Property Manager Name: Signature Header Authentication
The signature header authentication (g2o) security feature provides header-based verification of outgoing origin requests. Edge servers encrypt request data in a pre-defined header, which the origin uses to verify that the edge server processed the request. This behavior configures the request data, header names, encryption algorithm, and shared secret to use for verification.
Options
- enabled (boolean): Enables the g2o verification behavior.
- dataHeader (string): Specifies the name of the header that contains the request data that needs to be encrypted.
- signedHeader (string): Specifies the name of the header containing encrypted request data.
- encodingVersion (numeric enum): Specifies the version of the encryption algorithm as an integer from 1 through 5.
- useCustomSignString (boolean): When disabled, the encrypted string is based on the forwarded URL. If enabled, you can use customSignString to customize the set of data to encrypt.
- customSignString (array of string values): With useCustomSignString enabled, specifies the set of data to be encrypted as a combination of concatenated strings, any of the following values:
- secretKey (string): Specifies the shared secret key.
- nonce (string): Specifies the cryptographic nonce string.