Cache HTTP Error Responses

Cache error responses from the origin to reduce traffic when content isnโ€™t available. With this behavior enabled, you can reduce the network traffic to your origin by caching HTTP error responses on the edge.

How it works

This behavior caches HTTP error responses with status codes 204, 305, 400, 404, 405, 501, 502, 503, 504, and 505 on the edge servers. When end-users request unavailable content, the edge server pulls the error response from the cache. By default, error responses with HTTP codes 204, 305, 404, 405, and 501 are cached for 10 seconds, and this feature allows you to modify the caching time.

๐Ÿšง

The default size limit for negative caching is 64 KB. The most common reason why the 404 error isn't cached is when the response size exceeds 64 KB. If you want to cache 404 error responses larger than 64KB, contact your Akamai account representative to have the limit increased.

Features and options

FieldWhat it does
EnableEnables or disables this behavior.
Max-ageSet the maximum time that cached objects can remain in the cache. A setting of 0 means no-cache, which forces revalidation before serving the content. Be aware that no-cache can cause a large increase in traffic to the origin in circumstances where that would be counterproductive (for example, when the origin is returning 500 errors).
Preserve Stale ObjectsWhen enabled, edge servers keep and serve stale cached objects when serving responses with status codes 400, 500, 502, 503, and 504, so that end-user clients can access content during transient errors without re-fetching and re-caching content from the origin.

Avoid cache poisoning attacks

A cache poisoning attack happens when false information is included in a DNS cache. A query to that DNS returns an incorrect response and end-users are directed to the wrong site or app.

This can happen if you enable this behavior in your property and don't have a web application firewall (WAF) configured at the first level, before the request reaches your property configuration. If this is the case, a cache poisoning attack can occur if a request contains a request header with an invalid character.

To avoid this problem:

  • You can use โ€‹Akamaiโ€‹'s Kona Site Defender. This offers WAF rules that would automatically detect an invalid character. Talk to your account representative to get Kona Site Defender added to your contract.
  • You can use a custom WAF. Set up a custom WAF on your site or app to recognize invalid characters in a request header.