# Release 1.10.3 **Release Date**: December 16, 2025 - This release introduces significant enhancements including 15+ new delivery features, enhanced security capabilities, 28 new configuration examples, and comprehensive documentation updates. - This release requires a new delivery configuration (v1.10.3) to take advantage of the latest features. --- ## New Features -> Delivery Configuration ### HTTP Method Control Control which HTTP methods are allowed with fine-grained rule-based conditions. - **`allowPost`**: Enable/disable POST requests - **`allowPut`**: Enable/disable PUT requests - **`allowDelete`**: Enable/disable DELETE requests - **`allowPatch`**: Enable/disable PATCH requests All methods support: - Boolean values for simple enable/disable - Rule-based conditions with match criteria - Path-based restrictions **Example**: [Allow Methods](/examples#allow-methods) ```json { "allowDelete": { "rules": [ { "matchAll": { "paths": ["/posts/remove"] }, "args": { "enabled": true } } ] } } ``` ### Downstream Caching Control caching behavior for end-user clients with flexible cache control policies. - **Behaviors**: `ALLOW`, `MUST_REVALIDATE`, `BUST`, `TUNNEL_ORIGIN`, `NONE` - **Allow Behaviors**: `LESSER`, `GREATER`, `REMAINING_LIFETIME`, `FROM_MAX_AGE`, `FROM_VALUE`, `PASS_ORIGIN` - **Configurable TTL**: 0-31536000 seconds (1 year) - **Private Cache Control**: Support for private caching - **Rule-Based Configuration**: Apply different policies based on match conditions **Example**: [DownstreamCaching](/examples#downstreamcaching) ### HSTS (HTTP Strict Transport Security) Configure HTTP Strict Transport Security headers to enforce secure connections. **Properties**: - `maxAge`: Maximum age in seconds - `includeSubDomains`: Apply to all subdomains - `preload`: Enable HSTS preloading **Example**: [HSTS](/examples#hsts) ```json { "hsts": { "maxAge": 31536000, "includeSubDomains": true, "preload": true } } ``` ### Origin Timeouts Configure timeout values for origin connections with rule-based support. - **`readTimeout`**: Timeout for reading from origin (with rules) - **`firstByteTimeout`**: Timeout for first byte from origin (with rules) - **`connectTimeout`**: Timeout for establishing connection All timeouts support: - Global configuration - Rule-based overrides for specific paths or conditions **Example**: [Timeouts](/examples) ### Transport Protocol Features Enable modern transport protocols and features. - **`http2`**: Enable/disable HTTP/2 support - **`http3`**: Enable/disable HTTP/3 support - **`webSockets`**: Enable/disable WebSocket support with conditional rules - **`chunkedTransferEncoding`**: Enable/disable chunked transfer encoding **Example**: [Transport Protocols](/examples#transport-protocols) ```json { "http2": true, "http3": true, "webSockets": { "rules": [ { "matchAll": { "paths": ["/ws"] }, "args": { "enabled": true } } ] } } ``` ### Additional Delivery Features - **`tieredDistribution`**: Configure tiered distribution settings - **`originIpAcl`**: Configure origin IP access control lists - **`breadcrumbs`**: Enable breadcrumb tracking - **`compression`**: Enhanced compression configuration with rule support ### Header Management Enhancements Enhanced header handling with removal support. - Header values now support `null` type for **explicit header removal** - Increased max length: 200 → 500 characters for field names - Increased max length: up to 1000 characters for header values - Enhanced description: "set request headers going to origin. null values will remove the header" **Example**: [Remove Origin Header](/examples) ```json { "addOriginHeader": { "X-Unwanted-Header": null, "X-Custom-Header": "value" } } ``` --- ## New Features -> Security Configuration ### ASN-Based Exceptions Whitelist traffic based on Autonomous System Numbers (ASNs) for trusted networks. **Features**: - Supports integer or string format (without 'AS' prefix) - Range: 1-50 ASN entries per exception - Can be combined with IPv4/IPv6 and path exceptions **Common Use Cases**: - Cloud providers (AWS, GCP, Azure) - CDN providers - Corporate networks - Payment processors - Monitoring services **Major Cloud Provider ASNs**: - Amazon AWS: 16509 - Google Cloud: 15169 - Microsoft Azure: 8075 - Cloudflare: 13335 - Facebook: 32934 **Example**: [Rate Control](/examples#rate-control) ```json { "exceptions": [ { "asn": [16509, 15169, 8075], "paths": ["/api/*"], "name": "Cloud Provider Exception" } ] } ``` --- ## New Features -> Top-Level Configuration ### Tenant ID New top-level property for tenant identification in logging. - **Property**: `tenant_id` - **Type**: String or array of strings - **Range**: 1-5 tenant IDs - **Max Length**: 20 characters per ID - **Pattern**: `^[^|,]+$` (no pipes or commas) - **Purpose**: Tenant identification in logging and tracking ```json { "tenant_id": "my-tenant-id", "delivery_config": { ... } } ``` Or with multiple IDs: ```json { "tenant_id": ["tenant-1", "tenant-2"], "delivery_config": { ... } } ``` --- ## Schema Changes ### Schema Enhancements - Added support for `null` type in header values (enables header removal) - Increased `maxLength` constraints: - Generic fields: 200 → 500 characters - HTTP header values: up to 1000 characters - New top-level `tenant_id` property - Enhanced ASN exception support in security config - Expanded delivery features with 15+ new configuration options --- ## Deprecations The following features are deprecated but still functional. Migration is recommended. ### Deprecated Features **`tenantTag`** (in `onClientRequest.features`) - Still functional but users should migrate to top-level `tenant_id` - Accepts single string or array (1-5 items, max 20 chars each) - Pattern: `^[^|,]+$` #### Migration Example ```json // Old (deprecated) { "delivery_config": { "onClientRequest": { "features": { "tenantTag": "my-tenant" } } } } // New (recommended) { "tenant_id": "my-tenant", "delivery_config": { "onClientRequest": { "features": {} } } } ``` --- ## Migration Guide All changes are backward compatible. No breaking changes were introduced. ### Recommended Actions #### 1. Migrate from `tenantTag` to `tenant_id` The deprecated `tenantTag` feature should be replaced with the new top-level `tenant_id` property for better logging and tracking. #### 2. Review Header Removal Take advantage of `null` header values for explicit header removal: ```json { "addOriginHeader": { "X-Unwanted-Header": null, "X-Custom-Header": "value" } } ``` #### 3. Consider New Features Evaluate if your use case benefits from: - **HTTP method controls** for enhanced security - **Downstream caching configuration** for better client-side cache control - **HSTS security headers** for enforcing secure connections - **ASN-based security exceptions** for trusted networks - **Origin timeout customization** for improved reliability - **HTTP/2, HTTP/3, or WebSocket support** for modern protocols ### New Capabilities - **Enhanced Security**: ASN-based whitelisting for cloud providers and partners - **Improved Performance**: Fine-grained control over caching, compression, and protocol support - **Better Observability**: Top-level tenant_id for improved logging and tracking - **Greater Flexibility**: Conditional rules for almost all delivery features - **Modern Protocols**: Support for HTTP/2, HTTP/3, and WebSockets --- ## Resources - [Delivery Configuration Documentation](/tenant-schemas/delivery-config) - [Security Configuration Documentation](/tenant-schemas/security-config) - [Configuration Examples](/examples) - [Tenant Schema (JSON)](/tenant-schema.json) --- Questions or feedback? Please refer to the documentation or contact support.