origin
- Property Manager name: Origin Server
- Behavior version: The
v2025-01-13rule format supports theoriginbehavior v1.25. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Specify the hostname and settings used to contact the origin once service begins. You can use your own origin, NetStorage, an Edge Load Balancing origin, or a SaaS dynamic origin.
| Option | Type | Description | Requires | |
|---|---|---|---|---|
origin_type | enum | Choose where your content is retrieved from. | {"displayType":"enum","options":["CUSTOMER","NET_STORAGE","MEDIA_SERVICE_LIVE","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"],"tag":"select"} | |
CUSTOMER | From your own server. | |||
NET_STORAGE | From your NetStorage account. This option is most appropriate for static content. | |||
MEDIA_SERVICE_LIVE | From a Media Services Live origin. | |||
EDGE_LOAD_BALANCING_ORIGIN_GROUP | From any available Edge Load Balancing origin. | |||
SAAS_DYNAMIC_ORIGIN | From a SaaS dynamic origin if SaaS acceleration is available on your contract. | |||
net_storage | object | Specifies the details of the NetStorage server. | origin_type is NET_STORAGE | {"displayType":"object","tag":"input","todo":true}{"if":{"attribute":"originType","op":"eq","value":"NET_STORAGE"}} |
net_storage.cpCode | integer | Identifies a CP code assigned to this storage group. | ||
net_storage.downloadDomainName | string | Domain name from which content can be downloaded. | ||
net_storage.g2oToken | string | Signature Header Authentication key. | ||
net_storage.id | integer | Unique identifier for the storage group. | ||
net_storage.name | string | Name of the storage group. | ||
origin_id | string | Identifies the Edge Load Balancing origin. This needs to correspond to an | origin_type is EDGE_LOAD_BALANCING_ORIGIN_GROUP | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"originType","op":"eq","value":"EDGE_LOAD_BALANCING_ORIGIN_GROUP"}} |
hostname | string (allows variables) | Specifies the hostname or IPv4 address of your origin server, from which edge servers can retrieve your content. | origin_type is CUSTOMER | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"originType","op":"eq","value":"CUSTOMER"}} |
second_hostname_enabled | boolean | Available only for certain products. This specifies whether you want to use an additional origin server address. | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"op":"and","params":[{"attribute":"hostname","op":"type","value":["ipv4_address","ipv6_address"]},{"attribute":"productName","op":"in","scope":"global","value":["API_Accel"]}]}} | |
second_hostname | string (allows variables) | Specifies the origin server's hostname, IPv4 address, or IPv6 address. Edge servers retrieve your content from this origin server. | second_hostname_enabled is true | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"secondHostnameEnabled","op":"eq","value":true}} |
mslorigin | string | This specifies the media's origin server. | origin_type is MEDIA_SERVICE_LIVE | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"originType","op":"eq","value":"MEDIA_SERVICE_LIVE"}} |
saas_type | enum | Specifies the part of the request that identifies this SaaS dynamic origin. | origin_type is SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["HOSTNAME","PATH","QUERY_STRING","COOKIE"],"tag":"select"}{"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
Supported values: COOKIE HOSTNAME PATH QUERY_STRING | ||||
saas_cname_enabled | boolean | Enabling this allows you to use a CNAME chain to determine the hostname for this SaaS dynamic origin. | saas_type is HOSTNAME | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"saasType","op":"eq","value":"HOSTNAME"}} |
saas_cname_level | number | Specifies the desired number of hostnames to use in the CNAME chain, starting backwards from the edge server. | saas_cname_enabled is true | {"displayType":"number","tag":"input","type":"number"}{"if":{"attribute":"saasCnameEnabled","op":"eq","value":true}} |
saas_cookie | string | Specifies the name of the cookie that identifies this SaaS dynamic origin. | saas_type is COOKIE | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"saasType","op":"eq","value":"COOKIE"}} |
saas_query_string | string | Specifies the name of the query parameter that identifies this SaaS dynamic origin. | saas_type is QUERY_STRING | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"saasType","op":"eq","value":"QUERY_STRING"}} |
saas_regex | string | Specifies the Perl-compatible regular expression match that identifies this SaaS dynamic origin. | origin_type is SAAS_DYNAMIC_ORIGIN | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
saas_replace | string | Specifies replacement text for what | origin_type is SAAS_DYNAMIC_ORIGIN | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
saas_suffix | string | Specifies the static part of the SaaS dynamic origin. | origin_type is SAAS_DYNAMIC_ORIGIN | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"originType","op":"eq","value":"SAAS_DYNAMIC_ORIGIN"}} |
forward_host_header | enum | When the | origin_type is either: CUSTOMER, SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["REQUEST_HOST_HEADER","ORIGIN_HOSTNAME","CUSTOM"],"tag":"select"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
REQUEST_HOST_HEADER | Passes the original request's header. | |||
ORIGIN_HOSTNAME | Passes the current origin's | |||
CUSTOM | Passes the value of | |||
custom_forward_host_header | string (allows variables) | This specifies the name of the custom host header the edge server should pass to the origin. | forward_host_header is CUSTOM | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"forwardHostHeader","op":"eq","value":"CUSTOM"}} |
cache_key_hostname | enum | Specifies the hostname to use when forming a cache key. | origin_type is either: CUSTOMER, SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["REQUEST_HOST_HEADER","ORIGIN_HOSTNAME"],"tag":"select"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
REQUEST_HOST_HEADER | Specify when using a virtual server. | |||
ORIGIN_HOSTNAME | Specify if your origin server's responses do not depend on the hostname. | |||
ip_version | enum | Specifies which IP version to use when getting content from the origin. When using IPv6-Only or Dual Stack and the Origin IP Access Control List feature, add the | origin_type is either: CUSTOMER, EDGE_LOAD_BALANCING_ORIGIN_GROUP | {"displayType":"enum","options":["IPV4","DUALSTACK","IPV6"],"tag":"select"}{"if":{"op":"and","params":[{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP"]},{"attribute":"productName","op":"in","scope":"global","value":["Adaptive_Media_Delivery","Download_Delivery","Obj_Delivery","Fresca","SPM","Site_Accel","API_Accel"]}]}} |
IPV4 | Use IPv4. | |||
DUALSTACK | Use both versions. | |||
IPV6 | Use IPv6. | |||
use_unique_cache_key | boolean | With a shared | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"op":"and","params":[{"attribute":"hostname","op":"in","value":["s3.amazonaws.com","s3-eu-west-1.amazonaws.com","s3-ap-southeast-1.amazonaws.com","s3-ap-northeast-1.amazonaws.com","s3-us-west-2.amazonaws.com","s3-us-west-1.amazonaws.com","s3-ap-southeast-2.amazonaws.com","s3.eu-central-1.amazonaws.com","s3-eu-central-1.amazonaws.com","s3.ap-south-1.amazonaws.com","s3.eu-west-2.amazonaws.com","s3.cn-north-1.amazonaws.com.cn","s3-website-us-east-1.amazonaws.com","s3.ap-northeast-2.amazonaws.com"]},{"attribute":"cacheKeyHostname","op":"eq","value":"ORIGIN_HOSTNAME"}]}} | |
compress | boolean | Enables gzip compression for non-NetStorage origins. | origin_type is either: CUSTOMER, EDGE_LOAD_BALANCING_ORIGIN_GROUP, SAAS_DYNAMIC_ORIGIN | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]}} |
enable_true_client_ip | boolean | When enabled on non-NetStorage origins, allows you to send a custom header (the | origin_type is either: CUSTOMER, EDGE_LOAD_BALANCING_ORIGIN_GROUP, SAAS_DYNAMIC_ORIGIN | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]}} |
true_client_ip_header | string | This specifies the name of the field that identifies the end client's IP address, for example | enable_true_client_ip is true | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"enableTrueClientIp","op":"eq","value":true}} |
true_client_ip_client_setting | boolean | If a client sets the | enable_true_client_ip is true | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableTrueClientIp","op":"eq","value":true}} |
verification_mode | enum | For non-NetStorage origins, maximize security by controlling which certificates edge servers should trust. | origin_type is either: CUSTOMER, EDGE_LOAD_BALANCING_ORIGIN_GROUP, SAAS_DYNAMIC_ORIGIN | {"displayType":"enum","options":["PLATFORM_SETTINGS","CUSTOM","THIRD_PARTY"],"tag":"select"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]}} |
PLATFORM_SETTINGS | Trust platform settings. | |||
CUSTOM | Only applies if the property is marked as secure. See Secure property requirements for guidance. Under some products, you may also need to enable the Secure Delivery - Customer Cert module. See the verification settings in the Origin Server behavior or contact your Akamai representative for details. | |||
THIRD_PARTY | When your origin server references certain types of third-party hostname. | |||
origin_sni | boolean | For non-NetStorage origins, enabling this adds a Server Name Indication (SNI) header in the SSL request sent to the origin, with the origin hostname as the value. See the verification settings in the Origin Server behavior or contact your Akamai representative for more information. If you want to use TLS version 1.3 in your existing properties, enable this option. New properties have this enabled by default. | origin_type is either: CUSTOMER, EDGE_LOAD_BALANCING_ORIGIN_GROUP, SAAS_DYNAMIC_ORIGINAND verification_mode is either: PLATFORM_SETTINGS, CUSTOM, THIRD_PARTY | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"op":"and","params":[{"attribute":"originType","op":"in","value":["CUSTOMER","EDGE_LOAD_BALANCING_ORIGIN_GROUP","SAAS_DYNAMIC_ORIGIN"]},{"attribute":"verificationMode","op":"in","value":["PLATFORM_SETTINGS","CUSTOM","THIRD_PARTY"]}]}} |
custom_valid_cn_values | string array | Specifies values to look for in the origin certificate's | verification_mode is CUSTOM | {"displayType":"string array","tag":"input","todo":true}{"if":{"attribute":"verificationMode","op":"eq","value":"CUSTOM"}} |
origin_certs_to_honor | enum | Specifies which certificate to trust. | verification_mode is CUSTOM | {"displayType":"enum","options":["COMBO","STANDARD_CERTIFICATE_AUTHORITIES","CUSTOM_CERTIFICATE_AUTHORITIES","CUSTOM_CERTIFICATES"],"tag":"select"}{"if":{"attribute":"verificationMode","op":"eq","value":"CUSTOM"}} |
COMBO | May rely on all three other inputs. | |||
STANDARD_CERTIFICATE_AUTHORITIES | Any certificate signed by an Akamai-managed authority set. | |||
CUSTOM_CERTIFICATE_AUTHORITIES | Any certificate signed by a custom authority set you manage. | |||
CUSTOM_CERTIFICATES | Pinned origin server certificates. | |||
custom_certificate_authorities | object array | Specifies an array of certification objects. See the verification settings in the Origin Server behavior or contact your Akamai representative for details on this object's requirements. | origin_certs_to_honor is either: CUSTOM_CERTIFICATE_AUTHORITIES, COMBO | {"displayType":"object array","tag":"input","todo":true}{"if":{"attribute":"originCertsToHonor","op":"in","value":["CUSTOM_CERTIFICATE_AUTHORITIES","COMBO"]}} |
custom_certificates | object array | Specifies an array of certification objects. See the verification settings in the Origin Server behavior or contact your Akamai representative for details on this object's requirements. | origin_certs_to_honor is either: CUSTOM_CERTIFICATES, COMBO | {"displayType":"object array","tag":"input","todo":true}{"if":{"attribute":"originCertsToHonor","op":"in","value":["CUSTOM_CERTIFICATES","COMBO"]}} |
http_port | number | Specifies the port on your origin server to which edge servers should connect for HTTP requests, customarily | origin_type is either: CUSTOMER, SAAS_DYNAMIC_ORIGIN | {"displayType":"number","tag":"input","type":"number"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
https_port | number | Specifies the port on your origin server to which edge servers should connect for secure HTTPS requests, customarily | origin_type is either: CUSTOMER, SAAS_DYNAMIC_ORIGIN | {"displayType":"number","tag":"input","type":"number"}{"if":{"attribute":"originType","op":"in","value":["CUSTOMER","SAAS_DYNAMIC_ORIGIN"]}} |
min_tls_version | enum | Specifies the minimum TLS version to use for connections to your origin server. | origin_type is either: CUSTOMER, MEDIA_SERVICE_LIVE | {"displayType":"enum","options":["DYNAMIC","TLSV1_1","TLSV1_2","TLSV1_3"],"tag":"select"}{"if":{"op":"and","params":[{"expression":{"op":"or","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"},{"attribute":"property.modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"}]},"op":"not"},{"attribute":"originType","op":"in","value":["CUSTOMER","MEDIA_SERVICE_LIVE"]},{"op":"or","params":[{"attribute":"property.productName","op":"in","scope":"global","value":["Adaptive_Media_Delivery","API_Accel","Download_Delivery","Fresca","Obj_Delivery","RM","Site_Accel","SPM"]},{"attribute":"productName","op":"in","scope":"global","value":["Adaptive_Media_Delivery","API_Accel","Download_Delivery","Fresca","Obj_Delivery","RM","Site_Accel","SPM"]}]}]}} |
DYNAMIC | Supports all currently public versions of TLS. | |||
TLSV1_1 | Supports TLS version 1.1. | |||
TLSV1_2 | Supports TLS version 1.2. | |||
TLSV1_3 | Supports TLS version 1.3. This behavior supports TLS 1.3 by default. | |||
max_tls_version | enum | Specifies the maximum TLS version to use for connections to your origin server. As best practice, use | origin_type is either: CUSTOMER, MEDIA_SERVICE_LIVE | {"displayType":"enum","options":["DYNAMIC","TLSV1_1","TLSV1_2","TLSV1_3"],"tag":"select"}{"if":{"op":"and","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"Max_TLS_Trial"},{"attribute":"originType","op":"in","value":["CUSTOMER","MEDIA_SERVICE_LIVE"]},{"expression":{"op":"or","params":[{"attribute":"modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"},{"attribute":"property.modulesOnContract","op":"contains","scope":"global","value":"TLS_1_3_Opt_Out"}]},"op":"not"}]}} |
DYNAMIC | Automatically applies the latest supported version. | |||
TLSV1_1 | Supports TLS version 1.1. | |||
TLSV1_2 | Supports TLS version 1.2. | |||
TLSV1_3 | Supports TLS version 1.3. This behavior supports TLS 1.3 by default. |
Updated about 1 month ago