
- Overview
- Behaviors
- adaptiveAcceleration
- adaptiveImageCompression
- advanced
- aggregatedReporting
- akamaizer
- akamaizerTag
- allHttpInCacheHierarchy
- allowCloudletsOrigins
- allowDelete
- allowHTTPSCacheKeySharing
- allowHTTPSDowngrade
- allowOptions
- allowPatch
- allowPost
- allowPut
- allowTransferEncoding
- apiPrioritization
- applicationLoadBalancer
- audienceSegmentation
- autoDomainValidation
- baseDirectory
- bossBeaconing
- breakConnection
- brotli
- cacheError
- cacheId
- cacheKeyIgnoreCase
- cacheKeyQueryParams
- cacheKeyRewrite
- cachePost
- cacheRedirect
- cacheTagVisible
- caching
- centralAuthorization
- chaseRedirects
- clientCharacteristics
- constructResponse
- contentCharacteristics
- contentCharacteristicsAMD
- contentCharacteristicsDD
- contentCharacteristicsWsdLargeFile
- contentCharacteristicsWsdLive
- contentCharacteristicsWsdVod
- contentTargetingProtection
- cpCode
- customBehavior
- datastream
- dcp
- dcpAuthHMACTransformation
- dcpAuthRegexTransformation
- dcpAuthSubstringTransformation
- dcpAuthVariableExtractor
- dcpDefaultAuthzGroups
- dcpDevRelations
- deliveryReceipt
- denyAccess
- denyDirectFailoverAccess
- deviceCharacteristicCacheId
- deviceCharacteristicHeader
- dnsAsyncRefresh
- dnsPrefresh
- downgradeProtocol
- downloadCompleteMarker
- downloadNotification
- downstreamCache
- dynamicThroughtputOptimization
- dynamicWebContent
- edgeConnect
- edgeImageConversion
- edgeLoadBalancingAdvanced
- edgeLoadBalancingDataCenter
- edgeLoadBalancingOrigin
- edgeOriginAuthorization
- edgeRedirector
- edgeScape
- edgeSideIncludes
- enhancedAkamaiProtocol
- enhancedProxyDetection
- failAction
- fastInvalidate
- firstPartyMarketing
- firstPartyMarketingPlus
- forwardRewrite
- frontEndOptimization
- g2oheader
- globalRequestNumber
- gzipResponse
- hdDataAdvanced
- healthDetection
- http2
- httpStrictTransportSecurity
- httpToHttpsUpgrade
- imageManager
- imageManagerVideo
- imOverride
- injectReferenceId
- inputValidation
- instant
- instantConfig
- largeFileOptimization
- largeFileOptimizationAdvanced
- limitBitRate
- manifestPersonalization
- manualServerPush
- mediaAcceleration
- mediaAccelerationQuicOptout
- mediaClient
- mediaFileRetrievalOptimization
- mediaOriginFailover
- mobileSdkPerformance
- modifyIncomingRequestHeader
- modifyIncomingResponseHeader
- modifyOutgoingRequestHeader
- modifyOutgoingResponseHeader
- mPulse
- netSession
- networkConditionsHeader
- origin
- originCharacteristics
- originCharacteristicsWsd
- persistentClientConnection
- persistentConnection
- personallyIdentifiableInformation
- phasedRelease
- preconnect
- predictivePrefetching
- prefetch
- prefetchable
- prefreshCache
- quicBeta
- randomSeek
- rapid
- readTimeout
- realUserMonitoring
- redirect
- redirectplus
- refererChecking
- removeQueryParameter
- removeVary
- report
- requestControl
- requestTypeMarker
- resourceOptimizer
- resourceOptimizerExtendedCompatibility
- responseCode
- responseCookie
- restrictObjectCaching
- returnCacheStatus
- rewriteUrl
- rmaOptimization
- rumCustom
- saasDefinitions
- salesForceCommerceCloudClient
- salesForceCommerceCloudProvider
- salesForceCommerceCloudProviderHostHeader
- savePostDcaProcessing
- scheduleInvalidation
- scriptManagement
- segmentedContentProtection
- segmentedMediaOptimization
- segmentedMediaStreamingPrefetch
- setVariable
- shutr
- simulateErrorCode
- siteShield
- spdy
- standardTLSMigration
- standardTLSMigrationOverride
- subCustomer
- sureRoute
- tcpOptimization
- teaLeaf
- tieredDistribution
- timeout
- uidConfiguration
- validateEntityTag
- verifyJsonWebToken
- verifyJsonWebTokenForDcp
- verifyTokenAuthorization
- visitorPrioritization
- watermarkUrl
- webApplicationFirewall
- webdav
- webSockets
- Criteria
- advancedImMatch
- bucket
- cacheability
- chinaCdnRegion
- clientCertificate
- clientIp
- clientIpVersion
- cloudletsOrigin
- contentDeliveryNetwork
- contentType
- deviceCharacteristic
- fileExtension
- filename
- hostname
- matchAdvanced
- matchCpCode
- matchResponseCode
- matchVariable
- metadataStage
- originTimeout
- path
- queryStringParameter
- random
- regularExpression
- requestCookie
- requestHeader
- requestMethod
- requestProtocol
- requestType
- responseHeader
- time
- tokenAuthorization
- userAgent
- userLocation
- userNetwork
- variableError
PAPI Feature Catalog Reference, v2020-03-04
All of the Property Manager API's behaviors and criteria that you use to control your edge content. Details a legacy dated rule format version.
Learn more:
Overview
The Property Manager API (PAPI) allows you to programmatically configure your web content on the Akamai edge network. As its main function, it activates rules that you assign to a set of hostnames. These rules modify how your origin content responds to your user’s requests on the Akamai edge network, often by applying and configuring Akamai products, or by applying your own customizations.
Along with the main guide that shows you how to use PAPI as a whole, this API reference provides additional details on all of the features that you can include within the set of rules. Features consist of either behaviors that specify actions affecting how your web content responds, or match criteria that determine the conditions under which those actions execute. The Behaviors and Criteria sections below provide details on the full set of available features.
Rule tree basics
PAPI’s Rule Trees section offers guidance on how rules are arranged as a tree structure that provide a simple programming environment. To summarize, each set of rules requires these two behaviors:
origin
, which specifies where to get the content from.cpCode
, which tracks each edge request for the purpose of reporting and billing.
You need to place those two behaviors in the top-level default rule. Each rule specifies a set of behaviors. You specify a set of criteria to execute the behaviors in any nested child rules. Within the rule tree, you can nest these rules five layers deep.
Each feature is a small JSON object that specifies its own set of
options. Options are often cross-dependent in various ways. For
example, you only specify your origin’s hostname
option if the
originType
enumeration is set to a CUSTOMER
origin. These
cross-dependencies are detailed throughout this reference.
The overall set of features available to you is determined by the product and set of modules associated with the property under your Akamai contract. You can get that information by running either of these PAPI operations:
Secure property requirements
For some of the behaviors detailed in this reference, you may need to
enable is_secure
on the top-level default rule. This is necessary to
apply a shared certificate across all hostnames. Some features require
is_secure
to be enabled.
See Rule Trees for more guidance on the default rule’s structure.
Read-only features
Some of the behaviors listed in this reference are identified as read-only. These advanced features typically specify raw XML metadata that may cause unexpected problems when executing on edge servers. Do not edit these behaviors when modifying rules trees, and do not alter the sequence of any read-only behaviors within each rule. Contact your Akamai representative for assistance if you need to modify one of these behaviors, or see the following in the main PAPI guide for more information:
Advanced and Locked Features for more details on read-only features.
Custom Behaviors and Overrides for a way to apply advanced behaviors to many properties.
Support for variables
Many of the feature options detailed in this reference support
variables. Along with read-only system variables, you can declare
your own set of dynamic variable strings at the top of the rule tree,
inject them in various features’ option values, and use the
setVariable
behavior to modify them along the way
within the rule tree. Within the main PAPI guide, see
Inserting Variables
and the sections that follow for more details on this capability.
About rule formats
Akamai often modifies PAPI features, each time deploying a new internal version of the feature. If you are using the Property Manager interface in Akamai Control Center, you may be prompted to upgrade to new feature versions as they become available. PAPI does not support this system of selective updates for each feature. Instead, PAPI’s rule objects are simply versioned as a whole. These versions, which update infrequently, are known as rule formats.
Rule formats are versioned by date, for example, v2017-06-19
, or the
most recent rule format titled latest
. When you specify a feature
within a rule tree assigned with the v2017-06-19
rule format, PAPI
uses the most recent version of the feature that rule format supports.
Only by updating to a newer rule format such as v2018-02-27
do you
upgrade to new versions of various features, which often allow an
expanded set of options and enumerations.
PAPI users should assign the most recent dated rule format to freeze
the set of features. Otherwise if you assign the latest
rule format,
features update automatically to their most recent version. This may
abruptly result in errors if JSON objects your rules specify no longer
comply with the most recent feature’s set of requirements. PAPI
provides a more stable path to update rule formats that fixes these
requirements for you. For more information, see Update Rules to a
Newer Set of
Features.
See Understanding Rule Formats for more information on PAPI’s rule format versioning system.
Behaviors
The following represents all rule behaviors the Property Manager API supports. The set available to you is determined by the product and modules associated with the property. Use the List Available Behaviors operation to get this information.
This reference specifies features used in the v2020-03-04
rule
format. See the
PAPI Feature Catalog Reference
for details on the most recent feature set, which corresponds to the
latest
rule format.
adaptiveAcceleration
Property Manager name: Adaptive Acceleration
With the
http2
and realUserMonitoring
features enabled, uses HTTP/2 server push to pre-position content and
improve the performance of HTML page loading based on Real User
Monitoring (RUM) timing data. Also use this feature to allow browsers
to preconnect to content likely needed for upcoming requests. Use the
Adaptive Acceleration API
to report on the set of assets this feature optimizes.
Options:
source
(string): WithenablePreconnect
orenablePush
on, specifies the type of data that anticipates optimal connections. If you specify a value ofReal User Monitoring
, make sure to enable the correspondingrealUserMonitoring
behavior. If you specifymPulse
, enable themPulse
behavior.
enablePush
(boolean): Enables adaptive acceleration’s HTTP/2 server push feature.
enablePreconnect
(boolean): When enabled, allows browsers to open TCP connections to web pages before making requests.
preloadEnable
(boolean): With the beaconsource
set tomPulse
, allows fonts to preload.
enableRo
(boolean): Enables the Resource Optimizer, which compresses common file components such as scripts, fonts, and CSS, and caches them on the Akamai network.
adaptiveImageCompression
Property Manager name: Adaptive Image Compression
The Adaptive
Image Compression feature compresses JPEG images depending on the
requesting network’s performance, thus improving response time. The
behavior specifies three performance tiers based on round-trip tests:
1 for excellent, 2 for good, and 3 for poor. It assigns separate
performance criteria for mobile (cellular) and non-mobile networks,
which the compressMobile
and compressStandard
options enable
independently.
There are six method
options, one for each tier and type of network.
If the method
is COMPRESS
, choose from among the six corresponding
slider
options to specify a percentage. As an alternative to
compression, setting the method
to STRIP
removes unnecessary
application-generated metadata from the image. Setting the method
to
BYPASS
serves clients the original image.
The behavior serves ETags
headers as a data signature for each
adapted variation. In case of error or if the file size increases, the
behavior serves the original image file. Flushing the original image
from the edge cache also flushes adapted variants. The behavior
applies to the following image file extensions: jpg
, jpeg
, jpe
,
jif
, jfif
, and jfi
.
Options:
compressMobile
(boolean): When enabled, adapts images served over cellular mobile networks.
compressStandard
(boolean): When enabled, adapts images served over non-cellular networks.
tier1StandardCompressionMethod
(enum string): Specifies tier–1 non-cellular network behavior, eitherCOMPRESS
,STRIP
, orBYPASS
.
tier1StandardCompressionValue
(number within 0–100 range): Withtier1StandardCompressionMethod
set toCOMPRESS
, this specifies the compression percentage.
tier2StandardCompressionMethod
(enum string): Specifies tier–2 non-cellular network behavior, eitherCOMPRESS
,STRIP
, orBYPASS
.
tier2StandardCompressionValue
(number within 0–100 range): Withtier2StandardCompressionMethod
set toCOMPRESS
, this specifies the compression percentage.
tier3StandardCompressionMethod
(enum string): Specifies tier–5 non-cellular network behavior, eitherCOMPRESS
,STRIP
, orBYPASS
.
tier3StandardCompressionValue
(number within 0–100 range): Withtier3StandardCompressionMethod
set toCOMPRESS
, this specifies the compression percentage.
tier1MobileCompressionMethod
(enum string): Specifies tier–1 behavior, eitherCOMPRESS
,STRIP
, orBYPASS
.
tier1MobileCompressionValue
(number within 0–100 range): Withtier1MobileCompressionMethod
set toCOMPRESS
, this specifies the compression percentage.
tier2MobileCompressionMethod
(enum string): Specifies tier–2 cellular-network behavior, eitherCOMPRESS
,STRIP
, orBYPASS
.
tier2MobileCompressionValue
(number within 0–100 range): Withtier2MobileCompressionMethod
set toCOMPRESS
, this specifies the compression percentage.
tier3MobileCompressionMethod
(enum string): Specifies tier–5 cellular-network behavior, eitherCOMPRESS
,STRIP
, orBYPASS
.
tier3MobileCompressionValue
(number within 0–100 range): Withtier3MobileCompressionMethod
set toCOMPRESS
, this specifies the compression percentage.
advanced
Property Manager name: Advanced
A read-only behavior that specifies Akamai XML metadata. It can only be configured on your behalf by Akamai Professional Services.
Options:
description
(string): Human-readable description of what the XML block does.
xml
(string): Akamai XML metadata.
aggregatedReporting
Property Manager name: Aggregated Reporting
Configure attributes for your custom aggregated reports. You can configure up to four attributes.
Options:
enabled
(boolean): Enables aggregated reporting.
reportName
(string): The unique name of the aggregated report within the property. If you reconfigure any attributes or variables in the aggregated reporting behavior, update this field to a unique value to enable logging data in a new instance of the report.
attributesCount
(number within 1–4 range): Select the number of attributes by which your report is grouped. You can add up to four attributes.
attribute1
(string; allows variables): Select a previously user-defined variable to be an attribute for the report. The values extracted for all attributes range from 0 to 20 characters.
attribute2
(string; allows variables): Select a previously user-defined variable to be an attribute for the report. The values extracted for all attributes range from 0 to 20 characters.
attribute3
(string; allows variables): Select a previously user-defined variable to be an attribute for the report. The values extracted for all attributes range from 0 to 20 characters.
attribute4
(string; allows variables): Select a previously user-defined variable to be an attribute for the report. The values extracted for all attributes range from 0 to 20 characters.
akamaizer
Property Manager name: Akamaizer
This read-only behavior
allows you to run regular expression substitutions over web pages.
To apply this behavior, you need to match on a
contentType
.
Contact Akamai Professional Services for help configuring the
Akamaizer. See also the akamaizerTag
behavior.
Options:
enabled
(boolean): Enables the Akamaizer behavior.
akamaizerTag
Property Manager name: Akamaize Tag
This read-only behavior
specifies HTML tags and replacement rules for hostnames
used in conjunction with the akamaizer
behavior. Contact Akamai Professional Services for help configuring
the Akamaizer.
Options:
matchHostname
(string): Specifies the hostname to match on as a Perl-compatible regular expression.
replacementHostname
(string): Specifies the replacement hostname for the tag to use.
scope
(enum string): Specifies the part of HTML content thetagsAttribute
refers to:ATTRIBUTE
for whentagsAttribute
refers to a tag/attribute pair, the match only applies to the attribute.URL_ATTRIBUTE
is the same asATTRIBUTE
, but applies when the attribute value is a URL. In that case, it converts to an absolute URL prior to substitution.BLOCK
substitutes within the tag’s contents, but not within any nested tags.PAGE
ignores thetagsAttribute
field and performs the substitution on the entire page.
tagsAttribute
(enum string): Specifies the tag or tag/attribute combination to operate on, any of the following:
A A_HREF AREA AREA_HREF BASE BASE_HREF FORM FORM_ACTION IFRAME IFRAME_SRC IMG IMG_SRC LINK LINK_HREF SCRIPT SCRIPT_SRC TABLE TABLE_BACKGROUND TD TD_BACKGROUND
replaceAll
(boolean): Replaces all matches when enabled, otherwise replaces only the first match.
includeTagsAttribute
(boolean): Whether to include thetagsAttribute
value.
allHttpInCacheHierarchy
Property Manager name: Allow All Methods on Parent Servers
Allow all HTTP
request methods to be used for the edge’s parent servers, useful to
implement features such as
Site Shield,
SureRoute,
and Tiered Distribution. (See the siteShield
,
sureRoute
, and
tieredDistribution
behaviors.)
Options:
enabled
(boolean): Enables all HTTP requests for parent servers in the cache hierarchy.
allowCloudletsOrigins
Property Manager name: Allow Conditional Origins
Allows
Cloudlets Origins to determine the criteria, separately from the
Property Manager, under which alternate origin
definitions are assigned.
This behavior must appear alone within its own rule. When enabled, it
allows any cloudletsOrigin
criteria
within sub-rules to override the prevailing origin.
Options:
enabled
(boolean): Allows you to assign custom origin definitions referenced in sub-rules bycloudletsOrigin
labels. If disabled, all sub-rules are ignored.
honorBaseDirectory
(boolean): If enabled, prefixes any Cloudlet-generated origin path with a path defined by an Origin Base Path behavior. If no path is defined, it has no effect. If another Cloudlet policy already prepends the same Origin Base Path, the path is not duplicated.
purgeOriginQueryParameter
(string): When purging content from a Cloudlets Origin, this specifies a query parameter name whose value is the specific named origin to purge. Note that this only applies to content purge requests, for example when using the Fast Purge API.
allowDelete
Property Manager name: Allow DELETE
Allow HTTP requests using the
DELETE method. By default, only GET and HEAD requests are allowed, and
all other methods result in a 403 error. Such content does not cache,
and any DELETE requests pass to the origin.
See also the
allowOptions
,
allowPatch
,
allowPost
,
and
allowPut
behaviors.
Options:
enabled
(boolean): When enabled, allows DELETE requests. Content does not cache.
allowBody
(boolean): When enabled, allows data in the body of the DELETE request.
allowHTTPSCacheKeySharing
Property Manager name: HTTPS Cache Key Sharing
HTTPS cache key sharing allows HTTP requests to be served from an HTTPS cache.
Options:
enabled
(boolean): Enables HTTPS cache key sharing.
allowHTTPSDowngrade
Property Manager name: Protocol Downgrade
Passes HTTPS requests to origin as HTTP. This is useful when incorporating Standard TLS or Akamai’s shared certificate delivery security with an origin that serves HTTP traffic.
Options:
enabled
(boolean): Downgrades to HTTP protocol for the origin server.
allowOptions
Property Manager name: Allow OPTIONS
Allow HTTP requests using
the OPTIONS method. By default, only GET and HEAD requests are
allowed, and all other methods result in a 403 error. Such content
does not cache, and any OPTIONS requests pass to the origin.
See also the
allowDelete
,
allowPatch
,
allowPost
,
and
allowPut
behaviors.
Options:
enabled
(boolean): When enabled, allows OPTIONS requests. Content does not cache.
allowPatch
Property Manager name: Allow PATCH
Allow HTTP requests using the
PATCH method. By default, only GET and HEAD requests are allowed, and
all other methods result in a 403 error. Such content does not cache,
and any PATCH requests pass to the origin.
See also the
allowDelete
,
allowOptions
,
allowPost
,
and
allowPut
behaviors.
Options:
enabled
(boolean): When enabled, allows PATCH requests. Content does not cache.
allowPost
Property Manager name: Allow POST
Allow HTTP requests using the
POST method. By default, only GET and HEAD are allowed, and all other
methods result in a 403 error.
See also the
allowDelete
,
allowOptions
,
allowPatch
,
and
allowPut
behaviors.
Options:
enabled
(boolean): When enabled, allows POST requests.
allowWithoutContentLength
(boolean): By default, POST requests also require aContent-Length
header, or they result in a 411 error. With this option enabled with no specifiedContent-Length
, the edge server relies on aTransfer-Encoding
header to chunk the data. If neither header is present, it assumes the request has no body, and it adds a header with a0
value to the forward request.
allowPut
Property Manager name: Allow PUT
Allow HTTP requests using the
PUT method. By default, only GET and HEAD are allowed, and all other
methods result in a 403 error. Such content does not cache, and any
PUT requests pass to the origin.
See also the
allowDelete
,
allowOptions
,
allowPatch
,
and
allowPost
behaviors.
Options:
enabled
(boolean): When enabled, allows PUT requests. Content does not cache.
allowTransferEncoding
Property Manager name: Chunked Transfer Encoding
Controls whether to
allow or deny Chunked Transfer Encoding (CTE) requests to pass to your
origin. If your origin supports CTE, you should enable this behavior.
This behavior also protects against a known issue when pairing
http2
and webdav
behaviors within the same
rule tree, in which case it is required.
Options:
enabled
(boolean): Allows Chunked Transfer Encoding requests.
apiPrioritization
Property Manager name: API Prioritization Cloudlet
Enables the API
Prioritization Cloudlet, which maintains continuity in user experience
by serving an alternate static response when load is too high. You can
configure rules using either the Cloudlets Policy Manager application
or the
Cloudlets API.
The feature is designed to serve static API content, such as fallback
JSON data. To serve non-API HTML content, use the
visitorPrioritization
behavior.
Options:
enabled
(boolean): Activates the API Prioritization feature.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
label
(string): A label to distinguish this API Prioritization policy from any others in the same property.
useThrottledCpCode
(boolean): Specifies whether to apply an alternative CP code for requests served the alternate response.
throttledCpCode
(object): WithuseThrottledCpCode
enabled, this specifies the CP code as an object:"throttledCpCode": { "id" : 12345, "name" : "sent to waiting room" }
useThrottledStatusCode
(boolean): When enabled, allows you to assign a specific HTTP response code to a throttled request.
throttledStatusCode
(number): Withchange_response_code
enabled, specifies the HTTP response code for requests that receive the alternate response.
netStorage
(object): Specify the NetStorage domain that contains the alternate response. For example:"netStorage": { "id" : "netstorage_id", "name" : "Waiting Room", "downloadDomainName" : "example.wait.akamai.com", "cpCode" : 12345 }
netStoragePath
(string): Specify the full NetStorage path for the alternate response, including trailing file name.
alternateResponseCacheTtl
(number within 5–30 range): Specifies the alternate response’s time to live in the cache,5
minutes by default.
applicationLoadBalancer
Property Manager name: Application Load Balancer Cloudlet
Enables the Application Load Balancer Cloudlet, which automates load balancing based on configurable criteria. To configure this behavior, use either the Cloudlets Policy Manager or the Cloudlets API to set up a policy.
Options:
enabled
(boolean): Activates the Application Load Balancer Cloudlet.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
label
(string): A label to distinguish this Application Load Balancer policy from any others within the same property.
stickinessCookieType
(enum string): Determines how a cookie persistently associates the client with a load-balanced origin. Specify an overallDURATION
or aFIXED_DATE
for when the cookie expires. SpecifyON_BROWSER_CLOSE
to limit the cookie duration to browser sessions, or to when theORIGIN_SESSION
terminates. (After the cookie expires, the cookie type re-evaluates.) To preserve the cookie indefinitely, specifyNEVER
. To dynamically reassign different load-balanced origins for each request, specifyNONE
.
stickinessExpirationDate
(ISO 8601 format date/time string): WithstickinessCookieType
set toFIXED_DATE
, this specifies when the cookie expires.
stickinessDuration
(duration string): WithstickinessCookieType
set toDURATION
, sets how long it is before the cookie expires.
stickinessRefresh
(boolean): WithstickinessCookieType
set toDURATION
, enabling this extends the duration of the cookie with each new request. When enabled, theDURATION
thus specifies the latency between requests that would cause the cookie to expire.
originCookieName
(string): Specifies the name for your session cookie.
specifyStickinessCookieDomain
(boolean): Specifies whether to use a cookie domain with the stickiness cookie, to tell the browser to which domain to send the cookie.
stickinessCookieDomain
(string): WithspecifyStickinessCookieDomain
enabled, specifies the domain to track the stickiness cookie.
stickinessCookieAutomaticSalt
(boolean): Sets whether to assign a salt value automatically to the cookie to prevent manipulation by the user. You should not enable this if sharing the population cookie across more than one property.
stickinessCookieSalt
(string): WithstickinessCookieAutomaticSalt
disabled, specifies the stickiness cookie’s salt value. Use this option to share the cookie across many properties.
stickinessCookieSetHttpOnlyFlag
(boolean): Ensures the cookie is transmitted only over HTTP.
stickinessCookieSetSecureFlag
(boolean): Deploys the stickiness cookie as secure.
allDownNetStorage
(object): Specifies a NetStorage account for a static maintenance page as a fallback when no origins are available. This example shows the object’s structure:"allDownNetStorage": { "id" : "uniq_id", "name" : "Download Area", "downloadDomainName" : "download.example.akamai.com", "cpCode" : 12345 }
allDownNetStorageFile
(string): Specifies the fallback maintenance page’s filename, expressed as a full path from the root of the NetStorage server.
allDownStatusCode
(string): Specifies the HTTP response code when all load-balancing origins are unavailable.
failoverStatusCodes
(array of string values): Specifies a set of HTTP status codes that signal a failure on the origin, in which case the cookie that binds the client to that origin is invalidated and the client is rerouted to another available origin.
failoverMode
(enum string): Determines what to do if an origin fails. If set toAUTOMATIC
, automatically determines which origin in the policy to try next. If set toMANUAL
, you define a sequence of failover origins. (If failover runs out of origins, requests are sent to NetStorage.) SettingDISABLED
turns off failover, but maintains origin stickiness even when the origin goes down.
failoverOriginMap
(array): WithfailoverMode
set toMANUAL
, this specifies a fixed set of failover mapping rules. If the origin identified byfromOriginId
fails, requests stuck to that origin retry for each alternate origintoOriginIds
specifies, until one succeeds:"failoverOriginMap" : [ { "fromOriginId": "origin1", "toOriginIds": [ "origin2", "origin3" ] } ]
failoverAttemptsThreshold
(number): Sets the number of failed requests that would trigger the failover process.
allowCachePrefresh
(boolean): When enabled, allows the cache to prefresh. Only appropriate if all origins serve the same content for the same URL.
audienceSegmentation
Property Manager name: Audience Segmentation Cloudlet
Allows you to divide your users into different segments based on a persistent cookie. You can configure rules using either the Cloudlets Policy Manager application or the Cloudlets API.
Options:
enabled
(boolean): Enables the Audience Segmentation cloudlet feature.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
label
(string): Specifies a suffix to append to the cookie name. This helps distinguish this audience segmentation policy from any others within the same property.
segmentTrackingMethod
(enum string): Specifies the method to pass segment information to the origin. The Cloudlet passes the rule applied to a given request eitherIN_COOKIE_HEADER
,IN_QUERY_PARAM
,IN_CUSTOM_HEADER
, or the default,NONE
.
segmentTrackingQueryParam
(string): WithsegmentTrackingMethod
set toIN_QUERY_PARAM
, this query parameter specifies the name of the segmentation rule.
segmentTrackingCookieName
(string): WithsegmentTrackingMethod
set toIN_COOKIE_HEADER
, this cookie name specifies the name of the segmentation rule.
segmentTrackingCustomHeader
(string): WithsegmentTrackingMethod
set toIN_CUSTOM_HEADER
, this custom HTTP header specifies the name of the segmentation rule.
populationCookieType
(enum string): Specifies when the segmentation cookie expires, eitherON_BROWSER_CLOSE
,NEVER
, or based on a specificDURATION
.
populationDuration
(duration string): WithpopulationCookieType
set toDURATION
, specifies the lifetime of the segmentation cookie.
populationRefresh
(boolean): If disabled, sets the expiration time only if the cookie is not yet present in the request.
specifyPopulationCookieDomain
(boolean): Whether to specify a cookie domain with the population cookie. It tells the browser to which domain to send the cookie.
populationCookieDomain
(string): WithspecifyPopulationCookieDomain
enabled, specifies the domain to track the population cookie.
populationCookieAutomaticSalt
(boolean): Whether to assign a salt value automatically to the cookie to prevent manipulation by the user. You should not enable if sharing the population cookie across more than one property.
populationCookieSalt
(string): WithpopulationCookieAutomaticSalt
disabled, specifies the cookie’s salt value. Use this option to share the cookie across many properties.
populationCookieIncludeRuleName
(boolean): When enabled, includes in the session cookie the name of the rule in which this behavior appears.
autoDomainValidation
Property Manager name: Auto Domain Validation
This behavior allows standard TLS domain validated certificates to renew automatically. Apply it after using the Certificate Provisioning System to request a certificate for a hostname. To provision certificates programmatically, see the Certificate Provisioning System API.
This behavior does not affect hostnames that use enhanced TLS certificates.
This behavior does not include any options. Specifying the behavior itself enables it.
baseDirectory
Property Manager name: Origin Base Path
Prefix URLs sent to the origin with a base path.
For example, with an origin of example.com
, setting the value
to
/images
sets the origin’s base path to example.com/images
. Any
request for a my_pics/home.jpg
file resolves on the origin server to
example.com/images/my_pics/home.jpg
.
Note that changing the origin’s base path also causes a change to the cache key. Until that resolves, it may cause a traffic spike to your origin server.
Options:
value
(string; allows variables): Specifies the base path of content on your origin server. The value must begin and end with a slash (/
) character, for example/parent/child/
.
bossBeaconing
Property Manager name: Diagnostic data beacons
Triggers diagnostic data beacons for use with BOSS, Akamai’s monitoring and diagnostics system.
Options:
enabled
(boolean): Enable diagnostic data beacons.
cpcodes
(string): The space-separated list of CP codes that trigger the beacons. You need to specify the same set of CP codes within BOSS.
requestType
(enum string): Specify whether to trigger a beacon forEDGE
requests only, orEDGE_MIDGRESS
to include midgress requests.
forwardType
(enum string): Specify whether to trigger a beacon for internalMIDGRESS
forwards only,ORIGIN
forwards only, orMIDGRESS_ORIGIN
for both.
samplingFrequency
(enum string): SpecifiesSAMPLING_FREQ_0_1
as a sampling frequency, orSAMPLING_FREQ_0_0
to disable beacons altogether.
conditionalSamplingFrequency
(enum string): Specifies eitherCONDITIONAL_SAMPLING_FREQ_0_1
,CONDITIONAL_SAMPLING_FREQ_0_2
,CONDITIONAL_SAMPLING_FREQ_0_3
, orCONDITIONAL_SAMPLING_FREQ_0_0
to disable beacons altogether.
conditionalHTTPStatus
(array of string values): Specifies the set of response status codes or ranges that trigger the beacon. You can combine any of these values:0xx
,302
,304
,3xx
,401
,403
,404
,408
,4xx
,500
,503
,5xx
,6xx
.
conditionalErrorPattern
(string): A space-separated set of error patterns that trigger beacons to conditional feeds. Each pattern can include wildcards, such as*CONNECT* *DENIED*
.
breakConnection
Property Manager name: Break Forward Connection
A read-only behavior
that simulates an origin connection problem, typically to test an
accompanying failAction
policy.
Options:
enabled
(boolean): Enables the break connection behavior.
brotli
Property Manager name: Brotli Support
When enabled, applies Brotli compression, converting your origin content to cache on edge servers.
Options:
enabled
(boolean): Enables Brotli compression.
cacheError
Property Manager name: Cache HTTP Error Responses
Caches the origin’s error responses to
decrease server load. Applies for 10 seconds by default to the
following HTTP codes: 204
, 305
, 400
, 404
, 405
, 501
, 502
,
503
, 504
, and 505
.
Options:
enabled
(boolean): When enabled, activates the error-caching behavior.
ttl
(duration string): Overrides the default caching duration of10s
. Note that if set to0
, it is equivalent tono-cache
, which forces revalidation and may cause a traffic spike. This can be counterproductive when, for example, the origin is producing an error code of500
.
preserveStale
(boolean): When enabled, the edge server preserves stale cached objects when the origin returns400
,500
,502
,503
, and504
error codes. This avoids re-fetching and re-caching content after transient errors.
cacheId
Property Manager name: Cache ID Modification
Controls which query parameters, headers, and cookies are included in or excluded from the cache key identifier.
Note that this behavior executes differently than usual within rule
trees. Applying a set of cacheId
behaviors within the same rule
results in a system of forming cache keys that applies independently
to the rule’s content. If any cacheId
behaviors are present in a
rule, any others specified in parent rules or prior executing sibling
rules no longer apply. Otherwise for any rule that lacks a cacheId
behavior, the set of behaviors specified in an ancestor or prior
sibling rule determines how to form cache keys for that content.
Options:
rule
(enum string): Specifies how to modify the cache ID:INCLUDE_HEADERS
includes specified HTTP headers in the cache ID.INCLUDE_COOKIES
includes specified cookies in the cache ID.INCLUDE_ALL_QUERY_PARAMS
includes all query parameters when forming a cache ID.INCLUDE_QUERY_PARAMS
includes the specified set of query parameters when forming a cache ID.EXCLUDE_QUERY_PARAMS
excludes the specified set of query parameters when forming a cache ID.INCLUDE_VARIABLE
includes a specific user variable in the cache ID.INCLUDE_URL
includes the full URL, the same as the default without thecacheid
behavior.
includeValue
(boolean): When enabled, includes the value of the specified elements in the cache ID. Otherwise only their names are included.
optional
(boolean): When enabled, requires the behavior’s specified elements to be present for content to cache. When disabled, requests that lack the specified elements are still cached. This option only applies when thetype
isINCLUDE_COOKIES
,INCLUDE_QUERY_PARAMS
,INCLUDE_HEADERS
, orEXCLUDE_QUERY_PARAMS
.
elements
(array of string values): Specifies the names of the query parameters, cookies, or headers to include or exclude from the cache ID. This only applies when therule
isINCLUDE_COOKIES
,INCLUDE_HEADERS
,INCLUDE_QUERY_PARAMS
, orEXCLUDE_QUERY_PARAMS
.
variableName
(string): Withrule
set toINCLUDE_VARIABLE
, specifies the name of the variable you want to include in the cache key.
cacheKeyIgnoreCase
Property Manager name: Ignore Case In Cache Key
By default, cache keys
are generated under the assumption that path and filename components
are case-sensitive, so that File.html
and file.html
use separate
cache keys. Enabling this behavior forces URL components whose case
varies to resolve to the same cache key. Enable this behavior if your
origin server is already case-insensitive, such as those based on
Microsoft IIS.
With this behavior enabled, make sure any child rules do not match case-sensitive path components, or you may apply different settings to the same cached object.
Note that if already enabled, disabling this behavior potentially results in new sets of cache keys. Until these new caches are built, your origin server may experience traffic spikes as requests pass through. It may also result in cache pollution, excess cache space taken up with redundant content.
If you are using NetStorage in conjunction with this behavior, enable its Force Case option to match it, and make sure you name the original files consistently as either upper- or lowercase.
Options:
enabled
(boolean): When enabled, ignores case when forming cache keys.
cacheKeyQueryParams
Property Manager name: Cache Key Query Parameters
By default, cache keys are formed as URLs with full query strings. This behavior allows you to consolidate cached objects based on specified sets of query parameters.
Note also that whenever you apply behavior that generates new cache keys, your origin server may experience traffic spikes before the new cache starts to serve out.
Options:
behavior
(enum string): Configures how sets of query string parameters translate to cache keys:IGNORE_ALL
causes query string parameters to be ignored when forming cache keys.IGNORE
orINCLUDE
makes the key depend on the sequence of values in theparameters
field.INCLUDE_ALL_PRESERVE_ORDER
forms a separate key for the entire set of query parameters, but sensitive to the order in which they appear. (For example,?q=akamai&state=ma
and?state=ma&q=akamai
cache separately.)INCLUDE_ALL_ALPHABETIZE_ORDER
forms keys for the entire set of parameters, but the order doesn’t matter. The examples above both use the same cache key.
Be careful when applying
behavior
not to ignore any parameters that result in substantially different content, as it is not reflected in the cached object.
parameters
(array of string values): Withbehavior
set toINCLUDE
orIGNORE
,parameters
specifies the set of parameter field names to include in or exclude from the cache key. By default, these match the field names as string prefixes.
exactMatch
(boolean): When enabled,parameters
must match exactly. Keep disabled to match string prefixes.
cacheKeyRewrite
Property Manager name: Cache Key Path Rewrite
This read-only behavior rewrites a default cache key’s path. Contact Akamai Professional Services for help configuring it.
Options:
purgeKey
(string): Specifies the new cache key path as an alphanumeric value.
cachePost
Property Manager name: Cache POST Responses
By default, POST requests are passed to the origin. This behavior overrides the default, and allows you to cache POST responses.
Options:
enabled
(boolean): Enables caching of POST responses.
useBody
(enum string): Define how and whether to use the POST message body as a cache key:IGNORE
uses only the URL to cache the response.MD5
adds a string digest of the data as a query parameter to the cache URL.QUERY
adds the raw request body as a query parameter to the cache key, but only if the POST request’sContent-Type
isapplication/x-www-form-urlencoded
. (Use this in conjunction withcacheId
to define relevant query parameters.)
cacheRedirect
Property Manager name: Cache HTTP Redirects
Caches HTTP 302 redirect
responses. By default, Akamai edge servers cache HTTP 302 redirects
depending on their Cache-Control
or Expires
headers. Enabling this
behavior instructs edge servers to cache 302 redirects the same as
they would for HTTP 200 responses.
Options:
enabled
(boolean): Enables the redirect caching behavior.
cacheTagVisible
Property Manager name: Cache Tag Visibility
Cache tags are
comma-separated string values you define within an Edge-Cache-Tag
header. You can use them to flexibly fast purge tagged segments of
your cached content. You can either define these headers at the
origin server level, or use the
modifyOutgoingResponseHeader
behavior to configure them at the edge. Apply this behavior to
confirm you’re deploying the intended set of cache tags to your
content.
See Fast Purge for guidance on best practices to deploy cache tags. Use the Fast Purge API to purge by cache tag programmatically.
Options:
behavior
(enum string): SpecifyALWAYS
to include theEdge-Cache-Tag
header in all responses. SpecifyNEVER
to match edge servers’ default response, stripping out the header. Otherwise if you specifyPRAGMA_HEADER
, edge servers respond with theEdge-Cache-Tag
header only when you pass in aPragma: akamai-x-get-cache-tags
header as part of the request.
caching
Property Manager name: Caching
Control content caching on edge
servers: whether or not to cache, whether to honor the origin’s
caching headers, and for how long to cache. Note that any NO_STORE
or BYPASS_CACHE
HTTP headers set on the origin’s content overrides
this behavior.
Options:
behavior
(enum string): Specify the caching option:NO_STORE
clears the cache and serves from the origin.BYPASS_CACHE
retains the cache but serves from the origin.- Honor the origin’s
MAX_AGE
header - Honor the origin’s
CACHE_CONTROL
header - Honor the origin’s
EXPIRES
header - Honor
CACHE_CONTROL_AND_EXPIRES
the origin’sCACHE_CONTROL
orEXPIRES
header, whichever comes last.
Note. New
CACHE_CONTROL_BETA
andCACHE_CONTROL_AND_EXPIRES_BETA
values add support for thes-maxage
response directive specified in RFC 7234. Use these alternative values to instruct a downstream CDN how long to cache content.
mustRevalidate
(boolean): Determines what to do once the cached content has expired, by which time the Akamai platform should have re-fetched and validated content from the origin. If enabled, only allows the re-fetched content to be served. If disabled, may serve stale content if the origin is unavailable.
ttl
(duration string): The maximum time content may remain cached. Setting the value to0
is the same as setting ano-cache
header, which forces content to revalidate.
defaultTtl
(duration string): Set theMAX_AGE
header for the cached content.
honorPrivateEnabled
(boolean): With thebehavior
set to eitherCACHE_CONTROL
orCACHE_CONTROL_AND_EXPIRES
, enabling this instructs edge servers to honorCache-Control: private
headers.
honorMustrevalidateEnabled
(boolean): With thebehavior
set to eitherCACHE_CONTROL
orCACHE_CONTROL_AND_EXPIRES
, enabling this instructs edge servers to honorCache-Control: must-revalidate
headers.
centralAuthorization
Property Manager name: Centralized Authorization
Forward client
requests to the origin server for authorization, along with optional
Set-Cookie
headers, useful when you need to maintain tight access
control. The edge server forwards an If-Modified-Since
header, to
which the origin needs to respond with a 304
(Not-Modified) HTTP
status when authorization succeeds. If so, the edge server responds to
the client with the cached object, since it does not need to be
re-acquired from the origin.
Options:
enabled
(boolean): Enables the centralized authorization behavior.
chaseRedirects
Property Manager name: Chase Redirects
Controls whether the edge server chases any redirects served from the origin.
Options:
enabled
(boolean): When enabled, allows edge servers to chase redirects.
limit
(string): Specifies, as a string, the maximum number of redirects to follow.
serve404
(boolean): Once the redirectlimit
is reached, enabling this option serves an HTTP404
(Not Found) error instead of the last redirect.
clientCharacteristics
Property Manager name: Client Characteristics
Specifies characteristics of the client ecosystem. Akamai uses this information to optimize your metadata configuration, which may result in better end-user performance.
See also originCharacteristics
and
various product-specific behaviors whose names are prefixed
contentCharacteristics.
Options:
country
(enum string): Specifies the client request’s geographic region, orUNKNOWN
to defer any optimizations based on geography. Possible global regions areGLOBAL
,GLOBAL_ASIA_CENTRIC
,GLOBAL_EU_CENTRIC
, orGLOBAL_US_CENTRIC
. More specific regions includeASIA_PACIFIC
,AUSTRALIA
,EUROPE
,GERMANY
,INDIA
,ITALY
,JAPAN
,NORDICS
,NORTH_AMERICA
,SOUTH_AMERICA
,TAIWAN
, orUNITED_KINGDOM
. SpecifyOTHER
as a fallback value.
constructResponse
Property Manager name: Construct Response
A read-only behavior that constructs an HTTP response, complete with HTTP status code and body, to serve from the edge independently of your origin. Contact Akamai Professional Services for help configuring it.
Options:
enabled
(boolean): When enabled, serves the custom response.
body
(string; allows variables): HTML response of up to 2000 characters to send to the end-user client.
responseCode
(numeric enum): The HTTP response code to send to the end-user client, either200
,401
,403
,404
,405
,500
,501
,502
,503
, or504
.
forceEviction
(boolean): When enabled, removes the underlying object from the cache, since it is not being served.
contentCharacteristics
Property Manager name: Content Characteristics
Specifies characteristics of the delivered content. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
Along with other behaviors whose names are prefixed
contentCharacteristics, this behavior is customized for a specific
product set. Use PAPI’s
List available behaviors
operation to determine the set available to you. See also the
related clientCharacteristics
and
originCharacteristics
behaviors.
Options:
objectSize
(enum string): Optimize based on the size of the object retrieved from the origin, eitherLESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
, orUNKNOWN
to defer this optimization. SpecifyOTHER
as a fallback value.
popularityDistribution
(enum string): Optimize based on the content’s expected popularity, eitherALL_POPULAR
for a high volume of requests over a short period,LONG_TAIL
for a low volume of requests over a long period, orUNKNOWN
to defer this optimization. SpecifyOTHER
as a fallback value.
catalogSize
(enum string): Optimize based on the total size of the content library delivered, eitherSMALL
(under 100GB),MEDIUM
(100GB–1TB),LARGE
(1TB–100TB),EXTRA_LARGE
(more than 100TB), orUNKNOWN
to defer this optimization. SpecifyOTHER
as a fallback value.
contentType
(enum string): Optimize based on the type of content, eitherSOFTWARE
,IMAGES
,WEB_OBJECTS
(generally, media delivered for websites),USER_GENERATED
(generally, user-generated media),OTHER_OBJECTS
for content that doesn’t fall under any of these categories, orUNKNOWN
, to defer this optimization.
contentCharacteristicsAMD
Property Manager name: Content Characteristics
Specifies characteristics of the delivered content. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
Along with other behaviors whose names are prefixed
contentCharacteristics, this behavior is customized for a specific
product set. Use PAPI’s
List available behaviors
operation to determine the set available to you. See also the
related clientCharacteristics
and
originCharacteristics
behaviors.
Options:
catalogSize
(enum string): Optimize based on the total size of the content library delivered, eitherSMALL
(under 100GB),MEDIUM
(100GB–1TB),LARGE
(1TB–100TB),EXTRA_LARGE
(more than 100TB), orUNKNOWN
to defer this optimization. SpecifyOTHER
to customize the value.
contentType
(enum string): Optimize based on the quality of media content, eitherSD
(standard definition),HD
(high definition),ULTRA_HD
,OTHER
for more than one level of quality, orUNKNOWN
to defer this optimization.
popularityDistribution
(enum string): Optimize based on the content’s expected popularity, eitherALL_POPULAR
for a high volume of requests over a short period,LONG_TAIL
for a low volume of requests over a long period, orUNKNOWN
to defer this optimization. SpecifyOTHER
to customize the value.
hls
(boolean): Enable delivery of HLS media.
segmentDurationHLS
(enum string): With thehls
option enabled, specifies the duration of individual segments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
. SpecifyOTHER
to customize the value.
segmentDurationHLSCustom
(number): WithsegmentDurationHLS
set toOTHER
, customizes the number of seconds for the segment.
segmentSizeHLS
(enum string): With thehls
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
hds
(boolean): Enable delivery of HDS media.
segmentDurationHDS
(enum string): With thehds
option enabled, specifies the duration of individual fragments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
. SpecifyOTHER
to customize the value.
segmentDurationHDSCustom
(number): WithsegmentDurationHDS
set toOTHER
, customizes the number of seconds for the fragment.
segmentSizeHDS
(enum string): With thehds
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
dash
(boolean): Enable delivery of DASH media.
segmentDurationDASH
(enum string): With thedash
option enabled, specifies the duration of individual segments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
. SpecifyOTHER
to customize the value.
segmentDurationDASHCustom
(number): WithsegmentDurationDASH
set toOTHER
, customizes the number of seconds for the segment.
segmentSizeDASH
(enum string): With thedash
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
smooth
(boolean): Enable delivery of Smooth media.
segmentDurationSmooth
(enum string): With thesmooth
option enabled, specifies the duration of individual fragments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
. SpecifyOTHER
to customize the value.
segmentDurationSmoothCustom
(number): WithsegmentDurationSmooth
set toOTHER
, customizes the number of seconds for the fragment.
segmentSizeSmooth
(enum string): With thesmooth
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
contentCharacteristicsDD
Property Manager name: Content Characteristics
Specifies characteristics of the delivered content. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
Along with other behaviors whose names are prefixed
contentCharacteristics, this behavior is customized for a specific
product set. Use PAPI’s
List available behaviors
operation to determine the set available to you. See also the
related clientCharacteristics
and
originCharacteristics
behaviors.
Options:
objectSize
(enum string): Optimize based on the size of the object retrieved from the origin, eitherLESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
, orUNKNOWN
to defer this optimization. SpecifyOTHER
as a fallback value.
popularityDistribution
(enum string): Optimize based on the content’s expected popularity, eitherALL_POPULAR
for a high volume of requests over a short period,LONG_TAIL
for a low volume of requests over a long period, orUNKNOWN
to defer this optimization. SpecifyOTHER
as a fallback value.
catalogSize
(enum string): Optimize based on the total size of the content library delivered, eitherSMALL
(under 100GB),MEDIUM
(100GB–1TB),LARGE
(1TB–100TB),EXTRA_LARGE
(more than 100TB), orUNKNOWN
to defer this optimization. SpecifyOTHER
as a fallback value.
contentType
(enum string): Optimize based on the type of content, eitherVIDEO
,SOFTWARE
,SOFTWARE_PATCH
,GAME
,GAME_PATCH
,OTHER_DOWNLOADS
, orUNKNOWN
to defer this optimization.
optimizeOption
(boolean): When enabled, optimizes the delivery throughput and download times for large files.
contentCharacteristicsWsdLargeFile
Property Manager name: Content Characteristics - Large File
Specifies characteristics of the delivered content, specifically targeted to delivering large files. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
Along with other behaviors whose names are prefixed
contentCharacteristics, this behavior is customized for a specific
product set. Use PAPI’s
List available behaviors
operation to determine the set available to you. See also the
related clientCharacteristics
and
originCharacteristics
behaviors.
Options:
objectSize
(enum string): Optimize based on the size of the object retrieved from the origin, eitherLESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
, orUNKNOWN
to defer this optimization.
popularityDistribution
(enum string): Optimize based on the content’s expected popularity, eitherALL_POPULAR
for a high volume of requests over a short period,LONG_TAIL
for a low volume of requests over a long period, orUNKNOWN
to defer this optimization.
catalogSize
(enum string): Optimize based on the total size of the content library delivered, eitherSMALL
(under 100GB),MEDIUM
(100GB–1TB),LARGE
(1TB–100TB),EXTRA_LARGE
(more than 100TB), orUNKNOWN
to defer this optimization.
contentType
(enum string): Optimize based on the type of content, eitherVIDEO
,SOFTWARE
,SOFTWARE_PATCH
,GAME
,GAME_PATCH
,OTHER_DOWNLOADS
, orUNKNOWN
to defer this optimization.
contentCharacteristicsWsdLive
Property Manager name: Content Characteristics - Streaming Video Live
Specifies characteristics of the delivered content, specifically targeted to delivering live video. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
Along with other behaviors whose names are prefixed
contentCharacteristics, this behavior is customized for a specific
product set. Use PAPI’s
List available behaviors
operation to determine the set available to you. See also the
related clientCharacteristics
and
originCharacteristics
behaviors.
Options:
catalogSize
(enum string): Optimize based on the total size of the content library delivered, eitherSMALL
(under 100GB),MEDIUM
(100GB–1TB),LARGE
(1TB–100TB),EXTRA_LARGE
(more than 100TB), orUNKNOWN
to defer this optimization.
contentType
(enum string): Optimize based on the quality of media content, eitherSD
(standard definition),HD
(high definition),ULTRA_HD
,OTHER
for more than one level of quality, orUNKNOWN
to defer this optimization.
popularityDistribution
(enum string): Optimize based on the content’s expected popularity, eitherALL_POPULAR
for a high volume of requests over a short period,LONG_TAIL
for a low volume of requests over a long period, orUNKNOWN
to defer this optimization.
hls
(boolean): Enable delivery of HLS media.
segmentDurationHLS
(enum string): With thehls
option enabled, specifies the duration of individual segments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeHLS
(enum string): With thehls
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
hds
(boolean): Enable delivery of HDS media.
segmentDurationHDS
(enum string): With thehds
option enabled, specifies the duration of individual fragments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeHDS
(enum string): With thehds
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
dash
(boolean): Enable delivery of DASH media.
segmentDurationDASH
(enum string): With thedash
option enabled, specifies the duration of individual segments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeDASH
(enum string): With thedash
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
smooth
(boolean): Enable delivery of Smooth media.
segmentDurationSmooth
(enum string): With thesmooth
option enabled, specifies the duration of individual fragments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeSmooth
(enum string): With thesmooth
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
contentCharacteristicsWsdVod
Property Manager name: Content Characteristics - Streaming Video On-demand
Specifies characteristics of the delivered content, specifically targeted to delivering on-demand video. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
Along with other behaviors whose names are prefixed
contentCharacteristics, this behavior is customized for a specific
product set. Use PAPI’s
List available behaviors
operation to determine the set available to you. See also the
related clientCharacteristics
and
originCharacteristics
behaviors.
Options:
catalogSize
(enum string): Optimize based on the total size of the content library delivered, eitherSMALL
(under 100GB),MEDIUM
(100GB–1TB),LARGE
(1TB–100TB),EXTRA_LARGE
(more than 100TB), orUNKNOWN
to defer this optimization.
contentType
(enum string): Optimize based on the quality of media content, eitherSD
(standard definition),HD
(high definition),ULTRA_HD
,OTHER
for more than one level of quality, orUNKNOWN
to defer this optimization.
popularityDistribution
(enum string): Optimize based on the content’s expected popularity, eitherALL_POPULAR
for a high volume of requests over a short period,LONG_TAIL
for a low volume of requests over a long period, orUNKNOWN
to defer this optimization.
hls
(boolean): Enable delivery of HLS media.
segmentDurationHLS
(enum string): With thehls
option enabled, specifies the duration of individual segments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeHLS
(enum string): With thehls
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
hds
(boolean): Enable delivery of HDS media.
segmentDurationHDS
(enum string): With thehds
option enabled, specifies the duration of individual fragments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeHDS
(enum string): With thehds
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
dash
(boolean): Enable delivery of DASH media.
segmentDurationDASH
(enum string): With thedash
option enabled, specifies the duration of individual segments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeDASH
(enum string): With thedash
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
smooth
(boolean): Enable delivery of Smooth media.
segmentDurationSmooth
(enum string): With thesmooth
option enabled, specifies the duration of individual fragments, eitherSEGMENT_DURATION_2S
,SEGMENT_DURATION_4S
,SEGMENT_DURATION_6S
,SEGMENT_DURATION_8S
, orSEGMENT_DURATION_10S
.
segmentSizeSmooth
(enum string): With thesmooth
option enabled, specifies the size of the media object retrieved from the origin, either:LESS_THAN_1MB
,ONE_MB_TO_TEN_MB
,TEN_MB_TO_100_MB
,GREATER_THAN_100MB
,OTHER
for sizes that straddle these ranges, orUNKNOWN
to defer this optimization.
contentTargetingProtection
Property Manager name: Content Targeting - Protection
Content Targeting is based on EdgeScape, Akamai’s location-based access control system. You can use it to allow or deny access to a set of geographic regions or IP addresses.
Options:
enabled
(boolean): Enables the Content Targeting feature.
enableGeoProtection
(boolean): When enabled, verifies IP addresses are unique to specific geographic regions.
geoProtectionMode
(enum string): WithenableGeoProtection
enabled, specifies whether toALLOW
orDENY
requests.
countries
(array of string values): WithenableGeoProtection
enabled, specifies a set of two-character ISO 3166 country codes from which to allow or deny traffic. See EdgeScape Data Codes for a list.
regions
(array of string values): WithenableGeoProtection
enabled, specifies a set of ISO 3166–2 regional codes from which to allow or deny traffic. See EdgeScape Data Codes for a list.
dmas
(array of string values): WithenableGeoProtection
enabled, specifies the set of Designated Market Area codes from which to allow or deny traffic. See EdgeScape Data Codes for a list.
overrideIPAddresses
(array of string values): WithenableGeoProtection
enabled, specify a set of IP addresses or CIDR blocks that exceptions to the set of included or excluded areas.
enableGeoRedirectOnDeny
(boolean): When enabled, redirects denied requests rather than responding with an error code.
geoRedirectUrl
(string): WithenableGeoRedirectOnDeny
enabled, this specifies the full URL to the redirect page for denied requests.
enableIPProtection
(boolean): When enabled, allows you to control access to your content from specific sets of IP addresses and CIDR blocks.
ipProtectionMode
(enum string): WithenableIPProtection
enabled, specifies whether toALLOW
orDENY
requests.
ipAddresses
(array of string values): WithenableIPProtection
enabled, specify a set of IP addresses or CIDR blocks to allow or deny.
enableIPRedirectOnDeny
(boolean): When enabled, redirects denied requests rather than responding with an error code.
ipRedirectUrl
(string): WithenableIPRedirectOnDeny
enabled, this specifies the full URL to the redirect page for denied requests.
enableReferrerProtection
(boolean): When enabled, allows you allow traffic from certain referring websites, and disallow traffic from unauthorized sites that hijack those links.
referrerProtectionMode
(enum string): WithenableReferrerProtection
enabled, specify whether toALLOW
orDENY
traffic from specified domains.
referrerDomains
(array of string values): WithenableReferrerProtection
enabled, specifies the set of domains from which to allow or deny traffic.
enableReferrerRedirectOnDeny
(boolean): When enabled, redirects denied requests rather than responding with an error code.
referrerRedirectUrl
(string): WithenableReferrerRedirectOnDeny
enabled, this specifies the full URL to the redirect page for denied requests.
cpCode
Property Manager name: Content Provider Code
Content Provider Codes (CP codes) allow you to distinguish various reporting and billing segments. You receive a CP code when purchasing Akamai service, and you need it to access properties. This behavior allows you to apply any valid CP code, including additional ones you may request from Akamai Professional Services. For a CP code to be valid, it must belong to the same contract and be associated with the same product as the property, and the group must have access to it.
Options:
value
(object): Specifies avalue
object, which includes anid
key and a descriptivename
:"value": { "id" : 12345, "name" : "my cpcode" }
customBehavior
Property Manager name: Custom Behavior
Allows you to insert a
customized XML metadata behavior into any property’s rule tree. Talk
to your Akamai representative to implement the customized behavior.
Once it’s ready, run PAPI’s
List custom behaviors
operation, then apply the relevant behaviorId
value from the
response within the current customBehavior
.
See
Custom behaviors and overrides
for guidance on custom metadata behaviors.
Options:
behaviorId
(string): The unique identifier for the predefined custom behavior you want to insert into the current rule.
datastream
Property Manager name: DataStream
The DataStream reporting service provides real-time logs on application activity, including aggregated metrics on complete request and response cycles and origin response times. Apply this behavior to report on this set of traffic. Use the DataStream API to aggregate the data.
Options:
enabled
(boolean): Enables DataStream reporting.
datastreamIds
(string): A set of dash-separated DataStream ID values to limit the scope of reported data. By default, all active streams report. Use the DataStream application to gather stream ID values that apply to this property configuration. Specifying IDs for any streams that don’t apply to this property has no effect, and results in no data reported.
dcp
Property Manager name: IoT Edge Connect
The
Internet of Things: Edge Connect
product allows connected users and devices to communicate on a
publish-subscribe basis within reserved namespaces.
(The
IoT Edge Connect API
allows programmatic access.)
This behavior allows you to select previously reserved namespaces and
set the protocols for users to publish and receive messages within
these namespaces. Use the
verifyJsonWebTokenForDcp
behavior to
control access.
Options:
enabled
(boolean): Enables IoT Edge Connect.
namespaceId
(string): Specifies the globally reserved name for a specific configuration. It includes authorization rules over publishing and subscribing to logical categories known as topics. This provides a root path for all topics defined within a namespace configuration. You can use the IoT Edge Connect API to configure access control lists for your namespace configuration.
tlsenabled
(boolean): When enabled, you can publish and receive messages over a secured MQTT connection on port 8883.
wsenabled
(boolean): When enabled, you can publish and receive messages through a secured MQTT connection over WebSockets on port 443.
gwenabled
(boolean): When enabled, you can publish and receive messages over a secured HTTP connection on port 443.
dcpAuthHMACTransformation
Property Manager name: Variable Hash Transformation
The
Internet of Things: Edge Connect
product allows connected users and devices to communicate on a
publish-subscribe basis within reserved namespaces.
In conjunction with
dcpAuthVariableExtractor
, this behavior
affects how clients can authenticate themselves to edge servers, and
which groups within namespaces are authorized to access topics.
It transforms a source string value extracted from the client
certificate and stored as a variable, then generates a hash value
based on the selected algorithm, for use in authenticating the client request.
Note that you can apply this hash transformation, or either of the
dcpAuthRegexTransformation
or
dcpAuthSubstringTransformation
behaviors.
Options:
hashConversionAlgorithm
(enum string): Choose eitherMD5
,SHA256
, orSHA384
hash algorithms.
hashConversionKey
(string): Specifies the key to generate the hash, ideally a long random string to ensure adequate security.
dcpAuthRegexTransformation
Property Manager name: Variable Regex Transformation
The
Internet of Things: Edge Connect
product allows connected users and devices to communicate on a
publish-subscribe basis within reserved namespaces.
In conjunction with
dcpAuthVariableExtractor
, this behavior
affects how clients can authenticate themselves to edge servers, and
which groups within namespaces are authorized to access topics.
It transforms a source string value extracted from the client
certificate and stored as a variable,
then transforms the string based on a regular expression search
pattern, for use in authenticating the client request.
Note that you can apply this regular expression transformation, or
either of the
dcpAuthHMACTransformation
or
dcpAuthSubstringTransformation
behaviors.
Options:
regexPattern
(string): Specifies a Perl-compatible regular expression with a single grouping to capture the text. For example, a value of^.(.{0,10})
omits the first character, but then captures up to 10 characters after that. If the regular expression does not capture a substring, authentication may fail.
dcpAuthSubstringTransformation
Property Manager name: Variable Substring Transformation
The
Internet of Things: Edge Connect
product allows connected users and devices to communicate on a
publish-subscribe basis within reserved namespaces.
In conjunction with
dcpAuthVariableExtractor
, this behavior
affects how clients can authenticate themselves to edge servers, and
which groups within namespaces are authorized to access topics.
It transforms a source string value extracted from the client
certificate and stored as a variable, then extracts a substring, for
use in authenticating the client request.
Note that you can apply this substring transformation, or either of
the dcpAuthHMACTransformation
or
dcpAuthRegexTransformation
behaviors.
Options:
substringStart
(string): The zero-based index offset of the first character to extract. If the index is out of bound from the string’s length, authentication may fail.
substringEnd
(string): The zero-based index offset of the last character to extract, where-1
selects the remainder of the string. If the index is out of bound from the string’s length, authentication may fail.
dcpAuthVariableExtractor
Property Manager name: Mutual Authentication
The Internet of Things: Edge Connect product allows connected users and devices to communicate on a publish-subscribe basis within reserved namespaces. This behavior affects how clients can authenticate themselves to edge servers, and which groups within namespaces are authorized to access topics. When enabled, this behavior allows end users to authenticate their requests with valid client certificates. Values for client identifiers or access authorization groups are required to make a request valid.
After extracting values from client certificates and storing them as
variables, you can then apply any of these behaviors to transform the
value: dcpAuthHMACTransformation
,
dcpAuthRegexTransformation
, or
dcpAuthSubstringTransformation
.
Options:
certificateField
(enum string): Choose the field from the certificate to extract from, eitherFINGERPRINT_DYN
,FINGERPRINT_MD5
,FINGERPRINT_SHA1
,SUBJECT_DN
,SERIAL
,V3_NETSCAPE_COMMENT
, orV3_SUBJECT_ALT_NAME
.
dcpMutualAuthProcessingVariableId
(enum string): Store the value either asVAR_DCP_CLIENT_ID
orVAR_DCP_AUTH_GROUP
.
dcpDefaultAuthzGroups
Property Manager name: Default Authorization Groups
The
Internet of Things: Edge Connect
product allows connected users and devices to communicate on a
publish-subscribe basis within reserved namespaces.
This behavior defines a set of default authorization groups to add to
each request the property configuration controls. These groups have
access regardless of the authentication method you use, either JWT
using the verifyJsonWebTokenForDcp
behavior, or mutual authentication using the
dcpAuthVariableExtractor
behavior to
control where authorization groups are extracted from within
certificates.
Options:
groupNames
(array of string values): Specifies the set of authorization groups to assign to all connecting devices.
dcpDevRelations
Property Manager name: IoT Edge Connect Dev Relations
The
Internet of Things: Edge Connect
product allows connected users and devices to communicate on a
publish-subscribe basis within reserved namespaces.
This behavior allows Akamai-external clients to use developer test
accounts in a shared environment. In conjunction with
verifyJsonWebTokenForDcp
, this behavior
allows you to use your own JWTs in your requests, or those generated
by Akamai. It lets you either enable the default JWT server for your
test configuration by setting the authentication endpoint to a default
path, or specify custom settings for your JWT server and the
authentication endpoint.
Options:
enabled
(boolean): Enables the default JWT server and sets the authentication endpoint to a default path.
customValues
(boolean): When enabled, allows you to specify custom JWT server connection values.
hostname
(string): WithcustomValues
enabled, specifies the JWT server’s hostname.
path
(string): WithcustomValues
enabled, specifies the path to your JWT server’s authentication endpoint. This lets you generate JWTs to sign your requests.
deliveryReceipt
Property Manager name: Cloud Monitor Data Delivery
A static behavior that’s
required when specifying the
Cloud Monitor
module’s (edgeConnect
) behavior. You can only apply
this behavior if the property is marked as secure. See
Secure property requirements for guidance.
Options:
enabled
(read-only string): Whenon
, enables the behavior.
denyAccess
Property Manager name: Control Access
Assuming a condition in the
rule matches, this denies access to the requested content. For
example, a userLocation
match paired
with the denyaccess
behavior would deny requests from a specified
part of the world.
By keying on the value of the reason
option, denyaccess
behaviors
may override each other when called from nested rules. For example, a
parent rule might deny access to a certain geographic area, citing
"location"
as the reason
, but another nested rule can then allow
access for a set of IPs within that area, so long as the reason
matches.
Options:
enabled
(boolean): Denies access when enabled.
reason
(string): Text message that keys why access is denied. Any subsequentdenyaccess
behaviors within the rule tree may refer to the samereason
key to override the current behavior.
denyDirectFailoverAccess
Property Manager name: Security Failover Protection
A static behavior required for all properties that implement a failover under the Cloud Security Failover product.
This behavior does not include any options. Specifying the behavior itself enables it.
deviceCharacteristicCacheId
Property Manager name: Device Characterization - Define Cached Content
By default,
source URLs serve as cache IDs on edge servers. Electronic Data
Capture allows you to specify an additional set of device
characteristics to generate separate cache keys. Use this in
conjunction with the
deviceCharacteristicHeader
behavior.
Options:
elements
(array of string values): Specifies a set of information about the device with which to generate a separate cache key, any of the following values:
ACCEPT_THIRD_PARTY_COOKIE AJAX_PREFERRED_GEOLOC_API AJAX_SUPPORT_JAVASCRIPT BRAND_NAME COOKIE_SUPPORT DEVICE_OS DEVICE_OS_VERSION DUAL_ORIENTATION FLASH_LITE_VERSION FULL_FLASH_SUPPORT GIF_ANIMATED HTML_PREFERRED_DTD IS_MOBILE IS_TABLET IS_WIRELESS_DEVICE JPG MARKETING_NAME MAX_IMAGE_HEIGHT MAX_IMAGE_WIDTH MOBILE_BROWSER MOBILE_BROWSER_VERSION MODEL_NAME PDF_SUPPORT PHYSICAL_SCREEN_HEIGHT PHYSICAL_SCREEN_WIDTH PNG PREFERRED_MARKUP RESOLUTION_HEIGHT RESOLUTION_WIDTH VIEWPORT_INITIAL_SCALE VIEWPORT_WIDTH XHTML_FILE_UPLOAD XHTML_PREFERRED_CHARSET XHTML_SUPPORT_LEVEL XHTML_SUPPORTS_IFRAME XHTML_SUPPORTS_TABLE_FOR_LAYOUT XHTML_TABLE_SUPPORT XHTMLMP_PREFERRED_MIME_TYPE
deviceCharacteristicHeader
Property Manager name: Device Characterization - Forward in Header
Sends selected
information about requesting devices to the origin server, in the form
of an X-Akamai-Device-Characteristics
HTTP header. Use in
conjunction with the
deviceCharacteristicCacheId
behavior.
Options:
elements
(array of string values): Specifies the set of information about the requesting device to send to the origin server, any of the following:
ACCEPT_THIRD_PARTY_COOKIE AJAX_PREFERRED_GEOLOC_API AJAX_SUPPORT_JAVASCRIPT BRAND_NAME COOKIE_SUPPORT DEVICE_OS DEVICE_OS_VERSION DUAL_ORIENTATION FLASH_LITE_VERSION FULL_FLASH_SUPPORT GIF_ANIMATED HTML_PREFERRED_DTD IS_MOBILE IS_TABLET IS_WIRELESS_DEVICE JPG MARKETING_NAME MAX_IMAGE_HEIGHT MAX_IMAGE_WIDTH MOBILE_BROWSER MOBILE_BROWSER_VERSION MODEL_NAME PDF_SUPPORT PHYSICAL_SCREEN_HEIGHT PHYSICAL_SCREEN_WIDTH PNG PREFERRED_MARKUP RESOLUTION_HEIGHT RESOLUTION_WIDTH VIEWPORT_INITIAL_SCALE VIEWPORT_WIDTH XHTML_FILE_UPLOAD XHTML_PREFERRED_CHARSET XHTML_SUPPORT_LEVEL XHTML_SUPPORTS_IFRAME XHTML_SUPPORTS_TABLE_FOR_LAYOUT XHTML_TABLE_SUPPORT XHTMLMP_PREFERRED_MIME_TYPE
dnsAsyncRefresh
Property Manager name: DNS Asynchronous Refresh
Allow an edge server to use an expired DNS record when forwarding a request to your origin. The type A DNS record refreshes after content is served to the end user, so there is no wait for the DNS resolution. Avoid this behavior if you want to be able to disable a server immediately after its DNS record expires.
Options:
enabled
(boolean): When enabled, allows edge servers to refresh an expired DNS record after serving content.
timeout
(duration string): Set the maximum allowed time an expired DNS record may be active.
dnsPrefresh
Property Manager name: DNS Prefresh
A read-only behavior that allows edge servers to refresh your origin’s DNS record independently from end-user requests. The type A DNS record refreshes before the origin’s DNS record expires.
Options:
enabled
(boolean): When enabled, allows edge servers to refresh DNS records before they expire.
delay
(duration string): Specifies the amount of time following a DNS record’s expiration to asynchronously prefresh it.
timeout
(duration string): Specifies the amount of time to prefresh a DNS entry if there have been no requests to the domain name.
downgradeProtocol
Property Manager name: Protocol Downgrade
Serve static objects to the end-user client over HTTPS, but fetch them from the origin via HTTP.
Options:
enabled
(boolean): Enables the protocol downgrading behavior.
downloadCompleteMarker
Property Manager name: Download Complete Marker
The Internet of Things: OTA Updates product allows customers to securely distribute firmware to devices over cellular networks. Based on match criteria that executes a rule, this behavior logs requests to the OTA servers as completed in aggregated and individual reports.
See also the downloadNotification
and
requestTypeMarker
behaviors.
This behavior does not include any options. Specifying the behavior itself enables it.
downloadNotification
Property Manager name: Download Notification
The Internet of Things: OTA Updates product allows customers to securely distribute firmware to devices over cellular networks. Based on match criteria that executes a rule, this behavior allows requests to the OTA Updates API for a list of completed downloads to individual vehicles.
See also the downloadCompleteMarker
behavior.
This behavior does not include any options. Specifying the behavior itself enables it.
downstreamCache
Property Manager name: Downstream Cacheability
Specify the caching
instructions the edge server sends to the end user’s client or client
proxies. By default, the cache’s duration is whichever is less: the
remaining lifetime of the edge cache, or what the origin’s header
specifies. If the origin is set to no-store
or bypass-cache
, edge
servers send cache-busting headers downstream to prevent downstream
caching.
Options:
behavior
(enum string): Specify the caching instructions the edge server sends to the end user’s client. It accepts the following values:ALLOW
: The value ofallowBehavior
chooses the caching method and headers to send to the client.MUST_REVALIDATE
: This equates to aCache-Control: no-cache
header, which allows caching but forces the client browser to send anif-modified-since
request each time it requests the object.BUST
: Sends cache-busting headers downstream.TUNNEL_ORIGIN
: This passesCache-Control
andExpires
headers from the origin to the downstream client.NONE
: Don’t send any caching headers. Allow client browsers to cache content according to their own default settings.
allowBehavior
(enum string): Specify how the edge server calculates the downstream cache by setting the value of theExpires
header:FROM_VALUE
sends the value of the edge cache’s duration.FROM_MAX_AGE
sends thecache:max-age
value applied to the object, without evaluating the cache’s duration.LESSER
sends the lesser value of what the origin specifies and the edge cache’s remaining duration. This is the default behavior.GREATER
sends the greater value of what the origin specifies and the edge cache’s remaining duration.REMAINING_LIFETIME
sends the value of the edge cache’s remaining duration, without comparing it to the origin’s headers.PASS_ORIGIN
sends the value of the origin’s header, without evaluating the edge cache’s duration.
ttl
(duration string): Set the duration of the cache. Setting the value to0
equates to ano-cache
header that forces revalidation.
sendHeaders
(enum string): Specifies the HTTP headers to include in the response to the client:PASS_ORIGIN
sends the same set ofCache-Control
andExpires
headers received from the origin.CACHE_CONTROL
sends only the origin’sCache-Control
header.EXPIRES
sends only the origin’sExpires
header.CACHE_CONTROL_AND_EXPIRES
sends bothCache-Control
andExpires
header.NONE
strips both headers.
sendPrivate
(boolean): When enabled, adds aCache-Control: private
header to prevent objects from being cached in a shared caching proxy.
dynamicThroughtputOptimization
Property Manager name: Quick Retry
Enables quick retry, which detects slow forward throughput while fetching an object, and attempts a different forward connection path to avoid congestion. By default, connections under 5 mbps trigger this behavior. Contact Akamai Professional Services to override this threshold.
Options:
enabled
(boolean): Enables the quick retry feature.
dynamicWebContent
Property Manager name: Content Characteristics - Dynamic Web Content
In conjunction with the
subCustomer
behavior, this optional behavior allows
you to control how dynamic web content behaves for your subcustomers
using
Akamai Cloud Embed.
Options:
sureRoute
(boolean): Optimizes how subcustomer traffic routes from origin to edge servers. See thesureRoute
behavior for more information.
prefetch
(boolean): Allows subcustomer content to prefetch over HTTP/2.
realUserMonitoring
(boolean): Allows Real User Monitoring (RUM) to collect performance data for subcustomer content. See therealUserMonitoring
behavior for more information.
imageCompression
(boolean): Enables image compression for subcustomer content.
edgeConnect
Property Manager name: Cloud Monitor Instrumentation
Configures traffic logs for the Cloud Monitor push API.
Options:
enabled
(boolean): Enables Cloud Monitor’s log-publishing behavior.
apiConnector
(enum string): Describes the API connector type, eitherDEFAULT
,BMC_APM
, orSIEM_JSON
.
apiDataElements
(array of string values): Specifies the data set to log, any of the following values:
APM GEO HTTP NETWORK_PERFORMANCE NETWORK_V1 REQUEST_HEADER RESPONSE_HEADER SEC_APP_V2 SEC_RATE_DENY_V2 SEC_RATE_WARN_V2
destinationHostname
(string): Specifies the target hostname accepting push API requests.
destinationPath
(string): Specifies the push API’s endpoint.
overrideAggregateSettings
(boolean): When enabled, overrides default log settings.
aggregateTime
(duration string): WithoverrideAggregateSettings
enabled, specifies how often logs are generated.
aggregateLines
(string): WithoverrideAggregateSettings
enabled, specifies the maximum number of lines to include in each log.
aggregateSize
(string): WithoverrideAggregateSettings
enabled, specifies the log’s maximum size.
edgeImageConversion
Property Manager name: Image Converter Settings
The Edge Image Converter offloads various image manipulation tasks to edge servers. This behavior specifies various predefined policies to apply.
Options:
enabled
(boolean): Enables the edge image conversion behavior.
failover
(boolean): If the request results in a server error, enabling this forwards it to the origin.
usePolicy
(boolean): Enables a specified set of image conversion policies.
policies
(array): WithusePolicy
enabled, specifies commands that when present or not in the query string release an error code.
policyResponses
(numeric enum): Specifies the HTTP error code if anypolicies
conditions match, either400
,403
,404
, or409
.
edgeLoadBalancingAdvanced
Property Manager name: Edge Load Balancing: Advanced Metadata
A read-only behavior that implements customized Edge Load Balancing features. Contact Akamai Professional Services for help configuring it.
Options:
description
(string): A description of what thexml
block does.
xml
(string): A block of Akamai XML metadata.
edgeLoadBalancingDataCenter
Property Manager name: Edge Load Balancing: Data Center
The Edge Load Balancing module allows you to specify groups of data centers that implement load balancing, session persistence, and real-time dynamic failover. Enabling ELB routes requests contextually based on location, device, or network, along with optional rules you specify.
This behavior specifies details about a data center, and must be
paired in the same rule with an
edgeLoadBalancingOrigin
behavior, which
specifies its origin. An origin is an abstraction that helps group a
logical set of a website or application. It potentially includes
information about many data centers and cloud providers, as well as
many end points or IP addresses for each data center. More than one
data center can thus refer to the same origin.
Options:
originId
(string): Corresponds to theid
specified by theedgeLoadBalancingOrigin
behavior associated with this data center.
description
(string): Provides a description for the ELB data center, for your own reference.
hostname
(string): Specifies the data center’s hostname.
cookieName
(string): If using session persistence, this specifies the value of the cookie named in the correspondingedgeLoadBalancingOrigin
behavior’scookie_name
option.
enableFailover
(boolean): When enabled, allows you to specify failover rules.
ip
(string): WithenableFailover
enabled, specifies this data center’s IP address.
failoverRules
(array): WithenableFailover
enabled, provides up to four failover rules to apply in the specified order. These rules appear as objects with the following fields:modify_request
(boolean): When enabled, allows you to modify the request’s hostname or path.override_hostname
(boolean): When enabled, overrides the request’s hostname with thefailover_hostname
.failover_hostname
: The hostname of the data center to fail over to.context_root
: Specifies the path to use in the forwarding request, typically the root (/
) when failing over to a different data center, or a full path such as/static/error.html
when failing over to an error page.absolute_path
(boolean): If enabled, the path specified bycontext_root
is interpreted as an absolute server path, for example to reference a site-down page. If disabled, the path is appended to the request.
edgeLoadBalancingOrigin
Property Manager name: Edge Load Balancing: Origin Definition
The Edge Load Balancing module allows you to implement groups of data centers featuring load balancing, session persistence, and real-time dynamic failover. Enabling ELB routes requests contextually based on location, device, or network, along with optional rules you specify.
This behavior specifies the data center’s origin, and must be paired
in the same rule with at least one
edgeLoadBalancingDataCenter
behavior, which provides details about a particular data center. An
origin is an abstraction that helps group a logical set of a website
or application. It potentially includes information about many data
centers and cloud providers, as well as many end points or IP
addresses for each data center. To specify an ELB origin, you must
have configured an origin
behavior whose type
is set to
elb_origin_group
.
Options:
id
(string): Specifies a unique descriptive string for this ELB origin. The value must match theorigin_id
specified by theedgeLoadBalancingDataCenter
behavior associated with this origin.
description
(string): Provides a description for the ELB origin, for your own reference.
hostname
(string): Specifies the hostname associated with the ELB rule.
enableSessionPersistence
(boolean): When enabled, allows you to specify a cookie to pin the user’s browser session to one data center. When disabled, ELB’s default load balancing may send users to various data centers within the same session.
cookieName
(string): WithenableSessionPersistence
enabled, this specifies the name of the cookie that marks users’ persistent sessions. The accompanyingedgeLoadBalancingDataCenter
behavior’sdescription
option specifies the cookie’s value.
edgeOriginAuthorization
Property Manager name: Edge Server Identification
Allows the origin server to use a cookie to ensure requests from Akamai servers are genuine.
This behavior requires that you specify the cookie’s domain name, so it is best to deploy within a match of the hostname. It does not work properly when the origin server accepts more than one hostname (for example, using virtual servers) that do not share the same top-level domain.
Options:
enabled
(boolean): Enables the cookie-authorization behavior.
cookieName
(string): Specifies the name of the cookie to use for authorization.
value
(string): Specifies the value of the authorization cookie.
domain
(string): Specify the cookie’s domain, which must match the top-level domain of theHost
header the origin server receives.
edgeRedirector
Property Manager name: Edge Redirector Cloudlet
This behavior enables the Edge Redirector Cloudlet application, which is designed to help you manage large numbers of redirects. With cloudlets available on your contract, choose Your services ⇒ Edge logic Cloudlets to control the Edge Redirector within Control Center. Otherwise use the Cloudlets API to configure it programmatically.
Options:
enabled
(boolean): Enables the Edge Redirector Cloudlet.
cloudletPolicy
(object): Specifies the Cloudlet policy as an object containing two members: a descriptivename
string and an integerid
set by the Cloudlet application.
edgeScape
Property Manager name: Content Targeting
EdgeScape
allows you to customize content based on the end user’s geographic
location or connection speed. When enabled, the edge server sends a
special X-Akamai-Edgescape
header to the origin server encoding
relevant details about the end-user client as key-value pairs.
Options:
enabled
(boolean): When enabled, sends theX-Akamai-Edgescape
request header to the origin.
edgeSideIncludes
Property Manager name: ESI
Allows edge servers to
process
edge side include (ESI)
code to generate dynamic content. To apply this behavior, you need to
match on a contentType
, path
, or
filename
. Since this behavior requires more parsing
time, you should not apply it to pages that lack ESI code, or to any
non-HTML content.
Options:
enabled
(boolean): Enables ESI processing.
enableViaHttp
(boolean): Enable ESI only for content featuring the following HTTP response header:Edge-control: dca=esi
passSetCookie
(boolean): When enabled, allows edge servers to pass your origin server’s cookies to the ESI processor.
passClientIp
(boolean): When enabled, allows edge servers to pass the client IP header to the ESI processor.
i18nStatus
(boolean): When enabled, provides internationalization support for ESI.
i18nCharset
(array of string values): Withi18nStatus
enabled, specifies the character sets to use when transcoding the ESI language,UTF-8
andISO-8859-1
for example.
detectInjection
(boolean): When enabled, denies attempts to inject ESI code.
enhancedAkamaiProtocol
Property Manager name: Enhanced Akamai Protocol
Enables the Enhanced Akamai Protocol, a suite of advanced routing and transport optimizations that increase your website’s performance and reliability. It is only available to specific applications, and requires a special routing from edge to origin.
WARNING: Disabling this behavior may significantly reduce a property’s performance.
This behavior does not include any options. Specifying the behavior itself enables it.
enhancedProxyDetection
Property Manager name: Enhanced Proxy Detection with GeoGuard
This behavior allows you to apply proxy detection and location spoofing protection from Akamai’s data provider, GeoGuard. Configure it to identify unwanted requests redirected from four types of proxy: anonymous VPN, public proxy, The Onion Router (Tor) exit node, and smart DNS proxy. Configure your edge content to deny or redirect requests, or allow them to pass through so that you can log and audit the traffic.
Options:
enabled
(boolean): Applies GeoGuard proxy detection.
enableConfigurationMode
(enum string): Sets either a defaultBEST_PRACTICE
mode to apply a single action to the four different categories of traffic, orADVANCED
to configure them separately. Choose the latter only if you are thoroughly familiar in GeoGuard proxy detection.
bestPracticeAction
(enum string): WithenableConfigurationMode
set toBEST_PRACTICE
, specifies whether toALLOW
,DENY
, orREDIRECT
the proxy request.
bestPracticeRedirecturl
(string): WithbestPracticeAction
set toREDIRECT
, this specifies the URL to which to redirect requests.
detectAnonymousVpn
(boolean): WithenableConfigurationMode
set toADVANCED
, this enables detection of requests from anonymous VPNs.
detectAnonymousVpnAction
(enum string): WithdetectAnonymousVpn
enabled, specifies whether toALLOW
,DENY
, orREDIRECT
anonymous VPN requests.
detectAnonymousVpnRedirecturl
(string): WithdetectAnonymousVpnAction
set toREDIRECT
, this specifies the URL to which to redirect anonymous VPN requests.
detectPublicProxy
(boolean): WithenableConfigurationMode
set toADVANCED
, this enables detection of requests from public proxies.
detectPublicProxyAction
(enum string): WithdetectPublicProxy
enabled, specifies whether toALLOW
,DENY
, orREDIRECT
public proxy requests.
detectPublicProxyRedirecturl
(string): WithdetectPublicProxyAction
set toREDIRECT
, this specifies the URL to which to redirect public proxy requests.
detectTorExitNode
(boolean): WithenableConfigurationMode
set toADVANCED
, this enables detection of requests from Tor exit nodes.
detectTorExitNodeAction
(enum string): WithdetectTorExitNode
enabled, specifies whether toDENY
,ALLOW
, orREDIRECT
requests from Tor exit nodes.
detectTorExitNodeRedirecturl
(string): WithdetectTorExitNodeAction
set toREDIRECT
, this specifies the URL to which to redirect requests from Tor exit nodes.
detectSmartDNSProxy
(boolean): WithenableConfigurationMode
set toADVANCED
, this enables detection of requests from smart DNS proxies.
detectSmartDNSProxyAction
(enum string): WithdetectSmartDNSProxy
enabled, specifies whether toDENY
,ALLOW
, orREDIRECT
smart DNS proxy requests.
detectSmartDNSProxyRedirecturl
(string): WithdetectSmartDNSProxyAction
set toREDIRECT
, this specifies the URL to which to redirect DNS proxy requests.
detectVpnDataCenter
(boolean): WithenableConfigurationMode
set toADVANCED
, this enables detection of requests from VPN data centers. You should learn more about this GeoGuard category before enabling it.
detectVpnDataCenterAction
(enum string): WithdetectVpnDataCenter
enabled, specifies whether toDENY
,ALLOW
, orREDIRECT
requests from VPN data centers.
detectVpnDataCenterRedirecturl
(string): WithdetectVpnDataCenterAction
set toREDIRECT
, this specifies the URL to which to redirect requests from VPN data centers. …
failAction
Property Manager name: Site Failover
Specifies how to respond when
the origin is not available: by serving stale content, by serving an
error page, or by redirecting. To apply this behavior, you should
match on an originTimeout
or
matchResponseCode
.
Options:
enabled
(boolean): When enabled in case of a failure to contact the origin, the current behavior applies.
actionType
(enum string): Specifies the basic action to take when there is a failure to contact the origin:SERVE_STALE
serves content that is already in the cache.REDIRECT
specifies a redirect action. (Use with these options:redirectHostnameType
,redirectHostname
,redirectCustomPath
,redirectPath
,redirectMethod
,modifyProtocol
, andprotocol
.)RECREATED_CEX
serves alternate content from an external network. (Use with these options:cexHostname
,cexCustomPath
, andcexPath
.)RECREATED_CO
serves alternate content from your network. (Use with these options:contentHostname
,contentCustomPath
, andcontentPath
.)RECREATED_NS
serves NetStorage content. (Use with these options:netStorageHostname
,netStoragePath
, andcpCode
.)DYNAMIC
allows you to serve dynamic SaaS content if SaaS acceleration is available on your contract. (Use with these options:dynamicMethod
,dynamicCustomPath
,saasType
,saasSuffix
,saasRegex
, andsaasReplace
.)
statusCode
(numeric enum): Assigns a new HTTP status code to the failure response.
cpCode
(object): WhenactionType
isRECREATED_NS
, this specifies a cpcode for which to log errors for the NetStorage location. It appears as an object that includes anid
key and a descriptivename
:"cpCode": { "id" : 12345, "name" : "my cpcode" }
netStorageHostname
(object): When theactionType
isRECREATED_NS
, specifies the NetStorage origin to serve the alternate content, as in the example below. Contact Akamai Professional Services for your NetStorage origin’sid
."netStorageHostname": { "id" : "netstorage_id", "name" : "Example Downloads", "downloadDomainName" : "download.example.com", "cpCode" : 12345 }
netStoragePath
(string; allows variables): When theactionType
isRECREATED_NS
, specifies the path for the NetStorage request.
redirectMethod
(numeric enum): When theactionType
isREDIRECT
, specifies the HTTP response code, either301
or302
.
redirectHostnameType
(enum string): When theactionType
isREDIRECT
, this specifies whether to preserve theORIGINAL
hostname in the redirect, or whether to use anALTERNATE
hostname specified withredirectHostname
.
redirectHostname
(string; allows variables): When theactionType
isREDIRECT
and theredirectHostnameType
isALTERNATE
, this specifies the hostname for the redirect.
redirectCustomPath
(boolean): When theactionType
isREDIRECT
, enabling this allows you useredirectPath
to customize a new path.
redirectPath
(string; allows variables): When theactionType
isREDIRECT
, this specifies a new path.
modifyProtocol
(boolean): When theactionType
isREDIRECT
, or if thedynamicMethod
is eitherSERVE_301
orSERVE_302
, enabling this allows you to modify the redirect’s protocol using the value of theprotocol
field.
protocol
(enum string): When theactionType
isREDIRECT
andmodifyProtocol
is enabled, this specifies the redirect’s protocol, eitherHTTP
orHTTPS
.
preserveQueryString
(boolean): When using eithercontentCustomPath
,cexCustomPath
,dynamicCustomPath
, orredirectCustomPath
to specify a custom path, enabling this passes in the original request’s query string as part of the path.
cexHostname
(string; allows variables): WhenactionType
isRECREATED_CEX
, this specifies a hostname.
cexCustomPath
(boolean): WhenactionType
isRECREATED_CEX
, enabling this allows you to specify a custom path.
cexPath
(string; allows variables): WhenactionType
isRECREATED_CEX
andcexCustomPath
is enabled, this specifies a custom path.
contentHostname
(string; allows variables): When theactionType
isRECREATED_CO
, specifies the static hostname for the alternate redirect.
contentCustomPath
(boolean): When theactionType
isRECREATED_CO
, enabling this allows you to specify a custom redirect path.
contentPath
(string; allows variables): When theactionType
isRECREATED_CO
andcontentCustomPath
is enabled, this specifies a custom redirect path.
dynamicMethod
(enum string): With theactionType
set toDYNAMIC
, specifies the redirect method, eitherSERVE_301
,SERVE_302
, orSERVE_ALTERNATE
.
dynamicCustomPath
(boolean): When enabled, allows you to modify the original requested path.
dynamicPath
(string; allows variables): WithdynamicCustomPath
enabled, specifies the new path.
saasType
(enum string): Identifies the component of the request that identifies the SaaS dynamic failaction: eitherCOOKIE
,HOSTNAME
,PATH
, orQUERY_STRING
.
saasSuffix
(string; allows variables): WithactionType
set toDYNAMIC
, specifies the static portion of the SaaS dynamic failaction.
saasRegex
(string): WithactionType
set toDYNAMIC
, specifies the substitution pattern (a Perl-compatible regular expression) that defines the SaaS dynamic failaction.
saasReplace
(string; allows variables): WithactionType
set toDYNAMIC
, specifies the replacement pattern that defines the SaaS dynamic failaction.
saasCnameEnabled
(boolean): With thesaasType
set toHOSTNAME
, specifies whether to use a CNAME chain to determine the hostname for the SaaS dynamic failaction.
saasCnameLevel
(number): WithsaasCnameEnabled
on, specifies the number of elements in the CNAME chain backwards from the edge hostname that determines the hostname for the SaaS dynamic failaction.
saasCookie
(string; allows variables): WithsaasType
set toCOOKIE
, specifies the name of the cookie that identifies this SaaS dynamic failaction.
saasQueryString
(string; allows variables): WithsaasType
set toQUERY_STRING
, specifies the name of the query parameter that identifies this SaaS dynamic failaction.
fastInvalidate
Property Manager name: Fast Invalidate
Applies Akamai’s Fast
Purge feature to selected edge content, invalidating it within
approximately five seconds. This behavior sends an
If-Modified-Since
request to the origin for subsequent requests,
replacing it with origin content if its timestamp is more recent.
Otherwise if the origin lacks a Last-Modified
header, it sends a
simple GET request. Note that this behavior does not simply delete
content if more recent origin content is unavailable. See the
Fast Purge API
for an independent way to invalidate selected sets of content, and for
more information on the feature.
Options:
enabled
(boolean): When enabled, forces a validation test for all edge content to which the behavior applies.
firstPartyMarketing
Property Manager name: Cloud Marketing Cloudlet
Enables the
Cloud Marketing Cloudlet,
which helps MediaMath customers collect usage data and place
corresponding tags for use in online advertising. You can configure
tags using either the Cloudlets Policy Manager application or the
Cloudlets API.
See also the firstPartyMarketingPlus
behavior, which is designed to integrate better with both MediaMath
and its partners. Both behaviors support the same set of options.
Options:
enabled
(boolean): Enables the Cloud Marketing Cloudlet.
javaScriptInsertionRule
(enum string): Select how to insert the MediaMath JavaScript reference script, eitherNEVER
if inserting it at the origin,ALWAYS
to insert it for all edge requests, orPOLICY
to allow the Cloudlet policy to determine when to insert it.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
mediaMathPrefix
(string): Specify the URL path prefix that distinguishes Cloud Marketing requests from your other web traffic. Include the leading slash character, but no trailing slash. For example, if the path prefix is/mmath
, and the request is forwww.example.com/dir
, the new URL iswww.example.com/mmath/dir
.
firstPartyMarketingPlus
Property Manager name: Cloud Marketing Plus Cloudlet
Enables the
Cloud Marketing Plus Cloudlet,
which helps MediaMath customers collect usage data and place
corresponding tags for use in online advertising. You can configure
tags using either the Cloudlets Policy Manager application or the
Cloudlets API.
See also the firstPartyMarketing
behavior,
which integrates with MediaMath but not its partners. Both behaviors
support the same set of options.
Options:
enabled
(boolean): Enables the Cloud Marketing Plus Cloudlet.
javaScriptInsertionRule
(enum string): Select how to insert the MediaMath JavaScript reference script, eitherNEVER
if inserting it at the origin,ALWAYS
to insert it for all edge requests, orPOLICY
to allow the Cloudlet policy to determine when to insert it.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
mediaMathPrefix
(string): Specify the URL path prefix that distinguishes Cloud Marketing requests from your other web traffic. Include the leading slash character, but no trailing slash. For example, if the path prefix is/mmath
, and the request is forwww.example.com/dir
, the new URL iswww.example.com/mmath/dir
.
forwardRewrite
Property Manager name: Forward Rewrite Cloudlet
The Forward Rewrite Cloudlet allows you to conditionally modify the forward path in edge content without affecting the URL that displays in the user’s address bar. If cloudlets are available on your contract, choose Your services ⇒ Edge logic Cloudlets to control how this feature works within Control Center, or use the Cloudlets API to configure it programmatically.
Options:
enabled
(boolean): Enables the Forward Rewrite Cloudlet behavior.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
frontEndOptimization
Property Manager name: Front-End Optimization
This behavior enables Front End Optimization, a suite of performance enhancements that accelerate page rendering and reduce download times, for example by minifying JavaScript and CSS.
Options:
enabled
(boolean): Enables the front-end optimization behavior.
g2oheader
Property Manager name: Signature Header Authentication
The signature header authentication (g2o) security feature provides header-based verification of outgoing origin requests. Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. This behavior configures the request data, header names, encryption algorithm, and shared secret to use for verification.
Options:
enabled
(boolean): Enables the g2o verification behavior.
dataHeader
(string): Specifies the name of the header that contains the request data that needs to be encrypted.
signedHeader
(string): Specifies the name of the header containing encrypted request data.
encodingVersion
(numeric enum): Specifies the version of the encryption algorithm as an integer from1
through5
.
useCustomSignString
(boolean): When disabled, the encrypted string is based on the forwarded URL. If enabled, you can usecustomSignString
to customize the set of data to encrypt.
customSignString
(array of string values): WithuseCustomSignString
enabled, specifies the set of data to be encrypted as a combination of concatenated strings, any of the following values:
AK_CLIENT_REAL_IP AK_DOMAIN AK_EXTENSION AK_FILENAME AK_HOSTHEADER AK_METHOD AK_PATH AK_QUERY AK_SCHEME AK_URL
secretKey
(string): Specifies the shared secret key.
nonce
(string): Specifies the cryptographic nonce string.
globalRequestNumber
Property Manager name: Global Request Number
Generates a unique
identifier for each request on the Akamai edge network, for use in
logging and debugging. GRN identifiers follow the same format as
Akamai’s error reference strings, for example:
0.05313217.1567801841.1457a3
. You can use the Diagnostic Tools API’s
Translate an Error
operation to get low-level details about any request.
Options:
outputOption
(enum string): Specifies how to report the GRN value, either as aRESPONSE_HEADER
to the client, aREQUEST_HEADER
to the origin,BOTH_HEADERS
, orASSIGN_VARIABLE
to process the value in some other way as a variable.
headerName
(string): WithoutputOption
set to specify any set of headers, this specifies the name of the header to report the GRN value.
variableName
(string): WithoutputOption
set toASSIGN_VARIABLE
, this specifies the name of the variable to assign the GRN value to. You need to pre-declare any variable you specify within the rule tree.
gzipResponse
Property Manager name: Last Mile Acceleration
Apply gzip compression to
speed transfer time. This behavior applies best to text-based content
such as HTML, CSS, and JavaScript, especially once files exceed about
10KB. Do not apply it to already compressed image formats, or to small
files that would add more time to uncompress. To apply this behavior,
you should match on contentType
or the content’s
cacheability
.
Options:
behavior
(enum string): Specify when to compress responses, eitherALWAYS
,NEVER
, orORIGIN_RESPONSE
to clients that send anAccept-Encoding: gzip
header.
hdDataAdvanced
Property Manager name: HD Data Override: Advanced Metadata
A read-only behavior
that specifies Akamai XML metadata that can only be configured on your
behalf by Akamai Professional Services. Unlike the
advanced
behavior, this may apply a different set of
overriding metadata that executes in a post-processing phase.
Options:
description
(string): Human-readable description of what the XML block does.
xml
(string): A block of Akamai XML metadata.
healthDetection
Property Manager name: Origin Health Detection
Monitors the health of your origin server by tracking unsuccessful attempts to contact it. Use this behavior to keep end users from having to wait several seconds before a forwarded request times out, or to reduce requests on the origin server when it is unavailable.
When client requests are forwarded to the origin, the edge server
tracks the number of attempts to connect to each IP address. It cycles
through IP addresses in least-recently-tested order to avoid hitting
the same one twice in a row. If the number of consecutive
unsuccessful tests reaches a threshold you specify, the behavior
identifies the address as faulty and stops sending requests. The edge
server returns an error message to the end user or else triggers any
failAction
behavior you specify.
Options:
retryCount
(number): The number of consecutive connection failures that mark an IP address as faulty.
retryInterval
(duration string): Specifies the amount of time the edge server will wait before trying to reconnect to an IP address it has already identified as faulty.
maximumReconnects
(number): Specifies the maximum number of times the edge server will contact your origin server. If your origin is associated with several IP addresses,maximumReconnects
effectively overrides the value ofretryCount
.
http2
Property Manager name: HTTP/2
Enables the HTTP/2 protocol, which reduces latency and improves efficiency. You can only apply this behavior if the property is marked as secure. See Secure property requirements for guidance.
This behavior does not include any options. Specifying the behavior itself enables it.
httpStrictTransportSecurity
Property Manager name: HTTP Strict Transport Security
Applies HTTP Strict Transport Security (HSTS), disallowing insecure HTTP traffic. Apply this to hostnames managed with Standard TLS or Enhanced TLS certificates.
Options:
enable
(boolean): Applies HSTS to this set of requests.
maxAge
(enum string): Specifies the duration for which to apply HSTS for new browser connections, eitherTEN_MINS
,ONE_DAY
,ONE_MONTH
,THREE_MONTHS
,SIX_MONTHS
, orONE_YEAR
. A value ofZERO_MINS
effectively disables HSTS, without affecting any existing browser connections.
includeSubDomains
(boolean): When enabled, applies HSTS to all subdomains.
preload
(boolean): When enabled, adds this domain to the browser’s preload list. You still need to declare the domain at hstspreload.org.
redirect
(boolean): When enabled, redirects all HTTP requests to HTTPS.
redirectStatusCode
(numeric enum): Withredirect
enabled, specifies a301
or302
response code.
httpToHttpsUpgrade
Property Manager name: HTTP to HTTPS Upgrade
Upgrades an HTTP edge
request to HTTPS for the remainder of the request flow. Enable this
behavior only if your origin supports HTTPS, and if your
origin
behavior is configured with originCertsToHonor
to verify SSL certificates.
This behavior does not include any options. Specifying the behavior itself enables it.
imageManager
Property Manager name: Image and Video Manager
Optimizes images’ size or
file type for the requesting device. You can also use this behavior
to generate API tokens to apply your own policies to matching images
using the
Image and Video Manager API.
To apply this behavior, you need to match on a
fileExtension
.
Options:
enabled
(boolean): Enable image management capabilities and generate a corresponding API token.
resize
(boolean): Specify whether to scale down images to the maximum screen resolution, as determined by the rendering device’s user agent. Note that enabling this may affect screen layout in unexpected ways.
applyBestFileType
(boolean): Specify whether to convert images to the best file type for the requesting device, based on its user agent and the initial image file. This produces the smallest file size possible that retains image quality.
superCacheRegion
(enum string): Specifies a location for your site’s heaviest traffic, for use in caching derivatives on edge servers. Possible values areUS
,JAPAN
,ASIA
,AUSTRALIA
, orEMEA
(Europe, Middle East, and Africa).
cpCodeOriginal
(object): Assigns a CP code to track traffic and billing for original images that the Image and Video Manager has not modified. Form the value as an object with a singleid
member paired with an integer value, for example:"cpCodeOriginal":{"id":12345}
.
cpCodeTransformed
(object): Assigns a separate CP code to track traffic and billing for derived images. Form the value as an object with a singleid
member paired with an integer value, for example:"cpCodeTransformed":{"id":12345}
.
advanced
(boolean): When enabled, allows you to generate a custom Image and Video Manager API token to apply a corresponding policy to this set of images. The token consists of a descriptive label (thepolicyToken
) concatenated with a property-specific identifier that’s generated when you save the property. The API registers the token when you activate the property.
policyToken
(string): Withadvanced
enabled, assign a prefix label to help match the policy token to this set of images, limited to 32 alphanumeric or underscore characters. If you don’t specify a label, default becomes the prefix.
policyTokenDefault
(string): Specify the default policy identifier, which is registered with the Image and Video Manager API once you activate this property. Theadvanced
option needs to be inactive.
imageManagerVideo
Property Manager name: Image and Video Manager
Optimizes videos
managed by Image and Video Manager for the requesting device. You can also use
this behavior to generate API tokens to apply your own policies to
matching videos using the
Image and Video Manager API.
To apply this behavior, you need to match on a
fileExtension
.
Options:
enabled
(boolean): Applies Image and Video Manager’s video optimization to the current content.
resize
(boolean): When enabled, scales down video for smaller mobile screens, based on the device’sUser-Agent
header.
applyBestFileType
(boolean): When enabled, automatically converts videos to the best file type for the requesting device. This produces the smallest file size that retains image quality, based on the user agent and the initial image file.
superCacheRegion
(enum string): To optimize caching, assign a region close to your site’s heaviest traffic, eitherASIA
,AUSTRALIA
,EMEA
(Europe, Middle East and Africa),JAPAN
, orUS
. AssignUS
if your site’s heaviest traffic varies across regions.
cpCodeOriginal
(object): Select the CP code for which to track Image and Video Manager video traffic. Use this along withcpCodeTransformed
to track traffic to derivative video content.
cpCodeTransformed
(object): Select the CP code to identify derivative transformed video content.
advanced
(boolean): When disabled, applies a single standard policy based on your property name. When enabled, allows you to reference a rule-specificpolicyToken
for videos with different match criteria.
policyToken
(string): Withadvanced
enabled, specifies a custom policy defined in the Image and Video Manager Policy Manager or the Image and Video Manager API. The policy name can include up to 64 alphanumeric, dash, or underscore characters.
policyTokenDefault
(string): Specify the default policy identifier, which is registered with the Image and Video Manager API once you activate this property.
imOverride
Property Manager name: Image and Video Manager: Set Parameter
This specifies common query
parameters that affect how imageManager
transforms
images, potentially overriding policy, width, format, or density
request parameters. This also allows you to assign the value of one of
the property’s rule tree variables to one of Image and Video Manager’s
own policy variables.
Options:
override
(enum string): Selects the type of query parameter you want to set, either theDPR
for pixel density,FORMAT
for browser types,POLICY
for the name of the Image and Video Manager policy you want to apply, or the predefinedWIDTH
to constrain the image to. Alternately specify that you want to set an Image and Video ManagerPOLICY_VARIABLE
from a rule tree variable defined in the property.
typesel
(enum string): When setting any query parameter, specifies whether to set it to a specificVALUE
, or whether to assign a Property Manager rule treeVARIABLE
.
formatvar
(string): With theoverride
parameter set toFORMAT
and thetypesel
set toVARIABLE
, this selects the variable with the name of the browser you want to optimize images for. The variable specifies the same type of data as theformat
option below.
format
(enum string): With theoverride
parameter set toFORMAT
and thetypesel
set toVALUE
, this specifies the name of the browser you want to optimize images for, eitherCHROME
,SAFARI
,IE
, orGENERIC
.
dprvar
(string): With theoverride
parameter set toDPR
and thetypesel
set toVARIABLE
, this selects the variable with the desired pixel density. The variable specifies the same type of data as thedpr
option below.
dpr
(number): With theoverride
parameter set toDPR
and thetypesel
set toVALUE
, this directly specifies the pixel density. The numeric value is a scaling factor of 1, representing normal density.
widthvar
(string): With theoverride
parameter set toWIDTH
and thetypesel
set toVARIABLE
, this selects the variable with the desired width. If the Image and Video Manager policy doesn’t define that width, it serves the next largest width.
width
(number): With theoverride
parameter set toWIDTH
and thetypesel
set toVALUE
, this sets the image’s desired pixel width directly. If the Image Manager policy doesn’t define that width, it serves the next largest width.
policyvar
(string): With theoverride
parameter set toPOLICY
and thetypesel
set toVARIABLE
, this selects the variable with the desired Image and Video Manager policy name to apply to image requests. If there is no policy by that name, Image and Video Manager serves the image unmodified.
policy
(string): With theoverride
parameter set toPOLICY
and thetypesel
set toVALUE
, this selects the desired Image and Video Manager policy name directly. If there is no policy by that name, Image and Video Manager serves the image unmodified.
policyvarName
(string): Withoverride
set toPOLICY_VARIABLE
, this selects the name of one of the variables defined in an Image and Video Manager policy that you want to replace with the property’s rule tree variable.
policyvarIMvar
(string): Withoverride
set toPOLICY_VARIABLE
, this selects one of the property’s rule tree variables to assign to thepolicyvarName
variable within Image and Video Manager.
injectReferenceId
Property Manager name: Inject Reference ID
Allows you to inject an
Akamai reference ID, useful for troubleshooting, anywhere within the
response body. With this feature enabled, any AKAM_REF
string you
specify is replaced with a unique identifier for each response.
Options:
referenceId
(boolean): Enables injection of reference ID values.
inputValidation
Property Manager name: Input Validation Cloudlet
The Input Validation Cloudlet detects anomalous edge requests and helps mitigate repeated invalid requests. You can configure it using either the Cloudlets Policy Manager application, available within Control Center under Your services ⇒ Edge logic Cloudlets, or the Cloudlets API.
Use this behavior to specify criteria that identifies each unique end user, and optionally supplement the Input Validation policy with additional criteria your origin uses to identify invalid requests. Specify the threshold number of invalid requests that triggers a penalty, and the subsequent response. Also specify an ordinary failure response for those who have not yet met the threshold, which should not conflict with any other behavior that defines a failure response.
Options:
enabled
(boolean): Applies the Input Validation Cloudlet behavior.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
label
(string): Distinguishes this Input Validation policy from any others within the same property.
userIdentificationByCookie
(boolean): When enabled, identifies users by the value of a cookie.
userIdentificationKeyCookie
(string): WithuserIdentificationByCookie
enabled, this specifies the cookie name whose value must remain constant across requests to identify a user.
userIdentificationByIp
(boolean): When enabled, identifies users by specific IP address. Do not enable this if you are concerned about DDoS attacks from many different IP addresses.
userIdentificationByHeaders
(boolean): When enabled, identifies users by specific HTTP headers on GET or POST requests.
userIdentificationKeyHeaders
(array of string values): WithuserIdentificationByHeaders
enabled, this specifies the HTTP headers whose combined set of values identify each end user.
userIdentificationByParams
(boolean): When enabled, identifies users by specific query parameters on GET or POST requests.
userIdentificationKeyParams
(array of string values): WithuserIdentificationByParams
enabled, this specifies the query parameters whose combined set of values identify each end user.
allowLargePostBody
(boolean): Fails POST request bodies that exceed 16 KB when enabled, otherwise allows them to pass with no validation for policy compliance.
resetOnValid
(boolean): Upon receiving a valid request, enabling this resets thepenaltyThreshold
counter to zero. Otherwise, even those series of invalid requests that are interrupted by valid requests may trigger thepenaltyAction
.
validateOnOriginWith
(enum string): For any validation that edge servers can’t perform alone, this specifies additional validation steps based on how the origin identifies an invalid request. If a request is invalid, the origin can indicate this to the edge server either with aRESPONSE_CODE
orRESPONSE_CODE_AND_HEADER
. If no additional validation is necessary, specifyDISABLED
.
validateOnOriginHeaderName
(string): IfvalidateOnOriginWith
is set toRESPONSE_CODE_AND_HEADER
, this specifies the header name for a request that the origin identifies as invalid.
validateOnOriginHeaderValue
(string): IfvalidateOnOriginWith
is set toRESPONSE_CODE_AND_HEADER
, this specifies an invalid request’s header value that corresponds to thevalidateOnOriginHeaderName
.
validateOnOriginResponseCode
(number): UnlessvalidateOnOriginWith
isDISABLED
, this identifies the integer response code for requests the origin identifies as invalid.
failure302Uri
(string): Specifies the redirect link for invalid requests that have not yet triggered a penalty.
penaltyThreshold
(number): Specifies the number of invalid requests permitted before executing thepenaltyAction
.
penaltyAction
(enum string): Once thepenaltyThreshold
of invalid requests is met, this specifies the response, eitherBRANDED_403
,BLANK_403
orREDIRECT_302
.
penalty302Uri
(string): WithpenaltyAction
set toREDIRECT_302
, this specifies the redirect link for end users who trigger the penalty.
penaltyNetStorage
(object): WithpenaltyAction
set toBRANDED_403
, this specifies the NetStorage account that serves out the penalty’s static 403 response content. Details appear in an object featuring adownloadDomainName
string member that identifies the NetStorage hostname, and an integercpCode
to track the traffic.
penalty403NetStoragePath
(string): WithpenaltyAction
set toBRANDED_403
, this specifies the full path to the static 403 response content relative to thedownloadDomainName
in thepenaltyNetStorage
object.
penaltyBrandedDenyCacheTtl
(number within 5–30 range): WithpenaltyAction
set toBRANDED_403
, this specifies the penalty response’s time to live in the cache,5
minutes by default.
instant
Property Manager name: Akamai Instant
The Instant feature allows you to prefetch content to the edge cache by adding link relation attributes to markup. For example:
<a href="page2.html" rel="Akamai-prefetch">Page 2</a>
Default link relation values are prefetch
and Akamai-prefetch
.
Applies only to HTML elements that may specify an external file:
<a>
, <base>
, <img>
, <script>
, <input>
, <link>
, <table>
,
<td>
, or <th>
. (For the latter three, some legacy browsers support
a nonstandard background
image attribute.)
This behavior provides an alternative to the
prefetch
and
prefetchable
behaviors, which allow
you to configure more general prefetching behavior outside of
markup.
Options:
prefetchCacheable
(boolean): When enabled, applies prefetching only to objects already set to be cacheable, for example using thecaching
behavior. Only applies to content with thetieredDistribution
behavior enabled.
prefetchNoStore
(boolean): Allows otherwise non-cacheableno-store
content to prefetch if the URL path ends with/
to indicate a request for a default file, or if the extension matches the value of theprefetchNoStoreExtensions
option. Only applies to content with thesureRoute
behavior enabled.
prefetchNoStoreExtensions
(array of string values): Specifies a set of file extensions for which theprefetchNoStore
option is allowed.
prefetchHtml
(boolean): When enabled, allows edge servers to prefetch additional HTML pages while pages that link to them are being delivered. This only applies to links from<a>
or<link>
tags with the appropriate link relation attribute.
customLinkRelations
(array of string values): Specify link relation values that activate the prefetching behavior. For example, specifyingfetch
allows you to use shorterrel="fetch"
markup.
instantConfig
Property Manager name: InstantConfig
Multi-Domain Configuration, also known as InstantConfig, allows you to apply property settings to all incoming hostnames based on a DNS lookup, without explicitly listing them among the property’s hostnames.
Options:
enabled
(boolean): Enables the InstantConfig behavior.
largeFileOptimization
Property Manager name: Large File Optimization
The
Large File Optimization
feature improves performance and reliability when delivering large
files. This behavior is required for objects larger than 1.8GB, and
recommended for anything over 100MB. You should apply it only to the
specific content to be optimized, such as a download directory’s .gz
files, and enable the useVersioning
option while enforcing your own
filename versioning policy. Note that it is best to use
NetStorage
for objects larger than 1.8GB.
See also the
largeFileOptimizationAdvanced
behavior, which provides additional options for to configure partial
object caching and HTTP/2 prefetching.
Options:
enabled
(boolean): Enables the file optimization behavior.
enablePartialObjectCaching
(enum string): Caches entire objects if set toNON_PARTIAL_OBJECT_CACHING
. Otherwise when set toPARTIAL_OBJECT_CACHING
, allows partial-object caching, which always applies to large objects served from NetStorage. To enable this, the origin must support byte range requests.
minimumSize
(string): Optimization only applies to files larger than this, expressed as a number suffixed with a unit string such asMB
orGB
.
maximumSize
(string): Optimization does not apply to files larger than this, expressed as a number suffixed with a unit string such asMB
orGB
.
useVersioning
(boolean): WhenenablePartialObjectCaching
is set toPARTIAL_OBJECT_CACHING
, enabling this option signals your intention to vary filenames by version, strongly recommended to avoid serving corrupt content when chunks come from different versions of the same file.
largeFileOptimizationAdvanced
Property Manager name: Large File Optimization
The
Large File Optimization
feature improves performance and reliability when delivering large
files. This behavior is required for objects larger than 1.8GB, and
recommended for anything over 100MB. You should apply it only to the
specific content to be optimized, such as a download directory’s .gz
files. Note that it is best to use
NetStorage
for objects larger than 1.8GB.
This advanced behavior provides additional HTTP/2 options not present
in the largeFileOptimization
behavior.
Options:
enabled
(boolean): Enables the file optimization behavior.
objectSize
(string): Specifies the size of the file at which point to apply partial object (POC) caching. Append a numeric value with aMB
orGB
suffix.
fragmentSize
(enum string): Specifies the size of each fragment used for partial object caching, eitherHALF_MB
,ONE_MB
,TWO_MB
, orFOUR_MB
.
prefetchDuringRequest
(number): The number of POC fragments to prefetch during the request.
prefetchAfterRequest
(number): The number of POC fragments to prefetch after the request.
limitBitRate
Property Manager name: Bit Rate Limiting
Control the rate at which
content serves out to end users, optionally varying the speed
depending on the file size or elapsed download time. Each bit rate
specified in the bitrateTable
array corresponds to a
thresholdTable
entry that activates it. You can use this behavior
to prevent media downloads from progressing faster than they are
viewed, for example, or to differentiate various tiers of end-user
experience. To apply this behavior, you should match on a
contentType
, path
, or
filename
.
Options:
enabled
(boolean): When enabled, activates the bit rate limiting behavior.
bitrateTable
(array): Specifies a download rate that corresponds to athresholdTable
entry. The bit rate appears as a two-member object consisting of a numericbitrateValue
and abitrateUnit
string, with allowed values ofKbps
,Mbps
, andGbps
. For example:"bitrateTable": [ { "bitrateValue": 1, "bitrateUnit": "Kbps" } ]
thresholdTable
(array): Specifies the minimum size of the file or the amount of elapsed download time before applying the bit rate limit from the correspondingbitrateTable
entry. The threshold appears as a two-member object consisting of a numericthresholdValue
andthresholdUnit
string, with allowed values ofs
orB
. This example throttles a download that lasts more than 5 seconds:"thresholdTable": [ { "thresholdValue": 5, "thresholdUnit": "s" } ]
manifestPersonalization
Property Manager name: Manifest Personalization
Allows customers who use the Adaptive Media Delivery product to enhance content based on the capabilities of each end user’s device. This behavior configures a manifest for both HLS Live and on-demand streaming. For more information, see the Adaptive Media Delivery Implementation Guide.
Options:
enabled
(boolean): Enables the Manifest Personalization feature.
hlsEnabled
(boolean): When enabled, allows you to customize the HLS master manifest that’s sent to the requesting client.
hlsMode
(enum string): WithhlsEnabled
on, specify either the defaultBEST_PRACTICE
mode, or aCUSTOM
manifest.
hlsPreferredBitrate
(string): WithhlsMode
set toCUSTOM
, sets the preferred bit rate in Kbps. This causes the media playlist specified in the#EXT-X-STREAM-INF
tag that most closely matches the value to list first. All other playlists maintain their current position in the manifest.
hlsFilterInBitrates
(string): WithhlsMode
set toCUSTOM
, specifies a comma-delimited set of preferred bit rates, such as100,200,400
. Playlists specified in the#EXT-X-STREAM-INF
tag with bit rates outside of any of those values by up to 100 Kbps are excluded from the manifest.
hlsFilterInBitrateRanges
(string): WithhlsMode
set toCUSTOM
, specifies a comma-delimited set of bit rate ranges, such as100-400,1000-4000
. Playlists specified in the#EXT-X-STREAM-INF
tag with bit rates outside of any of those ranges are excluded from the manifest.
hlsQueryParamEnabled
(boolean): WithhlsEnabled
on, allows you to specify query parameters for the HLS master manifest to customize the manifest’s content. Any settings specified in the query string override those already configured in Property Manager.
hlsQueryParamSecretKey
(string): WithhlsQueryParamEnabled
on, specifies a primary key as a token to accompany the request.
hlsQueryParamTransitionKey
(string): WithhlsQueryParamEnabled
on, specifies a transition key as a token to accompany the request.
hlsShowAdvanced
(boolean): WithhlsEnabled
on, allows you to configure advanced settings.
hlsEnableDebugHeaders
(boolean): WithhlsShowAdvanced
enabled, includes additionalAkamai-Manifest-Personalization
andAkamai-Manifest-Personalization-Config-Source
debugging headers.
manualServerPush
Property Manager name: Manual Server Push
With the
http2
behavior enabled, this loads a specified set of
objects into the client browser’s cache. To apply this behavior, you
should match on a path
or filename
.
Options:
serverpushlist
(array of string values): Specifies the set of objects to load into the client browser’s cache over HTTP2. Each value in the array represents a hostname and full path to the object, such aswww.example.com/js/site.js
mediaAcceleration
Property Manager name: Media Acceleration
Enables Accelerated Media Delivery for this set of requests.
Options:
enabled
(boolean): Enables Media Acceleration.
mediaAccelerationQuicOptout
Property Manager name: Media Acceleration Opt-Out
When enabled, disables use of QUIC protocol for this set of accelerated media content.
This behavior does not include any options. Specifying the behavior itself enables it.
mediaClient
Property Manager name: Media Client
Enables client-side reporting through analytics beacon requests.
Options:
enabled
(boolean): Enables client-side download analytics.
beaconId
(string): Specifies the ID of data source’s beacon.
useHybridHttpUdp
(boolean): Enables the hybrid HTTP/UDP protocol.
mediaFileRetrievalOptimization
Property Manager name: Media File Retrieval Optimization
Media File
Retrieval Optimization (MFRO) speeds the delivery of large media files
by relying on caches of partial objects. You should use it for files
larger than 100 MB. It’s required for files larger than 1.8 GB, and
works best with
NetStorage.
To apply this behavior, you should match on a
fileExtension
.
Options:
enabled
(boolean): Enables the partial-object caching behavior.
mediaOriginFailover
Property Manager name: Media Origin Failover
Specifies how edge servers respond when the origin is unresponsive, or suffers from server or content errors. You can specify how many times to retry, switch to a backup origin hostname, or configure a redirect.
Options:
detectOriginUnresponsive
(boolean): When enabled, allows you to configure what happens when the origin is unresponsive.
originUnresponsiveDetectionLevel
(enum string): WithdetectOriginUnresponsive
enabled, specify whether your response to slow origin connections should beAGGRESSIVE
,MODERATE
, orCONSERVATIVE
.
originUnresponsiveBlacklistOriginIp
(boolean): WithdetectOriginUnresponsive
enabled, enabling this blacklists the origin’s IP address.
originUnresponsiveBlacklistWindow
(enum string): WithoriginUnresponsiveBlacklistOriginIp
enabled, this sets the delay before blacklisting an IP address, eitherONE_S
,TEN_S
, orTHIRTY_S
.
originUnresponsiveRecovery
(enum string): WithdetectOriginUnresponsive
enabled, this sets the recovery option, eitherRETRY_X_TIMES
,SWITCH_TO_BACKUP_ORIGIN
, orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
.
originUnresponsiveRetryLimit
(enum string): WithoriginUnresponsiveRecovery
set toRETRY_X_TIMES
, sets whether to retryONE
,TWO
, orTHREE
times.
originUnresponsiveBackupHost
(string): WithoriginUnresponsiveRecovery
set toSWITCH_TO_BACKUP_ORIGIN
, this specifies the origin hostname.
originUnresponsiveAlternateHost
(string): WithoriginUnresponsiveRecovery
set toREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, this specifies the redirect’s destination hostname.
originUnresponsiveModifyRequestPath
(boolean): WithoriginUnresponsiveRecovery
set toSWITCH_TO_BACKUP_ORIGIN
orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, enabling this allows you to modify the request path.
originUnresponsiveModifiedPath
(string): WithoriginUnresponsiveModifyRequestPath
enabled, this specifies the path to form the new URL.
originUnresponsiveIncludeQueryString
(boolean): WithoriginUnresponsiveModifyRequestPath
enabled, enabling this includes the original set of query parameters.
originUnresponsiveRedirectMethod
(numeric enum): WithoriginUnresponsiveRecovery
set toREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, specifies either a301
or302
redirect response code.
originUnresponsiveChangeProtocol
(boolean): WithoriginUnresponsiveRecovery
set toSWITCH_TO_BACKUP_ORIGIN
, orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, enabling this allows you to change the request protocol.
originUnresponsiveProtocol
(enum string): WithoriginUnresponsiveChangeProtocol
enabled, specifies either theHTTP
orHTTPS
protocol.
detectOriginUnavailable
(boolean): When enabled, allows you to configure failover settings when the origin server responds with errors.
originUnavailableDetectionLevel
(enum string): WithdetectOriginUnavailable
enabled, specifyRESPONSE_CODES
, the only available option.
originUnavailableResponseCodes
(array of string values): WithdetectOriginUnavailable
enabled, specifies the set of response codes identifying when the origin responds with errors.
originUnavailableBlacklistOriginIp
(boolean): WithdetectOriginUnavailable
enabled, enabling this blacklists the origin’s IP address.
originUnavailableBlacklistWindow
(enum string): WithoriginUnavailableBlacklistOriginIp
enabled, this sets the delay before blacklisting an IP address, eitherONE_S
,TEN_S
, orTHIRTY_S
.
originUnavailableRecovery
(enum string): WithdetectOriginUnavailable
enabled, this sets the recovery option, eitherRETRY_X_TIMES
,SWITCH_TO_BACKUP_ORIGIN
, orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
.
originUnavailableRetryLimit
(enum string): WithoriginUnavailableRecovery
set toRETRY_X_TIMES
, sets whether to retryONE
,TWO
, orTHREE
times.
originUnavailableBackupHost
(string): WithoriginUnavailableRecovery
set toSWITCH_TO_BACKUP_ORIGIN
, this specifies the origin hostname.
originUnavailableAlternateHost
(string): WithoriginUnavailableRecovery
set toREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, this specifies the redirect’s destination hostname.
originUnavailableModifyRequestPath
(boolean): WithoriginUnavailableRecovery
set toSWITCH_TO_BACKUP_ORIGIN
orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, enabling this allows you to modify the request path.
originUnavailableModifiedPath
(string): WithoriginUnavailableModifyRequestPath
enabled, this specifies the path to form the new URL.
originUnavailableIncludeQueryString
(boolean): WithoriginUnavailableModifyRequestPath
enabled, enabling this includes the original set of query parameters.
originUnavailableRedirectMethod
(numeric enum): WithoriginUnavailableRecovery
set toREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, specifies either a301
or302
redirect response code.
originUnavailableChangeProtocol
(boolean): WithoriginUnavailableRecovery
set toSWITCH_TO_BACKUP_ORIGIN
orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, enabling this allows you to modify the request protocol.
originUnavailableProtocol
(enum string): WithoriginUnavailableChangeProtocol
enabled, specifies either theHTTP
orHTTPS
protocol.
detectObjectUnavailable
(boolean): When enabled, allows you to configure failover settings when the origin has content errors.
objectUnavailableDetectionLevel
(enum string): WithdetectObjectUnavailable
enabled, specifyRESPONSE_CODES
, the only available option.
objectUnavailableResponseCodes
(array of string values): WithdetectObjectUnavailable
enabled, specifies the set of response codes identifying when there are content errors.
objectUnavailableBlacklistOriginIp
(boolean): WithdetectObjectUnavailable
enabled, enabling this blacklists the origin’s IP address.
objectUnavailableBlacklistWindow
(enum string): WithobjectUnavailableBlacklistOriginIp
enabled, this sets the delay before blacklisting an IP address, eitherONE_S
,TEN_S
, orTHIRTY_S
.
objectUnavailableRecovery
(enum string): WithdetectObjectUnavailable
enabled, this sets the recovery option, eitherRETRY_X_TIMES
,SWITCH_TO_BACKUP_ORIGIN
, orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
.
objectUnavailableRetryLimit
(enum string): WithobjectUnavailableRecovery
set toRETRY_X_TIMES
, sets whether to retryONE
,TWO
, orTHREE
times.
objectUnavailableBackupHost
(string): WithobjectUnavailableRecovery
set toSWITCH_TO_BACKUP_ORIGIN
, this specifies the origin hostname.
objectUnavailableAlternateHost
(string): WithobjectUnavailableRecovery
set toREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, this specifies the redirect’s destination hostname.
objectUnavailableModifyRequestPath
(boolean): WithobjectUnavailableRecovery
set toSWITCH_TO_BACKUP_ORIGIN
orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, enabling this allows you to modify the request path.
objectUnavailableModifiedPath
(string): WithobjectUnavailableModifyRequestPath
enabled, this specifies the path to form the new URL.
objectUnavailableIncludeQueryString
(boolean): WithobjectUnavailableModifyRequestPath
enabled, enabling this includes the original set of query parameters.
objectUnavailableRedirectMethod
(numeric enum): WithobjectUnavailableRecovery
set toREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, specifies either a301
or302
redirect response code.
objectUnavailableChangeProtocol
(boolean): WithobjectUnavailableRecovery
set toSWITCH_TO_BACKUP_ORIGIN
orREDIRECT_TO_DIFFERENT_ORIGIN_LOCATION
, enabling this allows you to change the request protocol.
objectUnavailableProtocol
(enum string): WithobjectUnavailableChangeProtocol
enabled, specifies either theHTTP
orHTTPS
protocol.
clientResponseCode
(string): Specifies the response code served to the client.
cacheErrorResponse
(boolean): When enabled, caches the error response.
cacheWindow
(enum string): WithcacheErrorResponse
enabled, this sets error response’s TTL, eitherONE_S
,TEN_S
, orTHIRTY_S
.
mobileSdkPerformance
Property Manager name: Mobile App Performance SDK
The Mobile Application Performance software development kit allows you to optimize native iOS and Android apps, effectively extending Akamai’s intelligent edge platform’s advantages to mobile devices operation in poor network conditions. This behavior enables the SDK’s features for this set of requests.
Options:
enabled
(boolean): Enables the Mobile App Performance SDK.
secondaryMultipathToOrigin
(boolean): When enabled, sends secondary multi-path requests to the origin server.
modifyIncomingRequestHeader
Property Manager name: Modify Incoming Request Header
Modify, add, remove, or pass along specific request headers coming upstream from the client.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a customHeaderName
if the
standard name is set to OTHER
. The headerValue
serves as a match
condition when the action is DELETE
or MODIFY
, and the
newHeaderValue
applies when the action is ADD
or MODIFY
.
See also modifyIncomingResponseHeader
,
modifyOutgoingRequestHeader
, and
modifyOutgoingResponseHeader
.
Options:
action
(enum string): EitherADD
,DELETE
,MODIFY
, orPASS
incoming HTTP request headers.
standardAddHeaderName
(enum string): If the value ofaction
isADD
, this specifies the name of the field to add, eitherACCEPT_ENCODING
,ACCEPT_LANGUAGE
, orOTHER
.
standardDeleteHeaderName
(enum string): If the value ofaction
isDELETE
, this specifies the name of the field to remove, eitherIF_MODIFIED_SINCE
,VIA
, orOTHER
.
standardModifyHeaderName
(enum string): If the value ofaction
isMODIFY
, this specifies the name of the field to modify, eitherACCEPT_ENCODING
,ACCEPT_LANGUAGE
, orOTHER
.
standardPassHeaderName
(enum string): If the value ofaction
isPASS
, this specifies the name of the field to pass through, eitherACCEPT_ENCODING
,ACCEPT_LANGUAGE
, orOTHER
.
customHeaderName
(string; allows variables): Specifies a custom field name that applies when the relevant standard header name is set toOTHER
.
headerValue
(string; allows variables): With theaction
set toADD
, specifies the new header value.
newHeaderValue
(string; allows variables): With theaction
set toMODIFY
, supplies an HTTP header replacement value.
avoidDuplicateHeaders
(boolean): When enabled with theaction
set toMODIFY
, prevents creation of more than one instance of a header.
modifyIncomingResponseHeader
Property Manager name: Modify Incoming Response Header
Modify, add, remove, or pass along specific response headers coming downstream from the origin.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a customHeaderName
if the
standard name is set to OTHER
. The headerValue
serves as a match
condition when the action is DELETE
or MODIFY
, and the
newHeaderValue
applies when the action is ADD
or MODIFY
.
See also modifyIncomingRequestHeader
,
modifyOutgoingRequestHeader
, and
modifyOutgoingResponseHeader
.
Options:
action
(enum string): EitherADD
,DELETE
,MODIFY
, orPASS
incoming HTTP response headers.
standardAddHeaderName
(enum string): If the value ofaction
isADD
, this specifies the name of the field to add, any of the following values:
CACHE_CONTROL CONTENT_TYPE EDGE_CONTROL EXPIRES LAST_MODIFIED OTHER
standardDeleteHeaderName
(enum string): If the value ofaction
isDELETE
, this specifies the name of the field to remove, eitherCACHE_CONTROL
,CONTENT_TYPE
,VARY
, orOTHER
.
standardModifyHeaderName
(enum string): If the value ofaction
isMODIFY
, this specifies the name of the field to modify, eitherCACHE_CONTROL
,CONTENT_TYPE
,EDGE_CONTROL
, orOTHER
.
standardPassHeaderName
(enum string): If the value ofaction
isPASS
, this specifies the name of the field to pass through, eitherCACHE_CONTROL
,EXPIRES
,PRAGMA
, orOTHER
.
customHeaderName
(string; allows variables): Specifies a custom field name that applies when the relevant standard header name is set toOTHER
.
headerValue
(string; allows variables): With theaction
set toADD
, specifies the header’s new value.
newHeaderValue
(string; allows variables): With theaction
set toMODIFY
, specifies an HTTP header replacement value.
avoidDuplicateHeaders
(boolean): When enabled with theaction
set toMODIFY
, prevents creation of more than one instance of a header.
modifyOutgoingRequestHeader
Property Manager name: Modify Outgoing Request Header
Modify, add, remove, or pass along specific request headers going upstream towards the origin.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a customHeaderName
if the
standard name is set to OTHER
. The headerValue
serves as a match
condition when the action is DELETE
or MODIFY
, and the
newHeaderValue
applies when the action is ADD
or MODIFY
.
Whole-text replacements apply when the action is MODIFY
, and
substitutions apply when set to REGEX
.
See also modifyIncomingRequestHeader
,
modifyIncomingResponseHeader
, and
modifyOutgoingResponseHeader
.
Options:
action
(enum string): EitherADD
orDELETE
outgoing HTTP request headers,MODIFY
their fixed values, or specify aREGEX
pattern to transform them.
standardAddHeaderName
(enum string): If the value ofaction
isADD
, this specifies the name of the field to add, eitherUSER_AGENT
orOTHER
.
standardDeleteHeaderName
(enum string): If the value ofaction
isDELETE
, this specifies the name of the field to remove, eitherPRAGMA
,USER_AGENT
,VIA
, orOTHER
.
standardModifyHeaderName
(enum string): If the value ofaction
isMODIFY
orREGEX
, this specifies the name of the field to modify, eitherUSER_AGENT
orOTHER
.
customHeaderName
(string; allows variables): Specifies a custom field name that applies when the relevant standard header name is set toOTHER
.
headerValue
(string; allows variables): With theaction
set toADD
, specifies the new header value.
newHeaderValue
(string; allows variables): With theaction
set toMODIFY
, specifies an HTTP header replacement value.
regexHeaderMatch
(string; allows variables): When theaction
isREGEX
, specifies a Perl-compatible regular expression to match within the header value.
regexHeaderReplace
(string; allows variables): When theaction
isREGEX
, specifies text that replaces theregexHeaderMatch
pattern within the header value.
matchMultiple
(boolean): When enabled with theaction
set toREGEX
, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled.
avoidDuplicateHeaders
(boolean): When enabled with theaction
set toMODIFY
, prevents creation of more than one instance of a header.
modifyOutgoingResponseHeader
Property Manager name: Modify Outgoing Response Header
Modify, add, remove, or pass along specific response headers going downstream towards the client.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a customHeaderName
if the
standard name is set to OTHER
. The headerValue
serves as a match
condition when the action is DELETE
or MODIFY
, and the
newHeaderValue
applies when the action is ADD
or MODIFY
.
Whole-text replacements apply when the action is MODIFY
, and
substitutions apply when set to REGEX
.
See also modifyIncomingRequestHeader
,
modifyIncomingResponseHeader
, and
modifyOutgoingRequestHeader
Options:
action
(enum string): EitherADD
orDELETE
outgoing HTTP response headers,MODIFY
their fixed values, or specify aREGEX
pattern to transform them.
standardAddHeaderName
(enum string): If the value ofaction
isADD
, this specifies the name of the field to add, any of the following values:
ACCESS_CONTROL_ALLOW_CREDENTIALS ACCESS_CONTROL_ALLOW_HEADERS ACCESS_CONTROL_ALLOW_METHODS ACCESS_CONTROL_ALLOW_ORIGIN ACCESS_CONTROL_EXPOSE_HEADERS ACCESS_CONTROL_MAX_AGE CACHE_CONTROL CONTENT_DISPOSITION CONTENT_TYPE EDGE_CONTROL OTHER P3P PRAGMA
standardDeleteHeaderName
(enum string): If the value ofaction
isDELETE
, this specifies the name of the field to remove, any of the following values:
ACCESS_CONTROL_ALLOW_CREDENTIALS ACCESS_CONTROL_ALLOW_HEADERS ACCESS_CONTROL_ALLOW_METHODS ACCESS_CONTROL_ALLOW_ORIGIN ACCESS_CONTROL_EXPOSE_HEADERS ACCESS_CONTROL_MAX_AGE CACHE_CONTROL CONTENT_DISPOSITION CONTENT_TYPE EXPIRES OTHER P3P PRAGMA
standardModifyHeaderName
(enum string): If the value ofaction
isMODIFY
orREGEX
, this specifies the name of the field to modify, any of the following values:
ACCESS_CONTROL_ALLOW_CREDENTIALS ACCESS_CONTROL_ALLOW_HEADERS ACCESS_CONTROL_ALLOW_METHODS ACCESS_CONTROL_ALLOW_ORIGIN ACCESS_CONTROL_EXPOSE_HEADERS ACCESS_CONTROL_MAX_AGE CACHE_CONTROL CONTENT_DISPOSITION CONTENT_TYPE OTHER P3P PRAGMA
customHeaderName
(string; allows variables): Specifies a custom field name that applies when the relevant standard header name is set toOTHER
.
headerValue
(string; allows variables): Specifies the existing value of the header to match.
newHeaderValue
(string; allows variables): With theaction
set toMODIFY
, specifies the new HTTP header replacement value.
regexHeaderMatch
(string): When theaction
isREGEX
, specifies a Perl-compatible regular expression to match within the header value.
regexHeaderReplace
(string; allows variables): When theaction
isREGEX
, specifies text that replaces theregexHeaderMatch
pattern within the header value.
matchMultiple
(boolean): When enabled with theaction
set toREGEX
, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled.
avoidDuplicateHeaders
(boolean): When enabled with theaction
set toMODIFY
, prevents creation of more than one instance of a header. The last header clobbers others with the same name. This option affects the entire set of outgoing headers, and is not confined to the subset of regular expression matches.
mPulse
Property Manager name: mPulse
mPulse provides high-level performance analytics and predictive recommendations based on real end user data. See the mPulse Quick Start to set up mPulse on your website.
Options:
enabled
(boolean): Applies performance monitoring to this behavior’s set of content.
requirePci
(boolean): Suppresses gathering metrics for potentially sensitive end-user interactions. Enabling this omits data from some older browsers.
apiKey
(string): This generated value uniquely identifies sections of your website for you to analyze independently. To access this value, see Enable mPulse in Property Manager.
bufferSize
(string): Allows you to override the browser’s default (150) maximum number of reported performance timeline entries.
configOverride
(string): A JSON string representing a configuration object passed to the JavaScript library under which mPulse runs. It corresponds at run-time to thewindow.BOOMR_config
object. For example, this turns on monitoring of Single Page App frameworks:"{\"history\": {\"enabled\": true, \"auto\": true}}"
. See Configuration Overrides for more information.
netSession
Property Manager name: NetSession
This behavior enables various features of NetSession, a client-side download manager application that’s especially appropriate for large file downloads. For the feature to work, the end user needs to download the DLM client.
Options:
enabled
(boolean): Enables NetSession DLM capabilities for this content.
enableDomain
(boolean): Enables Download Manager domains.
enableDownloadManager
(boolean): When enabled, launches files once they are fully downloaded. For example, specify this option to run an executable application.
enableDownloadClients
(boolean): When enabled, allows download clients to form a peer-to-peer network to reduce transmission time.
disableReporting
(boolean): Disable download state reporting via HTTP beacon messages. Otherwise when enabled, you can view the state of each download by choosing Monitor ⇒ Download Analytics on the DLM client.
resumeUrl
(array of string values): Specify an alternate domain from which to resume a paused download. This generates a corresponding shortcut link on the end user’s desktop that disappears after the download is complete.
organizationName
(string): The name of the organization that displays in the NetSession client DLM interface.
supportUrl
(string): A supporting link to theorganizationName
that displays in the NetSession client DLM interface.
networkConditionsHeader
Property Manager name: Network Conditions Header
Instructs edge
servers to send an X-Akamai-Network-Condition
header to the origin
assessing the quality of the network.
Options:
behavior
(enum string): If set toTWO_TIER
, assessment is eitherExcellent
orPoor
. If set toTHREE_TIER
, the assessment can also beFair
.
origin
Property Manager name: Origin Server
Specify the hostname and settings used to contact the origin once service begins. You can use your own origin, NetStorage, an Edge Load Balancing origin, or a SaaS dynamic origin.
Options:
originType
(enum string): Choose whether your content is retrieved from your own server (CUSTOMER
), your NetStorage account (NET_STORAGE
), any available Edge Load Balancing origin (EDGE_LOAD_BALANCING_ORIGIN_GROUP
), a set of Application Load Balancer origins (APPLICATION_LOAD_BALANCER
), a SaaS dynamic origin (SAAS_DYNAMIC_ORIGIN
) if SaaS acceleration is available on your contract, orMEDIA_SERVICE_LIVE
. NetStorage is most appropriate for static content.
netStorage
(object): If theoriginType
isNET_STORAGE
, this option specifies the details of the netstorage server. For example:"netStorage": { "id" : "netstorage_id", "name" : "Example Downloads", "downloadDomainName" : "download.example.com", "cpCode" : 12345 }
originId
(string): With theoriginType
set toEDGE_LOAD_BALANCING_ORIGIN_GROUP
, identifies the Edge Load Balancing origin. This must correspond to anedgeLoadBalancingOrigin
behavior’sid
attribute within the same property.
hostname
(string; allows variables): With theoriginType
set toCUSTOMER
, this specifies the hostname or IPv4 address of your origin server, from which edge servers can retrieve your content.
mslorigin
(string): WithoriginType
set toMEDIA_SERVICE_LIVE
, this specifies the media’s origin server.
saasType
(enum string): WithoriginType
set toSAAS_DYNAMIC_ORIGIN
, specifies the part of the request that identifies this SaaS dynamic origin, eitherPATH
,COOKIE
,QUERY_STRING
, orHOSTNAME
.
saasCnameEnabled
(boolean): WithsaasType
set toHOSTNAME
, enabling this allows you to use a CNAME chain to determine the hostname for this SaaS dynamic origin.
saasCnameLevel
(number): WithsaasType
set toHOSTNAME
andsaasCnameEnabled
on, specifies the desired number of hostnames to use in the CNAME chain, starting backwards from the edge server.
saasCookie
(string): With theoriginType
set toSAAS_DYNAMIC_ORIGIN
and thesaasType
set toCOOKIE
, this specifies the name of the cookie that identifies this SaaS dynamic origin.
saasQueryString
(string): With theoriginType
set toSAAS_DYNAMIC_ORIGIN
and thesaasType
set toQUERY_STRING
, this specifies the name of the query parameter that identifies this SaaS dynamic origin.
saasRegex
(string): With theoriginType
set toSAAS_DYNAMIC_ORIGIN
, this specifies the Perl-compatible regular expression match that identifies this SaaS dynamic origin.
saasReplace
(string): Specifies replacement text for whatsaasRegex
matches.
saasSuffix
(string): With theoriginType
set toSAAS_DYNAMIC_ORIGIN
, specifies the static part of the SaaS dynamic origin.
forwardHostHeader
(enum string): When theoriginType
is set to eitherCUSTOMER
orSAAS_DYNAMIC_ORIGIN
, this specifies whichHost
header to pass to the origin:REQUEST_HOST_HEADER
passes the original request’s header.ORIGIN_HOSTNAME
passes the current origin’sHOSTNAME
.CUSTOM
passes the value ofcustomForwardHostHeader
. Use this option if you want requests handled by different properties to converge on the same cached object.
customForwardHostHeader
(string; allows variables): WithforwardHostHeader
set toCUSTOM
, this specifies the name of the custom host header the edge server should pass to the origin.
cacheKeyHostname
(enum string): With theoriginType
set toCUSTOM
, this specifies the hostname to use when forming a cache key. SpecifyORIGIN_HOSTNAME
if your origin server’s responses do not depend on the hostname, otherwise specifyREQUEST_HOST_HEADER
when using a virtual server.
useUniqueCacheKey
(boolean): WithcacheKeyHostname
set toORIGIN_HOSTNAME
and a sharedhostname
such as provided by Amazon AWS, sets a unique cache key for your content.
compress
(boolean): Enables gzip compression for non-NetStorage origins.
enableTrueClientIp
(boolean): When enabled on non-NetStorage origins, allows you to send a custom header (thetrueClientIpHeader
) identifying the IP address of the immediate client connecting to the edge server. This may provide more useful information than the standardX-Forward-For
header, which proxies may modify.
trueClientIpHeader
(string): WithenableTrueClientIp
enabled, this specifies the name of the field that identifies the end client’s IP address, for exampleTrue-Client-IP
.
trueClientIpClientSetting
(boolean): WithenableTrueClientIp
on along with this option, if a client sets theTrue-Client-IP
header, the edge server allows it and passes the value to the origin. Otherwise the edge server removes it and sets the value itself.
verificationMode
(enum string): For non-NetStorage origins, maximize security by controlling which certificates edge servers should trust, eitherPLATFORM_SETTINGS
,THIRD_PARTY
when your origin server references certain types of third-party hostname, orCUSTOM
. TheCUSTOM
option only applies if the property is marked as secure. See Secure property requirements for guidance. Under some products, you may also need to enable the Secure Delivery - Customer Cert module. Contact your Akamai representative for details.
originSni
(boolean): For non-NetStorage origins, enabling this adds a Server Name Indication (SNI) header in the SSL request sent to the origin, with the origin hostname as the value. Contact your Akamai representative for more information.
customValidCnValues
(array of string values): WithverificationMode
set toCUSTOM
, specifies values to look for in the origin certificate’sSubject Alternate Name
orCommon Name
fields. Specify{{Origin Hostname}}
and{{Forward Host Header}}
within the text in the order you want them to be evaluated. (Note that these two template items are not the same as in-line variables, which use the same curly-brace syntax.)
originCertsToHonor
(enum string): WithverificationMode
set toCUSTOM
, specifies whether to trust pinned origin server certificates (CUSTOM_CERTIFICATES
), any certificate signed by an Akamai-managed authority set (STANDARD_CERTIFICATE_AUTHORITIES
), or any certificate signed by a custom authority set you manage (CUSTOM_CERTIFICATE_AUTHORITIES
). If set toCOMBO
, may rely on all three inputs.
standardCertificateAuthorities
(object): WithoriginCertsToHonor
set to eitherSTANDARD_CERTIFICATE_AUTHORITIES
orCOMBO
, specifies an array of Akamai-managed certificate names. Currently, the only allowed value isakamai-permissive
.
customCertificateAuthorities
(object): WithoriginCertsToHonor
set to eitherCUSTOM_CERTIFICATE_AUTHORITIES
orCOMBO
, specifies an array of certification objects. Contact your Akamai representative for details on this object’s requirements.
customCertificates
(object): WithoriginCertsToHonor
set to eitherCUSTOM_CERTIFICATES
orCOMBO
, specifies an array of certification objects. Contact your Akamai representative for details on this object’s requirements.
httpPort
(number): Specifies the port on your origin server to which edge servers should connect for HTTP requests, customarily80
.
httpsPort
(number): Specifies the port on your origin server to which edge servers should connect for secure HTTPS requests, customarily443
. This option only applies if the property is marked as secure. See Secure property requirements for guidance.
originCharacteristics
Property Manager name: Origin Characteristics
Specifies characteristics of the origin. Akamai uses this information to optimize your metadata configuration, which may result in better origin offload and end-user performance.
See also clientCharacteristics
and
various product-specific behaviors whose names are prefixed
contentCharacteristics.
Options:
country
(enum string): Specifies the origin’s geographic region, orUNKNOWN
to defer any optimizations based on geography. Regions includeGLOBAL_MULTI_GEO
,EUROPE
,NORDICS
,GERMANY
,UNITED_KINGDOM
,ITALY
,INDIA
,JAPAN
,TAIWAN
,ASIA_PACIFIC
,AUSTRALIA
,LATIN_AMERICA
,MEXICO
,SOUTH_AMERICA
,US_CENTRAL
,US_EAST
,US_WEST
,NORTH_AMERICA
,OTHER_AMERICAS
,OTHER_APJ
(Asia, Pacific, Japan),OTHER_EMEA
(Europe, Middle East, Africa), orADC
for Akamai Direct Connection, available to Adaptive Media Delivery customers.
directConnectGeo
(string): Withcountry
set toADC
, provides a region used by Akamai Direct Connection.
authenticationMethod
(enum string): Specifies the authentication method, eitherAWSV4
(Amazon Web Services),GCP
(Google Cloud Platform), orAUTOMATIC
. With the Adaptive Media Delivery product, choose additionalSIGNATURE_HEADER_AUTHENTICATION
orMSL_AUTHENTICATION
options.
encodingVersion
(numeric enum): WithauthenticationMethod
set toSIGNATURE_HEADER_AUTHENTICATION
, specifies the version of the encryption algorithm, an integer from1
to5
.
useCustomSignString
(boolean): WithauthenticationMethod
set toSIGNATURE_HEADER_AUTHENTICATION
, specifies whether to customize your signed string.
customSignString
(array of string values): WithuseCustomSignString
enabled, specifies the data to be encrypted as a sequence of concatenated strings. The array may include any of the following enumerated values:AK_CLIENT_REAL_IP
,AK_DOMAIN
,AK_EXTENSION
,AK_FILENAME
,AK_HOSTHEADER
,AK_METHOD
,AK_PATH
,AK_QUERY
,AK_SCHEME
, andAK_URL
. See Support for variables for guidance.
secretKey
(string): Specifies the shared secret key.
nonce
(string): Specifies the nonce.
mslkey
(string): WithauthenticationMethod
set toMSL_AUTHENTICATION
, specifies the access key provided by the hosting service.
mslname
(string): WithauthenticationMethod
set toMSL_AUTHENTICATION
, specifies the origin name provided by the hosting service.
gcsAccessKeyId
(string): WithauthenticationMethod
set toGCP
, specifies the access key ID provided by Google Cloud Platform.
gcsSecretKey
(string): WithauthenticationMethod
set toGCP
, specifies the bucket name for your Google Cloud Platform service.
gcsBucket
(string): WithauthenticationMethod
set toGCP
, specifies the secret key used to compute the signature.
awsv4AccessKeyId
(string): WithauthenticationMethod
set toAWSV4
, specifies the access key used to compute the signature.
awsv4SecretKey
(string): WithauthenticationMethod
set toAWSV4
, specifies the secret key AWS uses to compute the signature.
awsv4Region
(string): WithauthenticationMethod
set toAWSV4
, specifies the region on the AWS service.
awsv4Host
(string): WithauthenticationMethod
set toAWSV4
, specifies the AWS hostname, with nohttp://
orhttps://
scheme prefix.
awsv4Service
(string): WithauthenticationMethod
set toAWSV4
, specifies the AWS service name, the hostname segment that precedesamazon.com
.
originCharacteristicsWsd
Property Manager name: Origin Characteristics
Specifies characteristics of the origin, for use in Akamai’s Wholesale Delivery product.
Options:
origintype
(enum string): SpecifiesAZURE
or anUNKNOWN
origin type.
persistentClientConnection
Property Manager name: Persistent Connections: Client to Edge
This
read-only behavior activates persistent connections between
edge servers and clients, which allow for better performance and more
efficient use of resources. Compare with the
persistentConnection
behavior, which
configures persistent connections for the entire journey from origin
to edge to client. Contact Akamai Professional Services for help
configuring either.
WARNING: Disabling or removing this behavior may negatively affect performance.
Options:
enabled
(boolean): Enables the persistent connections behavior.
timeout
(duration string): Specifies the timeout period after which edge server closes the persistent connection with the client, 500 seconds by default.
persistentConnection
Property Manager name: Persistent Connections: Edge to Origin
A read-only
behavior that enables more efficient persistent connections
from origin to edge server to client. Compare with the
persistentClientConnection
behavior,
which customizes persistent connections from edge to client. Contact
Akamai Professional Services for help configuring either.
WARNING: Disabling this behavior wastes valuable browser resources. Leaving connections open too long makes them vulnerable to attack. Avoid both of these scenarios.
Options:
enabled
(boolean): Enables persistent connections.
timeout
(duration string): Specifies the timeout period after which edge server closes a persistent connection.
personallyIdentifiableInformation
Property Manager name: Personally Identifiable Information
Marks content covered by the current rule as sensitive personally identifiable information that needs to be treated as secure and private. That includes anything involving personal information: name, social security number, date and place of birth, mother’s maiden name, biometric data, or any other data linked to an individual. If you attempt to save a property with such a rule that also caches or logs sensitive content, the added behavior results in a validation error.
WARNING: This feature only identifies some vulnerabilities. For example, it does not prevent you from including secure information in a query string or writing it to an origin folder. It also can’t tell whether the SSL protocol is in effect.
Options:
enabled
(boolean): When enabled, marks content as personally identifiable information (PII).
phasedRelease
Property Manager name: Phased Release Cloudlet
The Phased Release Cloudlet provides gradual and granular traffic management to an alternate origin in near real time. Use the Cloudlets API or the Cloudlets Policy Manager application within Control Center to set up your Cloudlets policies.
Options:
enabled
(boolean): Enables the Phased Release Cloudlet.
cloudletPolicy
(object): Specifies the Cloudlet policy as an object containing two members: a descriptivename
string and an integerid
set by the Cloudlet application.
label
(string): A label to distinguish this Phased Release policy from any others within the same property.
populationCookieType
(enum string): For the population of users the Cloudlet defines, select whether to assign a cookie to them, or elseNONE
. Other option values specify when the cookie expires: after a specificDURATION
, at aFIXED_DATE
, once the browser session ends (ON_BROWSER_CLOSE
), orNEVER
. If you select the Cloudlet’s random membership option, it overrides the option value so that it is effectivelyNONE
.
populationExpirationDate
(ISO 8601 format date/time string): With thepopulationCookieType
set toFIXED_DATE
, this specifies the date and time when membership expires, and the browser no longer sends the cookie. Subsequent requests re-evaluate based on current membership settings.
populationDuration
(duration string): With thepopulationCookieType
set toDURATION
, this sets the lifetime of the cookie from the initial request. Subsequent requests re-evaluate based on current membership settings.
populationRefresh
(boolean): With thepopulationCookieType
set toDURATION
, enabling this option resets the original duration of the cookie if the browser refreshes before the cookie expires.
failoverEnabled
(boolean): Allows failure responses at the origin defined by the Cloudlet to fail over to the prevailing origin defined by the property.
failoverResponseCode
(array of string values): WithfailoverEnabled
on, this defines the set of failure codes that initiate the failover response.
failoverDuration
(number within 0–300 range): Specifies the number of seconds to wait until the client tries to access the failover origin after the initial failure is detected. Set the value to0
to immediately request the alternate origin upon failure.
preconnect
Property Manager name: Manual Preconnect
With the http2
behavior enabled, this requests a specified set of domains that relate
to your property hostname, and keeps the connection open for faster
loading of content from those domains.
Options:
preconnectlist
(array of string values): Specifies the set of hostnames to which to preconnect over HTTP2.
predictivePrefetching
Property Manager name: Predictive Prefetching
This behavior potentially reduces the client’s page load time by pre-caching objects based on historical data for the page, not just its current set of referenced objects. It also detects second-level dependencies, such as objects retrieved by JavaScript.
Options:
enabled
(boolean): Enables the predictive prefetching behavior.
accuracyTarget
(enum string): The level of prefetching, eitherLOW
,MEDIUM
, orHIGH
. A higher level results in better client performance, but potentially greater load on the origin.
prefetch
Property Manager name: Prefetch Objects
Instructs edge servers to retrieve
content linked from requested pages as they load, rather than waiting
for separate requests for the linked content. This behavior applies
depending on the rule’s set of matching conditions. Use in
conjunction with the prefetchable
behavior, which specifies the set of objects to prefetch.
Options:
enabled
(boolean): Applies prefetching behavior when enabled.
prefetchable
Property Manager name: Prefetchable Objects
Allow matching objects to
prefetch into the edge cache as the parent page that links to them
loads, rather than waiting for a direct request. This behavior applies
depending on the rule’s set of matching conditions. Use
prefetch
to enable the overall behavior for parent
pages that contain links to the object. To apply this behavior, you
need to match on a filename
or
fileExtension
.
Options:
enabled
(boolean): When enabled, allows matching content to prefetch when referenced on a requested parent page.
prefreshCache
Property Manager name: Cache Prefreshing
Refresh cached content before its time-to-live (TTL) expires, to keep end users from having to wait for the origin to provide fresh content.
Prefreshing starts asynchronously based on a percentage of remaining TTL. The edge serves the prefreshed content only after the TTL expires. If the percentage is set too high, and there is not enough time to retrieve the object, the end user waits for it to refresh from the origin, as is true by default without this prefresh behavior enabled. The edge does not serve stale content.
Options:
enabled
(boolean): Enables the cache prefreshing behavior.
prefreshval
(number within 0–99 range): Specifies when the prefresh occurs as a percentage of the TTL. For example, for an object whose cache has 10 minutes left to live, and an origin response that is routinely less than 30 seconds, a percentage of95
prefreshes the content without unnecessarily increasing load on the origin.
quicBeta
Property Manager name: Quic Support
For a share of responses,
includes an Alt-Svc
header for compatible clients to initiate
subsequent sessions using the QUIC protocol.
Options:
enabled
(boolean): Enables QUIC support.
quicOfferPercentage
(number within 1–50 range): The percentage of responses for which to allow QUIC sessions.
randomSeek
Property Manager name: Random Seek
Optimizes .flv
and .mp4
files to allow random jump-point navigation.
Options:
flv
(boolean): Enables random seek optimization in FLV files.
mp4
(boolean): Enables random seek optimization in MP4 files.
maximumSize
(string): With themp4
option enabled, sets the maximum size of the MP4 file to optimize, expressed as a number suffixed with a unit string such asMB
orGB
.
rapid
Property Manager name: Akamai API Gateway
The Akamai API Gateway allows you to configure API traffic delivered over the Akamai network. Apply this behavior to a set of API assets, then use Akamai’s API Endpoints API to configure how the traffic responds. Use the API Keys and Traffic Management API to control access to your APIs.
Options:
enabled
(boolean): Enables API Gateway for the current set of content.
readTimeout
Property Manager name: Read Timeout
A read-only behavior
that specifies how long the edge server should wait for a response
from the requesting forward server after a connection has already been
established. Any failure to read aborts the request and sends a 504
Gateway Timeout error to the client. Contact Akamai Professional
Services for help configuring this behavior.
Options:
value
(duration string): Specifies the read timeout necessary before failing with a504
error. This value should never be zero.
realUserMonitoring
Property Manager name: Real User Monitoring
Real User Monitoring
(RUM) injects JavaScript into HTML pages served to end-user clients
that monitors page-load performance and reports on various data, such
as browser type and geographic location. The report
behavior allows you to configure logs.
For more information on this behavior, see the Real User Monitoring Guide.
Options:
enabled
(boolean): When enabled, activates real-use monitoring.
redirect
Property Manager name: Redirect
Respond to the client request
with a redirect without contacting the origin. Specify the redirect as
a path expression starting with a /
character relative to the
current root, or as a fully qualified URL. This behavior relies
primarily on destinationHostname
and destinationPath
to manipulate
the hostname and path independently.
See also the redirectplus
behavior, which allows
you to use variables more flexibly to express the redirect’s
destination.
Options:
mobileDefaultChoice
(enum string): When set toMOBILE
, allows only a302
response code. When set toDEFAULT
, allows all otherresponseCode
values.
destinationProtocol
(enum string): Choose the protocol for the redirect URL, eitherHTTP
,HTTPS
, orSAME_AS_REQUEST
to pass through the original protocol.
destinationHostname
(enum string): Specify how to change the requested hostname, independently from the pathname:SUBDOMAIN
prepends a subdomain from thedestinationHostSubdomain
field.SIBLING
replaces the leftmost subdomain with thedestinationHostSibling
field.OTHER
specifies a static domain in thedestinationHostnameOther
field.SAME_AS_REQUEST
preserves the hostname unchanged.
destinationHostSubdomain
(string; allows variables): IfdestinationHostname
is set toSUBDOMAIN
, this specifies a subdomain to prepend to the current hostname. For example, a value ofm
changeswww.example.com
tom.www.example.com
.
destinationHostSibling
(string; allows variables): IfdestinationHostname
is set toSIBLING
, this specifies the subdomain with which to replace to the current hostname’s leftmost subdomain. For example, a value ofm
changeswww.example.com
tom.example.com
.
destinationHostnameOther
(string; allows variables): IfdestinationHostname
is set toOTHER
, this specifies the full hostname with which to replace the current hostname.
destinationPath
(enum string): Specify how to change the requested pathname, independently from the hostname:PREFIX_REQUEST
prepends a path with thedestinationPathPrefix
field. You also have the option to specify a suffix usingdestinationPathSuffix
anddestinationPathSuffixStatus
.OTHER
replaces the current path with thedestinationPathOther
field.SAME_AS_REQUEST
preserves the current path unchanged.
destinationPathPrefix
(string; allows variables): WhendestinationPath
is set toPREFIX_REQUEST
, this prepends the current path. For example, a value of/prefix/path
changes/example/index.html
to/prefix/path/example/index.html
.
destinationPathSuffixStatus
(enum string): WhendestinationPath
is set toPREFIX_REQUEST
, this gives you the option of adding a suffix. SpecifyNO_SUFFIX
if you want to preserve the end of the path unchanged. If you specifySUFFIX
, thedestinationPathSuffix
provides the value.
destinationPathSuffix
(string; allows variables): WhendestinationPath
is set toPREFIX_REQUEST
anddestinationPathSuffixStatus
is set toSUFFIX
, this specifies the suffix to append to the path.
destinationPathOther
(string; allows variables): WhendestinationPath
is set toPREFIX_REQUEST
, this replaces the current path.
queryString
(enum string): When set toAPPEND
, passes incoming query string parameters as part of the redirect URL. Otherwise set this toIGNORE
.
responseCode
(numeric enum): Specify the redirect’s response code:301
(Moved Permanently),302
(Found),303
(See Other), or307
(Temporary Redirect).
redirectplus
Property Manager name: Redirect Plus
Respond to the client
request with a redirect without contacting the origin. This behavior
fills the same need as redirect
, but allows you to use
variables to express the redirect destination
’s component
values more concisely.
Options:
enabled
(boolean): Enables the redirect feature.
destination
(string; allows variables): Specifies the redirect as a path expression starting with a/
character relative to the current root, or as a fully qualified URL. Optionally inject variables, as in this example that refers to the original request’s filename:/path/to/{{builtin.AK_FILENAME}}
.
responseCode
(numeric enum): Assigns the status code for the redirect response, either301
,302
,303
, or307
.
refererChecking
Property Manager name: Legacy Referrer Checking
Limits allowed requests to a set of domains you specify.
Options:
enabled
(boolean): Enables the referer-checking behavior.
strict
(boolean): When enabled, excludes requests whoseReferer
header include a relative path, or that are missing aReferer
. When disabled, only excludes requests whoseReferer
hostname is not part of thedomains
set.
domains
(array of string values): Specifies the set of allowed domains. WithallowChildren
disabled, prefixing values with*.
specifies domains for which subdomains are allowed.
allowChildren
(boolean): When enabled, allows all subdomains for thedomains
set, just like adding a*.
prefix to each.
removeQueryParameter
Property Manager name: Remove Outgoing Request Parameters
Remove named query parameters before forwarding the request to the origin.
Options:
parameters
(array of string values): Specifies parameters to remove from the request.
removeVary
Property Manager name: Remove Vary Header
By default, responses that feature a
Vary
header value of anything other than Accept-Encoding
and a
corresponding Content-Encoding: gzip
header aren’t cached on edge
servers. Vary
headers indicate when a URL’s content varies depending
on some variable, such as which User-Agent
requests it. This
behavior simply removes the Vary
header to make responses cacheable.
WARNING: If your site relies on
Vary: User-Agent
to customize content, removing the header may lead the edge to serve content inappropriate for specific devices.
Options:
enabled
(boolean): When enabled, removes theVary
header to ensure objects can be cached.
report
Property Manager name: Log Request Details
Specify the HTTP request headers or cookie names to log in your Log Delivery Service reports.
Options:
logHost
(boolean): Log theHost
header.
logReferer
(boolean): Log theReferer
header.
logUserAgent
(boolean): Log theUser-Agent
header.
logAcceptLanguage
(boolean): Log theAccept-Language
header.
logCookies
(enum string): With a set of definedcookie
names, specifies whether you want to logALL
orSOME
cookies, or to turnOFF
the feature to stop logging cookies.
cookies
(array of string values): WithlogCookies
set toSOME
, this specifies the set of cookies names whose values you want to log.
logCustomLogField
(boolean): Whether to append additional custom data to each log line.
customLogField
(string; allows variables): WithlogCustomLogField
enabled, specifies an additional data field to append to each log line, maximum 40 bytes, typically based on a dynamically generated built-in system variable. For example,round-trip: {{builtin.AK_CLIENT_TURNAROUND_TIME}}ms
would log the total time to complete the response. See Support for variables for more information.
requestControl
Property Manager name: Request Control Cloudlet
The Request Control Cloudlet allows you to control access to your web content based on the incoming request’s IP or geographic location. With cloudlets available on your contract, choose Your services ⇒ Edge logic Cloudlets to control how the feature works within Control Center, or use the Cloudlets API to configure it programmatically.
Options:
enabled
(boolean): Enables the Request Control Cloudlet.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
enableBranded403
(boolean): If enabled, serves a branded 403 page for this Cloudlet instance.
branded403StatusCode
(numeric enum): Specifies the response status code for the branded deny action, either200
,302
,403
, or503
.
netStorage
(object): Specifies the NetStorage domain that contains the branded 403 page.
branded403File
(string): Specifies the full path of the branded 403 page, including the filename, but excluding the NetStorage CP code path component.
branded403Url
(string): Specifies the redirect URL for the branded deny action.
brandedDenyCacheTtl
(number within 5–30 range): Specifies the branded response page’s time to live in the cache,5
minutes by default.
requestTypeMarker
Property Manager name: Request Type Marker
The
Internet of Things: OTA Updates
product allows customers to securely distribute firmware to devices
over cellular networks. When using the
downloadCompleteMarker
behavior to log
successful downloads, this related behavior identifies download or
campaign server types in aggregated and individual reports.
Options:
requestType
(enum string): Specifies the type of request as eitherDOWNLOAD
orCAMPAIGN_SERVER
.
resourceOptimizer
Property Manager name: Resource Optimizer
The Resource Optimizer helps compress and cache web resources such as JavaScript, CSS, and font files.
Options:
enabled
(boolean): Enables the Resource Optimizer feature.
resourceOptimizerExtendedCompatibility
Property Manager name: Resource Optimizer Extended Compatibility
The Resource Optimizer helps compress and cache web resources such as JavaScript, CSS, and font files.
Options:
enabled
(boolean): Enables the Resource Optimizer feature.
enableAllFeatures
(boolean): Enables the full set of Resource Optimizer feature.
responseCode
Property Manager name: Set Response Code
Change the existing
response code. For example, if your origin sends a 301
permanent
redirect, this behavior can change it on the edge to a temporary 302
redirect.
Options:
statusCode
(numeric enum): The HTTP status code to replace the existing one, any of the following:
100 101 102 103 122 200 201 202 203 204 205 206 207 226 300 301 302 303 304 305 306 307 308 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 422 423 424 425 426 428 429 431 444 449 450 499 500 501 502 503 504 505 506 507 509 510 511 598 599
override206
(boolean): When enabled, allows any specified200
success code to override a206
partial-content code, in which case the response’s content length matches the requested range length.
responseCookie
Property Manager name: Set Response Cookie
Set a cookie to send downstream to the client, either with a fixed value or a unique stamp.
Options:
enabled
(boolean): When enabled, allows you to set a response cookie.
cookieName
(string; allows variables): Specifies the name of the cookie, which serves as a key to determine if the cookie is set.
type
(enum string): Assign either aUNIQUE
value, or aFIXED
one based on thevalue
field.
value
(string; allows variables): If the cookietype
isFIXED
, this specifies the cookie value.
format
(enum string): When thetype
of cookie is set toUNIQUE
, set this to eitherAPACHE
orAKAMAI
format. The latter format adds milliseconds to the date stamp.
defaultDomain
(boolean): When enabled, uses the default domain value, otherwise the set specified in thedomain
field.
defaultPath
(boolean): When enabled, uses the default path value, otherwise the set specified in thepath
field.
domain
(string; allows variables): If thedefaultDomain
is disabled, this sets the domain for which the cookie is valid. For example,example.com
makes the cookie valid for that hostname and all subdomains.
path
(string; allows variables): If thedefaultPath
is disabled, sets the path component for which the cookie is valid.
expires
(enum string): Sets various ways to specify when the cookie expires:- A value of
NEVER
lets the cookie persist indefinitely. - A value of
ON_BROWSER_CLOSE
limits the cookie to the duration of the session. - A value of
DURATION
requires a correspondingDURATION
field value. - A value of
FIXED_DATE
requires a correspondingexpirationDate
field value.
- A value of
expirationDate
(ISO 8601 format date/time string): Ifexpires
is set toFIXED_DATE
, this sets when the cookie expires as a UTC date and time.
duration
(duration string): Ifexpires
is set toDURATION
, this sets the cookie’s lifetime.
secure
(boolean): When enabled, sets the cookie’sSecure
flag to transmit it withHTTPS
.
restrictObjectCaching
Property Manager name: Object Caching
A read-only behavior necessary to deploy the Object Caching product. It disables serving HTML content and limits the maximum object size to 100MB. Contact Akamai Professional Services for help configuring it.
Options:
maximumSize
(read-only string): Specifies a fixed maximum size of non-HTML content to cache.
returnCacheStatus
Property Manager name: Return Cache Status
Generates a response
header with information about cache status. Among other things, this
can tell you whether the response came from the Akamai cache, or from
the origin. Status values report with either of these forms of syntax,
depending for example on whether you’re deploying traffic using
sureRoute
or
tieredDistribution
:
{status} from child
{status} from child, {status} from parent
The status
value can be any of the following:
Hit
: The object was retrieved from Akamai’s cache.Miss
: The object was not found in the Akamai cache.RefreshHit
: The object was found in Akamai’s cache, but was stale, so anIf-Modified-Since
request was made to the customer origin, with 304 as the response code, indicating unmodified content.HitStale
: The object was found in Akamai’s cache and was stale, but a more recent object was not available from the customer origin, so the cache served the stale object to the client.Constructed
: TheconstructResponse
behavior directly specified the response to the client.Redirect
: The Akamai edge configuration specified a redirect, typically by executing theredirect
,redirectPlus
, oredgeRedirector
behaviors.Error
: An error occurred, typically when authorization is denied or the request is rejected by WAF.
Options:
responseHeaderName
(string): Specifies the name of the HTTP header in which to report the cache status value.
rewriteUrl
Property Manager name: Modify Outgoing Request Path
Modifies the path of incoming requests to forward to the origin. This helps you offload URL-rewriting tasks to the edge to increase the origin server’s performance, allows you to redirect links to different targets without changing markup, and hides your original directory structure.
Except for regular expression replacements, this behavior manipulates
path expressions, which start and end with a /
character.
Options:
behavior
(enum string): The action to perform on the path:If set to
PREPEND
, specify thetargetPathPrepend
. For example, if set to/prefix/
,/path1/page.html
changes to/prefix/path1/page.html
.If set to
REPLACE
, specify thematch
andtargetPath
. For example, amatch
of/path1/
and atargetPath
of/path1/path2/
changes/path1/page.html
to/path1/path2/page.html
.If set to
REGEX_REPLACE
, specify thematchRegex
andtargetRegex
. For example, specifyinglogo\\.(png|gif|jpe?g)
andbrand\$1
changeslogo.png
tobrand.png
.If set to
REWRITE
, specify thetargetUrl
. For example, you can direct traffic to/error/restricted.html
.If set to
REMOVE
, specify thematch
. For example, amatch
of/path2/
changes/path1/path2/page.html
to/path1/page.html
.
match
(string): Whenbehavior
isREMOVE
orREPLACE
, specifies the part of the incoming path you’d like to remove or modify.
matchRegex
(string): Whenbehavior
is set toREGEX_REPLACE
, specifies the Perl-compatible regular expression to replace withtargetRegex
.
targetRegex
(string; allows variables): Whenbehavior
is set toREGEX_REPLACE
, this replaces whatever thematchRegex
field matches, along with any captured sequences from\$1
through\$9
.
targetPath
(string; allows variables): Whenbehavior
is set toREPLACE
, this path replaces whatever thematch
field matches in the incoming request’s path.
targetPathPrepend
(string; allows variables): Whenbehavior
is set toPREPEND
, specifies a path to prepend to the incoming request’s URL.
targetUrl
(string; allows variables): Whenbehavior
is set toREWRITE
, specifies the full path to request from the origin.
matchMultiple
(boolean): When enabled, replaces all potential matches rather than only the first.
keepQueryString
(boolean): When enabled, retains the original path’s query parameters.
rmaOptimization
Property Manager name: RMA Optimizations
This behavior is deprecated. Do not add it to any properties.
This behavior does not include any options. Specifying the behavior itself enables it.
rumCustom
Property Manager name: RUM SampleRate
With
realUserMonitoring
enabled, this configures
the sample of data to include in your RUM report.
Options:
rumSampleRate
(number within 0–100 range): Specifies the percentage of web traffic to include in your RUM report.
rumGroupName
(string): A deprecated option to specify an alternate name under which to batch this set of web traffic in your report. Do not use it.
saasDefinitions
Property Manager name: SaaS Definitions
Configures how the
Software as a Service feature identifies customers, applications,
and users. A different set of options is available for each type of
targeted request, each enabled with the action
-suffixed option. In
each case, you can use PATH
, COOKIE
, QUERY_STRING
, or HOSTNAME
components as identifiers, or disable
the
SaaS
behavior for certain targets. If you rely on a HOSTNAME
, you also
have the option of specifying a CNAME chain rather than an
individual hostname. The various options suffixed regex
and
replace
subsequently remove the identifier from the request.
This behavior requires a sibling origin
behavior whose originType
option is set to SAAS_DYNAMIC_ORIGIN
.
Options:
applicationAction
(enum string): Specifies the request component that identifies a SaaS application, eitherCOOKIE
,HOSTNAME
,PATH
, orQUERY_STRING
. Setting it toDISABLED
effectively ignores applications.
applicationCookie
(string): WithapplicationAction
set toCOOKIE
, this specifies the name of the cookie that identifies the application.
applicationQueryString
(string): WithapplicationAction
set toQUERY_STRING
, this names the query parameter that identifies the application.
applicationCnameEnabled
(boolean): WithapplicationAction
set toHOSTNAME
, enabling this allows you to identify applications using a CNAME chain rather than a single hostname.
applicationCnameLevel
(number): WithapplicationCnameEnabled
on, this specifies the number of CNAMEs to use in the chain.
applicationRegex
(string): Specifies a Perl-compatible regular expression with which to substitute the request’s application ID.
applicationReplace
(string): Specifies a string to replace the request’s application ID matched byapplicationRegex
.
customerAction
(enum string): Specifies the request component that identifies a SaaS customer, eitherCOOKIE
,HOSTNAME
,PATH
, orQUERY_STRING
. Setting it toDISABLED
effectively ignores customers.
customerCookie
(string): WithcustomerAction
set toCOOKIE
, this specifies the name of the cookie that identifies the customer.
customerQueryString
(string): WithcustomerAction
set toQUERY_STRING
, this names the query parameter that identifies the customer.
customerCnameEnabled
(boolean): WithcustomerAction
set toHOSTNAME
, enabling this allows you to identify customers using a CNAME chain rather than a single hostname.
customerCnameLevel
(number): WithcustomerCnameEnabled
on, this specifies the number of CNAMEs to use in the chain.
customerRegex
(string): Specifies a Perl-compatible regular expression with which to substitute the request’s customer ID.
customerReplace
(string): Specifies a string to replace the request’s customer ID matched bycustomerRegex
.
usersAction
(enum string): Specifies the request component that identifies a SaaS user, eitherCOOKIE
,HOSTNAME
,PATH
, orQUERY_STRING
. Setting it toDISABLED
effectively ignores users.
usersCookie
(string): WithusersAction
set toCOOKIE
, this specifies the name of the cookie that identifies the user.
usersQueryString
(string): WithusersAction
set toQUERY_STRING
, this names the query parameter that identifies the user.
usersCnameEnabled
(boolean): WithusersAction
set toHOSTNAME
, enabling this allows you to identify users using a CNAME chain rather than a single hostname.
usersCnameLevel
(number): WithuserCnameEnabled
on, this specifies the number of CNAMEs to use in the chain.
usersRegex
(string): Specifies a Perl-compatible regular expression with which to substitute the request’s user ID.
usersReplace
(string): Specifies a string to replace the request’s user ID matched byusersRegex
.
salesForceCommerceCloudClient
Property Manager name: Akamai Connector for Salesforce Commerce Cloud
If you use the Salesforce Commerce Cloud platform for your origin content, this behavior allows your edge content managed by Akamai to contact directly to origin.
Options:
enabled
(boolean): Enables the Akamai Connector for Salesforce Commerce Cloud.
connectorId
(string; allows variables): An ID value that helps distinguish different types of traffic sent from Akamai to the Salesforce Commerce Cloud. Form the value as instance-realm-customer, where instance is eitherproduction
ordevelopment
, realm is your Salesforce Commerce Cloud service$REALM
value, and customer is the name for your organization in Salesforce Commerce Cloud. You can use alphanumeric characters, underscores, or dot characters within dash-delimited segment values.
originType
(enum string): Specifies whether to use aDEFAULT
Salesforce origin, or aCUSTOMER
defined origin.
sf3cOriginHost
(string; allows variables): WithoriginType
set toCUSTOMER
, this specifies the hostname or IP address of the custom Salesforce origin.
originHostHeader
(enum string): Specifies whether to use aDEFAULT
orCUSTOMER
defined Salesforce host header.
sf3cOriginHostHeader
(string; allows variables): WithoriginHostHeader
set toCUSTOMER
, this specifies the hostname or IP address of the custom Salesforce host header.
allowOverrideOriginCacheKey
(boolean): When enabled, overrides the forwarding origin’s cache key.
salesForceCommerceCloudProvider
Property Manager name: Akamai Provider for Salesforce Commerce Cloud
This manages traffic between mutual customers and the Salesforce Commerce Cloud platform.
Options:
enabled
(boolean): Enables Akamai Provider for Salesforce Commerce Cloud.
salesForceCommerceCloudProviderHostHeader
Property Manager name: Akamai Provider for Salesforce Commerce Cloud Host Header Control
Manages host header values sent to the Salesforce Commerce Cloud platform.
Options:
hostHeaderSource
(enum string): Whether the host header derives from thisPROPERTY
or from theCUSTOMER
property.
savePostDcaProcessing
Property Manager name: Save POST DCA processing result
A read-only
behavior, used in conjunction with the cachePost
behavior, that allows the body of POST requests to be processed
through Dynamic Content Assembly. Contact Akamai Professional
Services for help configuring it.
Options:
enabled
(boolean): Enables processing of POST requests.
scheduleInvalidation
Property Manager name: Scheduled Invalidation
Specifies when cached content that satisfies a rule’s criteria expires, optionally at repeating intervals. In addition to periodic cache flushes, you can use this behavior to minimize potential conflicts when related objects expire at different times.
WARNING: scheduled invalidations can significantly increase origin servers’ load when matching content expires simultaneously across all edge servers. As best practice, schedule expirations during periods of lowest traffic.
Options:
start
(ISO 8601 format date/time string): The UTC date and time when matching cached content is to expire.
repeat
(boolean): When enabled, invalidation recurs periodically from thestart
time based on therepeatInterval
time.
repeatInterval
(duration string): Withrepeat
enabled, specifies how often to invalidate content from thestart
time, expressed in seconds. For example, an expiration set to midnight and an interval of86400
seconds invalidates content once a day. Repeating intervals of less than 5 minutes are not allowed for NetStorage origins.
refreshMethod
(enum string): Specifies how to invalidate the content. Setting it toINVALIDATE
sends anIf-Modified-Since
request to the origin, re-caching the content only if it is fresher. Setting it toPURGE
re-caches content regardless of its freshness, potentially creating more traffic at the origin.
scriptManagement
Property Manager name: Script Management
Ensures unresponsive linked JavaScript files do not prevent HTML pages from loading.
Options:
enabled
(boolean): Enables the Script Management feature.
serviceworker
(enum string): ChooseNO_SERVICE_WORKER
to simply view script insights within the Akamai Control Panel. ChooseYES_SERVICE_WORKER
to configure additional script actions, and to activate policies.
timestamp
(number): A read-only epoch timestamp value used for synchronization.
segmentedContentProtection
Property Manager name: Segmented Media Protection
Validates authorization tokens at the edge server to prevent unauthorized link sharing.
Options:
enabled
(boolean): Enables the segmented content protection behavior.
key
(string): Specifies the encryption key to use as a shared secret to validate tokens.
useAdvanced
(boolean): When enabled, allows you to specify advancedtransitionKey
andsalt
options.
transitionKey
(string): An alternate encryption key to match along with thekey
field, allowing you to rotate keys with no down time.
salt
(string): Specifies a salt as input into the token for added security. This value must match the salt used in the token generation code.
headerForSalt
(array of string values): WithuseAdvanced
enabled, this allows you to include additional salt properties specific to each end user to strengthen the relationship between the session token and playback session. This specifies the set of request headers whose values generate the salt value, typicallyUser-Agent
,X-Playback-Session-Id
, andOrigin
. Any specified header must appear in the player’s request.
sessionId
(boolean): WithuseAdvanced
enabled, enabling this option carries thesession_id
value from the access token over to the session token, for use in tracking and counting unique playback sessions.
dataPayload
(boolean): WithuseAdvanced
enabled, enabling this option carries thedata/payload
field from the access token over to the session token, allowing access to opaque data for log analysis for a URL protected by a session token.
ip
(boolean): WithuseAdvanced
enabled, enabling this restricts content access to a specific IP address, only appropriate if it does not change during the playback session.
acl
(boolean): WithuseAdvanced
enabled, enabling this option carries theACL
field from the access token over to the session token, to limit the requesting client’s access to the specific URL or path set in theACL
field. Playback may fail if the base path of the master playlist (and variant playlist, plus segments) varies from that of theACL
field.
enableTokenInURI
(boolean): When enabled, passes tokens in HLS variant manifest URLs and HLS segment URLs, as an alternative to cookies.
hlsMasterManifestFiles
(array of string values): WithenableTokenInURI
enabled, specifies the set of filenames that form HLS master manifest URLs. You can use*
wildcard characters, but make sure to specify master manifest filenames uniquely, to distinguish them from variant manifest files.
tokenRevocationEnabled
(boolean): Enable this to deny requests from playback URLs that contain aTokenAuth
token that uses specific token identifiers.
blackListName
(string): WithtokenRevocationEnabled
on, this selects the blacklist that contains theTokenAuth
token identifiers to block from accessing your content.
hlsMediaEncryption
(boolean): Enables HLS Segment Encryption.
encryptionMode
(enum string): WithhlsMediaEncryption
enabled, specifies the encryption algorithm, the only valid value for which isAES128
.
useAdvancedOption
(boolean): WithhlsMediaEncryption
enabled, allows you to use advanced encryption options.
iv
(string): WithhlsMediaEncryption
anduseAdvancedOption
both enabled, this specifies the initialization vector used to generate the encryption key.
segmentedMediaOptimization
Property Manager name: Segmented Media Delivery Mode
Optimizes segmented media for live or streaming delivery contexts.
Options:
behavior
(enum string): Set to either cachedON_DEMAND
, or streamingLIVE
. OnlyON_DEMAND
is allowed for NetStorage origins.
showAdvanced
(boolean): When enabled, allows you to configure advanced media options.
liveType
(enum string): The type of live media, eitherCONTINUOUS
or anEVENT
for a range of time.
startTime
(ISO 8601 format date/time string): WithliveType
set toEVENT
, this specifies when the live media event begins.
endTime
(ISO 8601 format date/time string): WithliveType
set toEVENT
, this specifies when the live media event ends.
dvrType
(enum string): The type of DVR, eitherCONFIGURABLE
orUNKNOWN
.
dvrWindow
(duration string): Set the duration for your media, or0m
if a DVR is not required.
segmentedMediaStreamingPrefetch
Property Manager name: Segmented Media Streaming - Prefetch
Prefetches HLS and DASH media stream manifest and segment files,
accelerating delivery to end users. For prefetching to work, your
origin media’s response needs to specify
CDN-Origin-Assist-Prefetch-Path
headers with each URL to prefetch,
expressed as either a relative or absolute path.
Options:
enabled
(boolean): Enables media stream prefetching.
setVariable
Property Manager name: Set Variable
Modify a variable to insert
into subsequent fields within the rule tree. Use this behavior to
specify the predeclared variableName
and determine from where to
derive its new value. Based on this valueSource
, you can either
generate the value, extract it from some part of the incoming request,
assign it from another variable (including a set of built-in system
variables), or directly specify its text. Optionally choose a
transform
function to modify the value once.
See Support for variables for more information.
Options:
variableName
(string): Specifies the predeclared root name of the variable to modify. When you declare a variable name such asVAR
, its name is preprended withPMUSER_
and accessible in auser
namespace, so that you invoke it in subsequent text fields within the rule tree as{{user.PMUSER_VAR}}
. In deployed XML metadata, it appears as%(PMUSER_VAR)
.
valueSource
(enum string): Determines how you want to set the value: eitherGENERATE
it,EXTRACT
it from another value, or specify your own stringEXPRESSION
.
variableValue
(string; allows variables): WithvalueSource
set toEXPRESSION
, this directly specifies the value to assign to the variable. The expression may include a mix of static text and other variables, such asnew_filename.{{builtin.AK_EXTENSION}}
to embed a system variable.
extractLocation
(enum string): WithvalueSource
set toEXTRACT
, this specifies from where to get the value, either theCLIENT_CERTIFICATE
,CLIENT_REQUEST_HEADER
,RESPONSE_HEADER
,COOKIE
,SET_COOKIE
,EDGESCAPE
(for location or network data),PATH_COMPONENT_NAME
,PATH_COMPONENT_OFFSET
,PATH_PARAMETER
,DEVICE_PROFILE
(for client device attributes) orQUERY_STRING
.
certificateFieldName
(enum string): WithextractLocation
set toCLIENT_CERTIFICATE
, specifies the certificate’s content, either:CONTENTS_DER
: The entire DER-encoded certificate, expressed in hex.CONTENTS_PEM
: The PEM-formatted certificate encoded as a single line of base64 characters.CONTENTS_PEM_NO_LABELS
: Same asCONTENTS_PEM
, but not including the certificate’s header and footer.COUNT
: The number of client certificates received.FINGERPRINT_DYN
: The hex-encoded fingerprint generated based on theSIGNATURE_ALGORITHM
.FINGERPRINT_MD5
: The hex-encoded MD5 fingerprint.FINGERPRINT_SHA1
: The hex-encoded SHA1 fingerprint.ISSUER_DN
: The distinguished name field for the certificate’s issuer.KEY_LENGTH
: The size of the key in bits.NOT_AFTER
: The end of the time range, expressed inYYYY/MM/DD HH:MI:SS ZONE
format, where the zone is optional.NOT_BEFORE
: The start of the time range, expressed inYYYY/MM/DD HH:MI:SS ZONE
format, where the zone is optional.SERIAL
: The serial number, expressed in hex.SIGNATURE_ALGORITHM
: The algorithm used to generate the certificate’s signature.SIGNATURE
: The certificate’s signature, expressed in hex.STATUS_MSG
: A short message indicating the status of a certificate’s validation, such asok
ormissing
.SUBJECT_DN
: The distinguished name field for the user.VERSION
: The certificate’s X509 version number.
headerName
(string): WithextractLocation
set toCLIENT_REQUEST_HEADER
, specifies the case-insensitive name of the HTTP header to extract.
responseHeaderName
(string): WithextractLocation
set toRESPONSE_HEADER
, specifies the case-insensitive name of the HTTP header to extract.
setCookieName
(string): WithextractLocation
set toSET_COOKIE
, specifies the name of the origin’sSet-Cookie
response header.
cookieName
(string): WithextractLocation
set toCOOKIE
, specifies the name of the cookie to extract.
locationId
(enum string): WithextractLocation
set toEDGESCAPE
, specifies theX-Akamai-Edgescape
header’s field name. Possible values specify basic geolocation, various geographic standards, and information about the client’s network:- Two-letter
CONTINENT
, ISO–3166COUNTRY_CODE
orREGION_CODE
,COUNTY
,CITY
,TIMEZONE
,AREACODE
,ZIP
,LAT
, andLONG
. ASNUM
(Autonomous System Number),DMA
(Designated Market Area),FIPS
(Federal Information Processing System code),MSA
(Metropolitan Statistical Area), andPMSA
(Primary Metropolitan Statistical Area).NETWORK
(name),NETWORK_TYPE
, or tiered level ofTHROUGHPUT
orBW
(bandwidth).
For details on EdgeScape header fields, see the EdgeScape User Guide.
- Two-letter
pathComponentOffset
(string): WithextractLocation
set toPATH_COMPONENT_OFFSET
, this specifies a portion of the path. The indexing starts from1
, so a value of/path/to/nested/filename.html
and an offset of1
yieldspath
, and3
yieldsnested
. Negative indexes offset from the right, so-2
also yieldsnested
.
queryParameterName
(string): WithextractLocation
set toQUERY_STRING
, specifies the name of the query parameter from which to extract the value.
generator
(enum string): WithvalueSource
set toGENERATE
, this specifies the type of value to generate: eitherRAND
for a random number, orHEXRAND
for a random hex sequence.
numberOfBytes
(number within 1–16 range): WithvalueSource
set toGENERATE
and thegenerator
set toHEXRAND
, this specifies the number of random hex bytes to generate.
minRandomNumber
(string; allows variables): WithvalueSource
set toGENERATE
and thegenerator
set toRAND
, this specifies the lower bound of the random number.
maxRandomNumber
(string; allows variables): WithvalueSource
set toGENERATE
and thegenerator
set toRAND
, this specifies the upper bound of the random number.
transform
(enum string): Specifies a function to transform the value, eitherNONE
for no transformation, or any from the following categories:- Arithmetic:
ADD
,SUBTRACT
,MINUS
(reverse sign),MULTIPLY
,DIVIDE
, andMODULO
(get remainder). - Strings:
SUBSTITUTE
,LOWER
,UPPER
,SUBSTRING
,STRING_INDEX
(locate a substring),STRING_LENGTH
,REMOVE_WHITESPACE
,TRIM
(surrounding whitespace), andEXTRACT_PARAM
. - String conversions:
HEX_ENCODE
/HEX_DECODE
,XML_ENCODE
/XML_DECODE
.URL_ENCODE
/URL_DECODE
/URL_DECODE_UNI
(Unicode),NORMALIZE_PATH_WIN
(convert Windows paths to Unix format and remove relative path syntax) - Bitwise operations:
BITWISE_AND
,BITWISE_OR
,BITWISE_XOR
, andBITWISE_NOT
. - Numeric conversion:
DECIMAL_TO_HEX
,HEX_TO_DECIMAL
. - Encoding/decoding:
DECRYPT
/ENCRYPT
,BASE_64_ENCODE
/BASE_64_DECODE
. - Generate digests:
SHA_1
,SHA_256
,MD5
, a base64-encodedHMAC
key, or a simpleHASH
integer. - Time formats:
UTC_SECONDS
(epoch time),EPOCH_TO_STRING
, andSTRING_TO_EPOCH
. - Networking:
NETMASK
(apply a netmask to an IP address to specify the network’s available hosts).
For more details on each transform function, see Set Variable: Operations.
- Arithmetic:
operandOne
(string; allows variables): Specifies an additional operand when thetransform
function is set to various arithmetic functions (ADD
,SUBTRACT
,MULTIPLY
,DIVIDE
, orMODULO
) or bitwise functions (BITWISE_AND
,BITWISE_OR
, orBITWISE_XOR
).
algorithm
(enum string): With thetransform
function set to eitherENCRYPT
orDECRYPT
, this specifies the algorithm to apply, eitherALG_AES128
orALG_AES256
(Advanced Encryption Standard, 128 or 256 bits), orALG_3DES
(Triple DES).
encryptionKey
(string; allows variables): With thetransform
function set to eitherENCRYPT
orDECRYPT
, this specifies the encryption hex key. ForALG_3DES
it must be 48 characters long, 32 characters forALG_AES128
, and 64 characters forALG_AES256
.
initializationVector
(string): With thetransform
function set to eitherENCRYPT
orDECRYPT
, specifies a one-time number as an initialization vector. It must be 15 characters long forALG_3DES
, and 32 characters for bothALG_AES128
andALG_AES256
.
encryptionMode
(enum string): With thetransform
function set to eitherENCRYPT
orDECRYPT
, specifies eitherCBC
(Cipher Block Chaining) orECB
(Electronic Codebook) encryption modes.
nonce
(string; allows variables): With thetransform
function set to eitherENCRYPT
orDECRYPT
, specifies the one-time number used for encryption.
prependBytes
(boolean): With thetransform
function set to eitherENCRYPT
orDECRYPT
, specifies a number of random bytes to prepend to the key.
formatString
(string): With thetransform
function set to eitherEPOCH_TO_STRING
orSTRING_TO_EPOCH
, this specifies an optional format string for the conversion, using format codes such as%m/%d/%y
as specified bystrftime
. A blank value defaults to RFC–2616 format.
paramName
(string; allows variables): With thetransform
function set toEXTRACT_PARAM
, this extracts the value for the specified parameter name from a string that contains key/value pairs. (Useseparator
below to parse them.)
separator
(string): With thetransform
function set toEXTRACT_PARAM
, this specifies the character that separates pairs of values within the string.
min
(number): With thetransform
function set toHASH
, specifies a minimum value for the generated integer.
max
(number): With thetransform
function set toHASH
, specifies a maximum value for the generated integer
hmacKey
(string; allows variables): With thetransform
function set toHMAC
, specifies the secret to use in generating the base64-encoded digest.
hmacAlgorithm
(enum string): With thetransform
function set toHMAC
, specifies the algorithm to use to generate the base64-encoded digest, eitherMD5
,SHA1
, orSHA256
.
ipVersion
(enum string): With thetransform
function set toNETMASK
, this specifies the IP version under which a subnet mask generates, eitherIPV4
orIPV6
.
ipv6Prefix
(number within 0–128 range): With thetransform
function set toNETMASK
and theipVersion
set toIPV6
, specifies the prefix of the IPV6 address, a value between 0 and 128.
ipv4Prefix
(number within 0–32 range): With thetransform
function set toNETMASK
and theipVersion
set toIPV4
, specifies the prefix of the IPV4 address, a value between 0 and 32.
subString
(string; allows variables): With thetransform
function set toSTRING_INDEX
, specifies a substring for which the returned value represents a zero-based offset of where it appears in the original string, or-1
if there’s no match.
regex
(string): With thetransform
function set toSUBSTITUTE
, this specifies the regular expression pattern (PCRE) to match the value.
replacement
(string; allows variables): With thetransform
function set toSUBSTITUTE
, this specifies the replacement string. Reinsert grouped items from the match into the replacement using$1
,$2
…$n
.
caseSensitive
(boolean): With thetransform
function set toSUBSTITUTE
, enabling this makes all matches case sensitive.
globalSubstitution
(boolean): With thetransform
function set toSUBSTITUTE
, enabling this replaces all matches in the string, not just the first.
startIndex
(string; allows variables): With thetransform
function set toSUBSTRING
, specifies the zero-based character offset at the start of the substring. Negative indexes specify the offset from the end of the string.
endIndex
(string; allows variables): With thetransform
function set toSUBSTRING
, specifies the zero-based character offset at the end of the substring, without including the character at that index position. Negative indexes specify the offset from the end of the string.
exceptChars
(string): With thetransform
function set toURL_ENCODE
, specifies characters not to encode, possibly overriding the default set.
forceChars
(string): With thetransform
function set toURL_ENCODE
, specifies characters to encode, possibly overriding the default set.
deviceProfile
(enum string): WithextractLocation
set toDEVICE_PROFILE
, specifies the client device attribute. Possible values specify information about the client device, including device type, size and browser:IS_MOBILE
,IS_TABLET
andIS_WIRELESS_DEVICE
; basic device attributes; returns ‘true’ or ‘false’PHYSICAL_SCREEN_HEIGHT
,PHYSICAL_SCREEN_WIDTH
andVIEWPORT_WIDTH
; device screen and viewport size in millimetersRESOLUTION_HEIGHT
andRESOLUTION_WIDTH
; device screen size in pixelsBRAND_NAME
,DEVICE_OS
,DEVICE_OS_VERSION
,MOBILE_BROWSER
andMOBILE_BROWSER_VERSION
; basic device attributes; returns string valuesMAX_IMAGE_HEIGHT
andMAX_IMAGE_WIDTH
; maximum image size that can be displayed, in pixelsDUAL_ORIENTATION
,PDF_SUPPORT
andCOOKIE_SUPPORT
; device support capabilities; returns ‘true’ or ‘false’
For details on Device Characterization fields, see the Device Characterization Online Help.
shutr
Property Manager name: SHUTR
The SHUTR protocol extends HTTP to reduce the amount of header data necessary for web transactions with mobile devices.
This behavior does not include any options. Specifying the behavior itself enables it.
simulateErrorCode
Property Manager name: Simulate Error Response Code
A read-only behavior that simulates various error response codes. Contact Akamai Professional Services for help configuring it.
Options:
errorType
(enum string): Specifies the type of error, any of the following:
ERR_CONNECT_FAIL ERR_CONNECT_TIMEOUT ERR_DNS_FAIL ERR_DNS_IN_REGION ERR_DNS_TIMEOUT ERR_NO_GOOD_FWD_IP ERR_READ_ERROR ERR_READ_TIMEOUT ERR_SUREROUTE_DNS_FAIL ERR_WRITE_ERROR
timeout
(duration string): When theerrorType
isERR_CONNECT_TIMEOUT
,ERR_DNS_TIMEOUT
,ERR_SUREROUTE_DNS_FAIL
, orERR_READ_TIMEOUT
, generates an error after the specified amount of time from the initial request.
siteShield
Property Manager name: SiteShield
A read-only behavior implementing the Site Shield feature, which helps prevent non-Akamai machines from contacting your origin. Your service representative periodically sends you a list of Akamai servers allowed to contact your origin, with which you establish an Access Control List on your firewall to prevent any other requests.
Options:
ssmap
(object): Identifies the hostname for the Site Shield map, available from your Akamai representative. Form an object with avalue
key that references the hostname, for example:"ssmap":{"value":"ss.akamai.net"}
.
spdy
Property Manager name: SPDY
Applies the SPDY protocol, which
enhances HTTPS traffic by using many concurrent connections to
download objects within one TCP connection. You can only apply this
behavior within a hostname
match, and if the property
is marked as secure. See Secure property requirements for
guidance.
This behavior does not include any options. Specifying the behavior itself enables it.
standardTLSMigration
Property Manager name: Standard TLS Migration
Migrates traffic to
Standard TLS. Apply this behavior within the default rule or any
hostname
match. In some cases you may need to apply
this along with the
standardTLSMigrationOverride
behavior.
Options:
enabled
(boolean): Allows migration to Standard TLS.
migrationFrom
(enum string): Whether you are migrating traffic fromENHANCED_SECURE
TLS, from aSHARED_CERT
, orNON_SECURE
traffic.
allowHTTPSUpgrade
(boolean): WithmigrationFrom
set toNON_SECURE
, allows temporary upgrade of HTTP traffic to HTTPS.
allowHTTPSDowngrade
(boolean): WithmigrationFrom
set toNON_SECURE
, allow temporary downgrade of HTTPS traffic to HTTP. This removes variousOrigin
,Referer
,Cookie
,Cookie2
,sec-*
andproxy-*
headers from the request to origin.
migrationStartTime
(ISO 8601 format date/time string): With eitherallowHTTPSUpgrade
orallowHTTPSDowngrade
enabled, specifies when to start migrating the cache.
migrationDuration
(number): With eitherallowHTTPSUpgrade
orallowHTTPSDowngrade
enabled, specifies the number of days to migrate the cache.
cacheSharingStartTime
(ISO 8601 format date/time string): WithmigrationFrom
set toENHANCED_SECURE
, specifies when to start cache sharing.
cacheSharingDuration
(number): WithmigrationFrom
set toENHANCED_SECURE
, specifies the number cache sharing days.
isCertificateSNIOnly
(boolean): WithmigrationFrom
set toENHANCED_SECURE
, sets whether your new certificate is SNI-only.
isTieredDistributionUsed
(boolean): WithmigrationFrom
set toNON_SECURE
, allows you to align traffic to varioustieredDistribution
areas.
tdLocation
(enum string): WithisTieredDistributionUsed
enabled, specifies thetieredDistribution
location, eitherEUROPE
,APAC
(Asia and Pacific),AUSTRALIA
,US_WEST
,US_CENTRAL
,US_EAST
,GLOBAL
, orGLOBAL_LEGACY
.
standardTLSMigrationOverride
Property Manager name: Standard TLS Migration Override
When
applying standardTLSMigration
, add this
behavior if your new certificate is SNI-only, if your property
includes any advanced features, any Edge IP Binding enabled
hosts, or if any foreground downloads are configured.
This behavior does not include any options. Specifying the behavior itself enables it.
subCustomer
Property Manager name: Subcustomer Enablement
When positioned in a
property’s top-level default rule, enables various
Cloud Embed
features that allow you to leverage Akamai’s CDN architecture for your
own subcustomers. This behavior’s options allow you to use Cloud
Embed to configure your subcustomers’ content. Once enabled, you can
use the
Akamai Cloud Embed API
(ACE) to assign subcustomers to this base configuration, and to
customize policies for them. See also the
dynamicWebContent
behavior to configure
subcustomers’ dynamic web content.
Options:
enabled
(boolean): Allows Cloud Embed to dynamically modify your subcustomers’ content.
origin
(boolean): Allows you to assign origin hostnames for customers.
partnerDomainSuffix
(string): Withorigin
enabled, this specifies the appropriate domain suffix, which you should typically match with your property hostname. It identifies the domain as trustworthy on the Akamai network, despite being defined within Cloud Embed, outside of your base property configuration. Include this domain suffix if you want to purge subcustomer URLs. For example, if you provide a value ofsuffix.example.com
, then to purgesubcustomer.com/some/path
, specifysubcustomer.com.suffix.example.com/some/path
as the purge request’s URL.
caching
(boolean): Modifies content caching rules.
referrer
(boolean): Sets subcustomers’ referrer whitelists or blacklist.
ip
(boolean): Sets subcustomers’ IP whitelists or blacklists.
geoLocation
(boolean): Sets subcustomers’ location-based whitelists or blacklists.
refreshContent
(boolean): Allows you to reschedule when content validates for subcustomers.
modifyPath
(boolean): Modifies a subcustomer’s request path.
cacheKey
(boolean): Allows you to set which query parameters are included in the cache key.
tokenAuthorization
(boolean): When enabled, this allows you to configure edge servers to use tokens to control access to subcustomer content. Use Cloud Embed to configure the token to appear in a cookie, header, or query parameter.
siteFailover
(boolean): When enabled, allows you to configure unique failover sites for each subcustomer’s policy.
contentCompressor
(boolean): Allows compression of subcustomer content.
accessControl
(boolean): When enabled, this allows you to deny requests to a subcustomer’s content based on specific match conditions, which you use Cloud Embed to configure in each subcustomer’s policy.
dynamicWebContent
(boolean): When enabled, allows you to apply thedynamicWebContent
behavior to further modify how dynamic content behaves for subcustomers.
onDemandVideoDelivery
(boolean): Enables delivery of media assets to subcustomers.
largeFileDelivery
(boolean): Enables large file delivery for subcustomers.
liveVideoDelivery
(boolean): Enables live media streaming for subcustomers.
sureRoute
Property Manager name: SureRoute
The SureRoute feature continually tests different routes between origin and edge servers to identify the optimal path. By default, it conducts races to identify alternative paths to use in case of a transmission failure. These races increase origin traffic slightly.
This behavior allows you to configure SureRoute along with a test
object to improve delivery of non-cacheable no-store
or
bypass-cache
content. Since edge servers are already positioned as
close as possible to requesting clients, the behavior does not apply
to cacheable content.
Options:
enabled
(boolean): Enables the SureRoute behavior, to optimize delivery of non-cached content.
type
(enum string): Specifies the set of edge servers used to test routes, either the defaultPERFORMANCE
or aCUSTOM_MAP
that must be provided to you by Akamai Professional Services.
customMap
(string): Iftype
isCUSTOM_MAP
, this specifies the map string provided to you by Akamai Professional Services, or included as part of the Site Shield product.
testObjectUrl
(string): Specifies the path and filename for your origin’s test object to use in races to test routes.Akamai provides sample test objects for the Dynamic Site Accelerator and Web Application Accelerator products. If you want to use your own test object, it needs to be on the same origin server as the traffic being served through SureRoute. Make sure it returns a
200
HTTP response and does not require authentication. The file should be an average-sized static HTML file (Content-Type: text/html
) that is no smaller than 8KB, with no back-end processing.If you have more than one origin server deployed behind a load balancer, you can configure it to serve the test object directly on behalf of the origin, or route requests to the same origin server to avoid deploying the test object on each origin server.
toHostStatus
(enum string): If set toINCOMING_HH
, uses the incomingHost
header when requesting the SureRoute test object. If set toOTHER
, usetoHost
to specify a customHost
header.
toHost
(string): IftoHostStatus
isOTHER
, this specifies the customHost
header to use when requesting the SureRoute test object.
raceStatTtl
(duration string): Specifies the time-to-live to preserve SureRoute race results, typically30m
. If traffic exceeds a certain threshold after TTL expires, the overflow is routed directly to the origin, not necessarily optimally. If traffic remains under the threshold, the route is determined by the winner of the most recent race.
forceSslForward
(boolean): Forces SureRoute to use SSL when requesting the origin’s test object, appropriate if your origin does not respond to HTTP requests, or responds with a redirect to HTTPS.
enableCustomKey
(boolean): When disabled, caches race results under the race destination’s hostname. If enabled, usecustomStatKey
to specify a custom hostname.
customStatKey
(string): WithenableCustomKey
enabled, this specifies a hostname under which to cache race results. This may be useful when a property corresponds to many origin hostnames. By default, SureRoute would launch races for each origin, but consolidating under a single hostname runs only one race.
tcpOptimization
Property Manager name: TCP Optimizations
Enables a suite of optimizations targeting buffers, time-outs, and packet loss that improve transmission performance. This behavior is deprecated, but you should not disable or remove it if present.
This behavior does not include any options. Specifying the behavior itself enables it.
teaLeaf
Property Manager name: IBM Tealeaf Connector
Allows IBM Tealeaf Customer Experience on Cloud to record HTTPS requests and responses for Akamai-enabled properties. Recorded data becomes available in your IBM Tealeaf account.
Options:
enabled
(boolean): When enabled, capture HTTPS requests and responses, and send the data to your IBM Tealeaf account.
limitToDynamic
(boolean): Limit traffic to dynamic, uncached (No-Store
) content.
ibmCustomerId
(number): The integer identifier for the IBM Tealeaf Connector account.
tieredDistribution
Property Manager name: Tiered Distribution
This behavior allows
Akamai edge servers to retrieve cached content from other Akamai
servers, rather than directly from the origin. These interim parent
servers in the cache hierarchy (CH
) are positioned close to the
origin, and fall along the path from the origin to the edge
server. Tiered Distribution typically reduces the origin server’s
load, and reduces the time it takes for edge servers to refresh
content.
See also the
tieredDistributionAdvanced
behavior.
Options:
enabled
(boolean): When enabled, activates tiered distribution.
tieredDistributionMap
(enum string): Optionally map the tiered parent server’s location close to your origin:CHEU2
for Europe;CHAUS
for Australia;CHAPAC
for China and the Asian Pacific area;CHWUS2
,CHCUS2
, andCHEUS2
for different parts of the United States. ChooseCH
orCH2
for a more global map. A narrower local map minimizes the origin server’s load, and increases the likelihood the requested object is cached. A wider global map reduces end-user latency, but decreases the likelihood the requested object is in any given parent server’s cache. This option cannot apply if the property is marked as secure. See Secure property requirements for guidance.
timeout
Property Manager name: Connect Timeout
Sets the HTTP connect timeout.
Options:
value
(duration string): Specifies the timeout, for example10s
.
uidConfiguration
Property Manager name: UID Configuration
This behavior allows you to extract unique identifier (UID) values from live traffic, for use in OTA applications. Note that you are responsible for maintaining the security of any data that may identify individual users.
Options:
enabled
(boolean): Allows you to extract UIDs from client requests.
extractLocation
(enum string): Whether to extract the UID value from aCLIENT_REQUEST_HEADER
, aQUERY_STRING
, or from a rule treeVARIABLE
. (You should mark these variables as sensitive. See also Support for variables above.)
headerName
(string): WithextractLocation
set toCLIENT_REQUEST_HEADER
, this specifies the name of the HTTP header from which to extract the UID value.
queryParameterName
(string): WithextractLocation
set toQUERY_STRING
, this specifies the name of the query parameter from which to extract the UID value.
variableName
(string): WithextractLocation
set toVARIABLE
, this specifies the name of the rule tree variable from which to extract the UID value.
validateEntityTag
Property Manager name: Validate Entity Tag
Instructs edge servers
to compare the request’s ETag header with that of the cached
object. If they differ, the edge server sends a new copy of the
object. This validation occurs in addition to the default validation
of Last-Modified
and If-Modified-Since
headers.
Options:
enabled
(boolean): Enables the ETag validation behavior.
verifyJsonWebToken
Property Manager name: JWT Verification
This behavior allows you to use JSON Web Tokens (JWT) to verify requests.
Options:
extractLocation
(enum string): Specify from where to extract the JWT value, either from theCLIENT_REQUEST_HEADER
or from the request’sQUERY_STRING
.
headerName
(string): WithextractLocation
set toCLIENT_REQUEST_HEADER
, this specifies the name of the header from which to extract the JWT value.
queryParameterName
(string): WithextractLocation
set toQUERY_STRING
, this specifies the name of the query parameter from which to extract the JWT value.
jwt
(string): An identifier for the JWT keys collection.
verifyJsonWebTokenForDcp
Property Manager name: JWT
This behavior
allows you to use JSON web tokens (JWT) to verify requests for use in
implementing
IoT Edge Connect,
which you use the dcp
behavior to configure. You can specify
the location in a request to pass a JSON web token (JWT), collections
of public keys to verify the integrity of this token, and specific
claims to extract from it. Use the
verifyJsonWebToken
behavior for other JWT
validation.
When authenticating to edge servers with both JWT and mutual
authentication (using the
dcpAuthVariableExtractor
behavior), the
JWT method is ignored, and you need to authenticate with a client
authentication certificate.
Options:
extractLocation
(enum string): Specifies whether to get the JWT value from theCLIENT_REQUEST_HEADER
, or from aQUERY_STRING
.
customHeader
(boolean): WithextractLocation
set toCLIENT_REQUEST_HEADER
, The JWT value comes from theX-Akamai-DCP-Token
header by default. Enabling this option allows you to extract it from another header name that you specify.
headerName
(string): WithcustomHeader
enabled, this specifies the name of the header to extract the JWT value from.
queryParameterName
(string): WithextractLocation
set toQUERY_STRING
, this specifies the name of the query parameter from which to extract the JWT value.
jwt
(string): An identifier for the JWT keys collection.
extractClientId
(boolean): When enabled, allows you to extract the client ID claim name stored in JWT.
clientId
(string): WithextractClientId
enabled, this specifies the claim name.
extractAuthorizations
(boolean): When enabled, allows you to extract the authorization groups stored in the JWT.
authorizations
(string): WithextractAuthorizations
enabled, this specifies the authorization group name.
extractUserName
(boolean): When enabled, allows you to extract the user name stored in the JWT.
userName
(string): WithextractUserName
enabled, this specifies the user name.
verifyTokenAuthorization
Property Manager name: Auth Token 2.0 Verification
Verifies Auth 2.0 tokens.
Options:
useAdvanced
(boolean): If enabled, allows you to specify advanced options such asalgorithm
,escapeHmacInputs
,ignoreQueryString
,transitionKey
, andsalt
.
location
(enum string): Specifies where to find the token in the incoming request, eitherCLIENT_REQUEST_HEADER
,QUERY_STRING
, orCOOKIE
.
locationId
(string): Whenlocation
isCLIENT_REQUEST_HEADER
, specifies the name of the incoming request’s header where to find the token.
algorithm
(enum string): WithuseAdvanced
enabled, specifies the algorithm that generates the token, eitherSHA256
,SHA1
, orMD5
, in order of descending security. It must match the method chosen in the token generation code.
escapeHmacInputs
(boolean): WithuseAdvanced
enabled, URL-escapes HMAC inputs passed in as query parameters.
ignoreQueryString
(boolean): WithuseAdvanced
enabled, enabling this removes the query string from the URL used to form an encryption key.
key
(string): The shared secret used to validate tokens, which must match the key used in the token generation code.
transitionKey
(string): WithuseAdvanced
enabled, specifies a transition key as a hex value.
salt
(string): WithuseAdvanced
enabled, specifies a salt string for input when generating the token, which must match the salt value used in the token generation code.
failureResponse
(boolean): When enabled, sends an HTTP error when an authentication test fails.
visitorPrioritization
Property Manager name: Visitor Prioritization Cloudlet
The
Visitor Prioritization Cloudlet
is designed to decrease abandonment by providing a user-friendly
waiting room experience. With cloudlets available on your contract,
choose
Your services ⇒ Edge logic Cloudlets
to control Visitor Prioritization within
Control Center.
Otherwise use the
Cloudlets API
to configure it programmatically. To serve non-HTML API content such
as JSON blocks, see the apiPrioritization
behavior.
Options:
enabled
(boolean): Enables the Visitor Prioritization behavior.
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
userIdentificationByCookie
(boolean): When enabled, identifies users by the value of a cookie.
userIdentificationKeyCookie
(string): WithuserIdentificationByCookie
enabled, specifies the name of the cookie whose value identifies users. To match a user, the value of the cookie needs to remain constant across all requests.
userIdentificationByHeaders
(boolean): When enabled, identifies users by the values of GET or POST request headers.
userIdentificationKeyHeaders
(array of string values): WithuserIdentificationByHeaders
enabled, specifies names of request headers whose values identify users. To match a user, values for all the specified headers need to remain constant across all requests.
userIdentificationByIp
(boolean): When enabled, allows IP addresses to identify users.
userIdentificationByParams
(boolean): When enabled, identifies users by the values of GET or POST request parameters.
userIdentificationKeyParams
(array of string values): WithuserIdentificationByParams
enabled, specifies names of request parameters whose values identify users. To match a user, values for all the specified parameters need to remain constant across all requests. Parameters that are absent or blank may also identify users.
allowedUserCookieEnabled
(boolean): When enabled, sets a cookie for users who have been allowed through to the site.
allowedUserCookieLabel
(string): WithallowedUserCookieEnabled
on, specifies a label to distinguish this cookie for an allowed user from others. The value appends to the cookie’s name, and helps you to maintain the same user assignment across behaviors within a property, and across properties.
allowedUserCookieDuration
(number within 0–600 range): WithallowedUserCookieEnabled
on, sets the number of seconds for the allowed user’s session once allowed through to the site.
allowedUserCookieRefresh
(boolean): WithallowedUserCookieEnabled
on, enabling this resets the duration of an allowed cookie with each request, so that it only expires if the user doesn’t make any requests for the specified duration. Do not enable this option if you want to set a fixed time for all users.
allowedUserCookieAdvanced
(boolean): WithallowedUserCookieEnabled
on, sets advanced configuration options for the allowed user’s cookie.
allowedUserCookieAutomaticSalt
(boolean): WithallowedUserCookieAdvanced
enabled, sets an automatic salt value to verify the integrity of the cookie for an allowed user. Disable this if you want to share the cookie across properties.
allowedUserCookieSalt
(string): WithallowedUserCookieAdvanced
enabled andallowedUserCookieAutomaticSalt
disabled, specifies a fixed salt value, which is incorporated into the cookie’s value to prevent users from manipulating it. You can use the same salt string across different behaviors or properties to apply a single cookie to all allowed users.
allowedUserCookieDomainType
(enum string): WithallowedUserCookieAdvanced
enabled, selects whether to use theDYNAMIC
incoming host header, or aCUSTOMER
-defined cookie domain.
allowedUserCookieDomain
(string): WithallowedUserCookieAdvanced
enabled, specifies a domain for an allowed user cookie.
allowedUserCookieHttpOnly
(boolean): WithallowedUserCookieAdvanced
enabled, applies theHttpOnly
flag to the allowed user’s cookie to ensure it’s accessed over HTTP and not manipulated by the client.
allowedUserCookieSecure
(boolean): WithallowedUserCookieAdvanced
enabled, applies theSecure
flag to the allowed user’s cookie to transmit it over a secure connection. You can apply this option only if the property itself is secure. See Secure property requirements for guidance.
waitingRoomCookieEnabled
(boolean): Enables a cookie to track a waiting room assignment.
waitingRoomCookieShareLabel
(boolean): WithallowedUserCookieEnabled
andwaitingRoomCookieEnabled
bothtrue
, enabling this option shares the sameallowedUserCookieLabel
string. If disabled, specify a differentwaitingRoomCookieLabel
.
waitingRoomCookieLabel
(string): WithwaitingRoomCookieEnabled
on and eitherallowedUserCookieEnabled
orwaitingRoomCookieShareLabel
off, specifies a label to distinguish this waiting room cookie from others. The value appends to the cookie’s name, and helps you to maintain the same waiting room assignment across behaviors within a property, and across properties.
waitingRoomCookieDuration
(number within 0–120 range): WithwaitingRoomCookieEnabled
on, sets the number of seconds for which users remain in the waiting room. During this time, users who refresh the waiting room page remain there.
waitingRoomCookieAdvanced
(boolean): When enabled along withwaitingRoomCookieEnabled
, sets advanced configuration options for the waiting room cookie.
waitingRoomCookieAutomaticSalt
(boolean): WithwaitingRoomCookieAdvanced
enabled, sets an automatic salt value to verify the integrity of the waiting room cookie. Disable this if you want to share the cookie across properties.
waitingRoomCookieSalt
(string): WithwaitingRoomCookieAdvanced
enabled andwaitingRoomCookieAutomaticSalt
disabled, specifies a fixed salt value, which is incorporated into the cookie’s value to prevent users from manipulating it. You can use the same salt string across different behaviors or properties to apply a single cookie for the waiting room session.
waitingRoomCookieDomainType
(enum string): WithwaitingRoomCookieAdvanced
enabled, selects whether to use theDYNAMIC
incoming host header, or aCUSTOMER
-defined cookie domain.
waitingRoomCookieDomain
(string): WithwaitingRoomCookieAdvanced
enabled, specifies a domain for the waiting room cookie.
waitingRoomCookieHttpOnly
(boolean): WithwaitingRoomCookieAdvanced
enabled, applies theHttpOnly
flag to the waiting room cookie to ensure it’s accessed over HTTP and not manipulated by the client.
waitingRoomCookieSecure
(boolean): WithwaitingRoomCookieAdvanced
enabled, applies theSecure
flag to the waiting room cookie to transmit it over a secure connection. You can apply this option only if the property itself is secure. See Secure property requirements for guidance.
waitingRoomStatusCode
(number): Specifies the response code for requests sent to the waiting room.
waitingRoomUseCpCode
(boolean): When enabled, allows you to assign a different CP code that tracks any requests that are sent to the waiting room.
waitingRoomCpCode
(object): WithwaitingRoomUseCpCode
enabled, specifies acpcode
object for requests sent to the waiting room, including a numericid
key and a descriptivename
:"waitingRoomCpCode": { "id": 12345, "name": "sent to waiting room" }
waitingRoomNetStorage
(object): Specifies the NetStorage domain for the waiting room page. For example:"waitingRoomNetStorage": { "id": "netstorage_id", "name": "Example Downloads", "downloadDomainName": "download.example.com", "cpCode": 12345 }
waitingRoomDirectory
(string; allows variables): Specifies the NetStorage directory that contains the static waiting room page, with no trailing slash character.
waitingRoomCacheTtl
(number within 5–30 range): Specifies the waiting room page’s time to live in the cache,5
minutes by default.
watermarkUrl
Property Manager name: Watermark Token
Aliases a token to a watermark image URL.
Options:
token
(string): Specifies the string token.
imageUrl
(string): Specifies the URL for the watermark image.
webApplicationFirewall
Property Manager name: Web Application Firewall
The Web Application Firewall behavior implements a suite of security features that blocks threatening HTTP and HTTPS requests. Use it as your primary firewall, or in addition to existing security measures. Only one referenced configuration is allowed per property, so this behavior typically belongs as part of its default rule.
Options:
firewallConfiguration
(object): An object featuring details about your firewall configuration, for example:"firewallConfiguration": { "configId" : 1, "productionStatus" : "Active", "productionVersion" : 1, "stagingStatus" : "Active", "stagingVersion" : 1 }
webdav
Property Manager name: WebDAV
Web-based Distributed Authoring
and Versioning (WebDAV) is a set of extensions to the HTTP protocol
that allows users to collaboratively edit and manage files on remote
web servers. This behavior enables WebDAV, and provides support for
the following additional request methods: PROPFIND, PROPPATCH, MKCOL,
COPY, MOVE, LOCK, and UNLOCK. To apply this behavior, you need to
match on a requestMethod
.
Options:
enabled
(boolean): Enables the WebDAV behavior.
webSockets
Property Manager name: WebSockets
The WebSocket protocol allows web applications real-time bidirectional communication between clients and servers.
Options:
enabled
(boolean): Enables WebSocket traffic.
Criteria
The following represents all rule criteria the Property Manager API supports. The set available to you is determined by the product and modules associated with the property. Use the List Available Criteria operation to get this information.
This reference specifies features used in the v2020-03-04
rule
format. See the
PAPI Feature Catalog Reference
for details on the most recent feature set, which corresponds to the
latest
rule format.
advancedImMatch
Property Manager name: Image and Video Manager
Matches whether the
imageManager
behavior already applies to the
current set of requests.
Options:
imRequest
(enum string): Whether the current request isFROM_IM
(Image and Video Manager) orNOT_FROM_IM
.
bucket
Property Manager name: Percentage of Clients
This read-only criteria
matches a specified percentage of requests when used with the required
accompanying spdy
behavior. Contact Akamai Professional
Services for help configuring it.
Options:
percentage
(number within 0–100 range): Specifies the percentage of SPDY requests to match.
cacheability
Property Manager name: Response Cacheability
Matches the current cache
state. Note that any NO_STORE
or BYPASS_CACHE
HTTP headers set on
the origin’s content overrides properties’
caching
instructions, in which case this
criteria does not apply.
Options:
matchOperator
(enum string): When set toIS
, matches thevalue
. If set toIS_NOT
, reverses the match so that the cache state does not match the specifiedvalue
.
value
(enum string): Content’s cache is enabled (CACHEABLE
) or not (NO_STORE
), or else is ignored (BYPASS_CACHE
).
chinaCdnRegion
Property Manager name: ChinaCDN Region
Identifies traffic deployed over Akamai’s regional ChinaCDN infrastructure.
Options:
matchOperator
(enum string): Specify whether the requestIS
orIS_NOT
deployed over ChinaCDN.
clientCertificate
Property Manager name: Client certificate
Matches whether you have configured a client certificate to authenticate requests to edge servers.
Options:
isCertificatePresent
(boolean): When enabled, executes rule behaviors only if a client certificate authenticates requests.
clientIp
Property Manager name: Client IP
Matches the IP number of the requesting client.
Options:
matchOperator
(enum string): Matches the contents ofvalues
if set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
values
(array of string values): IP or CIDR block, for example:71.92.0.0/14
.
useHeaders
(boolean): When connecting via a proxy server as determined by theX-Forwarded-For
header, enabling this option matches the connecting client’s IP address rather than the original end client specified in the header.
clientIpVersion
Property Manager name: Client IP Version
Matches the version of the IP protocol used by the requesting client.
Options:
value
(enum string): The IP version of the client request, eitherIPV4
orIPV6
.
useXForwardedFor
(boolean): When connecting via a proxy server as determined by theX-Forwarded-For
header, enabling this option matches the connecting client’s IP address rather than the original end client specified in the header.
cloudletsOrigin
Property Manager name: Conditional Origin ID
Allows Cloudlets Origins, referenced by label, to define their own criteria to assign custom origin definitions. The criteria may match, for example, for a specified percentage of requests defined by the cloudlet to use an alternative version of a website.
This criteria must be paired with a sibling origin
definition. It should not appear with any other criteria, and an
allowCloudletsOrigins
behavior must
appear within a parent rule.
Options:
originId
(string): The Cloudlets Origins identifier, limited to alphanumeric and underscore characters.
contentDeliveryNetwork
Property Manager name: CDN Network
A read-only criteria that specifies the type of Akamai network handling the request. Contact Akamai Professional Services for help configuring it.
Options:
matchOperator
(enum string): Matches the specifiednetwork
if set toIS
, otherwiseIS_NOT
reverses the match..
network
(enum string): Match requests served from either thePRODUCTION
orSTAGING
network.
contentType
Property Manager name: Content Type
Matches the HTTP response
header’s Content-Type
.
Options:
matchOperator
(enum string): Matches anyContent-Type
among specifiedvalues
when set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
values
(array of string values):Content-Type
response header value, for exampletext/html
.
matchWildcard
(boolean): When enabled, allows*
and?
wildcard matches among thevalues
, so that specifyingtext/*
matches bothtext/html
andtext/css
.
matchCaseSensitive
(boolean): When enabled, the match is case-sensitive for allvalues
.
deviceCharacteristic
Property Manager name: Device Characteristics
Match various aspects of the device or browser making the request.
Based on the value of the characteristic
option, the expected value
is either a boolean, a number, or a string, possibly representing a
version number. Each type of value requires a different value-
field:
booleanValue
specifies a boolean value.numericValue
specifies a numeric value.versionValue
specifies a version number string value.stringValue
specifies any other string value, to which thevalueCase
andvalueWildcard
options apply.
Options:
characteristic
(enum string): Aspect of the device or browser to match. The following values are boolean:ACCEPT_THIRD_PARTY_COOKIE
AJAX_SUPPORT_JAVASCRIPT
COOKIE_SUPPORT
DUAL_ORIENTATION
(whether the display adapts to portrait/landscape orientation)FULL_FLASH_SUPPORT
GIF_ANIMATED
IS_MOBILE
IS_TABLET
(subset ofIS_MOBILE
)IS_WIRELESS_DEVICE
The following are numeric values:
PHYSICAL_SCREEN_HEIGHT
(millimeters)PHYSICAL_SCREEN_WIDTH
(millimeters)RESOLUTION_HEIGHT
(pixels)RESOLUTION_WIDTH
(pixels)XHTML_SUPPORT_LEVEL
The following are version string values:
DEVICE_OS_VERSION
MOBILE_BROWSER_VERSION
The following are string values:
BRAND_NAME
(such asSamsung
orApple
)DEVICE_OS
MARKETING_NAME
(such asSamsung Illusion
)MOBILE_BROWSER
MODEL_NAME
(such asSCH-I110
)
stringMatchOperator
(enum string): When thecharacteristic
expects a string value, set this toMATCHES_ONE_OF
to match against thestringValue
set, otherwise set toDOES_NOT_MATCH_ONE_OF
to exclude that set of values.
numericMatchOperator
(enum string): When thecharacteristic
expects a numeric value, compares the specifiednumericValue
against the matched client, using the following operators:IS
,IS_MORE_THAN_OR_EQUAL
,IS_MORE_THAN
,IS_LESS_THAN_OR_EQUAL
,IS_LESS_THAN
,IS_NOT
.
versionMatchOperator
(enum string): When thecharacteristic
expects a version string value, compares the specifiedversionValue
against the matched client, using the following operators:IS
,IS_MORE_THAN_OR_EQUAL
,IS_MORE_THAN
,IS_LESS_THAN_OR_EQUAL
,IS_LESS_THAN
,IS_NOT
.
booleanValue
(boolean): When thecharacteristic
expects a boolean value, this specifies the value.
stringValue
(array of string values): When thecharacteristic
expects a string, this specifies the set of values.
numericValue
(number): When thecharacteristic
expects a numeric value, this specifies the number.
versionValue
(string): When thecharacteristic
expects a version number, this specifies it as a string.
matchCaseSensitive
(boolean): When enabled, the match is case-sensitive for thestringValue
field.
matchWildcard
(boolean): When enabled, allows*
and?
wildcard matches in thestringValue
field.
fileExtension
Property Manager name: File Extension
Matches the requested filename’s extension, if present.
Options:
matchOperator
(enum string): Matches the contents ofvalues
if set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
values
(array of string values): An array of file extension strings, with no leading dot characters, for examplepng
,jpg
,jpeg
, andgif
.
matchCaseSensitive
(boolean): When enabled, the match is case-sensitive.
filename
Property Manager name: Filename
Matches the requested filename, or test whether it is present.
Options:
matchOperator
(enum string): If set toIS_ONE_OF
orIS_NOT_ONE_OF
, matches whether thevalue
matches. If set toIS_EMPTY
orIS_NOT_EMPTY
, matches whether the specified filename is part of the path.
values
(array of string values): Matches the filename component of the request URL. Wildcards are allowed, where?
matches a single character and*
matches more than one. For example, specifyfilename.*
to accept any extension.
matchCaseSensitive
(boolean): When enabled, the match is case-sensitive for thevalue
field.
hostname
Property Manager name: Hostname
Matches the requested hostname.
Options:
matchOperator
(enum string): Matches the contents ofvalues
when set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
values
(array of string values): A list of hostnames. Wildcards match, so*.example.com
matches bothm.example.com
andwww.example.com
.
matchAdvanced
Property Manager name: Advanced Match
A read-only criteria that specifies Akamai XML metadata. It can only be configured on your behalf by Akamai Professional Services.
Options:
description
(string): A human-readable description of what the XML block does.
openXml
(string): An XML string that opens the relevant block.
closeXml
(string): An XML string that closes the relevant block.
matchCpCode
Property Manager name: Content Provider Code
Match the assigned content provider code.
Options:
value
(object): Specifies an object that encodes the matchingvalue
, including anid
key and a descriptivename
:"value": { "id" : 12345, "name" : "my cpcode" }
matchResponseCode
Property Manager name: Response Status Code
Match a set or range of HTTP response codes.
Options:
matchOperator
(enum string): Matches the contents ofvalues
if set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match. If set toIS_BETWEEN
, matches the numeric range betweenlowerBound
andupperBound
, otherwiseIS_NOT_BETWEEN
reverses the match.
values
(array of string values): A set of response codes to match, for example["404","500"]
.
lowerBound
(number): Specifies the start of a range of responses whenmatchOperator
is eitherIS_BETWEEN
orIS_NOT_BETWEEN
. For example,400
to match anything from400
to500
.
upperBound
(number): Specifies the end of a range of responses whenmatchOperator
is eitherIS_BETWEEN
orIS_NOT_BETWEEN
. For example,500
to match anything from400
to500
.
matchVariable
Property Manager name: Variable
Matches a built-in
variable, or a custom variable pre-declared within the rule tree by
the setVariable
behavior. See
Support for variables for more information on this feature.
Options:
variableName
(string): The name of the variable to match.
matchOperator
(enum string): The type of match, based on which you use different options to specify the match criteria.- If set to
IS
orIS_NOT
, specify a singlevariableExpression
string. - If set to
IS_GREATER_THAN
,IS_LESS_THAN
,IS_GREATER_THAN_OR_EQUAL_TO
, orIS_LESS_THAN_OR_EQUAL_TO
, specify a singlevariableExpression
string. - If set to
IS_BETWEEN
orIS_NOT_BETWEEN
, specify a range between numericlowerBound
andupperBound
values. - If set to
IS_ONE_OF
orIS_NOT_ONE_OF
, specify an array of stringvariableValues
. - If set to
IS_EMPTY
orIS_NOT_EMPTY
, no other option is required. These check if a defined variable contains a value. You can’t activate a rule that matches an undefined variable.
- If set to
variableValues
(array of string values): WithmatchOperator
set to eitherIS_ONE_OF
orIS_NOT_ONE_OF
, specifies an array of matching strings.
variableExpression
(string; allows variables): WithmatchOperator
set to eitherIS
orIS_NOT
, specifies a single matching string.
lowerBound
(string): WithmatchOperator
set to eitherIS_BETWEEN
orIS_NOT_BETWEEN
, specifies the range’s numeric minimum value.
upperBound
(string): WithmatchOperator
set to eitherIS_BETWEEN
orIS_NOT_BETWEEN
, specifies the range’s numeric maximum value.
matchWildcard
(boolean): When matching string expressions, enabling this matches wildcard metacharacters such as*
and?
.
matchCaseSensitive
(boolean): When matching string expressions, enabling this performs a case-sensitive match.
metadataStage
Property Manager name: Metadata Stage
Matches how the current rule corresponds to low-level syntax elements in translated XML metadata, indicating progressive stages as each edge server handles the request and response. To use this match, you need to be thoroughly familiar with how Akamai edge servers process requests. Contact your Akamai Technical representative if you need help, and test thoroughly on staging before activating on production.
Options:
matchOperator
(enum string): Tests whether the current ruleIS
orIS_NOT
at the specified metadata stage.
value
(enum string): Specifies the metadata stage, one of the following:content-policy
: This stage calculates whether there is a property configuration for this request.client-request
: When the Akamai server receives the request.client-request-body
: The Akamai server inspects the contents of the request as a security check.ipa-response
: Occurs of a response is received from an intermediate processing agent (IPA) server.cache-hit
: Content is cacheable and is already cached, but not yet tested for freshness.forward-start
: A brief transitory stage while the Akamai server selects a forward server or persistent connection.forward-request
: Immediately before the Akamai server tries to connect to a forward server.forward-response
: After the forward server responds. Occurs for content received from an origin server, for example when not caching it.client-response
: Occurs prior to constructing a response.client-done
: Occurs after the response completes.
originTimeout
Property Manager name: Origin Timeout
Matches when the origin responds with a timeout error.
Options:
matchOperator
(enum string): Specifies a single requiredORIGIN_TIMED_OUT
value.
path
Property Manager name: Path
Matches the URL’s non-hostname path component.
Options:
matchOperator
(enum string): Matches the contents ofvalues
when set toMATCHES_ONE_OF
, otherwiseDOES_NOT_MATCH_ONE_OF
reverses the match.
values
(array of string values): Matches the URL path, excluding leading hostname and trailing query parameters. The path is relative to the server root, for example/blog
. Thevalue
accepts*
or?
wildcard characters, for example/blog/*/2014
.
matchCaseSensitive
(boolean): When enabled, the match is case-sensitive.
queryStringParameter
Property Manager name: Query String Parameter
Matches query string field names or values.
Options:
parameterName
(string): The name of the query field, for example,q
in?q=string
.
matchOperator
(enum string): Narrows the match according to the following criteria:EXISTS
orDOES_NOT_EXIST
tests whether the query field’sparameterName
is present in the requesting URL.IS_ONE_OF
orIS_NOT_ONE_OF
tests whether the field’svalue
string matches.IS_LESS_THAN
orIS_MORE_THAN
matches ranges when thevalue
is numeric.IS_BETWEEN
also matches numeric ranges, but considerslowerBound
andupperBound
fields rather thanvalue
.
values
(array of string values): The value of the query field, for example,string
in?q=string
.
lowerBound
(number): When thevalue
is numeric and thematchOperator
is set toIS_BETWEEN
, this field specifies the match’s minimum value.
upperBound
(number): When thevalue
is numeric and thematchOperator
is set toIS_BETWEEN
, this field specifies the match’s maximum value.
matchWildcardName
(boolean): When enabled, allows*
and?
wildcard matches in theparameterName
field.
matchCaseSensitiveName
(boolean): When enabled, the match is case-sensitive for theparameterName
field.
matchWildcardValue
(boolean): When enabled, allows*
and?
wildcard matches in thevalue
field.
matchCaseSensitiveValue
(boolean): When enabled, the match is case-sensitive for thevalue
field.
escapeValue
(boolean): When enabled, matches when thevalue
is URL-escaped.
random
Property Manager name: Sample Percentage
Matches a specified percentage of requests. Use this match to apply behaviors to a percentage of your incoming requests that differ from the remainder, useful for A/b testing, or to offload traffic onto different servers.
Options:
bucket
(number within 0–100 range): Specify a percentage of random requests to which to apply a behavior. Any remainders do not match.
regularExpression
Property Manager name: Regex
Matches a regular expression against a string, especially to apply behaviors flexibly based on the contents of dynamic variables.
Options:
matchString
(string; allows variables): The string to match, typically the contents of a dynamic variable.
regex
(string): The regular expression (PCRE) to match against the string.
caseSensitive
(boolean): When disabled, the regular expression match is case-insensitive.
requestCookie
Property Manager name: Request Cookie
Match the cookie name or value passed with the request.
Options:
cookieName
(string): The name of the cookie, for example,visitor
invisitor:anon
.
matchOperator
(enum string): Narrows the match according to the following criteria:EXISTS
orDOES_NOT_EXIST
tests whether the cookiecookieName
exists.IS
orIS_NOT
tests whether the field’svalue
string matches.IS_BETWEEN
tests whether a numeric cookievalue
falls betweenlowerBound
andupperBound
.
value
(string): The cookie’s value, for example,anon
invisitor:anon
.
lowerBound
(number): When thevalue
is numeric and thematchOperator
is set toIS_BETWEEN
, this field specifies the match’s minimum value.
upperBound
(number): When thevalue
is numeric and thematchOperator
is set toIS_BETWEEN
, this field specifies the match’s maximum value.
matchWildcardName
(boolean): When enabled, allows*
and?
wildcard matches in thecookieName
field.
matchCaseSensitiveName
(boolean): When enabled, the match is case-sensitive for thecookieName
field.
matchWildcardValue
(boolean): When enabled, allows*
and?
wildcard matches in thevalue
field.
matchCaseSensitiveValue
(boolean): When enabled, the match is case-sensitive for thevalue
field.
requestHeader
Property Manager name: Request Header
Match HTTP header names or values.
Options:
headerName
(string): The name of the request header, for exampleAccept-Language
.
matchOperator
(enum string): Narrows the match according to the following criteria:EXISTS
orDOES_NOT_EXIST
tests whether the fieldheaderName
exists.IS_ONE_OF
orIS_NOT_ONE_OF
tests whether the field’svalue
string matches.
values
(array of string values): The request header’s value, for exampleen-US
when the headerheaderName
isAccept-Language
.
matchWildcardName
(boolean): When enabled, allows*
and?
wildcard matches in theheaderName
field.
matchWildcardValue
(boolean): When enabled, allows*
and?
wildcard matches in thevalue
field.
matchCaseSensitiveValue
(boolean): When enabled, the match is case-sensitive for thevalue
field.
requestMethod
Property Manager name: Request Method
Specify the request’s HTTP verb. Also supports WebDAV methods and common Akamai operations.
Options:
matchOperator
(enum string): Matches thevalue
when set toIS
, otherwiseIS_NOT
reverses the match.
value
(enum string): Any of the following HTTP methods:CONNECT
COPY
GET
HEAD
HTTP_DELETE
(note the additional prefix)OPTIONS
POST
PUT
TRACE
May also specify the following WebDAV methods:
DAV_ACL
DAV_CHECKOUT
DAV_COPY
DAV_DMCREATE
DAV_DMINDEX
DAV_DMMKPATHS
DAV_DMMKPATH
DAV_DMOVERLAY
DAV_DMPATCHPATHS
DAV_LOCK
DAV_MERGE
DAV_MKACTIVITY
DAV_MKCALENDAR
DAV_MKCOL
DAV_MOVE
DAV_PROPFIND
DAV_PROPPATCH
DAV_REPORT
DAV_SETPROCESS
DAV_SETREDIRECT
DAV_TRUTHGET
DAV_UNLOCK
May also specify the following Akamai operations:
AKAMAI_PURGE
AKAMAI_TRANSLATE
requestProtocol
Property Manager name: Request Protocol
Matches whether the request uses the HTTP or HTTPS protocol.
Options:
value
(enum string): EitherHTTP
orHTTPS
.
requestType
Property Manager name: Request Type
Matches the basic type of request. To use this match, you need to be thoroughly familiar with how Akamai edge servers process requests. Contact your Akamai Technical representative if you need help, and test thoroughly on staging before activating on production.
Options:
matchOperator
(enum string): Specifies whether the requestIS
orIS_NOT
the type of specifiedvalue
.
value
(enum string): Specifies the type of request, either a standardCLIENT_REQ
or anESI_FRAGMENT
.
responseHeader
Property Manager name: Response Header
Match HTTP header names or values.
Options:
headerName
(string): The name of the response header, for exampleContent-Type
.
matchOperator
(enum string): Narrows the match according to the following criteria:EXISTS
orDOES_NOT_EXIST
tests whether the HTTP fieldheaderName
is present.IS_ONE_OF
orIS_NOT_ONE_OF
tests whether the field’svalue
string matches.IS_LESS_THAN
orIS_MORE_THAN
matches ranges when thevalue
is numeric.IS_BETWEEN
also matches numeric ranges, but considerslowerBound
andupperBound
fields rather thanvalue
.
values
(array of string values): The response header’s value, for exampleapplication/x-www-form-urlencoded
when the headerheaderName
isContent-Type
.
lowerBound
(number): When thevalue
is numeric and thematchOperator
is set toIS_BETWEEN
, this field specifies the match’s minimum value.
upperBound
(number): When thevalue
is numeric and thematchOperator
is set toIS_BETWEEN
, this field specifies the match’s maximum value.
matchWildcardName
(boolean): When enabled, allows*
and?
wildcard matches in theheaderName
field.
matchWildcardValue
(boolean): When enabled, allows*
and?
wildcard matches in thevalue
field.
matchCaseSensitiveValue
(boolean): When enabled, the match is case-sensitive for thevalue
field.
time
Property Manager name: Time Interval
Specifies ranges of times during which the request occurred.
Options:
matchOperator
(enum string): Specifies how to define the range of time:BEGINNING
if the duration is indefinite, using the value ofbeginDate
.BETWEEN
sets a single range between two dates, using the values ofbeginDate
andendDate
.LASTING
also sets a single range, but based on duration relative to the starting time. It relies on the values oflastingDate
andlastingDuration
.REPEATING
allows aLASTING
-style range to repeat at regular intervals. It relies on the values ofrepeatBeginDate
,repeatDuration
, andrepeatInterval
.
repeatInterval
(duration string): Sets the time between each repeating time period’s starting points whenbehavior
set toREPEATING
.
repeatDuration
(duration string): Sets the duration of each repeating time period withbehavior
set toREPEATING
.
lastingDuration
(duration string): Withbehavior
set toLASTING
, specifies the end of a time period as a duration relative to thelastingDate
.
lastingDate
(ISO 8601 format date/time string): Sets the start of a fixed time period withbehavior
set toLASTING
.
repeatBeginDate
(ISO 8601 format date/time string): Sets the start of the initial time period withbehavior
set toREPEATING
.
applyDaylightSavingsTime
(boolean): Adjusts the start time plus repeat interval to account for daylight saving time. Applies when the current time and the start time use different systems, daylight and standard, and the two values are in conflict.
beginDate
(ISO 8601 format date/time string): Sets the start of a time period withbehavior
set toBEGINNING
orBETWEEN
.
endDate
(ISO 8601 format date/time string): Sets the end of a fixed time period withbehavior
set toBETWEEN
.
tokenAuthorization
Property Manager name: Token Verification Result
Match on Auth Token 2.0 verification results.
Options:
matchOperator
(enum string): EitherIS_SUCCESS
if there are no errors,IS_CUSTOM_FAILURE
for any errors specified bystatusList
, orIS_ANY_FAILURE
if there are any errors.
statusList
(array of string values): Match specific failure cases:
EXPIRED_TOKEN INVALID_ACL_DELIMITER INVALID_DELIMITER INVALID_HMAC INVALID_HMAC_KEY INVALID_IP INVALID_TOKEN INVALID_URL MISSING_EXPIRATION_TIME MISSING_TOKEN MISSING_URL NEED_URL_XOR_ACL TOKEN_NOT_VALID_YET UNAUTHORIZED_IP UNAUTHORIZED_URL UNSUPPORTED_VERSION
userAgent
Property Manager name: User Agent
Matches the user agent string that helps identify the client browser and device.
Options:
matchOperator
(enum string): Matches the specified set ofvalues
when set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
values
(array of string values): TheUser-Agent
header’s value. For example,Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
.
matchWildcard
(boolean): When enabled, allows*
and?
wildcard matches in thevalue
field. For example,*Android*
,*iPhone5*
,*Firefox*
, or*Chrome*
.
matchCaseSensitive
(boolean): When enabled, the match is case-sensitive for thevalue
field.
userLocation
Property Manager name: User Location Data
The client browser’s approximate geographic location, determined by looking up the IP address in a database.
Options:
field
(enum string): Indicates the geographic scope:CONTINENT
,COUNTRY
, orREGION
for states or provinces within a country.
matchOperator
(enum string): Matches the specified set of values when set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
countryValues
(array of string values): ISO 3166–1 country code, such asUS
orCN
.
continentValues
(array of string values): Continent code, one ofAF
(Africa),AS
(Asia),EU
(Europe),NA
(North America),SA
(South America),OC
(Oceania), orOT
(Antarctica).
regionValues
(array of string values): ISO 3166 country and region codes, for exampleUS:MA
for Massachusetts orJP:13
for Tokyo.
checkIps
(enum string): Specifies which IP addresses determine the user’s location:CONNECTING
considers the connecting client’s IP address.HEADERS
considers IP addresses specified in theX-Forwarded-For
header, succeeding if any of them match.BOTH
behaves likeHEADERS
, but also considers the connecting client’s IP address.
useOnlyFirstXForwardedForIp
(boolean): When connecting via a proxy server as determined by theX-Forwarded-For
header, enabling this option matches the end client specified in the header. Disabling it matches the connecting client’s IP address.
userNetwork
Property Manager name: User Network Data
Matches details of the network over which the request was made, determined by looking up the IP address in a database.
Options:
field
(enum string): The type of information to match, eitherBANDWIDTH
, a specificNETWORK
, or a more generalNETWORK_TYPE
.
matchOperator
(enum string): Matches the specified set of values when set toIS_ONE_OF
, otherwiseIS_NOT_ONE_OF
reverses the match.
networkTypeValues
(array of string values): Specifies the basic type of network, eitherCABLE
,DIALUP
,DSL
,FIOS
,ISDN
,MOBILE
, orUVERSE
.
networkValues
(array of string values): Any set of specific networks:
airtel alpha_internet altitudetelecom aol arnet asahi att bellcanada biglobe bitmailer bouygues brighthouse bskyb bt cablevision cernet chinamobile chinanet chinaunicom clearwire colt comcast completel compuserve covad dion dreamnet dtag dti earthlink easynet eurociber fastweb fibertel francetelecom free freecom h3g hinet ibm idecnet iij4u infosphere janet jazztell justnet livedoor mci mediacom mediaone microsoft mil nerim newnet @nifty numericable ocn odn ono panasonic-hi-ho plala plusnet prodigy qwest rediris renater reserved retevision roadrunner rogers seednet seikyo_internet sfr shaw so-net sprint suddenlink talktalk telefonica telstra terramexico ti tikitiki timewarner tiscali tmobile turktelekom uni2 uninet upc uunet verizon virginmedia vodafone wakwak wind windstream zero
bandwidthValues
(array of string values): Bandwidth range in bits per second, either1
,57
,257
,1000
,2000
, or5000
.
checkIps
(enum string): Specifies which IP addresses determine the user’s network:CONNECTING
considers the connecting client’s IP address.HEADERS
considers IP addresses specified in theX-Forwarded-For
header, succeeding if any of them match.BOTH
behaves likeHEADERS
, but also considers the connecting client’s IP address.
useOnlyFirstXForwardedForIp
(boolean): When connecting via a proxy server as determined by theX-Forwarded-For
header, enabling this option matches the end client specified in the header. Disabling it matches the connecting client’s IP address.
variableError
Property Manager name: Variable Error
Matches any runtime
errors that occur on edge servers based on the configuration of a
setVariable
behavior. See
Support for variables section for more information on this
feature.
Options:
result
(boolean): When enabled, matches errors for the specified set ofvariableNames
, otherwise matches errors from variables outside that set.
variableNames
(string): The name of the variable whose error triggers the match, or a space- or comma-delimited list of more than one variable name. Note that if you define a variable namedVAR
, the name in this field must appear with its added prefix asPMUSER_VAR
. When such a variable is inserted into other fields, it appears with an additional namespace as{{user.PMUSER_VAR}}
. See thesetVariable
for details on variable names.