Upgrade a request from HTTP to HTTPS

Add the HTTP to HTTPS Upgrade behavior to your property if you want to convert HTTP (non-secure) requests from your clients to use secure HTTPS between the Akamai edge and your origin server.

A complete request flow involves three total entities:

  • The client making the request
  • The Akamai Edge server, where your property is read, and target content may be cached
  • The origin where the target content is actually hosted

With this behavior added, all requests in the flow between the Akamai edge and your origin are converted to HTTPS to secure them. Since TCP is stateful, an HTTP request from a client must be answered with an HTTP response. If you require a complete HTTPS connection end-to-end, consider implementing a redirect from the original HTTP URL to an HTTPS one.

How do I get access to HTTP to HTTPS Upgrade?

You need to have this added to your contract to access the appropriate behavior in Property Manager. Contact your Account Representative to add this functionality.

Add HTTP to HTTPS Upgrade

Once you have it added to your contract, you can add this behavior to your OD property by performing the following:

  1. Create a new OD configuration, or edit an existing one using Property Manager.
  2. In the Property Configuration Settings options, click Add Behavior.
  3. In the Search available behaviors field, input Add HTTP to filter the listed behaviors, and select Add HTTP to HTTPS Upgrade from the list.

You also need to set up your origin to support HTTPS

You don't need to do anything to actually configure this behavior. Just adding it to your property enables the conversion. However, if you’ve selected “Your Origin” as your Origin Server in your property, you also need to:

Note: This does not apply if you're using NetStorage as your origin. Akamai sets origin security automatically for NetStorage when you add the HTTP to HTTPS Upgrade behavior.

Additional considerations

  • The upgrade is to Standard TLS (HTTPS L1). To use Enhanced TLS if you're transferring personally identifiable information (PII), you need to create and provision an Enhanced TLS certificate, edit your property to set Security Options and define a Property hostname to Edge hostname association.
  • This behavior uses 443 as the forward port for all products other than AMD, DD, and OD.

Related topics

I'm using secure delivery (HTTPS)