Cache error responses from the origin to reduce traffic when content isn’t available. With this behavior enabled, you can reduce the network traffic to your origin by caching HTTP error responses on the edge.
This behavior caches HTTP error responses with status codes 204, 305, 400, 404, 405, 501, 502, 503, 504, and 505 on the edge servers. When end-users request unavailable content, the edge server pulls the error response from the cache. By default, error responses with HTTP codes 204, 305, 404, and 405 are cached for 10 seconds, and this feature allows you to modify the caching time.
|Field||What it does|
|Enable||Enables or disables this behavior.|
|Max-age||Set the maximum time that cached objects can remain in the cache. A setting of 0 means |
|Preserve Stale Objects||When enabled, edge servers keep and serve stale cached objects when serving responses with status codes 400, 500, 502, 503, and 504, so that end-user clients can access content during transient errors without re-fetching and re-caching content from the origin.|
A cache poisoning attack happens when false information is included in a DNS cache. A query to that DNS returns an incorrect response and end-users are directed to the wrong site or app.
This can happen if you enable this behavior in your property and don't have a web application firewall (WAF) configured at the first level, before the request reaches your property configuration. If this is the case, a cache poisoning attack can occur if a request contains a request header with an invalid character.
To avoid this problem:
- You can use Akamai's Kona Site Defender. This offers WAF rules that would automatically detect an invalid character. Talk to your account representative to get Kona Site Defender added to your contract.
- You can use a custom WAF. Set up a custom WAF on your site or app to recognize invalid characters in a request header.
Updated 5 months ago