What matches and behaviors are supported?
Several match criteria ("matches") and behaviors are supported for use in a policy rule.
Matches
Click the "Name" entry for a match to access the ACE API documentation to review requirements and access a schema example.
| Requirements and schema example | Description |
|---|---|
| client-ip | Include this to match using the IP address assigned to the requesting client. You can specify individual IP addresses, or CIDR blocks (that express a range of addresses). |
| cookie | Include this match to define specific cookie names for use when matching on an incoming request. |
| geography | Use this match to test the requesting client's location, either by continent, country, region, or designated market area (DMA). Each subcustomer policy can include up to ten geography matches. |
| header | Associated behaviors are applied if a header or header value you specify in this match criteria are included with a request. |
| host-name | Include this to match on hostnames listed in the incoming request's Host header. |
| http-method | Include this to match on a set of HTTP methods. |
| url-extension | Include this to match on the extension in the incoming request. This match criteria has no effect on URL paths that do not include a file extension. |
| url-filename | Include this to match on the extension in the incoming request. This match criteria has no effect on URL paths that do not include a file extension. |
| url-path | Include this to match on the first path component in the incoming request. The first path component is the section directly after the base URL. |
| url-querystring | Include this to match on the protocol or scheme (HTTP or HTTPS) of an incoming request. |
| url-scheme | Include this to match on a combination of query string parameters and their values. |
| url-wildcard | Include this to use wildcards when matching on the incoming request path, minus
any query strings. This match type only supports the *
wildcard. |
Behaviors
Click the "Name" entry for a behavior to access the ACE API documentation to review requirements and usage, and access a schema example.
| Name | Description |
|---|---|
| access-control | Include this to deny client requests based on the selected match
conditions. Note: To set this in a policy, the base configuration a subcustomer is
assigned to must have Access Control set to "On" in the Subcustomer Enablement behavior. |
| cachekey-query-args | Include this to specify how to handle query-string arguments in
incoming requests. Note: To set this in a policy, the base configuration a
subcustomer is assigned to must have Cache Key Query Arguments set to "On" in the
Subcustomer Enablement behavior. |
| caching | Include this to provide time-to-live (TTL) cache settings for subcustomers. Note: To set
this in a policy, the base configuration a subcustomer is assigned to must have
Caching set to "On" in the Subcustomer Enablement behavior. |
| content-char-dynamic-web | If you're using Integrated Cloud Acceleration, this uses SureRoute
to optimize the forward path to the origin server. It controls embedded object
prefetching, and situational image compression. Note: To set this in a policy, the
base configuration a subcustomer is assigned to must have Dynamic Web Content set
to "On" in the Subcustomer Enablement behavior. (By default, this is set
to "Off.") |
| content-char-large-file | Include this to optimize the delivery of large file downloads of
up to 1.8 GB. This behavior uses partial object caching with pre-fetched object
data. As a best practice, only use this behavior if you serve large files.
Otherwise, the Akamai platform may send additional requests to your origin. When
using Large File Optimization, if an object doesn't meet the minimum size criterion
of 10 MB, the platform requests the entire object from the origin. Note: To set this
in a policy, the base configuration a subcustomer is assigned to must have Large
File Delivery set to "On" in the Subcustomer Enablement behavior. (By default, this is set
to "Off.") |
| content-char-streaming | Include this to optimize cache and network timeout conditions for
on-demand video content. The Akamai platform examines the URI file extension and
path for the media format then automatically optimizes: cache efficiency,
time-to-live, automated failover, downstream Content-Type headers, and network
timeout settings. Note: To set this in a policy, the base configuration a subcustomer
is assigned to must have Streaming Video On-demand Delivery set to "On" in the
Subcustomer Enablement behavior. (By default, this is set
to "Off.") |
| content-compression | Include this in your policy to provide compression settings. You
can enable gzip compression, decompress objects before delivering them to the
client, or maintain the origin's compression settings. Note: To set this in a policy,
the base configuration a subcustomer is assigned to must have Content Compressor
set to "On" in the Subcustomer Enablement behavior. |
| content-refresh | Include this to invalidate CDN cache at an explicit date and time.
This behavior uses epoch time to denote when a request should receive a new copy of
the object or a revalidated one. Note: To set this in a policy, the base
configuration a subcustomer is assigned to must have Content Refresh set to "On"
in the Subcustomer Enablement behavior. |
| downstream-caching | Include this to control downstream caching of alternate content. Only use this behavior if site failover is enabled for the alternate hostname property. If you do not include this behavior, the subcustomer policy uses the downstream caching settings specified in the alternate hostname property. To enable site failover, use the Subcustomer Enablement behavior in Property Manager. |
| geo-blacklist | nclude this to block access to content based on the continent, country, region/state, or
designated marketing area (DMA) of the requesting IP address. All other geographic
areas are allowed. Note: To set this in a policy, the base configuration a
subcustomer is assigned to must have Geo Allow/Block set to "On" in the Subcustomer Enablement behavior. |
| geo-whitelist | Include this to allow access to content based on the continent, country, region/state, or
designated marketing area (DMA) of the requesting IP address. All other geographic
areas are denied. Note: To set this in a policy, the base configuration a subcustomer
is assigned to must have Geo Allow/Block set to "On" in the Subcustomer Enablement behavior. |
| ip-blacklist | Include this to block access based on the requesting IP address. All specified IP addresses
are blocked. Note: To set this in a policy, the base configuration a subcustomer is
assigned to must have IP Allow/Block set to "On" in the Subcustomer Enablement behavior. |
| ip-whitelist | Include this to allow access based on the requesting IP address. Only the IP addresses listed
are allowed access. Note: To set this in a policy, the base configuration a
subcustomer is assigned to must have IP Allow/Block set to "On" in the Subcustomer Enablement behavior. |
| modify-outgoing-request-header | Include this to modify the outgoing request headers sent from Akamai to an origin. This also works on request headers sent from a client if the request is sent back to the origin, but not a cache hit. |
| modify-outgoing-request-path | Include this to provide options for altering the request URL
before it is sent to origin. Note: To set this in a policy, the base configuration a
subcustomer is assigned to must have Modify Forward Path set to "On" in the Subcustomer Enablement behavior. |
| modify-outgoing-response-header | Include this to modify the outgoing response headers sent from the Edge server back to the client. |
| origin | Inlcude this to provide origin settings for the specific subcustomer. You need to include the origin DNS hostname, forward host header, and cache
key. Optional settings include the origin base path and ports.Note: To set this in a policy, the base
configuration a subcustomer is assigned to must have Origin set to "On" in the
Subcustomer Enablement behavior. |
| origin-characteristics | Include this if you have Integrated Cloud Acceleration (ICA), to
select the type of origin supporting your ACE implementation. Use the origin behavior to
configure origin settings for subcustomers at the policy level. |
| origin-failover | This feature identifies primary origin connection failures based on a type you specify and marks that origin as “bad” after connections to all its IPs fail repeatedly. Rather than issuing a redirect to the end user, requests are failed over to a backup origin you call out. This improves response times, because the end user doesn’t have to wait several seconds for a connect-timeout on the forward request. Additionally, you specify a duration of time the primary origin is marked as bad. During this time, all requests are failed over to your backup origin. This relieves pressure on the primary by reducing the number of connection attempts, at a time when it appears to be having difficulties. |
| referer-blacklist | Include this to block access based on the Referer request header.
This behavior helps verify that the client is a browser that supports RFC
2616, section 14.36, and that the referring HTML page is served from a
domain trusted by the content owner.Note: To set this in a policy, the base
configuration a subcustomer is assigned to must have Referrer Allow/Block set to
"On" in the Subcustomer Enablement behavior. |
| referer-whitelist | Include this to allow access based on the Referer request header.
This behavior helps verify that the client is a browser that supports RFC
2616, section 14.36, and that the referring HTML page is served from a
domain trusted by the content owner.Note: To set this in a policy, the base
configuration a subcustomer is assigned to must have Referrer Allow/Block set to
"On" in the Subcustomer Enablement behavior. |
| site-failover | Include this to define the alternate hostname and path to use when
the Edge server can't contact the origin server. Note: To set this in a policy, the
base configuration a subcustomer is assigned to must have Site Failover set to
"On" in the Subcustomer Enablement behavior. |
| token-auth | Include this to use tokens to control access to content. You can
choose to transmit the token in a cookie, header, or query parameter. Note: To set
this in a policy, the base configuration a subcustomer is assigned to must have
Token Authentication set to "On" in the Subcustomer Enablement behavior. |
| url-redirect | Include this behavior to configure redirect responses for specific client requests, and stop them from contacting the origin. |