VConf.SET allows for customization of Peakhour.IO's request/response handling, enabling you to modify the behavior of the system for your specific needs. This can include customising CDN caching options for your checkout process, using an alternate origin, or modifying the behavior of the Web Application Firewall.
The following options allow you to control different aspects of HTTP handling.
You can enable or disable GZIP compression of HTTP responses.
Support for the websocket protocol can be enabled or disabled.
If enabled, a session ID cookie will be set, which allows you to track the requests made by a client during a single session.
This option enables debug mode for a host, which sends special response headers to the client.
The following options allow you to modify the HTML content that is returned to the client.
If the transform_html option is enabled, this option inserts a beacon script into the rewritten HTML.
If the transform_html option is enabled, this option enables the use of lazy_sizes.js to lazy load images on a page.
If the transform_html option is enabled, this option specifies a space-separated list of domain names (in the format original:replacement) to be replaced in HTML pages. The original and replacement domain names may include an optional subdirectory.
The following options allow you to configure HTTP redirects.
If the HTTP redirect location option is set, you can specify the status code to use for the redirect. The default status code is 301, but you can also use 302.
If HTTP redirect location is set then redirect with a 301 or 302 status code.
The following options allow you to configure caching behavior.
This option allows you to cache responses from the origin.
This option enables caching of content based on the Cache-Control header.
This option controls the criteria used for considering and storing fetched resources and query string behavior. The following values are available:
Setting | Description |
---|---|
none | don't cache resources with a query string |
full | cache resources using the full query string |
strip | cache resources but strip the query string |
This option specifies the lifetime of cached objects in seconds.
This option allows you to skip the CDN for requests that have a cookie matching a specified pattern. The pattern can contain * to match zero or more characters and | to separate matches.
This option allows you to remove specified query arguments and their values from the request path before looking up the CDN resource. The values are specified as a comma-separated list of argument names.
This option allows you to use additional variables to construct the cache key in addition to the host and path. The values are specified as a | separated list of key[:value] variables, and the following schemes are available:
Scheme | Description |
---|---|
query | cache based on query string, cache key is based on query string |
header_present | cache based on request header present, cache key is based on header name |
header | accepts request header name as value, cache key is constructed based on header value |
language | cache based on Accept-Language, cache key is constructed based on first value of header |
This setting strips the Set-Cookie headers from stored responses and the Cookie from outgoing requests to resources that could be potentially cached.
This setting strips the Set-Cookie headers from the cached responses.
This setting skips cache store if it is enabled and no Cache-Control header was found in the response.
This setting ignores Cache-Control request directives. It is useful to avoid bypassing the cache with max-age=0 or no-cache. If a cached response is present, it will always be served.
This setting forces cached resources to be stored for at least a given number of seconds. If the resource can be cached for a longer time (due to the cache control header or implicit cache ttl setting), it will be cached for a longer period than the given value. The default value (zero) honors the origin resource headers. The value is internal and not visible to clients, as they still receive the original headers.
This setting overrides Cache-Control: max-age for cached content to have at least a given value. The default negative value honors the origin resource headers. A value of zero means that cached resources are not allowed to be cached by clients (max-age=0).
This setting forces a resource to be cached even if the Cache-Control prohibits it. This works only for GET requests and implicitly enables Cache strip cookies and Cache strip set-cookies
This setting avoids force caching if the content type of the response is not Content-Type: text/html. The Force cache setting must still be enabled to force cache.
This setting collapses requests to the origin per URL.
This setting enables cookie shield mode. On the initial request, the client receives a 307 Temporary Redirect and Set-Cookie and is allowed to access the origin only after providing the given cookie.
This setting verifies known bots by using DNS lookups. The process involves a first reverse DNS lookup, followed by checking if the domain name matches a known one, and finally checking if the forward DNS lookup matches the client address.
This setting is a list of bots to verify against the published user-agent to RDNS mapping. The special value "matches all known user-agents." Currently verified user-agents include:
Comma separated list of blocklists.
Specify how the WAF reacts to security violations.
Setting | Description |
---|---|
none | disable |
enforce | send a HTTP 403 when a rule is triggered |
warn | log the violation and allow to pass, useful for testing |
List of rule rules to enabled.
List of rule rules to skip.
Specify load balancing mode.
Setting | Description |
---|---|
none | no load balancing, requests are sent to first origin |
round-robin | round robin requests between origins |
client-address | bind client ips to a particular origin for session persistence |
Tag of origin pool to use.
Host header to use for downstream connections.
Replace path prefix of downstream requests. Format is ="%source% %dest%"=. .
Rate limit mode allows you to choose when to block rate limited requests based on a list of pipe (|) separated modes. The possible values are:
Choose when to block rate limited requests based on list of |-separated modes. Possible values are:
Setting | Description |
---|---|
none | no rate limiting |
global | use global rate limiter |
vhost | rate limit virtual-host |
vhost-busy | rate limit on virtualhost-busy |
zone | rate limit to zone |
Use given zone name to rate limit requests against. Make sure
Rate limit mode
value includes zone
or all
.