The Allow POST behavior

Use this behavior to set whether POST requests sent to your specified Origin Server should be accepted by an Edge server.

By default, we allow requests to your Origin using HTTP GET or HEAD methods. Set this switch to "On" if you also want to accept POST method requests to your Origin Server.

Tip: If all requests to an Origin Server—either a fixed one you've set here in the base configuration, or an "override" one you define in an individual subcustomer's policy—are non-POST, consider setting this switch to "Off" to deny POST requests and potentially improve security.

Allow without Content-Length

If desired, you can allow POST calls without a Content-Length header.

By default, a POST request to an Edge server must contain a Content-Length header. (This is an HTTP RFC standard.) The server will return an "HTTP 411 - Length required" error, even if a POST request does not include a body (and therefore, shouldn't require a Content-Length Header).

If you enable this option, the Edge server assumes a POST request without a Content-Length header has no body. So, it adds a Content-Length header with the value of "0" to the forward request, unless the request is using Transfer Encoding.

When Transfer Encoding is used, a request can exclude the Content-Length header.