other dns related changes.

 

[Adam Howard]

Should we put all of this in our subdomain that we're using for Max CDN?

http://support.netdna.com/knowledgebase/htaccess-examples/

#The top of your .htaccess file
RewriteEngine On
IndexIgnore *
Options +FollowSymLinks -Multiviews -Indexes
######################################################################
# Because some browsers won't really recognize fonts as legetimate files when comeing from CDN
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
<FilesMatch "\.(ttf|otf|eot)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>
######################################################################
<IfModule mod_headers.c>
        # properly handle requests coming from behind proxies
        Header append Vary User-Agent
        <FilesMatch "\.(js|css|xml|gz)$">
                Header append Vary Accept-Encoding
        </FilesMatch>
</IfModule>
######################################################################
# Deflate files to fasten the loading with adding compression
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
</IfModule>
<IfModule mod_headers.c>
    # properly handle requests coming from behind proxies
    Header append Vary User-Agent
    # remove ETags, it's important
    Header unset ETag
    FileETag None   
    Header unset Last-Modified
</IfModule>
<ifModule mod_expires.c>
    #Setting expiry time by content type to 1 day
    ExpiresActive On
    ExpiresDefault "access plus 1 seconds"
    ExpiresByType image/gif "access plus 86400 seconds"
    ExpiresByType image/jpeg "access plus 86400 seconds"
    ExpiresByType image/png "access plus 86400 seconds"
    ExpiresByType text/css "access plus 86400 seconds"
    ExpiresByType text/javascript "access plus 86400 seconds"
    ExpiresByType application/x-javascript "access plus 86400 seconds"
</ifModule>
<IfModule mod_deflate.c>
    # Properly handle old browsers that do not support compression
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Explicitly exclude binary files from compression just in case
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
######################################################################
# Protect your .htaccess file
<Files .htaccess>
        order allow,deny
        deny from all
</Files>

I'm not using a sub domain on my site, but with this said.... The above htaccess will not hurt you. Adds support for older browsers, tells them to cache a few things.

Just make sure you don't have any double content... ie... For example, you only want to use mod_delate 1x and so if you are using that in your current htaccess you'll need to merge it.

If you're unsure .... Post your current htaccess and I'll generate you a completed version with all the above safely added.

 

[fattony69]

So happy this came out as I just purchased MaxCDN! I was wondering does it work with this or instead of this? http://xenforo.com/community/threads/tinhte-image-attachment-optimization.34400/

 

[Adam Howard]

So happy this came out as I just purchased MaxCDN! I was wondering does it work with this or instead of this? http://xenforo.com/community/threads/tinhte-image-attachment-optimization.34400/

The modification has 2 parts to it.

1) It does indeed lower your query for images
2) It has a CDN option for attachments

Part 1 works, which makes it still useful

Part 2, from my experience doesn't seem to work as advertised.

So I would still suggest installing that, but don't turn on the CDN option (you can try it, but I found it didn't work for me or as some people said, it only works "sometimes")

 

[Russ]

Very cool

 

[DRE]

I'm not using a sub domain on my site, but with this said.... The above htaccess will not hurt you. Adds support for older browsers, tells them to cache a few things.

Just make sure you don't have any double content... ie... For example, you only want to use mod_delate 1x and so if you are using that in your current htaccess you'll need to merge it.

If you're unsure .... Post your current htaccess and I'll generate you a completed version with all the above safely added.

#      Mod_security can interfere with uploading of content such as attachments. If you
#      cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#      SecFilterEngine Off
#      SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
 
<IfModule mod_rewrite.c>
  Options +FollowSymLinks
        RewriteEngine On

RewriteRule ^/([^/]*)/([^/]*)$ /$1.php/$2
 
        #      If you are having problems with the rewrite rules, remove the "#" from the
        #      line that begins "RewriteBase" below. You will also have to change the path
        #      of the rewrite to reflect the path to your XenForo installation.
        #RewriteBase /xenforo
RewriteCond %{HTTP_HOST} ^8thos\.com$ [NC]
RewriteRule ^(.*)$ http://www.8thos.com/$1 [R=301,L]
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data|js|styles|install) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
    RewriteRule ^/threads/ /forum/threads
RewriteRule ^/forums/ /forum/forums
</IfModule>

 

[Adam Howard]

#      Mod_security can interfere with uploading of content such as attachments. If you
#      cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#      SecFilterEngine Off
#      SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
 
<IfModule mod_rewrite.c>
  Options +FollowSymLinks
        RewriteEngine On
 
RewriteRule ^/([^/]*)/([^/]*)$ /$1.php/$2
 
        #      If you are having problems with the rewrite rules, remove the "#" from the
        #      line that begins "RewriteBase" below. You will also have to change the path
        #      of the rewrite to reflect the path to your XenForo installation.
        #RewriteBase /xenforo
RewriteCond %{HTTP_HOST} ^8thos\.com$ [NC]
RewriteRule ^(.*)$ http://www.8thos.com/$1 [R=301,L]
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data|js|styles|install) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
    RewriteRule ^/threads/ /forum/threads
RewriteRule ^/forums/ /forum/forums
</IfModule>

Backup YOUR original first

This should work..... I've cleaned up some of their code as they had a few things listed twice. You can do it that way, but it calls upon Apache for each mod call and this way it only does it 1x (saving resources and load time)

#The top of your .htaccess file
RewriteEngine On
IndexIgnore *
Options +FollowSymLinks -Multiviews -Indexes
#      Mod_security can interfere with uploading of content such as attachments. If you
#      cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#      SecFilterEngine Off
#      SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
  Options +FollowSymLinks
        RewriteEngine On

RewriteRule ^/([^/]*)/([^/]*)$ /$1.php/$2
 
        #      If you are having problems with the rewrite rules, remove the "#" from the
        #      line that begins "RewriteBase" below. You will also have to change the path
        #      of the rewrite to reflect the path to your XenForo installation.
        #RewriteBase /xenforo
RewriteCond %{HTTP_HOST} ^8thos\.com$ [NC]
RewriteRule ^(.*)$ http://www.8thos.com/$1 [R=301,L]
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data|js|styles|install) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
    RewriteRule ^/threads/ /forum/threads
RewriteRule ^/forums/ /forum/forums
</IfModule>

# Because some browsers won't really recognize fonts as legetimate files when comeing from CDN
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
<FilesMatch "\.(ttf|otf|eot)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>

<IfModule mod_headers.c>
        # properly handle requests coming from behind proxies
        Header append Vary User-Agent
        <FilesMatch "\.(js|css|xml|gz)$">
                Header append Vary Accept-Encoding
        </FilesMatch>
    # remove ETags, it's important
    Header unset ETag
    FileETag None   
    Header unset Last-Modified
</IfModule>

# Deflate files to fasten the loading with adding compression
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
# Properly handle old browsers that do not support compression
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Explicitly exclude binary files from compression just in case
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
<ifModule mod_expires.c>
    #Setting expiry time by content type to 1 day
    ExpiresActive On
    ExpiresDefault "access plus 1 seconds"
    ExpiresByType image/gif "access plus 86400 seconds"
    ExpiresByType image/jpeg "access plus 86400 seconds"
    ExpiresByType image/png "access plus 86400 seconds"
    ExpiresByType text/css "access plus 86400 seconds"
    ExpiresByType text/javascript "access plus 86400 seconds"
    ExpiresByType application/x-javascript "access plus 86400 seconds"
</ifModule>
# Protect your .htaccess file
<Files .htaccess>
        order allow,deny
        deny from all
</Files>

 

[DRE]

Backup YOUR original first

This should work..... I've cleaned up some of their code as they had a few things listed twice. You can do it that way, but it calls upon Apache for each mod call and this way it only does it 1x (saving resources and load time)

#The top of your .htaccess file
RewriteEngine On
IndexIgnore *
Options +FollowSymLinks -Multiviews -Indexes
#      Mod_security can interfere with uploading of content such as attachments. If you
#      cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#      SecFilterEngine Off
#      SecFilterScanPOST Off
#</IfModule>
 
ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default
 
<IfModule mod_rewrite.c>
  Options +FollowSymLinks
        RewriteEngine On
 
RewriteRule ^/([^/]*)/([^/]*)$ /$1.php/$2
 
        #      If you are having problems with the rewrite rules, remove the "#" from the
        #      line that begins "RewriteBase" below. You will also have to change the path
        #      of the rewrite to reflect the path to your XenForo installation.
        #RewriteBase /xenforo
RewriteCond %{HTTP_HOST} ^8thos\.com$ [NC]
RewriteRule ^(.*)$ http://www.8thos.com/$1 [R=301,L]
        RewriteCond %{REQUEST_FILENAME} -f [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d
        RewriteRule ^.*$ - [NC,L]
        RewriteRule ^(data|js|styles|install) - [NC,L]
        RewriteRule ^.*$ index.php [NC,L]
    RewriteRule ^/threads/ /forum/threads
RewriteRule ^/forums/ /forum/forums
</IfModule>
 
# Because some browsers won't really recognize fonts as legetimate files when comeing from CDN
AddType font/ttf .ttf
AddType font/eot .eot
AddType font/otf .otf
<FilesMatch "\.(ttf|otf|eot)$">
    <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
    </IfModule>
</FilesMatch>
 
<IfModule mod_headers.c>
        # properly handle requests coming from behind proxies
        Header append Vary User-Agent
        <FilesMatch "\.(js|css|xml|gz)$">
                Header append Vary Accept-Encoding
        </FilesMatch>
    # remove ETags, it's important
    Header unset ETag
    FileETag None 
    Header unset Last-Modified
</IfModule>
 
# Deflate files to fasten the loading with adding compression
<IfModule mod_deflate.c>
    SetOutputFilter DEFLATE
    AddOutputFilterByType DEFLATE application/x-httpd-php text/html text/xml text/plain text/css text/javascript application/javascript application/x-javascript image/jpeg image/jpg image/png image/gif font/ttf font/eot font/otf
# Properly handle old browsers that do not support compression
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Explicitly exclude binary files from compression just in case
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|pdf|swf|ico|zip|ttf|eot|svg)$ no-gzip
</IfModule>
<ifModule mod_expires.c>
    #Setting expiry time by content type to 1 day
    ExpiresActive On
    ExpiresDefault "access plus 1 seconds"
    ExpiresByType image/gif "access plus 86400 seconds"
    ExpiresByType image/jpeg "access plus 86400 seconds"
    ExpiresByType image/png "access plus 86400 seconds"
    ExpiresByType text/css "access plus 86400 seconds"
    ExpiresByType text/javascript "access plus 86400 seconds"
    ExpiresByType application/x-javascript "access plus 86400 seconds"
</ifModule>
# Protect your .htaccess file
<Files .htaccess>
        order allow,deny
        deny from all
</Files>

Thanks man! What's the link to your security thread cause I noticed in yours you did something unique to your admin.php file in htaccess?

 

[Adam Howard]

Thanks man! What's the link to your security thread cause I noticed in yours you did something unique to your admin.php file in htaccess?

A few things you can add....

At the end of htaccess add this

<Files "admin.php">
Order Deny,Allow
Deny from all
Allow from 7x.x.x.x
Allow from X.x.x.x
</Files>

Replace the X values with your IP address. This will make it so only your allowed IP addresses can log-in into the AdminCP. This really only works if you have a static IP or semi-static IP (something that doesn't change often).

At the very end of your re-write rules you can also add this (must be at the end, always)

 #Block mySQL injects
 RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
 
 RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
 
 RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
 RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
 RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
 # Note: The final RewriteCond must NOT use the [OR] flag.

This will help prevent script hackers from injecting MySQL script commands.

 

[Adam Howard]

If you want more security .... I would suggest this.... (my other guide)

http://xenforo.com/community/resources/secure-admincp.415/

 

[DRE]

Thanks! I decided to just re-name admin.php instead. I used to always have it renamed something else but when I installed Advanced Styling Rules addon it wouldn't work without the default admin.php name. No longer using it now though.