Skip to main content
Pxxl combines object storage with edge-routing protection, letting you host application assets and monitor visitor traffic patterns from a single dashboard. CDN spaces give your files a globally cached home, while the Rust reverse proxy stands in front of every project and gives you real-time visibility into allowed traffic, blocked threats, and security events — all without configuring a separate CDN provider or WAF.

CDN Spaces

A CDN Space is an isolated bucket you configure to store your application’s resources. Pxxl organizes spaces into three access types based on how the files are consumed:

Public Assets

Served directly from Pxxl’s edge cache nodes with optimal HTTP cache headers. Use this for static images, stylesheets, fonts, and client-side binaries that anyone can access.

Private Assets

Accessed via pre-signed, short-lived URLs. Use this for user uploads, transaction reports, and any internal file that should never be publicly reachable.

Build Artifacts

Archived container images and compiled packages preserved for fast version rollbacks. Pxxl retains these automatically as part of your deployment history.

Uploading Assets via API

Upload a file to your public storage space using the CDN assets endpoint. Authenticate with your Pxxl API key and pass the file as a multipart form field: 
curl -X POST https://gateway.pxxl.dev/api/v3/cdn/assets \
  -H "Authorization: Bearer $PXXL_API_KEY" \
  -F "file=@./static/logo.png" \
  -F "visibility=public"
To list the assets already stored in your spaces, use the GET variant of the same endpoint: 
curl -H "Authorization: Bearer $PXXL_API_KEY" \
  https://gateway.pxxl.dev/api/v3/cdn/assets

Checking Usage Summaries

Track storage limits and monthly network egress consumption with the summary endpoint: 
curl -H "Authorization: Bearer $PXXL_API_KEY" \
  https://gateway.pxxl.dev/api/v3/cdn/summary
The response includes the following fields:
FieldDescription
activeSpaceCountTotal number of CDN spaces you have created.
bandwidthBytesOutTotal egress bytes served from edge cache nodes in the current billing period.
totalObjectsStoredTotal count of files currently stored across all your spaces.
remainingCreditsWallet balance available for CDN upgrades and additional egress capacity.

Proxy Protection Logs

Navigate to your project overview in the Pxxl dashboard and select Proxy Logs to see real-time HTTP traffic routed through the Rust reverse proxy. These logs give you a live view of what is reaching your container and what is being stopped at the edge. You can also retrieve log data programmatically using the proxy logs endpoint: 
curl -H "Authorization: Bearer $PXXL_API_KEY" \
  https://gateway.pxxl.dev/api/v3/cdn/proxy-logs
The following metrics are available in the Proxy Logs panel:
MetricWhat it measures
Allowed RequestsSafe HTTP requests that passed all security checks and were forwarded to your container upstream.
Blocked RequestsMalicious or non-compliant requests that the edge proxy rejected before they reached your application.
Risk IndexA security rating (Low, Medium, or High) derived from the ratio of blocked requests, rapid IP spikes, and security rule triggers.
GeoIP ConcentrationVisitor counts grouped by country and region, showing where your traffic originates.
Top IP SourcesMonitored IP addresses contributing the highest traffic volumes to your project.

DDoS Mitigation and Security Rules

The Pxxl edge proxy uses a layered rule engine to intercept threats before they reach your runtime container. The following rules run on every request:
  1. Rate Limiting (Token Bucket): Restricts the number of requests per second on a per-IP basis. When a source exceeds the configured threshold, the proxy returns 429 Too Many Requests and stops forwarding traffic from that IP until the token bucket refills.
  2. IP Blacklisting: Immediately rejects requests originating from known malicious subnets or any IP addresses you have manually added to your project’s blacklist.
  3. Geo-Blocking: Drops all traffic from geographic regions you have marked as restricted in your project settings, before the request reaches your application code.
  4. Anomaly Detection: Flags rapid, concentrated request spikes on inactive domains or endpoints whose traffic pattern does not match known search-engine bot signatures — a common indicator of credential stuffing or scraping campaigns.

Operational Best Practices

Keep your CDN setup healthy and your hosting costs predictable by following these four practices:
  • Cache assets: Serve static files — images, fonts, scripts, stylesheets — directly from CDN spaces instead of bundling them inside your project container. This reduces container egress costs and improves load times for end users.
  • Monitor IP patterns: Review the Top IP Sources list in Proxy Logs weekly to detect scraping bots or automated attack scripts before they inflate your bandwidth bill.
  • Set egress alerts: Configure email alerts in your billing tab to notify you when bandwidth egress crosses 80% of your current tier limit, so you can upgrade before hitting a hard cap.
  • Rotate keys: Rotate your CDN upload API keys immediately if they are accidentally exposed in client-side bundles, public build logs, or open-source repositories.