You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170
  1. {
  2. "name": "Strengthen security",
  3. "children": [
  4. {
  5. "name": "Allowed methods",
  6. "children": [
  7. {
  8. "name": "POST",
  9. "children": [],
  10. "behaviors": [
  11. {
  12. "name": "allowPost",
  13. "options": {
  14. "allowWithoutContentLength": false,
  15. "enabled": true
  16. }
  17. }
  18. ],
  19. "criteria": [],
  20. "criteriaMustSatisfy": "all",
  21. "comments": "Allow use of the POST HTTP request method."
  22. },
  23. {
  24. "name": "OPTIONS",
  25. "children": [],
  26. "behaviors": [
  27. {
  28. "name": "allowOptions",
  29. "options": {
  30. "enabled": true
  31. }
  32. }
  33. ],
  34. "criteria": [],
  35. "criteriaMustSatisfy": "all",
  36. "comments": "Allow use of the OPTIONS HTTP request method."
  37. },
  38. {
  39. "name": "PUT",
  40. "children": [],
  41. "behaviors": [
  42. {
  43. "name": "allowPut",
  44. "options": {
  45. "enabled": false
  46. }
  47. }
  48. ],
  49. "criteria": [],
  50. "criteriaMustSatisfy": "all",
  51. "comments": "Allow use of the PUT HTTP request method."
  52. },
  53. {
  54. "name": "DELETE",
  55. "children": [],
  56. "behaviors": [
  57. {
  58. "name": "allowDelete",
  59. "options": {
  60. "enabled": false
  61. }
  62. }
  63. ],
  64. "criteria": [],
  65. "criteriaMustSatisfy": "all",
  66. "comments": "Allow use of the DELETE HTTP request method."
  67. },
  68. {
  69. "name": "PATCH",
  70. "children": [],
  71. "behaviors": [
  72. {
  73. "name": "allowPatch",
  74. "options": {
  75. "enabled": false
  76. }
  77. }
  78. ],
  79. "criteria": [],
  80. "criteriaMustSatisfy": "all",
  81. "comments": "Allow use of the PATCH HTTP request method."
  82. }
  83. ],
  84. "behaviors": [
  85. {
  86. "name": "allHttpInCacheHierarchy",
  87. "options": {
  88. "enabled": true
  89. }
  90. }
  91. ],
  92. "criteria": [],
  93. "criteriaMustSatisfy": "all",
  94. "comments": "Allow the use of HTTP methods. Consider enabling additional methods under a path match for increased origin security."
  95. },
  96. {
  97. "name": "Obfuscate debug info",
  98. "children": [],
  99. "behaviors": [
  100. {
  101. "name": "cacheTagVisible",
  102. "options": {
  103. "behavior": "PRAGMA_HEADER"
  104. }
  105. }
  106. ],
  107. "criteria": [],
  108. "criteriaMustSatisfy": "all",
  109. "comments": "Do not expose back-end information unless the request contains the Pragma debug header."
  110. },
  111. {
  112. "name": "Obfuscate backend info",
  113. "children": [],
  114. "behaviors": [
  115. {
  116. "name": "modifyOutgoingResponseHeader",
  117. "options": {
  118. "action": "DELETE",
  119. "customHeaderName": "X-Powered-By",
  120. "standardDeleteHeaderName": "OTHER"
  121. }
  122. },
  123. {
  124. "name": "modifyOutgoingResponseHeader",
  125. "options": {
  126. "action": "DELETE",
  127. "customHeaderName": "Server",
  128. "standardDeleteHeaderName": "OTHER"
  129. }
  130. }
  131. ],
  132. "criteria": [
  133. {
  134. "name": "requestHeader",
  135. "options": {
  136. "headerName": "X-Akamai-Debug",
  137. "matchCaseSensitiveValue": true,
  138. "matchOperator": "IS_NOT_ONE_OF",
  139. "matchWildcardName": false,
  140. "matchWildcardValue": false,
  141. "values": [
  142. "true"
  143. ]
  144. }
  145. }
  146. ],
  147. "criteriaMustSatisfy": "all",
  148. "comments": "Do not expose back-end information unless the request contains an additional secret header. Regularly change the criteria to use a specific unique value for the secret header."
  149. },
  150. {
  151. "name": "HSTS",
  152. "children": [],
  153. "behaviors": [
  154. {
  155. "name": "httpStrictTransportSecurity",
  156. "options": {
  157. "enable": false
  158. }
  159. }
  160. ],
  161. "criteria": [],
  162. "criteriaMustSatisfy": "all",
  163. "comments": "Require all browsers to connect to your site using HTTPS."
  164. }
  165. ],
  166. "behaviors": [],
  167. "criteria": [],
  168. "criteriaMustSatisfy": "all",
  169. "comments": "Control the settings that minimize the information your website shares with clients and malicious entities to reduce your exposure to threats."
  170. }