Origin rule options

Build out options for your conditional origin rule's behaviors and criteria.

For all conditional origins, Allow Cloudlets Origin, cloudletsOrigin, and origin are required. The cpCode behavior is optional but is commonly used with origins.

See the behaviors and criteria references for additional configuration options.

Allow Cloudlets Origin

Type: Behavior

Options

Option Type Description
enabled boolean Allows you to assign custom origin definitions referenced in sub-rules by cloudlets‚ÄčOrigin labels. If disabled, all sub-rules are ignored.
honor‚ÄčBase‚ÄčDirectory boolean Prefixes any cloudlet-generated origin path with a path defined by an origin base path behavior.
  • If no path is defined, it has no effect.
  • If another cloudlet policy already prepends the same origin base path, the path is not duplicated.
purge‚ÄčOrigin‚ÄčQuery‚ÄčParameter string The name of the origin from which to purge content.

Example

"behaviors": [
  {
    "name": "allowCloudletsOrigins",
    "options": {
      "enabled": true,
      "honor‚ÄčBase‚ÄčDirectory": true,
      "purge‚ÄčOrigin‚ÄčQuery‚ÄčParameter": "my_origin"
    }
  }
]

cloudletsOrigin

Type: Criteria

Option

originId. An ID for your conditional origin. Supports use of alphanumeric and underscore characters.

Example

"criteria": [
  {
    "name": "cloudletsOrigin",
    "options": {
      "originId": "my_origin"
    }
  }
]

cpCode

Type: Behavior

Options

value. A parent object that contains child options for your CP code.

Option Type Description
cp‚ÄčCode‚ÄčLimits array Read-only. The current use limit for the CP code.
created‚ÄčDate integer Read-only. The CP code's creation date in UNIX epoch timestamp format.
description string Read-only. A human-readable note about the CP code.
id integer The CP code's ID.
name string Read-only. The CP code's name.
products array Read-only. The CP code's product IDs.

Example

"behaviors": [
  {
    "name": "cpCode",
    "options": {
      "value": {
          "id": 12345,
          "description": "My cloudlet CP code",
          "products": [
              "SPM"
          ],
          "createdDate": 1673471190000,
          "cpCodeLimits": {
              "limit": 5432,
              "currentCapacity": 150,
              "limitType": "account"
          },
          "name": "my-cp-code"
      }
    }
  }
]

origin

Type: Behavior

Options

Option Type Description
origin‚ÄčType enum The type of origin server from which to retrieve your content. Values is one of:
  • CUSTOMER. Your own server. Use this type for application load balancer cloudlets.
  • NET_STORAGE. Your NetStorage account.
  • MEDIA_SERVICE_LIVE. A Media Service Live server.
  • SAAS_DYNAMIC_ORIGIN. A Saa‚ÄčS dynamic origin.
net‚ÄčStorage object Net‚ÄčStorage server details. Requires an origin of type NET_‚ÄčSTORAGE. Contains:
  • cp‚ÄčCode. The CP code assigned to the storage group.
  • download‚ÄčDomain‚ÄčName. The domain name from which to download content.
  • g2o‚ÄčToken. A signature header authentication key.
  • id. The storage group's ID.
  • name. A storage group's name.
hostname string The hostname or IPv4 address of your origin server. Requires an origin of typeCUSTOMER.
second‚ÄčHostname‚ÄčEnabled boolean For use with the API Acceleration product. Whether to use an additional origin server address.
second‚ÄčHostname string The hostname of the origin from which to retrieve your content.Requires second‚ÄčHostname‚ÄčEnabled set to true.
mslorigin string The media's origin server. Requires an origin type of MEDIA_‚ÄčSERVICE_‚ÄčLIVE.
saas‚ÄčType enum The part of the request that identifies a Saa‚ÄčS dynamic origin. Required origin type of SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN. Value is one of:
  • HOSTNAME
  • PATH
  • QUERY_STRING
  • COOKIE
saas‚ÄčCname‚ÄčEnabled boolean Whether to use a CNAME chain to determine the Saa‚ÄčS dynamic origin's hostname. Requires a saas‚ÄčType value of HOSTNAME.
saas‚ÄčCname‚ÄčLevel number The number of hostnames to use in the CNAME chain, starting backwards from the edge server. Requires saas‚ÄčCname‚ÄčEnabled set to true.
saas‚ÄčCookie string The name of the cookie that identifies the Saa‚ÄčS dynamic origin. Requires a saas‚ÄčType value of COOKIE.
saas‚ÄčQuery‚ÄčString string The name of the query parameter that identifies this Saa‚ÄčS dynamic origin. Requires a saas‚ÄčType value of QUERY_‚ÄčSTRING.
saas‚ÄčRegex string The Perl-compatible regular expression match that identifies this Saa‚ÄčS dynamic origin. Requires an origin of type SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
saas‚ÄčReplace string The replacement text for what saas‚ÄčRegex matches. Requires an origin of type SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
saas‚ÄčSuffix string The static part of the Saa‚ÄčS dynamic origin. Requires an origin of type SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
forward‚ÄčHost‚ÄčHeader enum When the origin is of type CUSTOMER or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN, this sets which Host header to pass to the origin. Value is one of:
  • REQUEST_‚ÄčHOST_‚ÄčHEADER. The original request's header.
  • ORIGIN_‚ÄčHOSTNAME. The current origin's HOSTNAME.
  • CUSTOM. The value of custom‚ÄčForward‚ÄčHost‚ÄčHeader. Use this option if you want requests handled by different properties to converge on the same cached object.
custom‚ÄčForward‚ÄčHost‚ÄčHeader string The name of the custom host header the edge server passes to the origin. Requires forward‚ÄčHost‚ÄčHeader set to CUSTOM.
cache‚ÄčKey‚ÄčHostname enum Specifies the hostname to use when forming a cache key. Requires an origin of type CUSTOMER or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN. Value is one of:
  • REQUEST_‚ÄčHOST_‚ÄčHEADER. Use with a virtual server.
  • ORIGIN_‚ÄčHOSTNAME. Use if your origin server's responses do not depend on the hostname.
ip‚ÄčVersion enum Which IP version to use when getting content from the origin. Requires an origin of type CUSTOMER or EDGE_‚ÄčLOAD_‚ÄčBALANCING_‚ÄčORIGIN_‚ÄčGROUP. Value is one of:
  • IPV4. Use IPv4.
  • DUALSTACK. Use both versions.
  • IPV6. Use IPv6.
use‚ÄčUnique‚ÄčCache‚ÄčKey boolean Sets a unique cache key for your content when using a shared hostname.
compress boolean Enables gzip compression for non-Net‚ÄčStorage origins. Requires an origin of type CUSTOMER, EDGE_‚ÄčLOAD_‚ÄčBALANCING_‚ÄčORIGIN_‚ÄčGROUP, or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
enable‚ÄčTrue‚ÄčClient‚ÄčIp boolean When enabled on non-Net‚ÄčStorage origins, allows you to send the value of true‚ÄčClient‚ÄčIp‚ÄčHeader as a header that identifies the IP address of the immediate client connecting to the edge server. This may provide more useful information than the standard X-Forward-For header, which proxies may modify. Requires an origin of type CUSTOMER, EDGE_‚ÄčLOAD_‚ÄčBALANCING_‚ÄčORIGIN_‚ÄčGROUP, or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
true‚ÄčClient‚ÄčIp‚ÄčHeader string The name of the field that identifies the end client's IP address. Requires enable‚ÄčTrue‚ÄčClient‚ÄčIp set to true.
true‚ÄčClient‚ÄčIp‚ÄčClient‚ÄčSetting boolean If a client sets the True-Client-IP header, the edge server passes the value to the origin. Otherwise, the edge server removes it and sets the value itself. Requires enable‚ÄčTrue‚ÄčClient‚ÄčIp set to true.
verification‚ÄčMode enum For non-Net‚ÄčStorage origins, control which certificates edge servers trust. Requires an origin of type CUSTOMER, EDGE_‚ÄčLOAD_‚ÄčBALANCING_‚ÄčORIGIN_‚ÄčGROUP, or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN. Value is one of:
  • PLATFORM_‚ÄčSETTINGS. Trust platform settings.
  • CUSTOM. Only applies if the property is marked secure. For some products, you may also need to enable the Secure Delivery - Customer Cert module.
  • THIRD_‚ÄčPARTY. An origin server that references a third-party hostname.
origin‚ÄčSni boolean For non-Net‚ÄčStorage origins, enabling this adds a Server Name Indication (SNI) header in the SSL request sent to the origin with the origin hostname as the value. See the verification settings in the Origin Server behavior or contact your Akamai representative for more information.

Requires an origin of type CUSTOMER, EDGE_‚ÄčLOAD_‚ÄčBALANCING_‚ÄčORIGIN_‚ÄčGROUP, or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN **AND** a verification‚ÄčMode value of PLATFORM_‚ÄčSETTINGS, CUSTOM, or THIRD_‚ÄčPARTY.
custom‚ÄčValid‚ÄčCn‚ÄčValues string array The values to look for in the origin certificate's Subject Alternate Name or Common Name fields. Specify {{Origin Hostname}} and {{Forward Host Header}} within the text in the order you want them to be evaluated.
Note: These template items are not the same as in-line variables which use the same curly-brace syntax.
Requires a verification‚ÄčMode value of CUSTOM.
origin‚ÄčCerts‚ÄčTo‚ÄčHonor enum Which certificate to trust. Requires a verification‚ÄčMode value of CUSTOM. Value is one of:
  • COMBO. May rely on all three other inputs.
  • STANDARD_‚ÄčCERTIFICATE_‚ÄčAUTHORITIES. Any certificate signed by an Akamai-managed authority set.
  • CUSTOM_‚ÄčCERTIFICATE_‚ÄčAUTHORITIES. Any certificate signed by a custom authority set you manage.
  • CUSTOM_‚ÄčCERTIFICATES. Pinned origin server certificates.
custom‚ÄčCertificate‚ÄčAuthorities object array Specifies an array of certification objects. See the verification settings in the Origin Server behavior or contact your Akamai representative for details on this object's requirements. Requires a origin‚ÄčCerts‚ÄčTo‚ÄčHonor value of CUSTOM_‚ÄčCERTIFICATE_‚ÄčAUTHORITIES or COMBO.
custom‚ÄčCertificates object array An array of certification objects. See the verification settings in the Origin Server behavior or contact your Akamai representative for details on this object's requirements. Requires a origin‚ÄčCerts‚ÄčTo‚ÄčHonor set to CUSTOM_‚ÄčCERTIFICATES or COMBO.
http‚ÄčPort number Your origin server's port that edge servers connect to for HTTP requests, typically 80. Requires an origin of type CUSTOMER or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
https‚ÄčPort number Your origin server's port that edge servers connect to for for secure HTTPS requests, customarily 443. This option only applies if the property is marked as secure. Requires an origin of CUSTOMER or SAAS_‚ÄčDYNAMIC_‚ÄčORIGIN.
tls13Support boolean Enables transport layer security (TLS) version 1.‚Äč3 for connections to your origin server. Requires an origin of type CUSTOMER or MEDIA_‚ÄčSERVICE_‚ÄčLIVE.
min‚ÄčTls‚ÄčVersion enum The minimum TLS version to use for connections to your origin server. Requires an origin of type CUSTOMER or MEDIA_‚ÄčSERVICE_‚ÄčLIVE. Value is one of:
  • DYNAMIC. Supports all currently public versions of TLS.
  • TLSV1_1. Supports TLS version 1.‚Äč1.
  • TLSV1_2. Supports TLS version 1.‚Äč2.
  • TLSV1_3. Supports TLS version 1.‚Äč3.
max‚ÄčTls‚ÄčVersion enum The maximum TLS version to use for connections to your origin server. Use DYNAMIC to automatically apply the latest supported version. Requires an origin of type CUSTOMER or MEDIA_‚ÄčSERVICE_‚ÄčLIVE. Value is one of:
  • DYNAMIC. Supports all currently public versions of TLS.
  • TLSV1_1. Supports TLS version 1.‚Äč1.
  • TLSV1_2. Supports TLS version 1.‚Äč2.
  • TLSV1_3. Supports TLS version 1.‚Äč3.

Example

"behaviors": [
  {
    "name": "origin",
    "options": {
      "cacheKeyHostname": "ORIGIN_HOSTNAME",
      "compress": true,
      "enableTrueClientIp": false,
      "forwardHostHeader": "ORIGIN_HOSTNAME",
      "httpPort": 80,
      "originType": "CUSTOMER",
      "httpsPort": 443,
      "verificationMode": "PLATFORM_SETTINGS",
      "originSni": false,
      "hostname": "my-origin-hostname.com",
      "originCertificate": "",
      "ports": "",
      "ipVersion": "IPV4",
      "tls13Support": false,
      "minTlsVersion": "DYNAMIC",
      "tlsVersionTitle": ""
    }
  }
]