# Delivery Configuration Complete reference for all delivery features available in EaaS tenant configurations. Features are organized by category. Each feature includes its configuration options, supported event handlers, and examples. ## Caching & Performance ### Caching Control how content is cached with flexible TTL rules and behaviors **Event handlers:** `onClientRequest` **Topology:** rules **Caching Options:** | Option | Type | Description | |--------|------|-------------| | `ttl_seconds` | integer | Cache TTL in seconds (0-31536000). Required unless using no_store or bypass | | `must_revalidate` | boolean | Must revalidate stale content with origin | | `honor_origin` | boolean | Honor origin cache control headers | | `bypass` | boolean | Bypass cache entirely for matching requests | | `no_store` | boolean | Do not store content in cache (default: true) | **Example: Basic Caching** Cache API responses for 1 hour, honoring origin cache headers ```json { "caching": { "rules": [ { "matchAll": { "paths": ["/api/*"] }, "args": { "honor_origin": true, "ttl_seconds": 3600 } } ] } } ``` **Example: Honor Origin** Revalidate with origin while using must_revalidate ```json { "caching": { "rules": [ { "args": { "ttl_seconds": 0, "must_revalidate": true, "honor_origin": true } } ] } } ``` **Example: Multiple Rules** Different TTL values based on path patterns and file extensions ```json { "caching": { "rules": [ { "args": { "ttl_seconds": 3600, "honor_origin": false }, "matchAll": { "paths_startswith": "/static/", "extension": ["css", "js", "jpg", "png", "gif", "svg"] } }, { "args": { "ttl_seconds": 7200, "must_revalidate": false }, "matchAll": { "paths_wildcard": "/products/*/images/*", "extension": ["webp", "avif"] } }, { "args": { "ttl_seconds": 604800, "honor_origin": false }, "matchAll": { "paths_wildcard": "/assets/fonts/*", "extension": ["woff2", "woff", "ttf"] } }, { "args": { "bypass": true }, "matchAll": { "reqheader_startswith_values": { "Authorization": ["Bearer "] } } }, { "args": { "ttl_seconds": 300, "honor_origin": true } } ] } } ``` --- ### Downstream Cache Control Control how edge servers instruct client browsers and intermediate proxies to cache content. **Event handlers:** `onClientRequest` **Topology:** rules **Downstream Caching Options:** | Option | Type | Description | |--------|------|-------------| | `behavior` | string | ALLOW, MUST_REVALIDATE, BUST, TUNNEL_ORIGIN, NONE | | `allow_behavior` | string | LESSER, GREATER, REMAINING_LIFETIME, FROM_MAX_AGE, FROM_VALUE, PASS_ORIGIN | | `ttl_seconds` | integer | Cache TTL (0-31536000 seconds) | | `send_private` | boolean | Add 'private' to Cache-Control header | **Example: Browser Cache Control** Configure browser caching behavior with max-age directives. ```json { "downstreamCaching": { "rules": [ { "args": { "behavior": "ALLOW", "allow_behavior": "FROM_VALUE", "ttl_seconds": 3600 }, "matchAll": { "paths_startswith": ["/static/", "/images/"] } } ] } } ``` **Example: Must Revalidate Static Assets** Require browser to revalidate cached content. ```json { "downstreamCaching": { "rules": [ { "args": { "behavior": "MUST_REVALIDATE", "allow_behavior": "FROM_VALUE", "ttl_seconds": 86400 }, "matchAll": { "extension": ["js", "css"] } } ] } } ``` **Example: Cache Busting** Prevent downstream caching entirely for dynamic content. ```json { "downstreamCaching": { "rules": [ { "args": { "behavior": "BUST" }, "matchAll": { "paths_startswith": ["/api/", "/dynamic/"] } } ] } } ``` --- ### Compression Enable gzip compression for specified content types to reduce bandwidth **Event handlers:** `onClientRequest`, `onClientResponse` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable or disable compression for matching requests | **Example: Compress HTML and JSON responses** Compress HTML and JSON responses ```json { "compression": { "rules": [ { "matchAll": { "paths_startswith": ["/static/"], "respheader_wildcard_values": { "Content-Type": ["text/*"] } }, "args": { "enabled": true } } ] } } ``` --- ### Remove Vary Header Remove or control the Vary response header to improve cache efficiency **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) Vary header removal | **Example: Remove Vary header for better caching** Remove Vary header for better caching ```json { "removeVary": true } ``` --- ### Tiered Distribution Configure tiered distribution settings for optimized content delivery **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) tiered distribution | **Example: Enable tiered distribution** Enable tiered distribution ```json { "tieredDistribution": true } ``` --- ## Monitoring & Debugging ### Set Variable Set custom variables that can be used for logging and conditional processing **Event handlers:** `onClientRequest`, `onOriginResponse`, `onClientResponse` **Topology:** raw > In Property Manager, PMUSER_FL_ is automatically prepended to all variable names referenced in tenant configurations. You do not need to include `PMUSER_FL` in your reference to the variable in the tenant file. **Example: Set variables for request tracking and logging. Variables referenced in the tenant file are automatically prepended with `PMUSER_FL`. For example, `CUSTOM_ENV` will translate to `PMUSER_FL_CUSTOM_ENV` in Property Manager.** Set variables for request tracking and logging. Variables referenced in the tenant file are automatically prepended with `PMUSER_FL`. For example, `CUSTOM_ENV` will translate to `PMUSER_FL_CUSTOM_ENV` in Property Manager. ```json { "setVariable": { "CUSTOM_ENV": "production", "REQUEST_TYPE": { "rules": [ { "args": { "value": "api-request" }, "matchAll": { "paths": ["/api/*"] } } ] } } } ``` --- ### Breadcrumbs Enable breadcrumb tracking for debugging and monitoring **Event handlers:** `onClientRequest` **Topology:** boolean **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) breadcrumb tracking | **Example: Enable breadcrumb tracking** Enable breadcrumb tracking ```json { "breadcrumbs": true } ``` --- ### Cache Tag Tag cached content for easier invalidation **Event handlers:** `onOriginResponse` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `prefix` | string | Prefix applied to auto-generated cache tags (max 25 chars, alphanumeric/dash/underscore) | | `honorOriginSurrogateKey` | boolean | Merge tags from the first Surrogate-Key header returned by origin (default: false) | | `createDomainTag` | boolean | Create a cache tag with the request host and prefix if defined (default: true) | | `createPathTag` | boolean | Create a cache tag with the request path and prefix if defined (default: false) | | `createDomainAndPathTag` | boolean | Create a cache tag combining host and path with prefix if defined (default: false) | | `edgeCacheTags` | array | Explicit Edge-Cache-Tag values to set (1-128 tags, max 128 chars each) | **Example: Tag product pages for cache invalidation** Tag product pages for cache invalidation ```json { "cacheTag": { "rules": [ { "matchAll": { "paths": ["/products/*"] }, "args": { "prefix": "products", "createPathTag": true, "edgeCacheTags": ["product-catalog"] } } ] } } ``` --- ### Tenant Tag (Deprecated) Legacy tenant identification. Use top-level tenant_id instead **Event handlers:** `onClientRequest` **Topology:** raw **Example: Use top-level tenant_id instead** Use top-level tenant_id instead ```json { "tenantTag": "my-tenant" } ``` --- ## Request Handling ### Routing Route requests to different origins based on path patterns **Event handlers:** `onClientRequest` **Topology:** rules > Each route rule can include `pm_variables` to configure the origin connection. Three reserved keys control the origin behavior: `RT_ORIGIN_DNS` (origin hostname), `RT_ORIGIN_HOST_HEADER` (Host header sent to origin), and `ORIGIN_CN` (TLS certificate CN). These map to PMUSER_FL_* variables in the Property Manager template. Custom variables are also supported — any other key is mapped to PMUSER_FL_. **Options:** | Option | Type | Description | |--------|------|-------------| | `originId` | string | Origin ID to route matching requests to (default: default_eaas) | | `path` | string | Modify the forward path (must start with /) | | `query` | string | Modify the forward query string | | `origin` | string | Deprecated — use originId instead | | `pm_variables.RT_ORIGIN_DNS` | string | DNS hostname to connect to the origin | | `pm_variables.RT_ORIGIN_HOST_HEADER` | string | Host header forwarded to the origin | | `pm_variables.ORIGIN_CN` | string | Expected TLS certificate Common Name (if different from DNS or host header) | | `pm_variables.` | string|boolean | Custom variable (max 22 chars, alphanumeric + underscore). Mapped to PMUSER_FL_ in Property Manager. | **Example: Route requests to a different origin with pm_variables** Route requests to a different origin with pm_variables ```json { "route": { "rules": [ { "pm_variables": { "RT_ORIGIN_HOST_HEADER": "origin.mysite.com", "RT_ORIGIN_DNS": "origin.mysite.com", "ORIGIN_CN": "*.mysite.com" }, "args": { "originId": "default_eaas" } } ] } } ``` --- ### Redirects Configure HTTP redirects with custom status codes and destination URLs **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `status` | integer | 301 or 302 redirect status code | | `location` | string | Redirect destination URL or path. Supports template variables: {{scheme}}, {{host}}, {{path}}, {{query}}, {{?query}} | **Example: Permanent redirect from old to new path** Permanent redirect from old to new path ```json { "redirect": { "rules": [ { "matchAny": { "paths": ["/old-path"] }, "args": { "status": 301, "location": "/new-path" } } ] } } ``` --- ### Allow POST Enable or disable POST requests with rule-based conditions **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) this feature | **Example: Allow POST requests only to specific API endpoint** Allow POST requests only to specific API endpoint ```json { "allowPost": { "rules": [ { "matchAll": { "paths": ["/api/submit"] }, "args": { "enabled": true } } ] } } ``` --- ### Allow PUT Enable or disable PUT requests **Event handlers:** `onClientRequest` **Topology:** boolean **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) this feature | **Example: Enable PUT requests globally** Enable PUT requests globally ```json { "allowPut": true } ``` --- ### Allow DELETE Enable or disable DELETE requests with rule-based conditions **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) this feature | **Example: Allow DELETE requests only to specific paths** Allow DELETE requests only to specific paths ```json { "allowDelete": { "rules": [ { "matchAll": { "paths": ["/api/delete/*"] }, "args": { "enabled": true } } ] } } ``` --- ### Allow PATCH Enable or disable PATCH requests **Event handlers:** `onClientRequest` **Topology:** boolean **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) this feature | **Example: Disable PATCH requests globally** Disable PATCH requests globally ```json { "allowPatch": false } ``` --- ### Custom Responses Return custom responses without contacting the origin **Event handlers:** `onClientRequest`, `onClientResponse` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `status` | integer | HTTP status code to return (e.g. 200, 404, 503) | | `body` | string | Response body text | | `headers` | object | Response headers as key-value pairs. Values are arrays of strings. | **Example: Return maintenance page for specific path** Return maintenance page for specific path ```json { "respondWith": { "rules": [ { "matchAll": { "paths": ["/maintenance"] }, "args": { "status": 503, "headers": { "Content-Type": ["text/html"], "Retry-After": ["3600"] }, "body": "

Service temporarily unavailable

Please try again later.

" } } ] } } ``` --- ### Set Headers Add, modify, or remove HTTP headers in requests and responses **Event handlers:** `onClientRequest`, `onClientResponse`, `onOriginResponse` **Topology:** raw **Example: Add custom header and remove unwanted header** Add custom header and remove unwanted header ```json { "setHeaders": { "X-Request-Id": "edge-generated", "X-Powered-By": null } } ``` --- ## Protocol Support ### HTTP/2 (Deprecated) No longer supported in tenant file. HTTP/2 is enabled by default for all tenants. **Event handlers:** `onClientRequest` **Topology:** boolean **Example: No longer supported in tenant file. HTTP/2 is enabled by default for all tenants.** No longer supported in tenant file. HTTP/2 is enabled by default for all tenants. ```json { "http2": true } ``` --- ### HTTP/3 (Deprecated) No longer supported in tenant file. HTTP/3 is enabled by default for all tenants. **Event handlers:** `onClientRequest` **Topology:** boolean **Example: No longer supported in tenant file. HTTP/2 is enabled by default for all tenants.** No longer supported in tenant file. HTTP/2 is enabled by default for all tenants. ```json { "http3": true } ``` --- ### WebSockets Enable WebSocket support with conditional rules **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) this feature | **Example: Enable WebSockets for specific path** Enable WebSockets for specific path ```json { "webSockets": { "rules": [ { "matchAll": { "paths": ["/ws"] }, "args": { "enabled": true } } ] } } ``` --- ### Chunked Transfer Encoding Enable or disable chunked transfer encoding **Event handlers:** `onClientRequest` **Topology:** boolean **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) chunked transfer encoding | **Example: Enable chunked transfer encoding** Enable chunked transfer encoding ```json { "chunkedTransferEncoding": true } ``` --- ## Security ### HSTS (HTTP Strict Transport Security) Configure HTTP Strict Transport Security headers to enforce secure connections **Event handlers:** `onClientRequest` **Topology:** direct **HSTS Options:** | Option | Type | Description | |--------|------|-------------| | `maxAge` | integer | Duration in seconds to cache the HSTS policy (e.g., 31536000 for 1 year) | | `includeSubDomains` | boolean | Apply HSTS policy to all subdomains | | `preload` | boolean | Allow browsers to preload HSTS policy | **Example: Enable HSTS with 1 year max age and subdomain support** Enable HSTS with 1 year max age and subdomain support ```json { "hsts": { "maxAge": 31536000, "includeSubDomains": true, "preload": true } } ``` --- ### Origin IP ACL Configure origin IP access control lists. [https://techdocs.akamai.com/origin-ip-acl/docs/welcome](https://techdocs.akamai.com/origin-ip-acl/docs/welcome) **Event handlers:** `onClientRequest` **Topology:** raw **Options:** | Option | Type | Description | |--------|------|-------------| | `enabled` | boolean | Enable (true) or disable (false) Origin IP ACL | **Example: Allow origin access only from specific IP range** Allow origin access only from specific IP range ```json { "originIpAcl": true } ``` --- ## Timeouts ### Read Timeout Configure timeout for reading from origin with rule-based support **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `value` | integer | Timeout duration in milliseconds | **Example: Set 60 second read timeout for slow API endpoints** Set 60 second read timeout for slow API endpoints ```json { "readTimeout": { "rules": [ { "matchAll": { "paths": ["/slow-api/*"] }, "args": { "value": 60000 } } ] } } ``` --- ### First Byte Timeout Configure timeout for first byte from origin with rule-based support **Event handlers:** `onClientRequest` **Topology:** rules **Options:** | Option | Type | Description | |--------|------|-------------| | `value` | integer | Timeout duration in milliseconds | **Example: Set 10 second first byte timeout for API calls** Set 10 second first byte timeout for API calls ```json { "firstByteTimeout": { "rules": [ { "matchAll": { "paths": ["/api/*"] }, "args": { "value": 10000 } } ] } } ``` --- ### Connect Timeout Configure timeout for establishing connection to origin (integer seconds, or rules object for conditional timeouts) **Event handlers:** `onClientRequest` **Topology:** raw **Options:** | Option | Type | Description | |--------|------|-------------| | `value` | integer | Connection timeout in milliseconds | **Example: Set 5 second connection timeout** Set 5 second connection timeout ```json { "connectTimeout": 5000 } ``` ---