VConf
VConf.SET customises Peakhour.IO's request/response handling. It modifies the system's behaviour for specific needs, such as customising CDN caching options for checkout processes, using alternate origins, or modifying Web Application Firewall behaviour.
HTTP Configuration#
These options control different aspects of HTTP handling.
GZIP {#gzip}#
This option enables or disables GZIP compression of HTTP responses.
Websockets {#websockets}#
This option enables or disables support for the websocket protocol.
Track sessions {#track-sessions}#
This option sets a session ID cookie when enabled. It tracks requests made by a client during a single session.
Debug {#debug}#
This option enables debug mode for a host. It sends special response headers to the client.
Opportunistic encryption {#opportunistic-encryption}#
This option enables or disables opportunistic encryption.
Transforms#
These options modify the HTML content returned to the client.
Beacon#
This option inserts a beacon script into the rewritten HTML if the transform_html option is enabled.
lazy_sizes#
This option enables the use of lazy_sizes.js to lazy load images on a page if the transform_html option is enabled.
rewrite_domains#
This option specifies a space-separated list of domain names (in the format original:replacement) to be replaced in HTML pages if the transform_html option is enabled. The original and replacement domain names may include an optional subdirectory.
Redirection#
These options configure HTTP redirects.
HTTP redirect mode#
This option specifies the redirect mode. The following values are available:
| Setting | Description |
|---|---|
| none | No redirection |
| www | Redirect to www subdomain |
| non-www | Redirect to non-www domain |
| https | Redirect to HTTPS |
| https-www | Redirect to HTTPS with www subdomain |
| https-non-www | Redirect to HTTPS without www subdomain |
| location | Redirect to specified location |
HTTP redirect location#
This option specifies the location for redirection when the HTTP redirect mode is set to 'location'.
HTTP redirect status code#
This option specifies the status code for redirection. The default is 301, but 302 can also be used.
Caching#
These options configure caching behaviour.
CDN {#cdn}#
This option enables caching of responses from the origin.
CDN enabled {#cdn-enabled}#
This option enables caching of content based on the Cache-Control header.
CDN query mode {#cdn-query-mode}#
This option controls the criteria for considering and storing fetched resources and query string behaviour. The following values are available:
| Setting | Description |
|---|---|
| none | Don't cache resources with a query string |
| full | Cache resources using the full query string |
| strip | Cache resources but strip the query string |
Implicit cache TTL {#implicit-cache-ttl}#
This option specifies the lifetime of cached objects in seconds.
CDN skip cookie#
This option skips the CDN for requests with a cookie matching a specified pattern. The pattern can contain * to match zero or more characters and | to separate matches.
CDN remove query args#
This option removes specified query arguments and their values from the request path before looking up the CDN resource. The values are specified as a comma-separated list of argument names.
Cache subkey vars#
This option uses additional variables to construct the cache key in addition to the host and path. The values are specified as a | separated list of key[:value] variables. The following schemes are available:
| Scheme | Description |
|---|---|
| query | Cache based on query string, cache key is based on query string |
| header_present | Cache based on request header present, cache key is based on header name |
| header | Accepts request header name as value, cache key is constructed based on header value |
| language | Cache based on Accept-Language, cache key is constructed based on first value of header |
| cookie | Accepts cookie name as value, includes cookie value from request in cache key |
| device_type | Includes device type detected from user agent in cache key |
Cache strip cookies#
This option strips the Set-Cookie headers from stored responses and the Cookie from outgoing requests to resources that could be potentially cached.
Cache strip set-cookies#
This option strips the Set-Cookie headers from the cached responses.
Cache require cache control#
This option skips cache store if it is enabled and no Cache-Control header was found in the response.
Cache ignore request cache control#
This option ignores Cache-Control request directives. It avoids bypassing the cache with max-age=0 or no-cache. If a cached response is present, it will always be served.
Edge TTL sec#
This option forces cached resources to be stored for at least a given number of seconds. If the resource can be cached for a longer time (due to the cache control header or implicit cache ttl setting), it will be cached for a longer period than the given value. The default value (zero) honours the origin resource headers. The value is internal and not visible to clients, as they still receive the original headers.
Browser TTL sec#
This option overrides Cache-Control: max-age for cached content to have at least a given value. The default negative value honours the origin resource headers. A value of zero means that cached resources are not allowed to be cached by clients (max-age=0).
Force cache#
This option forces a resource to be cached even if the Cache-Control prohibits it. This works only for GET requests and implicitly enables Cache strip cookies and Cache strip set-cookies.
Force cache html only#
This option avoids force caching if the content type of the response is not Content-Type: text/html. The Force cache setting must still be enabled to force cache.
Cache collapse#
This option collapses requests to the origin per URL.
Web Application Firewall (WAF)#
These options configure the Web Application Firewall.
Modsecurity mode#
This option specifies how the WAF reacts to security violations. The following values are available:
| Setting | Description |
|---|---|
| none | Disable WAF |
| enforce | Send a HTTP 403 when a rule is triggered |
| warn | Log the violation and allow to pass, useful for testing |
Modsecurity rules#
This option specifies a list of rule IDs to enable.
Modsecurity removed rules#
This option specifies a list of rule IDs to skip.
Blocklists#
This option specifies a comma-separated list of blocklist categories.
Origin Configuration#
These options configure origin behaviour.
Load balancing mode#
This option specifies the load balancing mode. The following values are available:
| Setting | Description |
|---|---|
| none | No load balancing, requests are sent to first origin |
| round-robin | Round robin requests between origins |
| client-address | Bind client IPs to a particular origin for session persistence |
Origin pool#
This option specifies the tag of the origin pool to use.
Replace host#
This option specifies the host header to use for downstream connections.
Replace path#
This option replaces the path prefix of downstream requests. The format is "%source% %dest%".
Rate Limiting#
These options configure rate limiting behaviour.
Rate limit mode#
This option specifies when to block rate limited requests based on a list of pipe (|) separated modes. The following values are available:
| Setting | Description |
|---|---|
| none | No rate limiting |
| global | Use global rate limiter |
| vhost | Rate limit virtual-host |
| vhost-busy | Rate limit on virtualhost-busy |
| zone | Rate limit to zone |
Rate limit zone#
This option specifies the zone name to rate limit requests against. The Rate limit mode value must include 'zone' or 'all'.
SSL Configuration#
SSL mode#
This option specifies the SSL mode. The following values are available:
| Setting | Description |
|---|---|
| none | No SSL |
| https | HTTPS |
| passthrough | SSL passthrough |
| https-client | HTTPS with client certificates |
Miscellaneous#
Debug token#
This option enables debug mode for a request if configured and passed by the client as a Peakhour-Debug header value.
Track persistent#
This option sets a persistent ID cookie if enabled. It allows tracking of clients across sessions.
ESI (Edge Side Includes)#
These options configure Edge Side Includes behaviour:
- esi: Enables or disables edge side includes.
- esi_continue_on_fetch_error: Continues processing ESI page if failed to fetch fragment.
- esi_debug_html: Inserts HTML commentaries around included ESI fragments.
- esi_encode: Encodes ESI assembled body, honours encode, gzip and brotli settings.
- esi_html_only: Processes ESI only if content type of response is text/html.
ACME#
This option, if true, allows RP to pass /.well-known/acme-challenges/ requests to the given instance.
Segment#
This option enables or disables segment functionality.
BigCommerce#
The bigcommerce_extract_product_id_cache_tags option, if enabled, extracts product IDs from BigCommerce HTML responses and appends them to cache tags. This requires transform_html and cache to be enabled as well.
Bot verification#
cookie_shield#
This setting enables cookie shield mode. On the initial request, the client receives a 307 Temporary Redirect and Set-Cookie and is allowed to access the origin only after providing the given cookie.
Bot verification#
This setting verifies known bots by using DNS lookups. The process involves a first reverse DNS lookup, followed by checking if the domain name matches a known one, and finally checking if the forward DNS lookup matches the client address.
RDNS bot verification list#
This setting is a list of bots to verify against the published user-agent to RDNS mapping. The special value "matches all known user-agents." Currently verified user-agents include:
- yandex
- bing
- alexa
- apple
- petal
- yahoo
- duckduckgo
- stripe
- letsencrypt
- other
Modsecurity {#modsecurity}#
Blocklists {#blocklists}#
Comma separated list of blocklists.
Modsecurity mode {#modsecurity-mode}#
Specify how the WAF reacts to security violations.
| Setting | Description |
|---|---|
| none | disable |
| enforce | send a HTTP 403 when a rule is triggered |
| warn | log the violation and allow to pass, useful for testing |
ModSecurity rules {#modsecurity-rules}#
List of rule rules to enable.
Modsecurity removed rules {#modsecurity-removed-rules}#
List of rule rules to skip.
Origin {#origin}#
Load balancing mode {#load-balancing-mode}#
Specify load balancing mode.
| Setting | Description |
|---|---|
| none | no load balancing, requests are sent to first origin |
| round-robin | round robin requests between origins |
| client-address | bind client IPs to a particular origin for session persistence |
Origin pool {#origin-pool}#
Tag of origin pool to use.
Replace host {#replace-host}#
Host header to use for downstream connections.
Replace path {#replace-path}#
Replace path prefix of downstream requests. Format is "%source% %dest%".
Rate limiting {#rate-limiting}#
Rate limit mode allows you to choose when to block rate limited requests based on a list of pipe (|) separated modes. The possible values are:
Rate limit mode {#rate-limit-mode}#
Choose when to block rate limited requests based on list of |-separated modes. Possible values are:
| Setting | Description |
|---|---|
| none | no rate limiting |
| global | use global rate limiter |
| vhost | rate limit virtual-host |
| vhost-busy | rate limit on virtualhost-busy |
| zone | rate limit to zone |
Rate limit zone {#rate-limit-zone}#
Use given zone name to rate limit requests against. Make sure
Rate limit mode value includes zone or all.