VConf
VConf.SET allows for customization of Peakhour.IO's request/response handling, enabling you to modify the behavior of the system for your specific needs. This can include customising CDN caching options for your checkout process, using an alternate origin, or modifying the behavior of the Web Application Firewall.
HTTP Configuration#
The following options allow you to control different aspects of HTTP handling.
GZIP#
You can enable or disable GZIP compression of HTTP responses.
Websockets#
Support for the websocket protocol can be enabled or disabled.
Track sessions#
If enabled, a session ID cookie will be set, which allows you to track the requests made by a client during a single session.
Debug#
This option enables debug mode for a host, which sends special response headers to the client.
Transforms#
The following options allow you to modify the HTML content that is returned to the client.
Beacon#
If the transform_html option is enabled, this option inserts a beacon script into the rewritten HTML.
lazy_sizes#
If the transform_html option is enabled, this option enables the use of lazy_sizes.js to lazy load images on a page.
rewrite_domains#
If the transform_html option is enabled, this option specifies a space-separated list of domain names (in the format original:replacement) to be replaced in HTML pages. The original and replacement domain names may include an optional subdirectory.
Redirection#
The following options allow you to configure HTTP redirects.
HTTP redirect location#
If the HTTP redirect location option is set, you can specify the status code to use for the redirect. The default status code is 301, but you can also use 302.
HTTP redirect status code#
If HTTP redirect location is set then redirect with a 301 or 302 status code.
Caching#
The following options allow you to configure caching behavior.
CDN#
This option allows you to cache responses from the origin.
CDN enabled#
This option enables caching of content based on the Cache-Control header.
CDN query mode#
This option controls the criteria used for considering and storing fetched resources and query string behavior. The following values are available:
| Setting | Description |
|---|---|
| none | don't cache resources with a query string |
| full | cache resources using the full query string |
| strip | cache resources but strip the query string |
Implicit cache TTL#
This option specifies the lifetime of cached objects in seconds.
CDN skip cookie#
This option allows you to skip the CDN for requests that have a cookie matching a specified pattern. The pattern can contain * to match zero or more characters and | to separate matches.
CDN remove query args#
This option allows you to remove specified query arguments and their values from the request path before looking up the CDN resource. The values are specified as a comma-separated list of argument names.
Cache subkey vars#
This option allows you to use additional variables to construct the cache key in addition to the host and path. The values are specified as a | separated list of key[:value] variables, and the following schemes are available:
| Scheme | Description |
|---|---|
| query | cache based on query string, cache key is based on query string |
| header_present | cache based on request header present, cache key is based on header name |
| header | accepts request header name as value, cache key is constructed based on header value |
| language | cache based on Accept-Language, cache key is constructed based on first value of header |
Cache strip cookies#
This setting strips the Set-Cookie headers from stored responses and the Cookie from outgoing requests to resources that could be potentially cached.
Cache strip set-cookies#
This setting strips the Set-Cookie headers from the cached responses.
Cache require cache control#
This setting skips cache store if it is enabled and no Cache-Control header was found in the response.
Cache ignore request cache control#
This setting ignores Cache-Control request directives. It is useful to avoid bypassing the cache with max-age=0 or no-cache. If a cached response is present, it will always be served.
Edge TTL sec#
This setting forces cached resources to be stored for at least a given number of seconds. If the resource can be cached for a longer time (due to the cache control header or implicit cache ttl setting), it will be cached for a longer period than the given value. The default value (zero) honors the origin resource headers. The value is internal and not visible to clients, as they still receive the original headers.
Browser TTL sec#
This setting overrides Cache-Control: max-age for cached content to have at least a given value. The default negative value honors the origin resource headers. A value of zero means that cached resources are not allowed to be cached by clients (max-age=0).
Force cache#
This setting forces a resource to be cached even if the Cache-Control prohibits it. This works only for GET requests and implicitly enables Cache strip cookies and Cache strip set-cookies
Force cache html only#
This setting avoids force caching if the content type of the response is not Content-Type: text/html. The Force cache setting must still be enabled to force cache.
Cache collapse#
This setting collapses requests to the origin per URL.
Bot verification#
cookie_shield#
This setting enables cookie shield mode. On the initial request, the client receives a 307 Temporary Redirect and Set-Cookie and is allowed to access the origin only after providing the given cookie.
Bot verification#
This setting verifies known bots by using DNS lookups. The process involves a first reverse DNS lookup, followed by checking if the domain name matches a known one, and finally checking if the forward DNS lookup matches the client address.
RDNS bot verification list#
This setting is a list of bots to verify against the published user-agent to RDNS mapping. The special value "matches all known user-agents." Currently verified user-agents include:
- yandex
- bing
- alexa
- apple
- petal
- yahoo
- duckduckgo
- stripe
- letsencrypt
- other
Modsecurity#
Blocklists#
Comma separated list of blocklists.
Modsecurity mode#
Specify how the WAF reacts to security violations.
| Setting | Description |
|---|---|
| none | disable |
| enforce | send a HTTP 403 when a rule is triggered |
| warn | log the violation and allow to pass, useful for testing |
ModSecurity rules#
List of rule rules to enabled.
Modsecurity removed rules#
List of rule rules to skip.
Origin#
Load balancing mode#
Specify load balancing mode.
| Setting | Description |
|---|---|
| none | no load balancing, requests are sent to first origin |
| round-robin | round robin requests between origins |
| client-address | bind client ips to a particular origin for session persistence |
Origin pool#
Tag of origin pool to use.
Replace host#
Host header to use for downstream connections.
Replace path#
Replace path prefix of downstream requests. Format is ="%source% %dest%"=. .
Rate limiting#
Rate limit mode allows you to choose when to block rate limited requests based on a list of pipe (|) separated modes. The possible values are:
Rate limit mode#
Choose when to block rate limited requests based on list of |-separated modes. Possible values are:
| Setting | Description |
|---|---|
| none | no rate limiting |
| global | use global rate limiter |
| vhost | rate limit virtual-host |
| vhost-busy | rate limit on virtualhost-busy |
| zone | rate limit to zone |
Rate limit zone#
Use given zone name to rate limit requests against. Make sure
Rate limit mode value includes zone or all.
