g2oheader


The signature header authentication (g2o) security feature provides header-based verification of outgoing origin requests. Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. This behavior configures the request data, header names, encryption algorithm, and shared secret to use for verification.

OptionTypeDescriptionRequires
enabledboolean

Enables the g2o verification behavior.

{"displayType":"boolean","tag":"input","type":"checkbox"}
data‚ÄčHeaderstring

Specifies the name of the header that contains the request data that needs to be encrypted.

{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
signed‚ÄčHeaderstring

Specifies the name of the header containing encrypted request data.

{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
encoding‚ÄčVersionenum

Specifies the version of the encryption algorithm as an integer from 1 through 5.

{"displayType":"enum","options":["1","2","3","4","5"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
Supported values:
1
2
3
4
5
use‚ÄčCustom‚ÄčSign‚ÄčStringboolean

When disabled, the encrypted string is based on the forwarded URL. If enabled, you can use custom‚ÄčSign‚ÄčString to customize the set of data to encrypt.

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
custom‚ÄčSign‚ÄčStringstring array

Specifies the set of data to be encrypted as a combination of concatenated strings.

use‚ÄčCustom‚ÄčSign‚ÄčString is true
{"displayType":"string array","options":["AK_METHOD","AK_SCHEME","AK_HOSTHEADER","AK_DOMAIN","AK_URL","AK_PATH","AK_QUERY","AK_FILENAME","AK_EXTENSION","AK_CLIENT_REAL_IP"],"tag":"select"}
{"if":{"op":"and","params":[{"attribute":"enabled","op":"eq","value":true},{"attribute":"useCustomSignString","op":"eq","value":true}]}}
AK_‚ÄčMETHOD

Incoming request method.

AK_‚ÄčSCHEME

Incoming request scheme (HTTP or HTTPS).

AK_‚ÄčHOSTHEADER

Incoming request hostname.

AK_‚ÄčDOMAIN

Incoming request domain.

AK_‚ÄčURL

Incoming request URL.

AK_‚ÄčPATH

Incoming request path.

AK_‚ÄčQUERY

Incoming request query string.

AK_‚ÄčFILENAME

Incoming request filename.

AK_‚ÄčEXTENSION

Incoming request filename extension.

AK_‚ÄčCLIENT_‚ÄčREAL_‚ÄčIP

Incoming client IP.

secret‚ÄčKeyobject array

Specifies the shared secret key.

{"displayType":"object array","tag":"input","todo":true}
{"if":{"attribute":"enabled","op":"eq","value":true}}
noncestring

Specifies the cryptographic nonce string.

{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"enabled","op":"eq","value":true}}