g2oheader
Version: v2025-01-13 | Includes use: Yes |
---|
Behavior name: Signature Header Authentication
The signature header authentication (g2o) security feature provides header-based verification of outgoing origin requests. Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. This behavior configures the request data, header names, encryption algorithm, and shared secret to use for verification.
Default behavior
These samples reflect the behavior's default settings. You can use these as is in your configurations or make adjustments based on the behavior's available options.
data "akamai_property_rules_builder" "g20_header" {
rules_v2025_02_18 {
name = "Signature Header Authentication"
comments = "Provides header-based verification of outgoing origin requests."
behavior {
g20_header {
enabled = true
data_header = "X-Akamai-G2O-Auth-Data"
signed_header = "X-Akamai-G2O-Auth-Sign"
encoding_version = 5
use_custom_sign_string = false
secretKey = ""
nonce = ""
}
}
}
}
"behaviors": [
{
"name": "g2oheader",
"options": {
"enabled": true,
"dataHeader": "X-Akamai-G2O-Auth-Data",
"signedHeader": "X-Akamai-G2O-Auth-Sign",
"encodingVersion": 5,
"useCustomSignString": false,
"secretKey": "",
"nonce": ""
}
}
]
Options
Option | Description |
---|---|
enabled |
Enables the g2o verification behavior.
|
data_header |
Specifies the name of the header that contains the request data that needs to be encrypted.
|
signed_header |
Specifies the name of the header containing encrypted request data.
|
encoding_version |
Specifies the version of the encryption algorithm as an integer. Value range is
1 -5 .
|
use_custom_sign_string |
When disabled, the encrypted string is based on the forwarded URL. If enabled, you can use
custom_sign_string to customize the set of data to encrypt.
|
custom_sign_string |
Specifies the set of data to be encrypted as a combination of concatenated strings. Possible values are:
|
secret_key |
Specifies the shared secret key.
|
nonce |
Specifies the cryptographic nonce string.
|
Updated about 1 hour ago