- Property Manager name: Origin Server
- Behavior version: The
v2024-10-21
rule format supports theorigin
behavior v1.25. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Specify the hostname and settings used to contact the origin once service begins. You can use your own origin, NetStorage, an Edge Load Balancing origin, or a SaaS dynamic origin.
Option | Type | Description | Requires | |
---|---|---|---|---|
originType | enum | Choose where your content is retrieved from. | {"displayType":"enum","options":["CUSTOMER","NET_STORAGE","MEDIA_SERVICE_LIVE","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"],"tag":"select"} | |
CUSTOMER | From your own server. | |||
NET_STORAGE | From your NetStorage account. This option is most appropriate for static content. | |||
MEDIA_SERVICE_LIVE | From a Media Services Live origin. | |||
EDGE_LOAD_BALANCING_ORIGIN_GROUP | From any available Edge Load Balancing origin. | |||
SAAS_DYNAMIC_ORIGIN | From a SaaS dynamic origin if SaaS acceleration is available on your contract. | |||
netStorage | object | Specifies the details of the NetStorage server. | originType is NET_STORAGE | {"displayType":"object","tag":"input","todo":true} {"if":{"attribute":"originType","op":"eq","value":"NET_STORAGE"}} |
netStorage.cpCode | integer | Identifies a CP code assigned to this storage group. | ||
netStorage.downloadDomainName | string | Domain name from which content can be downloaded. | ||
netStorage.g2oToken | string | Signature Header Authentication key. | ||
netStorage.id | integer | Unique identifier for the storage group. | ||
netStorage.name | string | Name of the storage group. | ||
originId | string | Identifies the Edge Load Balancing origin. This needs to correspond to an | originType is EDGE_LOAD_BALANCING_ORIGIN_GROUP | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"originType","op":"eq","value":"EDGE_LOAD_BALANCING_ORIGIN_GROUP"}} |
hostname | string (allows variables) | Specifies the hostname or IPv4 address of your origin server, from which edge servers can retrieve your content. | originType is CUSTOMER | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"originType","op":"eq","value":"CUSTOMER"}} |
secondHostnameEnabled | boolean | Available only for certain products. This specifies whether you want to use an additional origin server address. | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"hostname","op":"type","value":["ipv4_address","ipv6_address"]},{"attribute":"productName","op":"in","scope":"global","value":["API_Accel"]}]}} | |
secondHostname | string (allows variables) | Specifies the origin server's hostname, IPv4 address, or IPv6 address. Edge servers retrieve your content from this origin server. | secondHostnameEnabled is true | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"secondHostnameEnabled","op":"eq","value":true}} |
mslorigin | string | This specifies the media's origin server. | originType is MEDIA_SERVICE_LIVE | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"originType","op":"eq","value":"MEDIA_SERVICE_LIVE"}} |
saasType | enum | Specifies the part of the request that identifies this SaaS dynamic origin. | originType is SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["HOSTNAME","PATH","QUERY_STRING","COOKIE"],"tag":"select"} {"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
Supported values: COOKIE HOSTNAME PATH QUERY_STRING | ||||
saasCnameEnabled | boolean | Enabling this allows you to use a CNAME chain to determine the hostname for this SaaS dynamic origin. | saasType is HOSTNAME | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"saasType","op":"eq","value":"HOSTNAME"}} |
saasCnameLevel | number | Specifies the desired number of hostnames to use in the CNAME chain, starting backwards from the edge server. | saasCnameEnabled is true | {"displayType":"number","tag":"input","type":"number"} {"if":{"attribute":"saasCnameEnabled","op":"eq","value":true}} |
saasCookie | string | Specifies the name of the cookie that identifies this SaaS dynamic origin. | saasType is COOKIE | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"saasType","op":"eq","value":"COOKIE"}} |
saasQueryString | string | Specifies the name of the query parameter that identifies this SaaS dynamic origin. | saasType is QUERY_STRING | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"saasType","op":"eq","value":"QUERY_STRING"}} |
saasRegex | string | Specifies the Perl-compatible regular expression match that identifies this SaaS dynamic origin. | originType is SAAS_DYNAMIC_ORIGIN | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
saasReplace | string | Specifies replacement text for what | originType is SAAS_DYNAMIC_ORIGIN | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
saasSuffix | string | Specifies the static part of the SaaS dynamic origin. | originType is SAAS_DYNAMIC_ORIGIN | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
forwardHostHeader | enum | When the | originType is either: CUSTOMER , SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["REQUEST_HOST_HEADER","ORIGIN_HOSTNAME","CUSTOM"],"tag":"select"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
REQUEST_HOST_HEADER | Passes the original request's header. | |||
ORIGIN_HOSTNAME | Passes the current origin's | |||
CUSTOM | Passes the value of | |||
customForwardHostHeader | string (allows variables) | This specifies the name of the custom host header the edge server should pass to the origin. | forwardHostHeader is CUSTOM | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"forwardHostHeader","op":"eq","value":"CUSTOM"}} |
cacheKeyHostname | enum | Specifies the hostname to use when forming a cache key. | originType is either: CUSTOMER , SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["REQUEST_HOST_HEADER","ORIGIN_HOSTNAME"],"tag":"select"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
REQUEST_HOST_HEADER | Specify when using a virtual server. | |||
ORIGIN_HOSTNAME | Specify if your origin server's responses do not depend on the hostname. | |||
ipVersion | enum | Specifies which IP version to use when getting content from the origin. | originType is either: CUSTOMER , EDGE_LOAD_BALANCING_ORIGIN_GROUP | {"displayType":"enum","options":["IPV4","DUALSTACK","IPV6"],"tag":"select"} {"if":{"op":"and","params":[{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP"]},{"attribute":"productName","op":"in","scope":"global","value":["Adaptive_Media_Delivery","Download_Delivery","Obj_Delivery","Fresca","SPM","Site_Accel","API_Accel"]}]}} |
IPV4 | Use IPv4. | |||
DUALSTACK | Use both versions. | |||
IPV6 | Use IPv6. | |||
useUniqueCacheKey | boolean | With a shared | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"hostname","op":"in","value":["s3.amazonaws.com","s3-eu-west-1.amazonaws.com","s3-ap-southeast-1.amazonaws.com","s3-ap-northeast-1.amazonaws.com","s3-us-west-2.amazonaws.com","s3-us-west-1.amazonaws.com","s3-ap-southeast-2.amazonaws.com","s3.eu-central-1.amazonaws.com","s3-eu-central-1.amazonaws.com","s3.ap-south-1.amazonaws.com","s3.eu-west-2.amazonaws.com","s3.cn-north-1.amazonaws.com.cn","s3-website-us-east-1.amazonaws.com","s3.ap-northeast-2.amazonaws.com"]},{"attribute":"cacheKeyHostname","op":"eq","value":"ORIGIN_HOSTNAME"}]}} | |
compress | boolean | Enables gzip compression for non-NetStorage origins. | originType is either: CUSTOMER , EDGE_LOAD_BALANCING_ORIGIN_GROUP , SAAS_DYNAMIC_ORIGIN | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]}} |
enableTrueClientIp | boolean | When enabled on non-NetStorage origins, allows you to send a custom header (the | originType is either: CUSTOMER , EDGE_LOAD_BALANCING_ORIGIN_GROUP , SAAS_DYNAMIC_ORIGIN | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]}} |
trueClientIpHeader | string | This specifies the name of the field that identifies the end client's IP address, for example | enableTrueClientIp is true | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"enableTrueClientIp","op":"eq","value":true}} |
trueClientIpClientSetting | boolean | If a client sets the | enableTrueClientIp is true | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableTrueClientIp","op":"eq","value":true}} |
verificationMode | enum | For non-NetStorage origins, maximize security by controlling which certificates edge servers should trust. | originType is either: CUSTOMER , EDGE_LOAD_BALANCING_ORIGIN_GROUP , SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["PLATFORM_SETTINGS","CUSTOM","THIRD_PARTY"],"tag":"select"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]}} |
PLATFORM_SETTINGS | Trust platform settings. | |||
CUSTOM | Only applies if the property is marked as secure. See Secure property requirements for guidance. Under some products, you may also need to enable the Secure Delivery - Customer Cert module. See the verification settings in the Origin Server behavior or contact your Akamai representative for details. | |||
THIRD_PARTY | When your origin server references certain types of third-party hostname. | |||
originSni | boolean | For non-NetStorage origins, enabling this adds a Server Name Indication (SNI) header in the SSL request sent to the origin, with the origin hostname as the value. See the verification settings in the Origin Server behavior or contact your Akamai representative for more information. If you want to use TLS version 1.3 in your existing properties, enable this option. New properties have this enabled by default. | originType is either: CUSTOMER , EDGE_LOAD_BALANCING_ORIGIN_GROUP , SAAS_DYNAMIC_ORIGIN AND verificationMode is either: PLATFORM_SETTINGS , CUSTOM , THIRD_PARTY | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]},{"attribute":"verificationMode","op":"in","value":["PLATFORM_SETTINGS","CUSTOM","THIRD_PARTY"]}]}} |
customValidCnValues | string array | Specifies values to look for in the origin certificate's | verificationMode is CUSTOM | {"displayType":"string array","tag":"input","todo":true} {"if":{"attribute":"verificationMode","op":"eq","value":"CUSTOM"}} |
originCertsToHonor | enum | Specifies which certificate to trust. | verificationMode is CUSTOM | {"displayType":"enum","options":["COMBO","STANDARD_CERTIFICATE_AUTHORITIES","CUSTOM_CERTIFICATE_AUTHORITIES","CUSTOM_CERTIFICATES"],"tag":"select"} {"if":{"attribute":"verificationMode","op":"eq","value":"CUSTOM"}} |
COMBO | May rely on all three other inputs. | |||
STANDARD_CERTIFICATE_AUTHORITIES | Any certificate signed by an Akamai-managed authority set. | |||
CUSTOM_CERTIFICATE_AUTHORITIES | Any certificate signed by a custom authority set you manage. | |||
CUSTOM_CERTIFICATES | Pinned origin server certificates. | |||
customCertificateAuthorities | object array | Specifies an array of certification objects. See the verification settings in the Origin Server behavior or contact your Akamai representative for details on this object's requirements. | originCertsToHonor is either: CUSTOM_CERTIFICATE_AUTHORITIES , COMBO | {"displayType":"object array","tag":"input","todo":true} {"if":{"attribute":"originCertsToHonor","op":"in","value":["CUSTOM_CERTIFICATE_AUTHORITIES","COMBO"]}} |
customCertificates | object array | Specifies an array of certification objects. See the verification settings in the Origin Server behavior or contact your Akamai representative for details on this object's requirements. | originCertsToHonor is either: CUSTOM_CERTIFICATES , COMBO | {"displayType":"object array","tag":"input","todo":true} {"if":{"attribute":"originCertsToHonor","op":"in","value":["CUSTOM_CERTIFICATES","COMBO"]}} |
httpPort | number | Specifies the port on your origin server to which edge servers should connect for HTTP requests, customarily | originType is either: CUSTOMER , SAAS_DYNAMIC_ORIGIN | {"displayType":"number","tag":"input","type":"number"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
httpsPort | number | Specifies the port on your origin server to which edge servers should connect for secure HTTPS requests, customarily | originType is either: CUSTOMER , SAAS_DYNAMIC_ORIGIN | {"displayType":"number","tag":"input","type":"number"} {"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
minTlsVersion | enum | Specifies the minimum TLS version to use for connections to your origin server. | originType is either: CUSTOMER , MEDIA_SERVICE_LIVE | {"displayType":"enum","options":["DYNAMIC","TLSV1_1","TLSV1_2","TLSV1_3"],"tag":"select"} {"if":{"op":"and","params":[{"expression":{"op":"or","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"},{"attribute":"property.modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"}]},"op":"not"},{"attribute":"originType","op":"in","value":["CUSTOMER","MEDIA_SERVICE_LIVE"]},{"op":"or","params":[{"attribute":"property.productName","op":"in","scope":"global","value":["Adaptive_Media_Delivery","API_Accel","Download_Delivery","Fresca","Obj_Delivery","RM","Site_Accel","SPM"]},{"attribute":"productName","op":"in","scope":"global","value":["Adaptive_Media_Delivery","API_Accel","Download_Delivery","Fresca","Obj_Delivery","RM","Site_Accel","SPM"]}]}]}} |
DYNAMIC | Supports all currently public versions of TLS. | |||
TLSV1_1 | Supports TLS version 1.1. | |||
TLSV1_2 | Supports TLS version 1.2. | |||
TLSV1_3 | Supports TLS version 1.3. This behavior supports TLS 1.3 by default. | |||
maxTlsVersion | enum | Specifies the maximum TLS version to use for connections to your origin server. As best practice, use | originType is either: CUSTOMER , MEDIA_SERVICE_LIVE | {"displayType":"enum","options":["DYNAMIC","TLSV1_1","TLSV1_2","TLSV1_3"],"tag":"select"} {"if":{"op":"and","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"Max_TLS_Trial"},{"attribute":"originType","op":"in","value":["CUSTOMER","MEDIA_SERVICE_LIVE"]},{"expression":{"op":"or","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"},{"attribute":"property.modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"}]},"op":"not"}]}} |
DYNAMIC | Automatically applies the latest supported version. | |||
TLSV1_1 | Supports TLS version 1.1. | |||
TLSV1_2 | Supports TLS version 1.2. | |||
TLSV1_3 | Supports TLS version 1.3. This behavior supports TLS 1.3 by default. | |||
http2Enabled | boolean | TBD | originType is either: CUSTOMER | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"op":"and","params":[{"attribute":"originType","op":"in","value":["CUSTOMER"]},{"op":"or","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"Origin_HTTP2_Trial"},{"attribute":"property.modulesOnContract","op":"contains","scope":"global","value":"Origin_HTTP2_Trial"}]}]}} |