Skip to main content

Release 1.12.2

Release Date: July 9, 2026

info

This release makes geographic matching and interpolation X-Forwarded-For-safe (opt-in through the Property Manager template), and raises the maximum origin timeout to 10 minutes.

Geographic Matching

X-Forwarded-For-safe geo resolution

Geographic values can be influenced by a client-supplied X-Forwarded-For header, which means a request could match a geo rule (or interpolate a {{country}} value) for a location the client is not actually in. This release resolves geo from the true connecting IP instead, when the property is configured to provide it.

Both geo matching (geo/geo_country, continent/geo_continent, region/geo_region, city/geo_city) and geo interpolation ({{country}}, {{continent}}, {{region}}, {{city}}) now prefer the XFF-safe value the property supplies, falling back to the request's default location (which takes X-Forwarded-For values into account) when it is not set. Matching and interpolation always resolve to the same value.

info

This is backward compatible. Until the property is updated to template version 1.12.2 AND eaas_geo_ignore_xff=on is added into PMUSER_TEMPLATE_ARGS (see Migration Guide), geo resolution behaves exactly as before.

Origin Timeouts

Maximum raised to 10 minutes

The connectTimeout, firstByteTimeout, and readTimeout origin timeout features now accept values up to 600,000 ms (10 minutes), raised from the previous maximum of 120,000 ms (2 minutes). The minimum is unchanged at 50 ms. This supports long-running origin responses such as large exports or streaming endpoints.

JSON
{
"delivery_config": {
  "version": "1.0",
  "onClientRequest": {
    "features": {
      "readTimeout": {
        "rules": [
          {
            "args": { "value": 600000 },
            "matchAll": { "paths_startswith": ["/export/"] }
          }
        ]
      }
    }
  }
}
}

Schema Changes

  • connectTimeout, firstByteTimeout, and readTimeout maximum raised from 120000 to 600000 ms.

Migration Guide

info

Both changes are backward compatible. The timeout change requires no action. XFF-safe geo resolution is opt-in and takes effect only after the property is updated.

Enable X-Forwarded-For-safe geo resolution

XFF-safe geo values are supplied by the EaaS Property Manager template, not by the tenant configuration. To turn it on for a property:

  1. Update the property to the EaaS PM template version 1.12.2 (or later). The template adds a rule that reads the client's geo from the real connecting IP (AK_CLIENT_REAL_IP) rather than honoring X-Forwarded-For, and writes it into the PMUSER_NOXFF_* variables that EaaS reads.
  2. Set the eaas_geo_ignore_xff=on argument in the property's PMUSER_TEMPLATE_ARGS variable. This flag gates the geo-population rule. In the 1.12.2 template it is included by default; confirm it is present and set to on.

Once both are in place, geo matching and {{...}} geo interpolation automatically resolve to the XFF-safe values — no tenant configuration change is required. To keep the previous behavior, leave eaas_geo_ignore_xff off (or unset).

Resources

note

Questions or feedback? Please refer to the documentation or contact support.