Behaviors Reference, v2015–08–17
The following represents all rule behaviors the Property Manager API supports. The set available to you is determined by the product and modules associated with the property. Use the List Available Behaviors operation to get this information.
This reference specifies features used in the v2015-08-17
rule
format. See the Behaviors section for details on
the most recent feature set, which corresponds to the latest
rule
format.
adaptiveImageCompression
The Adaptive
Image Compression feature compresses JPEG images depending on the
requesting network’s performance, thus improving response time. The
behavior specifies three performance tiers based on round-trip tests:
1 for excellent, 2 for good, and 3 for poor. It assigns separate
performance criteria for mobile (cellular) and non-mobile networks,
which the do_aic_mobile
and do_aic_nonmobile
options enable
independently.
There are six method
options, one for each tier and type of network.
If the method
is compress
, choose from among the six corresponding
slider
options to specify a percentage. As an alternative to
compression, setting the method
to strip
removes unnecessary
application-generated metadata from the image. Setting the method
to
bypass
serves clients the original image.
The behavior serves ETags
headers as a data signature for each
adapted variation. In case of error or if the file size increases, the
behavior serves the original image file. Flushing the original image
from the edge cache also flushes adapted variants. The behavior
applies to the following image file extensions: jpg
, jpeg
, jpe
,
jif
, jfif
, and jfi
.
Options:
do_aic_mobile
(boolean): When enabled, adapts images served over cellular mobile networks. (In the Beta API, please substitute"true"
and"false"
string values.)
do_aic_nonmobile
(boolean): When enabled, adapts images served over non-cellular networks. (In the Beta API, please substitute"true"
and"false"
string values.)
standard_comp_t1_method
(enum string): Specifies tier–1 non-cellular network behavior, eithercompress
,strip
, orbypass
.
standard_comp_t1_slider
(number within 0–100 range): Withstandard_comp_t1_method
set tocompress
, this specifies the compression percentage.
standard_comp_t2_method
(enum string): Specifies tier–2 non-cellular network behavior, eithercompress
,strip
, orbypass
.
standard_comp_t2_slider
(number within 0–100 range): Withstandard_comp_t2_method
set tocompress
, this specifies the compression percentage.
standard_comp_t5_method
(enum string): Specifies tier–5 non-cellular network behavior, eithercompress
,strip
, orbypass
.
standard_comp_t5_slider
(number within 0–100 range): Withstandard_comp_t5_method
set tocompress
, this specifies the compression percentage.
mobile_comp_t1_method
(enum string): Specifies tier–1 behavior, eithercompress
,strip
, orbypass
.
mobile_comp_t1_slider
(number within 0–100 range): Withmobile_comp_t1_method
set tocompress
, this specifies the compression percentage.
mobile_comp_t2_method
(enum string): Specifies tier–2 cellular-network behavior, eithercompress
,strip
, orbypass
.
mobile_comp_t2_slider
(number within 0–100 range): Withmobile_comp_t2_method
set tocompress
, this specifies the compression percentage.
mobile_comp_t5_method
(enum string): Specifies tier–5 cellular-network behavior, eithercompress
,strip
, orbypass
.
mobile_comp_t5_slider
(number within 0–100 range): Withmobile_comp_t5_method
set tocompress
, this specifies the compression percentage.
Feature Previously Named: aic
Related Behaviors: redirect
,
enhancedAkamaiProtocol
,
cacheKeyIgnoreCase
,
cacheKeyQueryParams
,
cacheError
, removeVary
advanced
A read-only behavior that specifies Akamai XML metadata. It can only be configured on your behalf by Akamai Professional Services.
Options:
description
(string): Human-readable description of what the XML block does.
xml
(string): Akamai XML metadata.
Related Behaviors: cacheError
,
redirect
, webApplicationFirewall
,
cacheKeyQueryParams
,
removeVary
,
cacheKeyIgnoreCase
akamaizer
This read-only
behavior allows you to run
regular expression substitutions over web pages. Contact Akamai Professional Services
for help configuring the Akamaizer. See also the
akamaizerTag
behavior.
Options:
status
(boolean): Enables the Akamaizer behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Related Behaviors: modifyOutgoingResponseHeader
,
modifyOutgoingRequestHeader
,
removeVary
, redirect
,
cachePost
,
dnsAsyncRefresh
akamaizerTag
This read-only
behavior specifies HTML tags
and replacement rules for hostnames used in conjunction with the
akamaizer
behavior. Contact Akamai Professional Services for help
configuring the Akamaizer.
Options:
matchhostname
(string): Specifies the hostname to match on as a Perl-compatible regular expression.
replacementhostname
(string): Specifies the replacement hostname for the tag to use.
scope
(enum string): Specifies the part of HTML content thetags_attr
refers to:attr
for whentags_attr
refers to a tag/attribute pair, the match only applies to the attribute.urlattr
is the same asattr
, but applies when the attribute value is a URL. In that case, it converts to an absolute URL prior to substitution.block
substitutes within the tag’s contents, but not within any nested tags.page
ignores thetags_attr
field and performs the substitution on the entire page.
tags_attr
(enum string): Specifies the tag or tag/attribute combination to operate on, any of the following:
a a_href area area_href base base_href form form_action iframe iframe_src img img_src link link_href script script_src table table_background td td_background
behavior
(enum string): Eitherstop
to replace only one match, orcontinue
to replace all.
type
(boolean): Whether toinclude
orexclude
whattags_attr
specifies. (In the Beta API, please substitute"include"
and"exclude"
string values.)
Feature Previously Named: akamaizertag
Related Behaviors: modifyOutgoingResponseHeader
,
modifyOutgoingRequestHeader
,
redirect
, cachePost
,
removeVary
, webApplicationFirewall
allHttpInCacheHierarchy
Allow all HTTP
request methods to be used for the edge’s parent servers, useful to
implement features such as SiteShield,
SureRoute, and Tiered Distribution. (See the
siteShield
, sureRoute
, and
tieredDistribution
behaviors.)
Options:
allow
(boolean): Enables all HTTP requests for parent servers in the cache hierarchy.(In the Beta API, please substitute
"on"
and"off"
string values.)
Feature Previously Named: enableallmethodscacheh
Related Behaviors: allowPut
,
allowDelete
, webApplicationFirewall
,
redirect
,
cacheKeyQueryParams
,
removeVary
allowCloudletsOrigins
Allows
Cloudlets Origins to determine the criteria, separately from the
Property Manager, under which alternate origin
definitions are assigned.
This behavior must appear alone within its own rule. When enabled, it
allows any cloudletsOrigin
criteria
within sub-rules to override the prevailing origin.
Options:
enabled
(boolean): Allows you to assign custom origin definitions referenced in sub-rules bycloudletsOrigin
labels. If disabled, all sub-rules are ignored.
honorBaseDirectory
(boolean): If enabled, prefixes any Cloudlet-generated origin path with a path defined by an Origin Base Path behavior. If no path is defined, it has no effect. If another Cloudlet policy already prepends the same Origin Base Path, the path is not duplicated.
Feature Previously Named: conditionalOriginBehavior
allowDelete
Allow HTTP requests using the
DELETE method. By default, only GET and HEAD requests are allowed, and
all other methods result in a 403 error. Such content does not cache,
and any DELETE requests pass to the origin. See also
allowPost
, allowPut
, and
allowPatch
.
Options:
allow
(boolean): When enabled, allows DELETE requests. Content does not cache. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: allowdelete
Related Behaviors: allowPut
,
cacheKeyIgnoreCase
,
cacheError
, redirect
,
allHttpInCacheHierarchy
,
cacheKeyQueryParams
allowPatch
Allow HTTP requests using the
PATCH method. By default, only GET and HEAD requests are allowed, and
all other methods result in a 403 error. Such content does not cache,
and any PATCH requests pass to the origin. See also
allowPut
, allowPost
, and
allowDelete
.
Options:
allow
(boolean): When enabled, allows PATCH requests. Content does not cache. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: allowpatch
allowPost
Allow HTTP requests using the
POST method. By default, only GET and HEAD are allowed, and all other
methods result in a 403 error. See also allowPut
,
allowDelete
, and allowPatch
.
Options:
allow
(boolean): When enabled, allows POST requests. (In the Beta API, please substitute"on"
and"off"
string values.)
allow_without_content_length
(boolean): By default, POST requests also require aContent-Length
header, or they result in a 411 error. With this option enabled with no specifiedContent-Length
, the edge server relies on aTransfer-Encoding
header to chunk the data. If neither header is present, it assumes the request has no body, and it adds a header with a0
value to the forward request. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: allowpost
Related Behaviors: cacheKeyIgnoreCase
,
downstreamCache
,
cacheError
, removeVary
,
cacheRedirect
,
modifyOutgoingResponseHeader
allowPut
Allow HTTP requests using the
PUT method. By default, only GET and HEAD are allowed, and all other
methods result in a 403 error. Such content does not cache, and any
PUT requests pass to the origin. See also allowPost
,
allowDelete
, and allowPatch
.
Options:
allow
(boolean): When enabled, allows PUT requests. Content does not cache. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: allowput
Related Behaviors: allowDelete
,
redirect
,
cacheKeyIgnoreCase
,
cacheError
,
allHttpInCacheHierarchy
,
removeVary
asset_prioritization
Enables the API Prioritization Cloudlet, which maintains continuity in user experience by serving an alternate static response when load is too high. You can configure rules using either the Cloudlets Policy Manager application or the Cloudlets API. The feature is designed to serve static API content, such as fallback JSON data.
NOTE: If you want to serve non-API HTML content, see the
visitor_prioritization
behavior.
Options:
status
(boolean): Activates the API Prioritization feature. (In the Beta API, please substitute"on"
and"off"
string values.)
nimbus_policy_token
(string): Specifies the name of the API Prioritization policy, using alphanumeric and underscore characters.
use_throttled_cpcode
(boolean): Specifies whether to apply an alternative CP code for requests served the alternate response. (In the Beta API, please substitute"on"
and"off"
string values.)
throttled_cpcode
(object): Withuse_throttled_cpcode
enabled, this specifies the CP code as an object:"cpcode": { "id" : 12345, "name" : "sent to waiting room" }
netstorage
(object): Specify the NetStorage domain that contains the alternate response. For example:"netstorage": { "id" : "id_string", "name" : "Waiting Room", "downloadDomainName" : "example.wait.akamai.com", "cpCode" : 12345 }
sr_file
(string): Specify the full NetStorage path for the alternate response, including trailing file name.
label
(string): A label to distinguish this API Prioritization policy from any others in the same property.
audience_segmentation
Allows you to divide your users into different segments based on a persistent cookie. You can configure rules using either the Cloudlets Policy Manager application or the Cloudlets API.
Options:
status
(boolean): Enables the Audience Segmentation cloudlet feature. (In the Beta API, please substitute"on"
and"off"
string values.)
nimbus_policy_token
(object): Specifies the name of the audience segmentation policy, using alphanumeric and underscore characters. The token serves as a string prefix in forming the cookie name.
label
(string): Specifies a suffix to append to the cookie name. This helps distinguish this audience segmentation policy from any others within the same property.
segmentTrackingMethod
(enum string): Specifies the method to pass segment information to the origin. The Cloudlet passes the rule applied to a given request eitherin_cookie_header
,in_query_param
,in_custom_header
, or the default,never
.
segmentTrackingQueryParam
(string): WithsegmentTrackingMethod
set toin_query_param
, this query parameter specifies the name of the segmentation rule.
segmentTrackingCookieName
(string): WithsegmentTrackingMethod
set toin_cookie_header
, this cookie name specifies the name of the segmentation rule.
segmentTrackingCustomHeader
(string): WithsegmentTrackingMethod
set toin_custom_header
, this custom HTTP header specifies the name of the segmentation rule.
segment_cookie_expiry_type
(enum string): Specifies when the segmentation cookie expires, eitheron_browser_close
,never
, or based on a specificduration
.
segment_cookie_duration
(duration string): Withsegment_cookie_expiry_type
set toduration
, specifies the lifetime of the segmentation cookie.
rolling_segment
(boolean): If disabled, sets the expiration time only if the cookie is not yet present in the request. (In the Beta API, please substitute"1"
and"0"
string values.)
baseDirectory
Prefix URLs sent to the origin with a base path.
For example, with an origin of example.com
, setting the basedir
to
/images
sets the origin’s base path to example.com/images
. Any
request for a my_pics/home.jpg
file resolves on the origin server to
example.com/images/my_pics/home.jpg
.
Note that changing the origin’s base path also causes a change to the cache key. Until that resolves, it may cause a traffic spike to your origin server.
Options:
basedir
(string): Specifies the base path of content on your origin server. The value must begin and end with a slash (/
) character, for example/parent/child/
.
Feature Previously Named: basedir
Related Behaviors: cacheError
,
cacheKeyQueryParams
,
redirect
,
modifyOutgoingResponseHeader
,
cacheKeyIgnoreCase
,
rewriteUrl
breakConnection
A read-only
behavior that simulates an
origin connection problem, typically to test an accompanying
failAction
policy.
Options:
status
(boolean): Enables the break connection behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: breakconnect
Related Behaviors: failAction
,
cacheKeyQueryParams
,
redirect
, cacheError
,
healthDetection
, webApplicationFirewall
cacheError
Caches the origin’s error responses to
decrease server load. Applies for 10 seconds by default to the
following HTTP codes: 204
, 305
, 400
, 404
, 405
, 501
, 502
,
503
, 504
, and 505
.
Options:
enabled
(boolean): When enabled, activates the error-caching behavior. (In the Beta API, please substitute"true"
and"false"
string values.)
ttl
(duration string): Overrides the default caching duration of10s
. Note that if set to0
, it is equivalent tono-cache
, which forces revalidation and may cause a traffic spike. This can be counterproductive when, for example, the origin is producing an error code of500
.
preservestale
(boolean): When enabled, the edge server preserves stale cached objects when the origin returns400
,500
,502
,503
, and504
error codes. This avoids re-fetching and re-caching content after transient errors. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: negativettl
Related Behaviors: cacheRedirect
,
cacheKeyQueryParams
,
cacheKeyIgnoreCase
,
removeVary
, redirect
,
denyAccess
cacheId
Controls which query parameters, headers, and cookies are included in or excluded from the cache identifier.
Options:
rule
(enum string): Specifies how to modify the cache ID:includehd
includes specified HTTP headers in the cache ID.includeck
includes specified cookies in the cache ID.includeallqs
includes all query parameters when forming a cache ID.includeqs
includes the specified set of query parameters when forming a cache ID.excludeqs
excludes the specified set of query parameters when forming a cache ID.includeurl
includes the full URL, the same as the default without thecacheid
behavior.
value
(enum string): If set tonameandvalue
, includes the value of the specified elements in the cache ID. Otherwise if set tonameonly
, only their names are included.
optional
(boolean): When enabled, requires the behavior’s specified elements to be present for content to cache. When disabled, requests that lack the specified elements are still cached. This option only applies when thetype
isincludeck
,includeqs
,includehd
, orexcludeqs
. (In the Beta API, please substitute"on"
and"off"
string values.)
elementlist
(array of string values): Specifies the names of the query parameters, cookies, or headers to include or exclude from the cache ID. (Only applies when therule
isincludeck
,includehd
,includeqs
, orexcludeqs
.)
Feature Previously Named: cacheid
Related Behaviors: redirect
,
cacheKeyQueryParams
,
removeVary
, cacheError
,
webApplicationFirewall
, modifyOutgoingResponseHeader
cacheKeyIgnoreCase
By default, cache keys
are generated under the assumption that path and filename components
are case-sensitive, so that File.html
and file.html
use separate
cache keys. Enabling this behavior forces URL components whose case
varies to resolve to the same cache key. Enable this behavior if your
origin server is already case-insensitive, such as those based on
Microsoft IIS.
With this behavior enabled, make sure any child rules do not match case-sensitive path components, or you may apply different settings to the same cached object.
Note that if already enabled, disabling this behavior potentially results in new sets of cache keys. Until these new caches are built, your origin server may experience traffic spikes as requests pass through. It may also result in cache pollution, excess cache space taken up with redundant content.
If you are using NetStorage in conjunction with this behavior, also set NetStorage’s Force Case option to match it, and make sure you name the original files consistently as either upper- or lowercase.
Options:
ignore_case
(boolean): When enabled, ignores case when forming cache keys. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: cachekeyignorecase
Related Behaviors: cacheError
,
cacheKeyQueryParams
,
cacheRedirect
, removeVary
,
dnsAsyncRefresh
, redirect
cacheKeyQueryParams
By default, cache keys are formed as URLs with full query strings. This behavior allows you to consolidate cached objects based on specified sets of query parameters.
Note also that whenever you apply behavior that generates new cache keys, your origin server may experience traffic spikes before the new cache starts to serve out.
Options:
behavior
(enum string): Configures how sets of query string parameters translate to cache keys:ignore-all
causes query string parameters to be ignored when forming cache keys.ignore
orinclude
makes the key depend on the sequence of values in theparameters
field.include-all-preserve-order
forms a separate key for the entire set of query parameters, but sensitive to the order in which they appear. (For example,?q=akamai&state=ma
and?state=ma&q=akamai
cache separately.)include-all-alphabetize-order
forms keys for the entire set of parameters, but the order doesn’t matter. The examples above both use the same cache key.
Be careful when applying
behavior
not to ignore any parameters that result in substantially different content, as it is not reflected in the cached object.
parameters
(array of string values): Withbehavior
set toinclude
orignore
,parameters
specifies the set of parameter field names to include in or exclude from the cache key. By default, these match the field names as string prefixes.
exact_match
(boolean): When enabled,parameters
must match exactly. Keep disabled to match string prefixes. (In the Beta API, please substitute"yes"
and"no"
string values.)
Feature Previously Named: cachekeyqueryparams
Related Behaviors: cacheError
,
cacheKeyIgnoreCase
,
redirect
, removeVary
,
cacheRedirect
, denyAccess
cacheKeyRewrite
This read-only behavior rewrites a default cache key’s path. Contact Akamai Professional Services for help configuring it.
WARNING: This feature is in Beta, so please test thoroughly.
Options:
purgekey
(string): Specifies the new cache key path as an alphanumeric value.
Feature Previously Named: cachekeyrewrite
cachePost
By default, POST requests are passed to the origin. This behavior overrides the default, and allows you to cache POST responses.
Options:
enabled
(boolean): Enables caching of POST responses. (In the Beta API, please substitute"on"
and"off"
string values.)
usebody
(enum string): Define how and whether to use the POST message body as a cache key:ignore
uses only the URL to cache the response.MD5
adds a string digest of the data as a query parameter to the cache URL.query
adds the raw request body as a query parameter to the cache key, but only if the POST request’sContent-Type
isapplication/x-www-form-urlencoded
. (Use this in conjunction withcacheId
to define relevant query parameters.)
Feature Previously Named: postcaching
Related Behaviors: modifyOutgoingResponseHeader
,
removeVary
, redirect
,
cacheKeyQueryParams
,
cacheError
,
dnsAsyncRefresh
cacheRedirect
Caches HTTP 302 redirect
responses. By default, Akamai edge servers cache HTTP 302 redirects
depending on their Cache-Control
or Expires
Headers. Enabling this
behavior instructs edge servers to cache 302 redirects the same as
they would for HTTP 200 responses.
Options:
enabled
(boolean): Enables the redirect caching behavior. (In the Beta API, please substitute"true"
and"false"
string values.)
Feature Previously Named: cache302
Related Behaviors: cacheError
,
cacheKeyIgnoreCase
,
cacheKeyQueryParams
,
removeVary
, redirect
,
dnsAsyncRefresh
caching
Control content caching on edge servers: whether or not to cache, whether to honor the origin’s caching headers, and for how long to cache.
NOTE: Any
no-store
orbypass-cache
HTTP headers set on the origin’s content overrides this behavior.
Options:
behavior
(enum string): Specify the caching option:no-store
clears the cache and serves from the origin.bypass-cache
retains the cache but serves from the origin.- Honor the origin’s
max-age
header - Honor the origin’s
cc
header - Honor the origin’s
expires
header - Honor
both
the origin’scc
andexpires
header, whichever comes last.
mustrevalidate
(boolean): Determines what to do once the cached content has expired, by which time the Akamai platform should have re-fetched and validated content from the origin. If enabled, only allows the re-fetched content to be served. If disabled, may serve stale content if the origin is unavailable. (In the Beta API, please substitute"on"
and"off"
string values.)
ttl
(duration string): The maximum time content may remain cached. Setting the value to0
is the same as setting ano-cache
header, which forces content to revalidate.
defaultttl
(duration string): Set themax-age
header for the cached content.
centralAuthorization
Forward client
requests to the origin server for authorization, along with optional
Set-Cookie
headers, useful when you need to maintain tight access
control. The edge server forwards an If-Modified-Since
header, to
which the origin needs to respond with a 304
(Not-Modified) HTTP
status when authorization succeeds. If so, the edge server responds to
the client with the cached object, since it does not need to be
re-acquired from the origin.
Options:
status
(boolean): Enables the centralized authorization behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: centralauth
Related Behaviors: cacheKeyIgnoreCase
,
prefreshCache
, cacheError
,
cacheKeyQueryParams
,
redirect
, validateEntityTag
chaseRedirects
Controls whether the edge server chases any redirects served from the origin.
Options:
status
(boolean): When enabled, allows edge servers to chase redirects. (In the Beta API, please substitute"true"
and"false"
string values.)
limit
(string): Specifies, as a string, the maximum number of redirects to follow.
serve404
(boolean): Once the redirectlimit
is reached, enabling this option serves an HTTP404
(Not Found) error instead of the last redirect. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: chaseredirects
Related Behaviors: cacheError
,
cacheRedirect
, dnsAsyncRefresh
,
rewriteUrl
, prefreshCache
,
cacheKeyQueryParams
constructResponse
A read-only behavior that constructs an HTTP response, complete with HTTP status code and body, to serve from the edge independently of your origin. Contact Akamai Professional Services for help configuring it.
Options:
status
(boolean): When enabled, serves the custom response. Enabling the behavior evicts the cached object associated with the request, since it is not being served. (In the Beta API, please substitute"on"
and"off"
string values.)
body
(string): HTML response of up to 2000 characters to send to the end-user client.
responsecode
(enum string): The HTTP response code to send to the end-user client, either200
or404
.
Feature Previously Named: construct_response
continuousDeployment
The Phased Release Cloudlet provides gradual and granular traffic management to an alternate origin in near real time. Use the Cloudlets API or the Cloudlets Policy Manager application within the Luna Control Center to set up your Cloudlets policies.
Options:
enabled
(boolean): Enables the Phased Release Cloudlet.
cloudletPolicy
(object): Specifies the Cloudlet policy as an object containing two members: a descriptivename
string and an integerid
set by the Cloudlet application.
label
(string): A label to distinguish this Phased Release policy from any others within the same property.
populationCookieType
(enum string): For the population of users the Cloudlet defines, select whether to assign a cookie to them, or elseNONE
. Other option values specify when the cookie expires: after a specificDURATION
, at aFIXED_DATE
, once the browser session ends (ON_BROWSER_CLOSE
), orNEVER
. If you select the Cloudlet’s random membership option, it overrides the option value so that it is effectivelyNONE
.
populationExpirationDate
(ISO 8601 format date/time string): With thepopulationCookieType
set toFIXED_DATE
, this specifies the date and time when membership expires, and the browser no longer sends the cookie. Subsequent requests re-evaluate based on current membership settings.
populationDuration
(duration string): With thepopulationCookieType
set toDURATION
, this sets the lifetime of the cookie from the initial request. Subsequent requests re-evaluate based on current membership settings.
populationRefresh
(boolean): With thepopulationCookieType
set toDURATION
, enabling this option resets the original duration of the cookie if the browser refreshes before the cookie expires.
failoverEnabled
(boolean): Allows failure responses at the origin defined by the Cloudlet to fail over to the prevailing origin defined by the property.
failoverResponseCode
(array of string values): WithfailoverEnabled
on, this defines the set of failure codes that initiate the failover response.
failoverDuration
(number within 0–100 range): Specifies the number of seconds to wait until the client tries to access the failover origin after the initial failure is detected. Set the value to0
to immediately request the alternate origin upon failure.
cpCode
Content Provider Codes (CP codes) allow you to distinguish various reporting and billing segments. You receive a CP code when purchasing Akamai service, and you need it to access properties. This behavior allows you to apply any valid CP code, including additional ones you may request from Akamai Professional Services. For a CP code to be valid, it must belong to the same contract and be associated with the same product as the property, and the group must have access to it.
Options:
cpcode
(object): Specifies acpcode
object, which includes anid
key and a descriptivename
:"cpcode": { "id" : 12345, "name" : "my cpcode" }
Feature Previously Named: cpcode
deliveryReceipt
A static behavior that’s
required when specifying the Cloud Monitor module’s
(edgeConnect
) behavior.
Options:
status
(read-only string): Whenon
, enables the behavior.
NOTE: You can only apply this behavior if the property is marked as secure. See the Rules section for details on the
is_secure
property option.
Feature Previously Named: receiptdelivery
denyAccess
Denies access assuming a
condition in the rule matches. For example, a
userLocation
match paired with the denyaccess
behavior would deny requests from a specified part of the world.
NOTE: By keying on the value of the
reason
option,denyaccess
behaviors can override each other when called from nested rules. For example, a parent rule might deny access to a certain geographic area, citing"location"
as thereason
, but another nested rule can then allow access for a set of IPs within that area, so long as thereason
matches.
Options:
behavior
(boolean): Eitherallow
ordeny
access. (In the Beta API, please substitute"deny"
and"allow"
string values.)
reason
(string): Text message that keys why access is denied. Any subsequentdenyaccess
behaviors within the rule tree may refer to the samereason
key to override the currentbehavior
.
Feature Previously Named: denyaccess
Related Behaviors: redirect
,
cacheError
,
cacheKeyQueryParams
, webApplicationFirewall
,
modifyOutgoingResponseHeader
,
removeVary
deviceCharacteristicCacheId
By default,
source URLs serve as cache IDs on edge servers. Electronic Data
Capture allows you to specify an additional set of device
characteristics to generate separate cache keys. Use this in
conjunction with the deviceCharacteristicHeader
behavior.
Options:
edc_elementlist
(array of string values): Specifies a set of information about the device with which to generate a separate cache key, any of the following values:
accept_third_party_cookie ajax_preferred_geoloc_api ajax_support_javascript brand_name cookie_support device_os device_os_version dual_orientation flash_lite_version full_flash_support gif_animated html_preferred_dtd is_mobile is_tablet is_wireless_device jpg marketing_name max_image_height max_image_width mobile_browser mobile_browser_version model_name pdf_support physical_screen_height physical_screen_width png preferred_markup resolution_height resolution_width viewport_initial_scale viewport_width xhtml_file_upload xhtml_preferred_charset xhtml_support_level xhtml_supports_iframe xhtml_supports_table_for_layout xhtml_table_support xhtmlmp_preferred_mime_type
Feature Previously Named: edccacheid
Related Behaviors: deviceCharacteristicHeader
, redirect
,
modifyOutgoingResponseHeader
,
removeVary
, cacheId
,
frontEndOptimization
deviceCharacteristicHeader
Sends selected
information about requesting devices to the origin server, in the form
of an X-Akamai-Device-Characteristics
HTTP header. Use in
conjunction with the deviceCharacteristicCacheId
behavior.
Options:
edc_elementlist
(array of string values): Specifies the set of information about the requesting device to send to the origin server, any of the following:
accept_third_party_cookie ajax_preferred_geoloc_api ajax_support_javascript brand_name cookie_support device_os device_os_version dual_orientation flash_lite_version full_flash_support gif_animated html_preferred_dtd is_mobile is_tablet is_wireless_device jpg marketing_name max_image_height max_image_width mobile_browser mobile_browser_version model_name pdf_support physical_screen_height physical_screen_width png preferred_markup resolution_height resolution_width viewport_initial_scale viewport_width xhtml_file_upload xhtml_preferred_charset xhtml_support_level xhtml_supports_iframe xhtml_supports_table_for_layout xhtml_table_support xhtmlmp_preferred_mime_type
Feature Previously Named: edcheader
Related Behaviors: dnsAsyncRefresh
,
cacheKeyIgnoreCase
,
cacheError
, deviceCharacteristicCacheId
,
redirect
,
enhancedAkamaiProtocol
dnsAsyncRefresh
Allow an edge server to use an expired DNS record when forwarding a request to your origin. The type A DNS record refreshes after content is served to the end user, so there is no wait for the DNS resolution. Avoid this behavior if you want to be able to disable a server immediately after its DNS record expires.
Options:
status
(boolean): When enabled, allows edge servers to refresh an expired DNS record after serving content. (In the Beta API, please substitute"on"
and"off"
string values.)
timeout
(duration string): Set the maximum allowed time an expired DNS record may be active.
Feature Previously Named: dnsasyncrefresh
Related Behaviors: cacheKeyIgnoreCase
,
cacheError
, removeVary
,
cacheKeyQueryParams
,
cacheRedirect
, redirect
dnsPrefresh
A read-only behavior that allows edge servers to refresh your origin’s DNS record independently from end-user requests. The type A DNS record refreshes before the origin’s DNS record expires.
Options:
status
(boolean): When enabled, allows edge servers to refresh DNS records before they expire. (In the Beta API, please substitute"on"
and"off"
string values.)
delay
(duration string): Specifies the amount of time following a DNS record’s expiration to asynchronously prefresh it.
timeout
(duration string): Specifies the amount of time to prefresh a DNS entry if there have been no requests to the domain name.
Feature Previously Named: dnsprefresh
Related Behaviors: dnsAsyncRefresh
,
removeVary
, redirect
,
webApplicationFirewall
, cacheError
,
cacheKeyIgnoreCase
downgradeProtocol
Serve static objects to the end-user client over HTTPS, but fetch them from the origin via HTTP.
Options:
status
(boolean): Enables the protocol downgrading behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: protocoldowngrade
downstreamCache
Specify the caching
instructions the edge server sends to the end user’s client or client
proxies. By default, the cache’s duration is whichever is less: the
remaining lifetime of the edge cache, or what the origin’s header
specifies. If the origin is set to no-store
or bypass-cache
, edge
servers send cache-busting headers downstream to prevent downstream
caching.
Options:
behavior
(enum string): Specify the caching instructions the edge server sends to the end user’s client. It accepts the following values:allow
: The value ofallow_behavior
chooses the caching method and headers to send to the client.must-revalidate
: This equates to aCache-Control: no-cache
header, which allows caching but forces the client browser to send anif-modified-since
request each time it requests the object.bust
: Sends cache-busting headers downstream.tunnel-origin
: This passesCache-Control
andExpires
headers from the origin to the downstream client.none
: Don’t send any caching headers. Allow client browsers to cache content according to their own default settings.
allow_behavior
(enum string): Specify how the edge server calculates the downstream cache by setting the value of theExpires
header:from-value
sends the value of the edge cache’s duration.from-max-age
sends thecache:max-age
value applied to the object, without evaluating the cache’s duration.lesser
sends the lesser value of what the origin specifies and the edge cache’s remaining duration. This is the default behavior.greater
sends the greater value of what the origin specifies and the edge cache’s remaining duration.remaining-lifetime
sends the value of the edge cache’s remaining duration, without comparing it to the origin’s headers.pass-origin
sends the value of the origin’s header, without evaluating the edge cache’s duration.
ttl
(duration string): Set the duration of the cache. Setting the value to0
equates to ano-cache
header that forces revalidation.
headers_sent
(enum string): Specifies the HTTP headers to include in the response to the client:pass-origin
sends the same set ofCache-Control
andExpires
headers received from the origin.cc-only
sends only the origin’sCache-Control
header.expires-only
sends only the origin’sExpires
header.both
sendsCache-Control
andExpires
header.none
strips both headers.
send_private
(boolean): When enabled, adds aCache-Control: private
header to prevent objects from being cached in a shared caching proxy. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: downstreamcaching
Related Behaviors: allowPost
,
removeVary
,
cacheKeyIgnoreCase
,
cacheError
,
dnsAsyncRefresh
,
gzipResponse
edge_redirector
This behavior enables the Edge Redirector Cloudlet application, which is designed to help you manage large numbers of redirects. Assuming cloudlets are available on your contract, choose Configure⇒Cloudlets to control the Edge Redirector within the Luna Control Center. Otherwise use the Cloudlets API to configure it programmatically.
Options:
status
(boolean): Enables the Edge Redirector Cloudlet. (In the Beta API, please substitute"on"
and"off"
string values.)
nimbus_policy_token
(string): Specifies the name of the redirect policy, using alphanumeric and underscore characters.
Related Behaviors: rewriteUrl
,
cacheRedirect
, cacheError
,
prefreshCache
, edgeScape
,
modifyOutgoingResponseHeader
edgeConnect
Configures traffic logs for the Cloud Monitor push API.
Options:
publish
(boolean): Enables Cloud Monitor’s log-publishing behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
api_connector
(enum string): Describes the API connector type, eitherdefault
,bmc_apm
, orsiem_json
.
api_data_elements
(array of string values): Specifies the data set to log, any of the following values:
apm geo http networkperformance networkv1 reqheader resheader secappv2 secratedenyv2 secratewarnv2
dest_host
(string): Specifies the target hostname accepting push API requests.
dest_path
(string): Specifies the push API’s endpoint.
override_aggregate_settings
(boolean): When enabled, overrides default log settings. (In the Beta API, please substitute"on"
and"off"
string values.)
aggregate_time
(duration string): Withoverride_aggregate_settings
enabled, specifies how often logs generate.
aggregate_lines
(string): Withoverride_aggregate_settings
enabled, specifies the maximum number of lines to include in each log.
aggregate_size
(string): Withoverride_aggregate_settings
enabled, specifies the log’s maximum size.
Feature Previously Named: edgeconnect
Related Behaviors: webApplicationFirewall
,
redirect
,
modifyOutgoingResponseHeader
,
cacheKeyQueryParams
,
cacheError
, allowPut
edgeImageConversion
The Edge Image Converter offloads various image manipulation tasks to edge servers. This behavior specifies various predefined policies to apply.
Options:
eic_bool
(boolean): Enables the edge image conversion behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
failover_option
(boolean): If the request results in a server error, enabling this forwards it to the origin. (In the Beta API, please substitute"true"
and"false"
string values.)
policy_bool
(boolean): Enables a specified set of image conversion policies. (In the Beta API, please substitute"on"
and"off"
string values.)
op_policy_table
(array): Withpolicy_bool
enabled, specifies commands that when present or not in the query string release an error code.
op_policy_violation
(enum string): Specifies the HTTP error code if anyop_policy_table
conditions match, either400
,403
,404
, or409
.
Feature Previously Named: edge_image_converter
Related Behaviors: cacheError
, rewriteUrl
,
edgeScape
, failAction
,
enhancedAkamaiProtocol
,
redirect
edgeLoadBalancingAdvanced
A read-only behavior that implements customized Edge Load Balancing features. Contact Akamai Professional Services for help configuring it.
Options:
description
(string): A description of what thexml
block does.
xml
(string): A block of Akamai XML metadata.
Feature Previously Named: elb_advanced
edgeLoadBalancingDataCenter
The Edge Load Balancing module allows you to specify groups of data centers that implement load balancing, session persistence, and real-time dynamic failover. Enabling ELB routes requests contextually based on location, device, or network, along with optional rules you specify.
This behavior specifies details about a data center, and must be
paired in the same rule with an edgeLoadBalancingOrigin
behavior, which specifies its origin. An origin is an abstraction
that helps group a logical set of a website or application. It
potentially includes information about many data centers and cloud
providers, as well as many end points or IP addresses for each data
center. More than one data center can thus refer to the same origin.
Options:
origin_id
(string): Corresponds to theid
specified by theedgeLoadBalancingOrigin
behavior associated with this data center.
alias
(string): Provides a description for the ELB data center, for your own reference.
host
(string): Specifies the data center’s hostname.
name
(string): If using session persistence, this specifies the value of the cookie named in the correspondingedgeLoadBalancingOrigin
behavior’scookie_name
option.
enable_dc_failover
(boolean): When enabled, allows you to specify failover rules. (In the Beta API, please substitute"ON"
and"OFF"
string values.)
ip_address
(string): Withenable_dc_failover
enabled, specifies this data center’s IP address.
failover_rules
(array): Withenable_dc_failover
enabled, provides up to four failover rules to apply in the specified order. These rules appear as objects with the following fields:modify_request
(boolean): When enabled, allows you to modify the request’s hostname or path.override_hostname
(boolean): When enabled, overrides the request’s hostname with thefailover_hostname
.failover_hostname
: The hostname of the data center to fail over to.context_root
: Specifies the path to use in the forwarding request, typically the root (/
) when failing over to a different data center, or a full path such as/static/error.html
when failing over to an error page.absolute_path
(boolean): If enabled, the path specified bycontext_root
is interpreted as an absolute server path, for example to reference a site-down page. If disabled, the path is appended to the request.
(In the API’s beta version, please substitute boolean values with
"true"
or"false"
string values.)
Feature Previously Named: elb_data_center
Related Behaviors: edgeLoadBalancingOrigin
,
cacheKeyQueryParams
,
redirect
,
modifyIncomingRequestHeader
, personallyIdentifiableInformation
,
modifyIncomingResponseHeader
edgeLoadBalancingOrigin
The Edge Load Balancing module allows you to implement groups of data centers featuring load balancing, session persistence, and real-time dynamic failover. Enabling ELB routes requests contextually based on location, device, or network, along with optional rules you specify.
This behavior specifies the data center’s origin, and must be paired
in the same rule with at least one
edgeLoadBalancingDataCenter
behavior, which provides
details about a particular data center. An origin is an abstraction
that helps group a logical set of a website or application. It
potentially includes information about many data centers and cloud
providers, as well as many end points or IP addresses for each data
center. To specify an ELB origin, you must have configured an
origin
behavior whosetype
is set to
elb_origin_group
.
Options:
id
(string): Specifies a unique descriptive string for this ELB origin. The value must match theorigin_id
specified by theedgeLoadBalancingDataCenter
behavior associated with this origin.
name
(string): Provides a description for the ELB origin, for your own reference.
host
(string): Specifies the hostname associated with the ELB rule.
enable_session_persistence
(boolean): When enabled, allows you to specify a cookie to pin the user’s browser session to one data center. When disabled, ELB’s default load balancing may send users to various data centers within the same session. (In the Beta API, please substitute"ON"
and"OFF"
string values.)
cookie_name
(string): Withenable_session_persistence
enabled, this specifies the name of the cookie that marks users’ persistent sessions. (The accompanyingedgeLoadBalancingDataCenter
behavior’sname
option specifies the cookie’s value.)
Feature Previously Named: elb_origin
Related Behaviors: edgeLoadBalancingDataCenter
,
cacheKeyQueryParams
,
redirect
,
modifyIncomingRequestHeader
, personallyIdentifiableInformation
,
modifyIncomingResponseHeader
edgeOriginAuthorization
Allows the origin server to use a cookie to ensure requests from Akamai servers are genuine.
NOTE: This behavior requires that you specify the cookie’s domain name, so it is best to deploy within a match of the hostname. It does not work properly when the origin server accepts more than one hostname (for example, using virtual servers) that do not share the same top-level domain.
Options:
enabled
(boolean): Enables the cookie-authorization behavior. (In the Beta API, please substitute"true"
and"false"
string values.)
name
(string): Specifies the name of the cookie to use for authorization.
value
(string): Specifies the value of the authorization cookie.
domain
(string): Specify the cookie’s domain, which must match the top-level domain of theHost
header the origin server receives.
Feature Previously Named: edgeoriginauth
Related Behaviors: cacheError
, removeVary
,
cacheKeyIgnoreCase
,
dnsAsyncRefresh
, cacheRedirect
,
denyAccess
edgeScape
EdgeScape allows you to
customize content based on the end user’s geographic location or
connection speed. When enabled, the edge server sends a special
X-Akamai-Edgescape
header to the origin server encoding relevant
details about the end-user client as key-value pairs.
Options:
status
(boolean): When enabled, sends theX-Akamai-Edgescape
request header to the origin. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: edgescape
Related Behaviors: redirect
,
cacheError
, denyAccess
,
cacheKeyQueryParams
,
removeVary
, cacheRedirect
edgeSideIncludes
Allows edge servers to process edge side include (ESI) code to generate dynamic content. Since this behavior requires more parsing time, you should not apply it to pages with no ESI code, or to any non-HTML content.
Options:
status
(boolean): Enables ESI processing. (In the Beta API, please substitute"on"
and"off"
string values.)
responseheaders
(boolean): Enable ESI only for content featuring the following HTTP response header:Edge-control: dca=esi
(In the Beta API, please substitute"on"
and"off"
string values.)
passsetcookie
(boolean): When enabled, allows edge servers to pass your origin server’s cookies to the ESI processor. (In the Beta API, please substitute"on"
and"off"
string values.)
passsclientip
(boolean): When enabled, allows edge servers to pass the client IP header to the ESI processor. (In the Beta API, please substitute"on"
and"off"
string values.)
i18nstatus
(boolean): When enabled, provides internationalization support for ESI. (In the Beta API, please substitute"on"
and"off"
string values.)
i18ncharset
(array of string values): Withi18nstatus
enabled, specifies the character sets to use when transcoding the ESI language,UTF-8
andISO-8859-1
for example.
Feature Previously Named: esi
Related Behaviors: cacheKeyQueryParams
,
redirect
,
modifyOutgoingResponseHeader
,
rewriteUrl
, cacheError
,
denyAccess
enhancedAkamaiProtocol
Enables the Enhanced Akamai Protocol, a suite of advanced routing and transport optimizations that increase your website’s performance and reliability. It is only available to specific applications, and requires a special routing from edge to origin.
WARNING: Disabling this behavior may significantly reduce a property’s performance.
This behavior does not include any options. Specifying the behavior itself enables it.
Feature Previously Named: enhancedakamaiprotocol
Related Behaviors: cacheError
, webApplicationFirewall
,
cacheKeyIgnoreCase
,
redirect
,
cacheKeyQueryParams
,
dnsAsyncRefresh
failAction
Specifies how to respond when the origin is not available: by serving stale content, by serving an error page, or by redirecting.
Options:
status
(boolean): When enabled in case of a failure to contact the origin, the current behavior applies. (In the Beta API, please substitute"on"
and"off"
string values.)
type
(enum string): Specifies the basic action to take when there is a failure to contact the origin:servestale
serves content that is already in the cache.redirect
specifies a redirect action. (Use with these options:redirecthostnametype
,redirecthostname
,redirectcustompath
,redirectpath
,redirectmethod
,modifyproto
, andproto
.)recreatedcex
serves alternate content from an external network. (Use with these options:cexhostname
,cexcustompath
, andcexpath
.)recreatedco
serves alternate content from your network. (Use with these options:cohostname
,cocustompath
, andcopath
.)recreatedns
serves NetStorage content. (Use with these options:nshostname
,nspath
, andcpcode
.)dynamic
allows you to serve dynamic SaaS content. (Use with these options:dynamic_method
,dynamiccustompath
,saas_type
,saas_suffix
,saas_regex
, andsaas_replace
.)
cpcode
(object): Whentype
isrecreatedns
, this specifies a cpcode for which to log errors for the NetStorage location. It appears as an object that includes anid
key and a descriptivename
:"cpcode": { "id" : 12345, "name" : "my cpcode" }
nshostname
(object): When thetype
isrecreatedns
, specifies the NetStorage origin to serve the alternate content. For example:"nshostname": { "id" : "id_string", "name" : "Example Downloads", "downloadDomainName" : "example.download.akamai.com", "cpCode" : 12345 }
NOTE: Contact Akamai Professional Services for your NetStorage origin’s
id
.
nspath
(string): When thetype
isrecreatedns
, specifies the path for the NetStorage request.
redirectmethod
(enum string): When thetype
isredirect
, specifies the HTTP response code, either301
or302
.
redirecthostnametype
(enum string): When thetype
isredirect
, this specifies whether to preserve theoriginal
hostname in the redirect, or whether to use analternate
hostname specified withredirecthostname
.
redirecthostname
(string): When thetype
isredirect
and theredirecthostnametype
isalternate
, this specifies the hostname for the redirect.
redirectcustompath
(boolean): When thetype
isredirect
, enabling this allows you useredirectpath
to customize a new path. (In the Beta API, please substitute"on"
and"off"
string values.)
redirectpath
(string): When thetype
isredirect
, this specifies a new path.
modifyproto
(boolean): When thetype
isredirect
, enabling this allows you to modify the redirect’s protocol using the value of theproto
field. (In the Beta API, please substitute"on"
and"off"
string values.)
proto
(enum string): When thetype
isredirect
andmodifyproto
is enabled, this specifies the redirect’s protocol, eitherHTTP
orHTTPS
.
preservequerystring
(boolean): When usingcocustompath
,cexcustompath
, orredirectcustompath
to specify a custom path, enabling this passes in the original request’s query string as part of the path. (In the Beta API, please substitute"on"
and"off"
string values.)
cexhostname
(string): Whentype
isrecreatedcex
, this specifies a hostname.
cexcustompath
(boolean): Whentype
isrecreatedcex
, enabling this allows you to specify a custom path. (In the Beta API, please substitute"on"
and"off"
string values.)
cexpath
(string): Whentype
isrecreatedcex
andcexcustompath
is enabled, this specifies a custom path.
cohostname
(string): When thetype
isrecreatedco
, specifies the static hostname for the alternate redirect.
cocustompath
(boolean): When thetype
isrecreatedco
, enabling this allows you to specify a custom redirect path. (In the Beta API, please substitute"on"
and"off"
string values.)
copath
(string): When thetype
isrecreatedco
andcocustompath
is enabled, this specifies a custom redirect path.
dynamic_method
(enum string): With thetype
set todynamic
, specifies the redirect method, eitherserve-301
,serve-302
, orserve-alternate
.
dynamiccustompath
(boolean): When enabled, allows you to modify the original requested path. (In the Beta API, please substitute"on"
and"off"
string values.)
dynamicpath
(string): Withdynamiccustompath
enabled, specifies the new path.
saas_type
(enum string): Identifies the component of the request that identifies the SaaS dynamic failaction: eithercookie
,hostname
,path
, orquery_string
.
saas_suffix
(string): Withtype
set todynamic
, specifies the static portion of the SaaS dynamic failaction.
saas_regex
(string): Withtype
set todynamic
, specifies the substitution pattern (a Perl-compatible regular expression) that defines the SaaS dynamic failaction.
saas_replace
(string): Withtype
set todynamic
, specifies the replacement pattern that defines the SaaS dynamic failaction.
saas_cname_enabled
(boolean): With thesaas_type
set tohostname
, specifies whether to use a CNAME chain to determine the hostname for the SaaS dynamic failaction. (In the Beta API, please substitute"on"
and"off"
string values.)
saas_cname_level
(number): Withsaas_cname_enabled
on, specifies the number of elements in the CNAME chain backwards from the edge hostname that determines the hostname for the SaaS dynamic failaction.
saas_cookie
(string): Withsaas_type
set tocookie
, specifies the name of the cookie that identifies this SaaS dynamic failaction.
saas_query_string
(string): Withsaas_type
set toquery_string
, specifies the name of the query parameter that identifies this SaaS dynamic failaction.
Feature Previously Named: failaction
Related Behaviors: cacheKeyQueryParams
,
redirect
, cacheError
,
rewriteUrl
, webApplicationFirewall
,
cacheKeyIgnoreCase
forwardRewrite
The Forward Rewrite Cloudlet allows you to conditionally modify the forward path in edge content without affecting the URL that displays in the user’s address bar. If cloudlets are available on your contract, choose Configure⇒Cloudlets to control how this feature works, or use the Cloudlets API to configure it programmatically.
Options:
status
(boolean): Enables the Forward Rewrite Cloudlet behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
nimbus_policy_token
(string): Specifies the name of the forward rewrite policy, using alphanumeric and underscore characters.
frontEndOptimization
This behavior enables Front End Optimization, a suite of performance enhancements that accelerate page rendering and reduce download times, for example by minifying JavaScript and CSS.
Options:
status
(boolean): Enables the front-end optimization behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: feo
Related Behaviors: enhancedAkamaiProtocol
,
cacheError
,
cacheKeyQueryParams
,
redirect
, webApplicationFirewall
,
cacheKeyIgnoreCase
g2oheader
The signature header authentication (g2o) security feature provides header-based verification of outgoing origin requests. Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. This behavior configures the request data, header names, encryption algorithm, and shared secret to use for verification.
Options:
status
(boolean): Enables the g2o verification behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
data_header
(string): Specifies the name of the header that contains the request data that needs encryption.
signed_header
(string): Specifies the name of the header containing encrypted request data.
encoding_version
(enum string): Specifies the version of the encryption algorithm as an integer string value from1
through5
.
sign_string_status
(enum string): If set todefault
, the encrypted string is based on the forwarded URL. If set tocustom
, you can usesign_string
to customize the set of data to encrypt.
sign_string
(array of string values): If thesign_string_status
is set tocustom
, specifies the set of data to be encrypted as a combination of concatenated strings, any of the following values:
AK_CLIENT_REAL_IP AK_DOMAIN AK_EXTENSION AK_FILENAME AK_HOSTHEADER AK_METHOD AK_PATH AK_QUERY AK_SCHEME AK_URL
secret_key
(string): Specifies the shared secret key.
nonce
(string): Specifies the cryptographic nonce string.
Related Behaviors: cacheRedirect
,
verifyTokenAuthorization
,
removeVary
gzipResponse
Apply gzip compression to speed transfer time. The behavior applies best to text content such as HTML, CSS, and JavaScript, especially once it exceeds about 10KB. Do not apply it to already compressed image formats, or to small files that would add more time to uncompress.
Options:
behavior
(enum string): Specify when to compress responses, eitheralways
,never
, ororigin_response
to clients that send anAccept-Encoding: gzip
header.
Feature Previously Named: gzipresponse
Related Behaviors: cacheKeyIgnoreCase
,
downstreamCache
,
dnsAsyncRefresh
,
cacheKeyQueryParams
,
prefetchable
,
prefreshCache
hdDataAdvanced
A read-only
behavior that specifies
Akamai XML metadata that can only be configured on your behalf by
Akamai Professional Services. Unlike the advanced
behavior, this may
apply a different set of overriding metadata that executes in a
post-processing phase.
Options:
description
(string): Human-readable description of what the XML block does.
xml
(string): A block of Akamai XML metadata.
Feature Previously Named: hddata_advanced
healthDetection
Monitors the health of your origin server by tracking unsuccessful attempts to contact it. Use this behavior to keep end users from having to wait several seconds before a forwarded request times out, or to reduce requests on the origin server when it is unavailable.
When client requests are forwarded to the origin, the edge server
tracks the number of attempts to connect to each IP address. It cycles
through IP addresses in least-recently-tested order to avoid hitting
the same one twice in a row. If the number of consecutive
unsuccessful tests reaches a threshold you specify, the behavior
identifies the address as faulty and stops sending requests. The edge
server returns an error message to the end user or else triggers any
failAction
behavior you specify.
Options:
ip_retrycount
(number): The number of consecutive connection failures that mark an IP address as faulty.
ip_retry_interval
(duration string): Specifies the amount of time the edge server waits before trying to reconnect to an IP address it has already identified as faulty.
max_reconnects
(number): Specifies the maximum number of times the edge server contacts your origin server. If your origin is associated with several IP addresses,max_reconnects
effectively overrides the value ofip_retrycount
.
Feature Previously Named: healthdetect
Related Behaviors: failAction
,
cacheKeyQueryParams
,
redirect
, cacheError
,
webApplicationFirewall
, cacheKeyIgnoreCase
http2
Enables the HTTP/2 protocol, which reduces latency and improves efficiency.
This behavior does not include any options. Specifying the behavior itself enables it.
NOTE: You can only apply this behavior if the property is marked as secure. See the Rules section for details on the
is_secure
property option.)
imageManager
Optimizes images’ size or file type for the requesting device. You can also use this behavior to generate API tokens to apply your own policies to matching images using the Image Manager API.
Options:
image_management_enabled
(boolean): Enable image management capabilities and generate a corresponding API token. (In the Beta API, please substitute"on"
and"off"
string values.)
resize_enabled
(boolean): Specify whether to scale down images to the maximum screen resolution, as determined by the rendering device’s user agent. Note that enabling this may affect screen layout in unexpected ways. (In the Beta API, please substitute"on"
and"off"
string values.)
best_file_type_enabled
(boolean): Specify whether to convert images to the best file type for the requesting device, based on its user agent and the initial image file. This produces the smallest file size possible that retains image quality. (In the Beta API, please substitute"on"
and"off"
string values.)
advanced_settings_enabled
(boolean): When enabled, allows you to generate a custom Image Manager API token to apply a corresponding policy to this set of images. The token consists of a descriptive label (theapi_key
) concatenated with a property-specific identifier that’s generated when you save the property. The API registers the token when you activate the property. (In the Beta API, please substitute"on"
and"off"
string values.)
api_key
(string): With theadvanced_settings_enabled
option activated, assign a prefix label to help match the policy token to this set of images, limited to 32 alphanumeric or underscore characters. If you don’t specify a label, default becomes the prefix.
api_key_default
(string): Specify the default policy identifier, which is registered with the Image Manager API once you activate this property. (Theadvanced_settings_enabled
option must be inactive.)
Feature Previously Named: imagemanagement
inputValidation
The Input Validation Cloudlet detects anomalous edge requests and helps mitigate repeated invalid requests. You can configure it using either the Cloudlets Policy Manager application, available within the Luna Control Center in Configure⇒Cloudlets, or the Cloudlets API.
Use this behavior to specify criteria that identifies each unique end user, and optionally supplement the Input Validation policy with additional criteria your origin uses to identify invalid requests. Specify the threshold number of invalid requests that triggers a penalty, and the subsequent response. Also specify an ordinary failure response for those who have not yet met the threshold, which should not conflict with any other behavior that defines a failure response.
Options:
enabled
(boolean): Applies the Input Validation Cloudlet behavior. (In the Beta API, please substitute"true"
and"false"
string values.)
cloudletPolicy
(object): Identifies the Cloudlet policy in an object featuring unique numericid
and descriptive stringname
members.
label
(string): Distinguishes this Input Validation policy from any others within the same property.
userIdentificationKeyType
(enum string): Sets the method to identify unique end users, either sets of queryPARAMS
, sets of HTTPHEADERS
, orBOTH
. Series of requests that share the same set of header or parameter values identify each unique user. Blank values must remain consistently blank across the series of requests for the user to be identified.
userIdentificationKeyHeaders
(array of string values): WithuserIdentificationKeyType
set toHEADERS
orBOTH
, this specifies the HTTP headers whose combined set of values identify each end user.
userIdentificationKeyParams
(array of string values): WithuserIdentificationKeyType
set toPARAMS
orBOTH
, this specifies the query parameters whose combined set of values identify each end user.
resetOnValid
(boolean): Upon receiving a valid request, enabling this resets thepenaltyThreshold
counter to zero. Otherwise, even those series of invalid requests that are interrupted by valid requests may trigger thepenaltyAction
. (In the Beta API, please substitute"true"
and"false"
string values.)
validateOnOriginWith
(enum string): For any validation that edge servers can’t perform alone, this specifies additional validation steps based on how the origin identifies an invalid request. If a request is invalid, the origin can indicate this to the edge server either with aRESPONSE_CODE
orRESPONSE_CODE_AND_HEADER
. If no additional validation is necessary, specifyDISABLED
.
validateOnOriginHeaderName
(string): IfvalidateOnOriginWith
is set toRESPONSE_CODE_AND_HEADER
, this specifies the header name for a request that the origin identifies as invalid.
validateOnOriginHeaderValue
(string): IfvalidateOnOriginWith
is set toRESPONSE_CODE_AND_HEADER
, this specifies an invalid request’s header value that corresponds to thevalidateOnOriginHeaderName
.
validateOnOriginResponseCode
(number): UnlessvalidateOnOriginWith
isDISABLED
, this identifies the integer response code for requests the origin identifies as invalid.
failureAction
(enum string): For invalid requests that do not yet exceed thepenaltyThreshold
, this specifies the response, eitherDENY_403
orREDIRECT_302
.
failure302Uri
(string): WithfailureAction
set toREDIRECT_302
, this specifies the redirect link for invalid requests that have not yet triggered a penalty.
failureNetStorage
(object): WithfailureAction
set toDENY_403
, this specifies the NetStorage account that serves out the failure’s static 403 response content. Details appear in an object featuring adownloadDomainName
string member that identifies the NetStorage hostname, and an integercpCode
to track the traffic.
failure403NetStoragePath
(string): WithfailureAction
set toDENY_403
, this specifies the full path to the static 403 response content relative to thedownloadDomainName
in thefailureNetStorage
object.
penaltyThreshold
(number): Specifies the number of invalid requests permitted before executing thepenaltyAction
.
penaltyAction
(enum string): Once thepenaltyThreshold
of invalid requests is met, this specifies the response, eitherDENY_403
orREDIRECT_302
.
penalty302Uri
(string): WithpenaltyAction
set toREDIRECT_302
, this specifies the redirect link for end users who trigger the penalty.
penaltyNetStorage
(object): WithpenaltyAction
set toDENY_403
, this specifies the NetStorage account that serves out the penalty’s static 403 response content. Details appear in an object featuring adownloadDomainName
string member that identifies the NetStorage hostname, and an integercpCode
to track the traffic.
penalty403NetStoragePath
(string): WithpenaltyAction
set toDENY_403
, this specifies the full path to the static 403 response content relative to thedownloadDomainName
in thepenaltyNetStorage
object.
instant
The Instant feature allows you to prefetch content to the edge cache by adding link relation attributes to markup. For example:
<a href="page2.html" rel="Akamai-prefetch">Page 2</a>
Default link relation values are prefetch
and Akamai-prefetch
.
Applies only to HTML elements that may specify an external file:
<a>
, <base>
, <img>
, <script>
, <input>
, <link>
, <table>
,
<td>
, or <th>
. (For the latter three, some legacy browsers support
a nonstandard background
image attribute.)
NOTE: This behavior provides an alternative to the
prefetch
andprefetchable
behaviors, which allow you to configure more general prefetching behavior outside of markup.
Options:
prefetch_cacheable
(boolean): When enabled, applies prefetching only to objects already set to be cacheable, for example using thecaching
behavior. Only applies to content with thetieredDistribution
behavior enabled. (In the Beta API, please substitute"on"
and"off"
string values.)
prefetch_no_store
(boolean): Allows otherwise non-cacheableno-store
content to prefetch if the URL path ends with/
to indicate a request for a default file, or if the extension matches the value of theprefetch_no_store_ext
option. Only applies to content with thesureRoute
behavior enabled. (In the Beta API, please substitute"on"
and"off"
string values.)
prefetch_no_store_ext
(array of string values): Specifies a set of file extensions for which theprefetch_no_store
option is allowed.
prefetch_html
(boolean): When enabled, allows edge servers to prefetch additional HTML pages while pages that link to them are being delivered. This only applies to links from<a>
or<link>
tags with the appropriate link relation attribute. (In the Beta API, please substitute"on"
and"off"
string values.)
customize_rel_attr
(array of string values): Specify link relation values that activate the prefetching behavior. For example, specifyingfetch
allows you to use shorterrel="fetch"
markup.
Related Behaviors: enhancedAkamaiProtocol
,
dnsAsyncRefresh
, redirect
,
cacheError
, webApplicationFirewall
,
cacheRedirect
instantConfig
Multi-Domain Configuration, also known as InstantConfig, allows you to apply property settings to all incoming hostnames based on a DNS lookup, without explicitly listing them among the property’s hostnames.
Options:
status
(boolean): Enables the InstantConfig behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: mdc
Related Behaviors: allowPost
,
allHttpInCacheHierarchy
,
allowPut
, webApplicationFirewall
,
edgeOriginAuthorization
, denyAccess
largeFileOptimization
The Large File
Optimization feature improves performance and reliability when
delivering large files. This behavior is required for objects larger
than 1.8GB, and recommended for anything over 100MB. You should apply
it only to the specific content that needs optimization, such as a
download directory’s .gz
files, and enable the filenames_changed
option while enforcing your own filename versioning policy.
NOTE: It is best to use NetStorage for objects larger than 1.8GB.
Options:
status
(boolean): Enables the file optimization behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
lfo_type
(enum string): Caches entire objects if set tononpoc
. Otherwise when set topoc
, allows partial-object caching, which always applies to large objects served from NetStorage. To enable this, the origin must support byte range requests.
min_size
(string): Optimization only applies to files larger than this, expressed as a number suffixed with a unit string such asMB
orGB
.
max_size
(string): Optimization does not apply to files larger than this, expressed as a number suffixed with a unit string such asMB
orGB
.
filenames_changed
(boolean): Whenlfo_type
is set topoc
, enabling this option signals your intention to vary filenames by version, strongly recommended to avoid serving corrupt content when chunks come from different versions of the same file. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: largefileoptimizations
Related Behaviors: cacheKeyQueryParams
,
cacheError
, cacheRedirect
,
dnsAsyncRefresh
,
removeVary
,
cacheKeyIgnoreCase
limitBitRate
Control the rate at which
content is served to end users, optionally varying the speed depending
on the file size or elapsed download time. Each bit rate specified in
the bitrateTable
array corresponds to a thresholdTable
entry that
activates it. You can use this behavior to prevent media downloads
from progressing faster than they are viewed, for example, or to
differentiate various tiers of end-user experience.
Options:
option
(boolean): When enabled, activates the bit rate limiting behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
bitrateTable
(array): Specifies a download rate that corresponds to athresholdTable
entry. The bit rate appears as a two-member object consisting of a numericbitrateValue
and abitrateUnit
string, with allowed values ofKbps
,Mbps
, andGbps
. For example:"bitrateTable": [ { "bitrateValue": 1, "bitrateUnit": "Kbps" } ]
thresholdTable
(array): Specifies the minimum size of the file or the amount of elapsed download time before applying the bit rate limit from the correspondingbitrateTable
entry. The threshold appears as a two-member object consisting of a numericthresholdValue
andthresholdUnit
string, with allowed values ofs
orB
. This example throttles a download that lasts more than 5 seconds:"thresholdTable": [ { "thresholdValue": 5, "thresholdUnit": "s" } ]
Feature Previously Named: bitratelimiting
Related Behaviors: cacheError
,
downstreamCache
,
cacheKeyIgnoreCase
,
modifyOutgoingRequestHeader
,
allowPost
, rewriteUrl
mediaFileRetrievalOptimization
Media File Retrieval Optimization (MFRO) speeds the delivery of large media files by relying on caches of partial objects. It is recommended for files larger than 100 MB, is required for files larger than 1.8 GB, and works best with NetStorage.
Options:
status
(boolean): Enables the partial-object caching behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: mfro
modifyIncomingRequestHeader
Modify, add, remove, or pass along specific request headers coming upstream from the client.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a custom_header_name
if the
standard name is set to other
. The header_value
serves as a match
condition when the action is delete
or modify
, and the
new_header_value
applies when the action is add
or modify
.
See also modifyIncomingResponseHeader
,
modifyOutgoingRequestHeader
, and
modifyOutgoingResponseHeader
.
Options:
action
(enum string): Eitheradd
,delete
,modify
, orpass
incoming HTTP request headers.
standard_add_header_name
(enum string): If the value ofaction
isadd
, this specifies the name of the field to add, eitheraccept-encoding
,accept-language
, orother
.
standard_delete_header_name
(enum string): If the value ofaction
isdelete
, this specifies the name of the field to remove, eitherif-modified-since
,via
, orother
.
standard_modify_header_name
(enum string): If the value ofaction
ismodify
, this specifies the name of the field to modify, eitheraccept-encoding
,accept-language
, orother
.
standard_pass_header_name
(enum string): If the value ofaction
ispass
, this specifies the name of the field to pass through, eitheraccept-encoding
,accept-language
, orother
.
custom_header_name
(string): Specifies a custom field name that applies when the relevant standard header name is set toother
.
header_value
(string): With theaction
set toadd
, specifies the new header value.
new_header_value
(string): With theaction
set tomodify
, supplies an HTTP header replacement value.
multi_headers_avoidance
(boolean): When enabled with theaction
set tomodify
, prevents creation of more than one instance of a header. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: modincomingreqheader
Related Behaviors: modifyOutgoingResponseHeader
,
modifyOutgoingRequestHeader
,
cacheKeyQueryParams
,
redirect
, denyAccess
,
cacheError
modifyIncomingResponseHeader
Modify, add, remove, or pass along specific response headers coming downstream from the origin.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a custom_header_name
if the
standard name is set to other
. The header_value
serves as a match
condition when the action is delete
or modify
, and the
new_header_value
applies when the action is add
or modify
.
See also modifyIncomingRequestHeader
,
modifyOutgoingRequestHeader
, and
modifyOutgoingResponseHeader
.
Options:
action
(enum string): Eitheradd
,delete
,modify
, orpass
incoming HTTP response headers.
standard_add_header_name
(enum string): If the value ofaction
isadd
, this specifies the name of the field to add, any of the following values:
cache-control content-type edge-control expires last-modified other
standard_delete_header_name
(enum string): If the value ofaction
isdelete
, this specifies the name of the field to remove, eithercache-control
,content-type
,vary
, orother
.
standard_modify_header_name
(enum string): If the value ofaction
ismodify
, this specifies the name of the field to modify, eithercache-control
,content-type
,edge-control
, orother
.
standard_pass_header_name
(enum string): If the value ofaction
ispass
, this specifies the name of the field to pass through, eithercache-control
,expires
,pragma
, orother
.
custom_header_name
(string): Specifies a custom field name that applies when the relevant standard header name is set toother
.
header_value
(string): With theaction
set toadd
, specifies the header’s new value.
new_header_value
(string): With theaction
set tomodify
, specifies an HTTP header replacement value.
multi_headers_avoidance
(boolean): When enabled with theaction
set tomodify
, prevents creation of more than one instance of a header. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: modincomingrespheader
Related Behaviors: cacheKeyQueryParams
,
modifyOutgoingResponseHeader
,
cacheError
, redirect
,
removeVary
, denyAccess
modifyOutgoingRequestHeader
Modify, add, remove, or pass along specific request headers going upstream towards the origin.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a custom_header_name
if the
standard name is set to other
. The header_value
serves as a match
condition when the action is delete
or modify
, and the
new_header_value
applies when the action is add
or modify
.
Whole-text replacements apply when the action is modify
, and
substitutions apply when set to regex
.
See also modifyIncomingRequestHeader
,
modifyIncomingResponseHeader
, and
modifyOutgoingResponseHeader
.
Options:
action
(enum string): Eitheradd
ordelete
outgoing HTTP request headers,modify
their fixed values, or specify aregex
pattern to transform them.
standard_add_header_name
(enum string): If the value ofaction
isadd
, this specifies the name of the field to add, eitheruser-agent
orother
.
standard_delete_header_name
(enum string): If the value ofaction
isdelete
, this specifies the name of the field to remove, eitherpragma
,user-agent
,via
, orother
.
standard_modify_header_name
(enum string): If the value ofaction
ismodify
orregex
, this specifies the name of the field to modify, eitheruser-agent
orother
.
custom_header_name
(string): Specifies a custom field name that applies when the relevant standard header name is set toother
.
header_value
(string): With theaction
set toadd
, specifies the new header value.
new_header_value
(string): With theaction
set tomodify
, specifies an HTTP header replacement value.
regex_header_match
(string): When theaction
isregex
, specifies a Perl-compatible regular expression to match within the header value.
regex_header_replace
(string): When theaction
isregex
, specifies text that replaces theregex_header_match
pattern within the header value.
match_multiple
(boolean): When enabled with theaction
set toregex
, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled. (In the Beta API, please substitute"on"
and"off"
string values.)
multi_headers_avoidance
(boolean): When enabled with theaction
set tomodify
, prevents creation of more than one instance of a header. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: modoutgoingreqheader
Related Behaviors: modifyOutgoingResponseHeader
,
denyAccess
, redirect
,
cacheError
, removeVary
,
rewriteUrl
modifyOutgoingResponseHeader
Modify, add, remove, or pass along specific response headers going downstream towards the client.
Depending on the type of action
you want to perform, specify the
corresponding standard header name, or a custom_header_name
if the
standard name is set to other
. The header_value
serves as a match
condition when the action is delete
or modify
, and the
new_header_value
applies when the action is add
or modify
.
Whole-text replacements apply when the action is modify
, and
substitutions apply when set to regex
.
See also modifyIncomingRequestHeader
,
modifyIncomingResponseHeader
, and
modifyOutgoingRequestHeader
Options:
action
(enum string): Eitheradd
ordelete
outgoing HTTP response headers,modify
their fixed values, or specify aregex
pattern to transform them.
standard_add_header_name
(enum string): If the value ofaction
isadd
, this specifies the name of the field to add, any of the following values:
access-control-allow-credentials access-control-allow-headers access-control-allow-methods access-control-allow-origin access-control-expose-headers access-control-max-age cache-control content-disposition content-type edge-control pragma P3P other
standard_delete_header_name
(enum string): If the value ofaction
isdelete
, this specifies the name of the field to remove, any of the following values:
access-control-allow-credentials access-control-allow-headers access-control-allow-methods access-control-allow-origin access-control-expose-headers access-control-max-age cache-control content-disposition content-type expires pragma P3P other
standard_modify_header_name
(enum string): If the value ofaction
ismodify
orregex
, this specifies the name of the field to modify, any of the following values:
access-control-allow-credentials access-control-allow-headers access-control-allow-methods access-control-allow-origin access-control-expose-headers access-control-max-age cache-control content-disposition content-type pragma P3P other
custom_header_name
(string): Specifies a custom field name that applies when the relevant standard header name is set toother
.
header_value
(string): Specifies the existing value of the header to match.
new_header_value
(string): With theaction
set tomodify
, specifies the new HTTP header replacement value.
regex_header_match
(string): When theaction
isregex
, specifies a Perl-compatible regular expression to match within the header value.
regex_header_replace
(string): When theaction
isregex
, specifies text that replaces theregex_header_match
pattern within the header value.
match_multiple
(boolean): When enabled with theaction
set toregex
, replaces all occurrences of the matched regular expression, otherwise only the first match if disabled. (In the Beta API, please substitute"on"
and"off"
string values.)
multi_headers_avoidance
(boolean): When enabled with theaction
set tomodify
, prevents creation of more than one instance of a header. The last header clobbers others with the same name. This option affects the entire set of outgoing headers, and is not confined to the subset of regular expression matches. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: modoutgoingrespheader
Related Behaviors: cacheError
, redirect
,
cacheKeyQueryParams
,
removeVary
, denyAccess
,
modifyOutgoingRequestHeader
netSession
This behavior enables various features of NetSession, a client-side download manager application that’s especially appropriate for large file downloads. For the feature to work, the end user must download the DLM client.
Options:
netsession
(boolean): Enables NetSession DLM capabilities for this content. (In the Beta API, please substitute"on"
and"off"
string values.)
enable_domain
(boolean): … (In the Beta API, please substitute"on"
and"off"
string values.)
enable_dlm
(boolean): When enabled, launches files once they fully download. For example, specify this option to run an executable application. (In the Beta API, please substitute"on"
and"off"
string values.)
enable_download_clients
(boolean): When enabled, allows download clients to form a peer-to-peer network to reduce transmission time. (In the Beta API, please substitute"on"
and"off"
string values.)
disable_reporting
(boolean): Disable download state reporting via HTTP beacon messages. Otherwise when enabled, you can view the state of each download by choosing Monitor⇒Download Analytics on the DLM client. (In the Beta API, please substitute"on"
and"off"
string values.)
resume_url
(array of string values): Specify an alternate domain from which to resume a paused download. This generates a corresponding shortcut link on the end user’s desktop that disappears after the download is complete.
org_name
(string): The name of the organization that displays in the NetSession client DLM interface.
support_url
(string): A supporting link to theorg_name
that displays in the NetSession client DLM interface.
Feature Previously Named: netsession
networkConditionsHeader
Instructs edge
servers to send an X-Akamai-Network-Condition
header to the origin
assessing the quality of the network.
Options:
behavior
(enum string): If set to2tier
, assessment is eitherExcellent
orPoor
. If set to3tier
, the assessment can also beFair
.
Feature Previously Named: networkconditionsheader
Related Behaviors: tcpOptimization
, adaptiveImageCompression
,
deviceCharacteristicCacheId
, shutr
origin
Specify the hostname and settings used to contact the origin once service begins. You can use your own origin, NetStorage, an Edge Load Balancing origin, or a SaaS dynamic origin.
Options:
type
(enum string): Choose whether to fetch your content from your own server (customer
), your NetStorage account (netstorage
), any available Edge Load Balancing origin (elb_origin_group
), or a SaaS dynamic origin (saas_dynamic_origin
). NetStorage is most appropriate for static content.
netstorage
(object): If thetype
isnetstorage
, this option specifies the details of the netstorage server. For example:"netstorage": { "id" : "id_string", "name" : "Example Downloads", "downloadDomainName" : "example.download.akamai.com", "cpCode" : 12345 }
origin_id
(string): With the origintype
set toelb_origin_group
, identifies the Edge Load Balancing origin. This must correspond to anedgeLoadBalancingOrigin
behavior’sid
attribute within the same property.
hostname
(string): With the origintype
set tocustomer
, this specifies the hostname or IPv4 address of your origin server, from which edge servers can retrieve your content.
saas_type
(enum string): Withtype
set tosaas_dynamic_origin
, specifies the part of the request that identifies this SaaS dynamic origin, eitherpath
,cookie
,query_string
, orhostname
.
saas_cname_enabled
(boolean): Withsaas_type
set tohostname
, enabling this allows you to use a CNAME chain to determine the hostname for this SaaS dynamic origin. (In the Beta API, please substitute"on"
and"off"
string values.)
saas_cname_level
(number): Withsaas_type
set tohostname
andsaas_cname_enabled
on, specifies the desired number of hostnames to use in the CNAME chain, starting backwards from the edge server.
saas_cookie
(string): With thetype
set tosaas_dynamic_origin
and thesaas_type
set tocookie
, this specifies the name of the cookie that identifies this SaaS dynamic origin.
saas_query_string
(string): With thetype
set tosaas_dynamic_origin
and thesaas_type
set toquery_string
, this specifies the name of the query parameter that identifies this SaaS dynamic origin.
saas_regex
(string): With thetype
set tosaas_dynamic_origin
, this specifies the Perl-compatible regular expression match that identifies this SaaS dynamic origin.
saas_replace
(string): Specifies replacement text for whatsaas_regex
matches.
saas_suffix
(string): With thetype
set tosaas_dynamic_origin
, specifies the static part of the SaaS dynamic origin.
forwardhostheader
(enum string): When thetype
is set to eithercustomer
orsaas_dynamic_origin
, this specifies whichHost
header to pass to the origin:requesthostheader
passes the original request’s header.originhostname
passes the current origin’shostname
.custom
passes the value ofcustomforwardhostheader
. Use this option if you want requests handled by different properties to converge on the same cached object.
customforwardhostheader
(string): Withforwardhostheader
set tocustom
, this specifies the name of the custom host header the edge server should pass to the origin.
cachekeyhostname
(enum string): With the origintype
set tocustom
, this specifies the hostname to use when forming a cache key. Specifyoriginhostname
if your origin server’s responses do not depend on the hostname, otherwise specifyrequesthostheader
when using a virtual server.
compression
(boolean): Enables gzip compression for non-NetStorage origins. (In the Beta API, please substitute"on"
and"off"
string values.)
tcip_enabled
(boolean): When enabled on non-NetStorage origins, allows you to send a custom header (thetcip_header
) identifying the IP address of the immediate client connecting to the edge server. This may provide more useful information than the standardX-Forward-For
header, which proxies may modify. (In the Beta API, please substitute"on"
and"off"
string values.)
tcip_header
(string): Withtcip_enabled
on, this specifies the name of the field identifying the end client’s IP address, for exampleTrue-Client-IP
.
tcip_allow_clients_to_set
(boolean): Withtcip_enabled
on along with this option, if a client sets theTrue-Client-IP
header, the edge server allows it and passes the value to the origin. Otherwise the edge server removes it and sets the value itself. (In the Beta API, please substitute"on"
and"off"
string values.)
origin_cert_delegate
(enum string): For non-NetStorage origins, maximize security by controlling which certificates edge servers should trust, eitherdelegate
,warn
,custom
, orno_selection
. (This option only applies if the property is marked as secure. See the Rules section for details on theis_secure
property option.)
origin_cert_valid_cn_other
(array of string values): Withorigin_cert_delegate
set tocustom
, specifies values to look for in the origin certificate’sSubject Alternate Name
orCommon Name
fields. Specify{{Origin Hostname}}
and{{Forward Host Header}}
as variables in the order you want them to be evaluated.
origin_certs_to_honor
(enum string): Withorigin_cert_delegate
set tocustom
, specifies whether to trust pinned origin server certificates (custom_certs
), any certificate signed by an Akamai-managed authority set (standard_cas
), or any certificate signed by a custom authority set you manage (custom_cas
). If set tocombo
, may rely on all three inputs.
origin_cert_standard_cas
(object): Withorigin_certs_to_honor
set to eitherstandard_cas
orcombo
, specifies an array of Akamai-managed certificate names. Currently, the only allowed value isakamai-permissive
.
origin_cert_custom_cas
(object): Withorigin_certs_to_honor
set to eithercustom_cas
orcombo
, specifies an array of certification objects. Contact your Akamai representative for details on this object’s requirements.
origin_cert_custom_certs
(object): Withorigin_certs_to_honor
set to eithercustom_certs
orcombo
, specifies an array of certification objects. Contact your Akamai representative for details on this object’s requirements.
http_port
(string): Specifies the port on your origin server to which edge servers should connect for HTTP requests, customarily80
.
https_port
(string): Specifies the port on your origin server to which edge servers should connect for secure HTTPS requests, customarily443
. (This option only applies if the property is marked as secure. See [Rule Behaviors][xi_rulebehaviors] for details on theis_secure
property option.)
persistentClientConnection
This
read-only behavior activates
persistent connections between edge servers and clients, which allow
for better performance and more efficient use of resources. Compare
with the persistentConnection
behavior,
which configures persistent connections for the entire journey from
origin to edge to client. Contact Akamai Professional Services for help configuring
either.
WARNING: Disabling or removing this behavior may negatively affect performance.
Options:
status
(boolean): Enables the persistent connections behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
timeout
(duration string): Specifies the timeout period after which edge server closes the persistent connection with the client, 500 seconds by default.
Feature Previously Named: clientpconns
Related Behaviors: removeVary
,
cacheKeyQueryParams
,
dnsAsyncRefresh
,
denyAccess
, redirect
,
prefreshCache
persistentConnection
A read-only
behavior that enables more
efficient persistent connections from origin to edge server to
client. Compare with the
persistentClientConnection
behavior, which customizes persistent connections from edge to
client. Contact Akamai Professional Services for help configuring either.
WARNING: Disabling this behavior wastes valuable browser resources. Leaving connections open too long makes them vulnerable to attack. Avoid both of these scenarios.
Options:
status
(boolean): Enables persistent connections. (In the Beta API, please substitute"on"
and"off"
string values.)
timeout
(duration string): Specifies the timeout period after which edge server closes a persistent connection.
Feature Previously Named: pconns
Related Behaviors: cacheKeyIgnoreCase
, webApplicationFirewall
,
cacheKeyQueryParams
,
redirect
, cacheError
,
dnsAsyncRefresh
personallyIdentifiableInformation
Marks content covered by the current rule as sensitive personally identifiable information that needs to be treated as secure and private. That includes anything involving personal information: name, social security number, date and place of birth, mother’s maiden name, biometric data, or any other data linked to an individual. If you attempt to save a property with such a rule that also caches or logs sensitive content, the added behavior results in a validation error.
WARNING: This feature only identifies some vulnerabilities. For example, it does not prevent you from including secure information in a query string or writing it to an origin folder. It also can’t tell whether the SSL protocol is in effect.
Options:
treat_as_pii
(boolean): When enabled, marks content as personally identifiable information (PII). (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: pii
Related Behaviors: cacheKeyQueryParams
, webApplicationFirewall
,
redirect
,
cacheKeyIgnoreCase
,
cacheError
, allowDelete
predictivePrefetching
This behavior potentially reduces the client’s page load time by pre-caching objects based on historical data for the page, not just its current set of referenced objects. It also detects second-level dependencies, such as objects retrieved by JavaScript.
Options:
status
(boolean): Enables the predictive prefetching behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
accuracy-target
(enum string): The level of prefetching, eitherlow
,med
, orhigh
. A higher level results in better client performance, but potentially greater load on the origin.
Feature Previously Named: predictiveprefetching
prefetch
Instructs edge servers to retrieve
content linked from requested pages as they load, rather than waiting
for separate requests for the linked content. This behavior applies
depending on the rule’s set of matching conditions. Use in
conjunction with the prefetchable
behavior, which specifies the set of objects to prefetch.
Options:
enabled
(boolean): Applies prefetching behavior when enabled. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: prefetching
prefetchable
Allow matching objects to
prefetch into the edge cache as the parent page that links to them
loads, rather than waiting for a direct request. This behavior applies
depending on the rule’s set of matching conditions. Use
prefetch
to enable the overall behavior for
parent pages that contain links to the object.
Options:
enabled
(boolean): When enabled, allows matching content to prefetch when referenced on a requested parent page. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: prefetchableobject
Related Behaviors: gzipResponse
,
prefreshCache
, report
,
adaptiveImageCompression
, dnsAsyncRefresh
,
rewriteUrl
prefreshCache
Refresh cached content before its time-to-live (TTL) expires, to keep end users from having to wait for the origin to provide fresh content.
Prefreshing starts asynchronously based on a percentage of remaining TTL. The edge serves the prefreshed content only after the TTL expires. If the percentage is set too high, and there is not enough time to retrieve the object, the end user waits for it to refresh from the origin, as is true by default without this prefresh behavior enabled. The edge does not serve stale content.
Options:
enabled
(boolean): Enables the cache prefreshing behavior. (In the Beta API, please substitute"true"
and"false"
string values.)
prefreshval
(number within 0–100 range): Specifies when the prefresh occurs as a percentage of the TTL. For example, for an object whose cache has 10 minutes left to live, and an origin response that is routinely less than 30 seconds, a percentage of95
prefreshes the content without unnecessarily increasing load on the origin.
Feature Previously Named: cacheprefresh
Related Behaviors: removeVary
,
cacheKeyIgnoreCase
,
cacheError
,
cacheKeyQueryParams
,
tieredDistribution
,
cacheRedirect
randomSeek
Optimizes .flv
and .mp4
files to allow random jump-point navigation.
Options:
flv
(boolean): Enables random seek optimization in FLV files. (In the Beta API, please substitute"true"
and"false"
string values.)
mp4
(boolean): Enables random seek optimization in MP4 files. (In the Beta API, please substitute"true"
and"false"
string values.)
max_size
(string): With themp4
option enabled, sets the maximum size of the MP4 file to optimize, expressed as a number suffixed with a unit string such asMB
orGB
.
Feature Previously Named: randomseek
readTimeout
A read-only
behavior that specifies how
long the edge server should wait for a response from the requesting
forward server after a connection has already been established. Any
failure to read aborts the request and sends a 504
Gateway Timeout
error to the client. Contact Akamai Professional Services for help configuring this
behavior.
Options:
timeout
(duration string): Specifies the read timeout necessary before failing with a504
error. This value should never be zero.
Feature Previously Named: readtimeout
Related Behaviors: removeVary
,
cacheError
, redirect
,
cacheKeyQueryParams
,
dnsAsyncRefresh
, webApplicationFirewall
realUserMonitoring
Real User Monitoring
(RUM) injects JavaScript into HTML pages served to end-user
clients that monitors page-load performance and reports on various
data, such as browser type and geographic location. See
report
for information on how to configure logs.
Akamai customers can consult the documentation for Real User Monitoring for more information on this behavior.
Options:
status
(boolean): When enabled, activates real-use monitoring. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: rum
redirect
Respond to the client request
with a redirect without contacting the origin. Specify the redirect as
a path expression starting with a /
character relative to the
current root, or as a fully qualified URL. This behavior relies
primarily on destination_host
and destination_path
to manipulate
the hostname and path independently.
Options:
mobile_default_choice
(enum string): When set tomobile
, allows only a302
response code. When set todefault
, allows all otherresponseCode
values.
destination_protocol
(enum string): Choose the protocol for the redirect URL, eitherhttp
,https
, orsame_as_request
to pass through the original protocol.
destination_host
(enum string): Specify how to change the requested hostname, independently from the pathname:subdomain
prepends a subdomain from thedestination_host_subdomain
field.sibling
replaces the leftmost subdomain with thedestination_host_sibling
field.other
specifies a static domain in thedestination_host_other
field.same_as_request
preserves the hostname unchanged.
destination_host_subdomain
(string): Ifdestination_host
is set tosubdomain
, this specifies a subdomain to prepend to the current hostname. For example, a value ofm
changeswww.example.com
tom.www.example.com
.
destination_host_sibling
(string): Ifdestination_host
is set tosibling
, this specifies the subdomain with which to replace to the current hostname’s leftmost subdomain. For example, a value ofm
changeswww.example.com
tom.example.com
.
destination_host_other
(string): Ifdestination_host
is set toother
, this specifies the full hostname with which to replace the current hostname.
destination_path
(enum string): Specify how to change the requested pathname, independently from the hostname:prefix_request
prepends a path with thedestination_path_prefix
field. You also have the option to specify a suffix usingdestination_path_suffix
anddestination_path_suffix_status
.other
replaces the current path with thedestination_path_other
field.same_as_request
preserves the current path unchanged.
destination_path_prefix
(string): Whendestination_path
is set toprefix_request
, this prepends the current path. For example, a value of/prefix/path
changes/example/index.html
to/prefix/path/example/index.html
.
destination_path_suffix_status
(enum string): Whendestination_path
is set toprefix_request
, this gives you the option of adding a suffix. Specifyno_suffix
if you want to preserve the end of the path unchanged. If you specifysuffix
, thedestination_path_suffix
provides the value.
destination_path_suffix
(string): Whendestination_path
is set toprefix_request
anddestination_path_suffix_status
is set tosuffix
, this specifies the suffix to append to the path.
destination_path_other
(string): Whendestination_path
is set toprefix_request
, this replaces the current path.
queryString
(boolean): When enabled, passes incoming query string parameters as part of the redirect URL. (In the Beta API, please substitute"ignore"
and"append"
string values.)
responseCode
(enum string): Specify the redirect’s response code:301
(Moved Permanently),302
(Found),303
(See Other), or307
(Temporary Redirect).
Related Behaviors: cacheKeyQueryParams
,
cacheError
, removeVary
,
webApplicationFirewall
, denyAccess
,
modifyOutgoingResponseHeader
refererChecking
Limits allowed requests to a set of domains you specify.
Options:
status
(boolean): Enables the referer-checking behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
strict
(boolean): When enabled, excludes requests whoseReferer
header include a relative path, or that are missing aReferer
. When disabled, only excludes requests whoseReferer
hostname is not part of thedomain
set. (In the Beta API, please substitute"on"
and"off"
string values.)
domain
(array of string values): Specifies the set of allowed domains. Withallowchildren
disabled, prefixing values with*.
specifies domains for which subdomains are allowed.
allowchildren
(boolean): When enabled, allows all subdomains for thedomain
set, just like adding a*.
prefix to each. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: refererchecking
Related Behaviors: cacheError
,
dnsAsyncRefresh
,
removeVary
,
tieredDistribution
,
cacheRedirect
, denyAccess
removeQueryParameter
Remove named query parameters before forwarding the request to the origin.
Options:
removelist
(array of string values): Specifies parameters to remove from the request.
Feature Previously Named: removeqsbyname
Related Behaviors: cacheKeyQueryParams
,
removeVary
, cacheError
,
downstreamCache
,
redirect
,
modifyOutgoingResponseHeader
removeVary
By default, responses that feature a
Vary
header value of anything other than Accept-Encoding
and a
corresponding Content-Encoding: gzip
header aren’t cached on edge
servers. Vary
headers indicate when a URL’s content varies depending
on some variable, such as which User-Agent
requests it. This
behavior simply removes the Vary
header to make responses cacheable.
WARNING: If your site relies on
Vary: User-Agent
to customize content, removing the header may lead the edge to serve content inappropriate for specific devices.
Options:
remove_vary
(boolean): When enabled, removes theVary
header to ensure objects can be cached. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: removevary
Related Behaviors: cacheError
,
cacheKeyIgnoreCase
,
redirect
,
cacheKeyQueryParams
,
cacheRedirect
, dnsAsyncRefresh
report
Specify the HTTP request headers or cookie names to log in your Akamai Log Delivery service reports.
Options:
host_enabled
(boolean): Log theHost
header. (In the Beta API, please substitute"on"
and"off"
string values.)
referer_enabled
(boolean): Log theReferer
header. (In the Beta API, please substitute"on"
and"off"
string values.)
useragent_enabled
(boolean): Log theUser-Agent
header. (In the Beta API, please substitute"on"
and"off"
string values.)
acceptlang_enabled
(boolean): Log theAccept-Language
header. (In the Beta API, please substitute"on"
and"off"
string values.)
cookie_mode
(enum string): With a set of definedcookie
names, specifies whether you want to logall
orsome
cookies, or to turnoff
the feature to stop logging cookies.
cookies
(array of string values): Withcookie_mode
set tosome
, this specifies the set of cookies names whose values you want to log.
Feature Previously Named: reporting
Related Behaviors: gzipResponse
,
prefetchable
,
prefreshCache
,
dnsAsyncRefresh
,
rewriteUrl
, redirect
requestControl
The Request Control Cloudlet allows you to control access to your web content based on the incoming request’s IP or geographic location. Assuming cloudlets are available on your contract, choose Configure⇒Cloudlets to control how the feature works, or use the Cloudlets API to configure it programmatically.
Options:
status
(boolean): Enables the Request Control Cloudlet. (In the Beta API, please substitute"on"
and"off"
string values.)
nimbus_policy_token
(string): Specifies the name of the Request Control policy, using alphanumeric and underscore characters.
enable_branded_403
(boolean): If enabled, serves a branded 403 page for this Cloudlet instance. (In the Beta API, please substitute"true"
and"false"
string values.)
netstorage
(object): Specifies the NetStorage domain that contains the branded 403 page.
branded_403_file
(string): Specifies the full path of the branded 403 page, including the filename, but excluding the NetStorage CP code path component.
responseCode
Change the existing
response code. For example, if your origin sends a 301
permanent
redirect, this behavior can change it on the edge to a temporary 302
redirect.
Options:
statuscode
(enum string): The HTTP status code to replace the existing one, any of the following:100
,101
,102
,103
,122
,200
,201
,202
,203
,204
,205
,206
,207
,226
,300
,301, 302
,303
,304
,305
,306
,307
,308
,400
,401
,402
,403
,404
,405
,406, 407
,408
,409
,410
,411
,412
,413
,414
,415
,416
,417
,422
,423
,424, 425
,426
,428
,429
,431
,444
,449
,450
,499
,500
,501
,502
,503
,504, 505
,506
,507
,509
,510
,511
,598
,599
.
enable206override
(boolean): When enabled, allows any specified200
success code to override a206
partial-content code, in which case the response’s content length matches the requested range length. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: setresponsecode
Related Behaviors: redirect
,
cacheError
,
modifyOutgoingResponseHeader
,
denyAccess
,
cacheKeyQueryParams
,
rewriteUrl
responseCookie
Set a cookie to send downstream to the client, either with a fixed value or a unique stamp.
Options:
status
(boolean): When enabled, allows you to set a response cookie. (In the Beta API, please substitute"on"
and"off"
string values.)
name
(string): Specifies the name of the cookie, which serves as a key to determine if the cookie is set.
type
(enum string): Assign either aunique
value, or afixed
one based on thevalue
field.
value
(string): If the cookietype
isfixed
, this specifies the cookie value.
format
(enum string): When thetype
of cookie is set tounique
, set this to eitherApache
orAkamai
format. The latter format adds milliseconds to the date stamp.
defaultDomain
(enum string): Either use thedefault
domain, or aspecific
one from thedomain
fields.
defaultPath
(enum string): Either use thedefault
path value, or aspecific
one from thepath
field.
domain
(string): If thedefaultdompath
is set tospecific
, this sets the domain for which the cookie is valid. For example,example.com
makes the cookie valid for that hostname and all subdomains.
path
(string): If thedefaultdompath
is set tospecific
, sets the path component for which the cookie is valid.
expires
(enum string): Sets various ways to specify when the cookie expires:- A value of
never
lets the cookie persist indefinitely. - A value of
on_browser_close
limits the cookie to the duration of the session. - A value of
duration
requires a correspondingduration
field value. - A value of
fixed_date
requires a correspondingexpiration_date
field value.
- A value of
expiration_date
(ISO 8601 format date/time string): Ifexpires
is set tofixed_date
, this sets when the cookie expires as a UTC date and time.
duration
(duration string): Ifexpires
is set toduration
, this sets the cookie’s lifetime.
secure
(boolean): When enabled, sets the cookie’sSecure
flag to transmit it withHTTPS
. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: setresponsecookie
Related Behaviors: redirect
,
cacheKeyQueryParams
,
modifyOutgoingResponseHeader
,
cacheError
, removeVary
,
webApplicationFirewall
restrictObjectCaching
A read-only behavior that is required to deploy the Object Caching product. It disables serving HTML content and limits the maximum object size to 100MB. Contact Akamai Professional Services for help configuring it.
Options:
html_disabled
(read-only string): Disables edge caching for HTML content.
maximum_size
(read-only string): Specifies a fixed maximum size of non-HTML content to cache.
Feature Previously Named: objectcachingrestrictions
rewriteUrl
Modifies the path of incoming requests to forward to the origin. This helps you offload URL-rewriting tasks to the edge to increase the origin server’s performance, allows you to redirect links to different targets without changing markup, and hides your original directory structure.
Except for regular expression replacements, this behavior manipulates
path expressions, which start and end with a /
character.
Options:
behavior
(enum string): The action to perform on the path:If set to
prepend
, specify thetargetpathprepend
. For example, if set to/prefix/
,/path1/page.html
changes to/prefix/path1/page.html
.If set to
replace
, specify thetrigger
andtargetpath
. For example, atrigger
of/path1/
and atargetpath
of/path1/path2/
changes/path1/page.html
to/path1/path2/page.html
.If set to
regexreplace
, specify thetriggerregex
andtargetregex
. For example, specifyinglogo\\.(png|gif|jpe?g)
andbrand\$1
changeslogo.png
tobrand.png
.If set to
rewrite
, specify thetargeturl
. For example, you can direct traffic to/error/restricted.html
.If set to
remove
, specify thetrigger
. For example, atrigger
of/path2/
changes/path1/path2/page.html
to/path1/page.html
.
trigger
(string): Whenbehavior
isremove
orreplace
, specifies the part of the incoming path you’d like to remove or modify.
triggerregex
(string): Whenbehavior
is set toregexreplace
, specifies the Perl-compatible regular expression to replace withtargetregex
.
targetregex
(string): Whenbehavior
is set toregexreplace
, this replaces whatever thetriggerregex
field matches, along with any captured sequences from\$1
through\$9
.
targetpath
(string): Whenbehavior
is set toreplace
, this path replaces whatever thetrigger
field matches in the incoming request’s path.
targetpathprepend
(string): Whenbehavior
is set toprepend
, specifies a path to prepend to the incoming request’s URL.
targeturl
(string): Whenbehavior
is set torewrite
, specifies the full path to request from the origin.
match_multiple
(boolean): When enabled, replaces all potential matches rather than only the first. (In the Beta API, please substitute"on"
and"off"
string values.)
keepqs
(boolean): When enabled, retains the original path’s query parameters. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: urlrewrite
Related Behaviors: cacheError
,
cacheKeyQueryParams
,
redirect
, denyAccess
,
removeVary
,
modifyOutgoingResponseHeader
rmaOptimization
This behavior is deprecated. Do not add it to any properties.
This behavior does not include any options. Specifying the behavior itself enables it.
Feature Previously Named: rmaoptimizations
Related Behaviors: cacheRedirect
,
cacheKeyIgnoreCase
,
cacheError
, redirect
,
webApplicationFirewall
, cacheKeyQueryParams
saasdefinitions
Configures how the
Software as a Service feature identifies customers, applications,
and users. A different set of options is available for each type of
targeted request, each enabled with the action
-suffixed option. In
each case, you can use path
, cookie
, query_string
, or hostname
components as identifiers, or disable
the SaaS behavior
for certain targets. If you rely on a hostname
, you also have the
option of specifying a CNAME chain rather than an individual
hostname. The various options suffixed regex
and replace
subsequently remove the identifier from the request.
NOTE: This behavior needs a sibling
origin
behavior whosetype
option is set tosaas_dynamic_origin
.
Options:
application_action
(enum string): Specifies the request component that identifies a SaaS application, eithercookie
,hostname
,path
, orquery_string
. Setting it todisabled
effectively ignores applications.
application_cookie
(string): Withapplication_action
set tocookie
, this specifies the name of the cookie that identifies the application.
application_query_string
(string): Withapplication_action
set toquery_string
, this names the query parameter that identifies the application.
application_cname_enabled
(boolean): Withapplication_action
set tohostname
, enabling this allows you to identify applications using a CNAME chain rather than a single hostname. (In the Beta API, please substitute"on"
and"off"
string values.)
application_cname_level
(number): Withapplication_cname_enabled
on, this specifies the number of CNAMEs to use in the chain.
application_regex
(string): Specifies a Perl-compatible regular expression with which to substitute the request’s application ID.
application_replace
(string): Specifies a string to replace the request’s application ID matched byapplication_regex
.
customer_action
(enum string): Specifies the request component that identifies a SaaS customer, eithercookie
,hostname
,path
, orquery_string
. Setting it todisabled
effectively ignores customers.
customer_cookie
(string): Withcustomer_action
set tocookie
, this specifies the name of the cookie that identifies the customer.
customer_query_string
(string): Withcustomer_action
set toquery_string
, this names the query parameter that identifies the customer.
customer_cname_enabled
(boolean): Withcustomer_action
set tohostname
, enabling this allows you to identify customers using a CNAME chain rather than a single hostname. (In the Beta API, please substitute"on"
and"off"
string values.)
customer_cname_level
(number): Withcustomer_cname_enabled
on, this specifies the number of CNAMEs to use in the chain.
customer_regex
(string): Specifies a Perl-compatible regular expression with which to substitute the request’s customer ID.
customer_replace
(string): Specifies a string to replace the request’s customer ID matched bycustomer_regex
.
users_action
(enum string): Specifies the request component that identifies a SaaS user, eithercookie
,hostname
,path
, orquery_string
. Setting it todisabled
effectively ignores users.
users_cookie
(string): Withusers_action
set tocookie
, this specifies the name of the cookie that identifies the user.
users_query_string
(string): Withusers_action
set toquery_string
, this names the query parameter that identifies the user.
users_cname_enabled
(boolean): Withusers_action
set tohostname
, enabling this allows you to identify users using a CNAME chain rather than a single hostname. (In the Beta API, please substitute"on"
and"off"
string values.)
users_cname_level
(number): Withuser_cname_enabled
on, this specifies the number of CNAMEs to use in the chain.
users_regex
(string): Specifies a Perl-compatible regular expression with which to substitute the request’s user ID.
users_replace
(string): Specifies a string to replace the request’s user ID matched byusers_regex
.
savePostDcaProcessing
A read-only
behavior, used in conjunction
with the cachePost
behavior, that allows the body of
POST requests to be processed through Dynamic Content Assembly.
Contact Akamai Professional Services for help configuring it.
Options:
enabled
(boolean): Enables processing of POST requests. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: save_post_dca_processing
Related Behaviors: cachePost
,
modifyOutgoingResponseHeader
,
modifyOutgoingRequestHeader
,
dnsAsyncRefresh
, redirect
,
denyAccess
scheduleInvalidation
Specifies when cached content that satisfies a rule’s criteria expires, optionally at repeating intervals. In addition to periodic cache flushes, you can use this behavior to minimize potential conflicts when related objects expire at different times.
WARNING: scheduled invalidations can significantly increase origin servers’ load when matching content expires simultaneously across all edge servers. As best practice, schedule expirations during periods of lowest traffic.
Options:
start
(ISO 8601 format date/time string): The UTC date and time when matching cached content is to expire.
repetition_enabled
(boolean): When enabled, invalidation recurs periodically from thestart
time based on therepeatinterval
time. (In the Beta API, please substitute"unchecked"
and"checked"
string values.)
repeatinterval
(duration string): Withrepetition_enabled
on, specifies how often to invalidate content from thestart
time, expressed in seconds. For example, an expiration set to midnight and an interval of86400
seconds invalidates content once a day.
NOTE: Repeating intervals of less than 5 minutes are not allowed for NetStorage origins.
refresh_method
(enum string): Specifies how to invalidate the content. Setting it toinvalidate
sends anIf-Modified-Since
request to the origin, re-caching the content only if it is fresher. Setting it topurge
re-caches content regardless of its freshness, potentially creating more traffic at the origin.
Feature Previously Named: scheduledinvalidation
Related Behaviors: redirect
,
removeVary
,
modifyOutgoingResponseHeader
,
cacheKeyQueryParams
,
cacheError
,
dnsAsyncRefresh
segmentedContentProtection
Validates authorization tokens at the edge server to prevent unauthorized link sharing.
Options:
segmentedcontentprotectionswitch
(boolean): Enables the segmented content protection behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
key
(string): Specifies the encryption key to use as a shared secret to validate tokens.
show_advanced
(boolean): When enabled, allows you to specify advancedtransitionKey
andsalt
options. (In the Beta API, please substitute"true"
and"false"
string values.)
transitionKey
(string): An alternate encryption key to match along with thekey
field, allowing you to rotate keys with no down time.
salt
(string): Specifies a salt as input into the token for added security. This value must match the salt used in the token generation code.
failureResponse
(enum string): Eitherverifyanddeny
orverifyonly
.
Feature Previously Named: segmentedcontentprotection
segmentedMediaOptimization
Optimizes segmented media for live or streaming delivery contexts.
Options:
behavior
(enum string): Set to either cachedon_demand
, or streaminglive
. (Onlyon_demand
is allowed for NetStorage origins.)
Feature Previously Named: segmentedmediaoptimization
shutr
The SHUTR protocol extends HTTP to reduce the amount of header data necessary for web transactions with mobile devices.
This behavior does not include any options. Specifying the behavior itself enables it.
Related Behaviors: enhancedAkamaiProtocol
,
redirect
, adaptiveImageCompression
, cacheRedirect
,
cacheError
, removeVary
simulateErrorCode
A read-only behavior that simulates various error response codes. Contact Akamai Professional Services for help configuring it.
Options:
error_type
(enum string): Specifies the type of error, any of the following:
err_connect_fail err_connect_timeout err_dns_fail err_dns_in_region err_dns_timeout err_no_good_fwd_ip err_read_error err_read_timeout err_sureroute_dns_fail err_write_error
timeout
(duration string): When theerror_type
iserr_connect_timeout
,err_dns_timeout
,err_sureroute_dns_fail
, orerr_read_timeout
, generates an error after the specified amount of time from the initial request.
Feature Previously Named: sim_error_codes
Related Behaviors: failAction
,
timeout
,
responseCookie
,
modifyIncomingRequestHeader
,
cacheRedirect
, cacheError
siteShield
A read-only behavior implementing the SiteShield feature, which helps prevent non-Akamai machines from contacting your origin. Your service representative periodically sends you a list of Akamai servers allowed to contact your origin, with which you establish an Access Control List on your firewall to prevent any other requests.
Options:
ssmap
(string): The hostname that identifies the SiteShield map, available from your Akamai representative.
Feature Previously Named: siteshield
Related Behaviors: webApplicationFirewall
,
redirect
, cacheError
,
denyAccess
,
cacheKeyQueryParams
,
cacheKeyIgnoreCase
spdy
The SPDY protocol enhances HTTPS traffic by using many concurrent connections to download objects within one TCP connection.
This behavior does not include any options. Specifying the behavior itself enables it.
NOTE: You can only apply this behavior if the property is marked as secure. See the Rules section for details on the
is_secure
property option.)
Related Behaviors: redirect
,
modifyIncomingRequestHeader
,
cacheKeyQueryParams
,
modifyOutgoingResponseHeader
, edgeSideIncludes
,
modifyIncomingResponseHeader
subCustomer
Enables various features of the Content Policy API, which allows Akamai partners to specify dynamic content policies for their customers’ content, supplementing the rules defined within the current property.
Options:
dynamicpolicy
(boolean): Allows the Content Policy API to dynamically modify content. (In the Beta API, please substitute"true"
and"false"
string values.)
origin
(boolean): Allows you to set the origin host. (In the Beta API, please substitute"true"
and"false"
string values.)
caching
(boolean): Allows you to modify content caching rules. (In the Beta API, please substitute"true"
and"false"
string values.)
referrer
(boolean): Allows you to set the referrer whitelist or blacklist. (In the Beta API, please substitute"true"
and"false"
string values.)
ip
(boolean): Allows you to specify an IP whitelist or blacklist. (In the Beta API, please substitute"true"
and"false"
string values.)
geo
(boolean): Allows you to specify a location-based whitelist or blacklist. (In the Beta API, please substitute"true"
and"false"
string values.)
contentrefresh
(boolean): Allows you to schedule when custom content is to revalidate. (In the Beta API, please substitute"true"
and"false"
string values.)
modifypath
(boolean): Allows you to modify the request path. (In the Beta API, please substitute"true"
and"false"
string values.)
cachekey
(boolean): Allows you to set which query parameters are included in the cache key. (In the Beta API, please substitute"true"
and"false"
string values.)
Feature Previously Named: subcustomerenable
sureRoute
The SureRoute feature continually tests different routes between origin and edge servers to identify the optimal path. By default, it conducts races to identify alternative paths to use in case of a transmission failure. These races increase origin traffic slightly.
This behavior allows you to configure SureRoute along with a test
object to improve delivery of non-cacheable no-store
or
bypass-cache
content. Since edge servers are already positioned as
close as possible to requesting clients, the behavior does not apply
to cacheable content.
Options:
sr_enabled
(boolean): Enables the SureRoute behavior, to optimize delivery of non-cached content. (In the Beta API, please substitute"true"
and"false"
string values.)
sr_type
(enum string): Specifies the set of edge servers used to test routes, either the defaultperformance
or acustommap
that must be provided to you by Akamai Professional Services.
custom_map
(string): Ifsr_type
iscustommap
, this specifies the map string provided to you by Akamai Professional Services, or included as part of the SiteShield product.
sr_test_object_url
(string): Specifies the path and filename for your origin’s test object to use in races to test routes.Akamai provides sample test objects for the Dynamic Site Accelerator and Web Application Accelerator products. If you want to use your own test object, it needs to be on the same origin server as the traffic being served through SureRoute. Make sure it returns a
200
HTTP response and does not require authentication. The file should be an average-sized static HTML file (Content-Type: text/html
) that is no smaller than 8KB, with no back-end processing.
NOTE: If you have more than one origin server deployed behind a load balancer, you can configure it to serve the test object directly on behalf of the origin, or route requests to the same origin server to avoid deploying the test object on each origin server.
sr_to_host_status
(enum string): If set toincoming_hh
, uses the incomingHost
header when requesting the SureRoute test object. If set toother
, usesr_to_host
to specify a customHost
header.
sr_to_host
(string): Ifsr_to_host_status
isother
, this specifies the customHost
header to use when requesting the SureRoute test object.
sr_race_stat_ttl
(duration string): Specifies the time-to-live to preserve SureRoute race results, typically30m
. If traffic exceeds a certain threshold after TTL expires, the overflow is routed directly to the origin, not necessarily optimally. If traffic remains under the threshold, the route is determined by the winner of the most recent race.
sr_force_ssl_fw
(boolean): Forces SureRoute to use SSL when requesting the origin’s test object, appropriate if your origin does not respond to HTTP requests, or responds with a redirect to HTTPS. (In the Beta API, please substitute"true"
and"false"
string values.)
sr_stat_key_mode
(enum string): When set todefault
, caches race results under the race destination’s hostname. If set tocustom
, usecustom_stat_key
to specify a custom hostname.
custom_stat_key
(string): Withsr_stat_key_mode
set tocustom
, this specifies a hostname under which to cache race results. This may be useful when a property corresponds to many origin hostnames. By default, SureRoute would launch races for each origin, but consolidating under a single hostname runs only one race.
Feature Previously Named: sureroute
tcpOptimization
Enables a suite of optimizations targeting buffers, time-outs, and packet loss that improve transmission performance. This behavior is deprecated, but you should not disable or remove it if present.
This behavior does not include any options. Specifying the behavior itself enables it.
Feature Previously Named: tcpoptimizations
Related Behaviors: cacheError
,
cacheRedirect
, dnsAsyncRefresh
,
cacheKeyQueryParams
,
removeVary
,
cacheKeyIgnoreCase
tieredDistribution
This behavior allows
Akamai edge servers to retrieve cached content from other Akamai
servers, rather than directly from the origin. These interim parent
servers in the cache hierarchy (ch
) are positioned close to the
origin, and fall along the path from the origin to the edge
server. Tiered Distribution typically reduces the origin server’s
load, and reduces the time it takes for edge servers to refresh
content.
Options:
status
(boolean): When enabled, activates tiered distribution. (In the Beta API, please substitute"true"
and"false"
string values.)
tdmap
(enum string): Optionally map the tiered parent server’s location close to your origin:cheu2
for Europe;chaus
for Australia;chapac
for China and the Asian Pacific area;chwus2
,chcus2
, andcheus2
for different parts of the United States. Choosech
orch2
for more global map. A narrower local map minimizes the origin server’s load, and increases the likelihood the requested object is cached. A wider global map reduces end-user latency, but decreases the likelihood the requested object is in any given parent server’s cache. (This option cannot apply if the property is marked as secure. See [Rule Behaviors][xi_rulebehaviors] for details on theis_secure
property option.)
Feature Previously Named: tiereddistribution
Related Behaviors: removeVary
,
cacheKeyQueryParams
,
cacheError
, cacheRedirect
,
cacheKeyIgnoreCase
,
dnsAsyncRefresh
timeout
Sets the HTTP connect timeout.
Options:
timeout
(duration string): Specifies the timeout, for example10s
.
Feature Previously Named: connecttimeout
Related Behaviors: removeVary
,
cacheKeyQueryParams
,
failAction
, healthDetection
,
cacheError
,
dnsAsyncRefresh
validateEntityTag
Instructs edge servers
to compare the request’s ETag header with that of the cached
object. If they differ, the edge server sends a new copy of the
object. This validation occurs in addition to the default validation
of Last-Modified
and If-Modified-Since
headers.
Options:
enabled
(boolean): Enables the ETag validation behavior. (In the Beta API, please substitute"true"
and"false"
string values.)
Feature Previously Named: validateetag
Related Behaviors: cacheKeyIgnoreCase
,
prefreshCache
, removeVary
,
redirect
, cacheError
,
cacheKeyQueryParams
verifyTokenAuthorization
Verifies Auth 2.0 tokens.
Options:
show_advanced
(boolean): If enabled, allows you to specify advanced options such asalgorithm
,escapeHmacInputs
,ignoreQueryString
,transitionKey
, andsalt
. (In the Beta API, please substitute"true"
and"false"
string values.)
location
(enum string): Specifies where to find the token in the incoming request, eitherClient_Request_Header
,Query_String
, orCookie
.
locationId
(string): Whenlocation
isClient_Request_Header
, specifies the name of the incoming request’s header where to find the token.
algorithm
(enum string): Withshow_advanced
enabled, specifies the algorithm that generates the token, eitherSHA256
,SHA1
, orMD5
, in order of descending security. It must match the method chosen in the token generation code.
escapeHmacInputs
(boolean): Withshow_advanced
enabled, URL-escapes HMAC inputs passed in as query parameters. (In the Beta API, please substitute"on"
and"off"
string values.)
ignoreQueryString
(boolean): Withshow_advanced
enabled, enabling this removes the query string from the URL used to form an encryption key. (In the Beta API, please substitute"true"
and"false"
string values.)
key
(string): The shared secret used to validate tokens, which must match the key used in the token generation code.
transitionKey
(string): Withshow_advanced
enabled, specifies a transition key as a hex value.
salt
(string): Withshow_advanced
enabled, specifies a salt string for input when generating the token, which must match the salt value used in the token generation code.
failureResponse
(boolean): When enabled, sends an HTTP error when an authentication test fails. (In the Beta API, please substitute"on"
and"off"
string values.)
Feature Previously Named: token_auth_verify
Related Behaviors: denyAccess
,
modifyOutgoingRequestHeader
,
modifyOutgoingResponseHeader
,
cacheError
, rewriteUrl
,
modifyIncomingRequestHeader
visitor_prioritization
The Visitor Prioritization Cloudlet is designed to decrease abandonment by providing a user-friendly waiting room experience. Assuming cloudlets are available on your contract, choose Configure⇒Cloudlets to control Visitor Prioritization within the Luna Control Center. Otherwise use the Cloudlets API to configure it programmatically.
NOTE: If you want to serve non-HTML API content, such as JSON blocks, see the
asset_prioritization
behavior.
Options:
status
(boolean): Enables the Visitor Prioritization behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
nimbus_policy_token
(string): Specifies the Cloudlets policy name, available in Luna’s Cloudlets Policy Manager.
throttled_response_code
(enum string): Specifies the response code for requests sent to the waiting room, either200
or503
.
use_throttled_cpcode
(boolean): When enabled, allows you to assign a different CP code that tracks any requests that are sent to the waiting room. (In the Beta API, please substitute"on"
and"off"
string values.)
throttled_cpcode
(object): Withuse_throttled_cpcode
enabled, specifies acpcode
object for requests sent to the waiting room, including a numericid
key and a descriptivename
:"cpcode": { "id" : 12345, "name" : "sent to waiting room" }
netstorage
(object): Specifies the NetStorage domain for the waiting room page. For example:"nshostname": { "id" : "id_string", "name" : "Example Downloads", "downloadDomainName" : "example.download.akamai.com", "cpCode" : 12345 }
wr_directory
(string): Specifies the NetStorage directory that contains the static waiting room page, with no trailing slash character.
label
(string): Specify a suffix to add to the Cloudlet policy’s cookies, potentially useful to distinguish one policy from another within the same property.
wr_cookie_expiry_seconds
(number within 0–100 range): Specifies the duration of the Cloudlet’s cookie that holds users in the waiting room. (It sends users back to the waiting room if they refresh the waiting room page.)
privileged_cookie_expiry_seconds
(number within 0–100 range): Specifies the duration of the privilege cookie, which bypasses Visitor Prioritization for subsequent requests once a user has been allowed through to the site.
rolling_privilege_window
(boolean): If enabled, users receive a fresh cookie that matches the duration of the Allowed User Cookie. Disable to set a fixed cookie time. (In the Beta API, please substitute"1"
and"0"
string values.)
Related Behaviors: prefetchable
,
prefreshCache
,
gzipResponse
, denyAccess
,
adaptiveImageCompression
watermarkUrl
Aliases a token to a watermark image URL.
Options:
token
(string): Specifies the string token.
image_url
(string): Specifies the URL for the watermark image.
Feature Previously Named: watermark_tokens
Related Behaviors: edgeImageConversion
,
cacheError
,
cacheKeyQueryParams
,
modifyOutgoingResponseHeader
,
verifyTokenAuthorization
,
responseCookie
webApplicationFirewall
The Web Application Firewall behavior implements a suite of security features that blocks threatening HTTP and HTTPS requests. Use it as your primary firewall, or in addition to existing security measures. Only one referenced configuration is allowed per property, so this behavior typically belongs as part of its default rule.
Options:
wafconfig
(object): An object featuring details about your firewall configuration, for example:"wafconfig": { "configId" : 1, "productionStatus" : "Active", "productionVersion" : 1, "stagingStatus" : "Active", "stagingVersion" : 1 }
Feature Previously Named: waf
Related Behaviors: redirect
,
cacheKeyQueryParams
,
cacheError
,
cacheKeyIgnoreCase
,
removeVary
, denyAccess
webdav
Web-based Distributed Authoring and Versioning (WebDAV) is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. This behavior enables WebDAV, and provides support for the following additional request methods: PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK.
Options:
status
(boolean): Enables the WebDAV behavior. (In the Beta API, please substitute"on"
and"off"
string values.)
Related Behaviors: allowPut
,
allowDelete
,
allHttpInCacheHierarchy
,
cacheKeyIgnoreCase
,
cacheKeyQueryParams
,
cacheError