VConf.SET can be used to customise Peakhour.IO request/response handling. For example you might want to customise CDN caching options for your checkout process, use an alternate origin or modify WAF behaviour.
Enable or disable GZIP
Support websocket protocol.
Set session id cookie if enabled. Allows to track what request were made by client during one session
Enable debug mode for host to send some special response headers to client.
Insert beacon script into rewritten html if transform_html is enabled as well.
Use lazy_sizes.js to lazy load images on page if transform_html is enabled.
Space separated list of =original:replacement= names to replace in HTML pages if transform_html option is enabled. Both =original= and =replacement= are domain names followed by optional =/subdir=.
HTTP redirect location#
Redirect to URL if set.
HTTP redirect status code#
HTTP redirect location is set then redirect with given status code
(normally either 301 (default) or 302).
Cache responses from origin.
Enable caching of content. Content is cached based on the Cache-Control header.
CDN query mode#
Criteria to use when considering and storing fetched resources and query string behaviour.
|none||don't cache resources with a query string|
|full||cache resources using the full query string|
|strip||cache resources but strip the query string|
Implicit cache TTL#
In seconds. Specify the lifetime of cached objects.
CDN skip cookie#
Skip CDN if request has cookie matching given pattern. Pattern can contain * to match zero or more symbols and | to separate matches.
CDN remove query args#
Remove given query arguments with its values from request path before looking up CDN resource. Value is comma-separated list of argument names.
Cache subkey vars#
Use additional variables to construct cache key in addition to host/path. Accepts |-separated list of key[:value] variables.
|query||cache based on query string, cache key is based on query string|
|header_present||cache based on request header present, cache key is based on header name|
|header||accepts request header name as value, cache key is constructed based on header value|
|language||cache based on Accept-Language, cache key is constructed based on first value of header|
Cache strip cookies#
Strip Set-Cookie headers from stored responses and Cookie from outgoing requests to potentially cacheable resources.
Cache strip set-cookies#
Strip Set-Cookie headers from cached responses.
Cache require cache control#
Skip cache store if enabled and no Cache-Control header was found in the response.
Cache ignore request cache control#
Ignore Cache-Control request directives. Useful to avid bypassing cache with max-age=0 or no-cache. Always serve cached response if present.
Edge TTL sec#
Force cache resources for at least given seconds. If resource can be cached for longer (because allowed by cache control or implicit cache ttl) then cache it for longer than given value. Zero value (default) honors origin resource headers. The value is internal and not visible to clients, they still get original headers.
Browser TTL sec#
Override Cache-Control: max-age for cached contents to have at least given value. Negative value (default) honors origin resource headers. Zero value means cached resources are not allowed to be cached by clients (max-age=0).
Force cache html only#
Avoids force caching if content type of response is not text/html. Force cache must still be enabled to force cache.
Collapse requests to origin per URL
Enable cookie shield mode: on initial request client gets served 307 Temporary Redirect and Set-Cookie and allowed to access origin only after providing given cookie back.
Verify known bots by using DNS lookups (first reverse DNS lookup, then check domain name matches known, then check forward DNS lookup matches client address).
RDNS bot verification list#
List of bots to verify against published user-agent to RDNS mapping. Special value matches all known user-agents. Current verified user-agents include:
Comma separated list of blocklists.
Specify how the WAF reacts to security violations.
|enforce||send a HTTP 403 when a rule is triggered|
|warn||log the violation and allow to pass, useful for testing|
List of rule rules to enabled.
Modsecurity removed rules#
List of rule rules to skip.
Load balancing mode#
Specify load balancing mode.
|none||no load balancing, requests are sent to first origin|
|round-robin||round robin requests between origins|
|client-address||bind client ips to a particular origin for session persistence|
Tag of origin pool to use.
Host header to use for downstream connections.
Replace path prefix of downstream requests. Format is ="%source% %dest%"=. .
Rate limit mode#
Choose when to block rate limited requests based on list of |-separated modes. Possible values are:
|none||no rate limiting|
|global||use global rate limiter|
|vhost||rate limit virtual-host|
|vhost-busy||rate limit on virtualhost-busy|
|zone||rate limit to zone|
Rate limit zone#
Use given zone name to rate limit requests against. Make sure
Rate limit mode value includes