Signature Header Authentication

This behavior provides header-based verification of outgoing origin requests.

How it works

Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. You can use this behavior to configure the request data, header names, encryption algorithm, and shared secret to use for verification.

Features and options

Field	What it does	Sub-options
Status	Enables or disables the behavior.
Clear Data Header Name	Specifies the name of the header containing the request data that needs to be encrypted.
Encrypted Data Header Name	Specifies the name of the header containing encrypted request data.
Encryption Algorithm Version	Specifies the version of the encryption algorithm that you want to use to encrypt the data.	MD5(key, data, sign-string) MD5(key,MD5(key, data, sign-string)) MD5-HMAC(key, data, url) SHA1-HMAC(key, data, sign-string) SHA256-HMAC(key, data, sign-string)
Signed String Type	Specifies whether the encrypted string is based on the forwarded URL or a custom set of data. By default, the encrypted string is based on the forwarded URL.	Default (Forwarded URL) Custom
Data	With Signed String Type set to Custom, specifies the set of data to be encrypted as a combination of concatenated strings.	Incoming Request Method Incoming Request (http or https) Incoming Request Hostname Incoming Request Domain Incoming Request URL Incoming Request Path Incoming Request Query String Incoming Request Filename Incoming Request Filename Extension Incoming Request Client IP
Secret Key	Specifies the shared secret key.
Nonce	Specifies the cryptographic nonce string. Note: The value of the nonce cannot be the same as the value of the shared secret key.

Updated about 3 years ago