Release 1.10.3

Release Date: December 16, 2025

info

This release introduces significant enhancements including 15+ new delivery features, enhanced security capabilities, 28 new configuration examples, and comprehensive documentation updates.
This release requires a new delivery configuration (v1.10.3) to take advantage of the latest features.

New Features -> Delivery Configuration

HTTP Method Control

Control which HTTP methods are allowed with fine-grained rule-based conditions.

allowPost: Enable/disable POST requests
allowPut: Enable/disable PUT requests
allowDelete: Enable/disable DELETE requests
allowPatch: Enable/disable PATCH requests

All methods support:

Boolean values for simple enable/disable
Rule-based conditions with match criteria
Path-based restrictions

Example: Allow Methods

{
  "allowDelete": {
    "rules": [
      {
        "matchAll": { "paths": ["/posts/remove"] },
        "args": { "enabled": true }
      }
    ]
  }
}

Downstream Caching

Control caching behavior for end-user clients with flexible cache control policies.

Behaviors: ALLOW, MUST_REVALIDATE, BUST, TUNNEL_ORIGIN, NONE
Allow Behaviors: LESSER, GREATER, REMAINING_LIFETIME, FROM_MAX_AGE, FROM_VALUE, PASS_ORIGIN
Configurable TTL: 0-31536000 seconds (1 year)
Private Cache Control: Support for private caching
Rule-Based Configuration: Apply different policies based on match conditions

Example: DownstreamCaching

HSTS (HTTP Strict Transport Security)

Configure HTTP Strict Transport Security headers to enforce secure connections.

Properties:

maxAge: Maximum age in seconds
includeSubDomains: Apply to all subdomains
preload: Enable HSTS preloading

Example: HSTS

{
  "hsts": {
    "maxAge": 31536000,
    "includeSubDomains": true,
    "preload": true
  }
}

Origin Timeouts

Configure timeout values for origin connections with rule-based support.

readTimeout: Timeout for reading from origin (with rules)
firstByteTimeout: Timeout for first byte from origin (with rules)
connectTimeout: Timeout for establishing connection

All timeouts support:

Global configuration
Rule-based overrides for specific paths or conditions

Example: Timeouts

Transport Protocol Features

Enable modern transport protocols and features.

http2: Enable/disable HTTP/2 support
http3: Enable/disable HTTP/3 support
webSockets: Enable/disable WebSocket support with conditional rules
chunkedTransferEncoding: Enable/disable chunked transfer encoding

Example: Transport Protocols

{
  "http2": true,
  "http3": true,
  "webSockets": {
    "rules": [
      {
        "matchAll": { "paths": ["/ws"] },
        "args": { "enabled": true }
      }
    ]
  }
}

Additional Delivery Features

tieredDistribution: Configure tiered distribution settings
originIpAcl: Configure origin IP access control lists
breadcrumbs: Enable breadcrumb tracking
compression: Enhanced compression configuration with rule support

Header Management Enhancements

Enhanced header handling with removal support.

Header values now support null type for explicit header removal
Increased max length: 200 → 500 characters for field names
Increased max length: up to 1000 characters for header values
Enhanced description: "set request headers going to origin. null values will remove the header"

Example: Remove Origin Header

{
  "addOriginHeader": {
    "X-Unwanted-Header": null,
    "X-Custom-Header": "value"
  }
}

New Features -> Security Configuration

ASN-Based Exceptions

Whitelist traffic based on Autonomous System Numbers (ASNs) for trusted networks.

Features:

Supports integer or string format (without 'AS' prefix)
Range: 1-50 ASN entries per exception
Can be combined with IPv4/IPv6 and path exceptions

Common Use Cases:

Cloud providers (AWS, GCP, Azure)
CDN providers
Corporate networks
Payment processors
Monitoring services

Major Cloud Provider ASNs:

Amazon AWS: 16509
Google Cloud: 15169
Microsoft Azure: 8075
Cloudflare: 13335
Facebook: 32934

Example: Rate Control

{
  "exceptions": [
    {
      "asn": [16509, 15169, 8075],
      "paths": ["/api/*"],
      "name": "Cloud Provider Exception"
    }
  ]
}

New Features -> Top-Level Configuration

Tenant ID

New top-level property for tenant identification in logging.

Property: tenant_id
Type: String or array of strings
Range: 1-5 tenant IDs
Max Length: 20 characters per ID
Pattern: ^[^|,]+$ (no pipes or commas)
Purpose: Tenant identification in logging and tracking

{
  "tenant_id": "my-tenant-id",
  "delivery_config": { ... }
}

Or with multiple IDs:

{
  "tenant_id": ["tenant-1", "tenant-2"],
  "delivery_config": { ... }
}

Schema Changes

Schema Enhancements

Added support for null type in header values (enables header removal)
Increased maxLength constraints:
- Generic fields: 200 → 500 characters
- HTTP header values: up to 1000 characters
New top-level tenant_id property
Enhanced ASN exception support in security config
Expanded delivery features with 15+ new configuration options

Deprecations

warning

The following features are deprecated but still functional. Migration is recommended.

Deprecated Features

tenantTag (in onClientRequest.features)

Still functional but users should migrate to top-level tenant_id
Accepts single string or array (1-5 items, max 20 chars each)
Pattern: ^[^|,]+$

Migration Example

// Old (deprecated)
{
  "delivery_config": {
    "onClientRequest": {
      "features": {
        "tenantTag": "my-tenant"
      }
    }
  }
}

// New (recommended)
{
  "tenant_id": "my-tenant",
  "delivery_config": {
    "onClientRequest": {
      "features": {}
    }
  }
}

Migration Guide

info

All changes are backward compatible. No breaking changes were introduced.

Recommended Actions

1. Migrate from `tenantTag` to `tenant_id`

The deprecated tenantTag feature should be replaced with the new top-level tenant_id property for better logging and tracking.

2. Review Header Removal

Take advantage of null header values for explicit header removal:

{
  "addOriginHeader": {
    "X-Unwanted-Header": null,
    "X-Custom-Header": "value"
  }
}

3. Consider New Features

Evaluate if your use case benefits from:

HTTP method controls for enhanced security
Downstream caching configuration for better client-side cache control
HSTS security headers for enforcing secure connections
ASN-based security exceptions for trusted networks
Origin timeout customization for improved reliability
HTTP/2, HTTP/3, or WebSocket support for modern protocols

New Capabilities

Enhanced Security: ASN-based whitelisting for cloud providers and partners
Improved Performance: Fine-grained control over caching, compression, and protocol support
Better Observability: Top-level tenant_id for improved logging and tracking
Greater Flexibility: Conditional rules for almost all delivery features
Modern Protocols: Support for HTTP/2, HTTP/3, and WebSockets

Resources

note

Questions or feedback? Please refer to the documentation or contact support.

New Features -> Delivery Configuration​

HTTP Method Control​

Downstream Caching​

HSTS (HTTP Strict Transport Security)​

Origin Timeouts​

Transport Protocol Features​

Additional Delivery Features​

Header Management Enhancements​

New Features -> Security Configuration​

ASN-Based Exceptions​

New Features -> Top-Level Configuration​

Tenant ID​

Schema Changes​

Schema Enhancements​

Deprecations​

Deprecated Features​

Migration Example​

Migration Guide​

Recommended Actions​

1. Migrate from tenantTag to tenant_id​

2. Review Header Removal​

3. Consider New Features​

New Capabilities​

Resources​