Notes about Akamai This note was created on 2020-07-06 This note was last edited on 2024-04-22 === Test property configuration on staging network === 1. Find IP-address of Akamai staging servers. - If you don't know edge hostname, use "dig" to get it from the hostname: $ dig example.com CNAME - Add "-staging" after edgehostname (e.g. www.example.com.edgekey-staging.net). - Use "dig" (or just "ping" it) to get IP-address of staging network: $ dig www.example.com.edgekey-staging.net A 2. Spoof domain using host file. - Use your editor of choice to add a record to host file: ~~~ 2.19.194.54 example.com ~~~ Note: Host file on Windows: "C:\Windows\System32\drivers\etc\hosts"; Host file on UNIX-systems: "/etc/hosts". 3. Done. Until the record persist in host file, you’re using staging network for selected domain. === Check public property configuration and state of specific URL === - From CLI: $ curl -k -H "Pragma: akamai-x-cache-on, akamai-x-cache-remote-on, akamai-x-cache-remote, akamai-x-check-cacheable, akamai-x-get-cache-key, akamai-x-get-extracted-values, akamai-x-get-true-cache-key, akamai-x-serial-no, akamai-x-get-request-id, akamai-x-get-client-ip, akamai-x-get-nonces, akamai-x-get-cache-tags" -s -D - "https://example.com" -o /dev/null - From browser: use the following extension: https://addons.mozilla.org/en-US/firefox/addon/modheader-firefox/ === Pragma headers === - akamai-x-get-request-id - akamai-x-cache-on - akamai-x-cache-remote-on - akamai-x-check-cacheable - akamai-x-get-cache-key - akamai-x-get-true-cache-key - akamai-x-cache-remote - akamai-x-get-nonces - akamai-x-get-extracted-values - akamai-x-serial-no - akamai-x-get-client-ip - akamai-x-get-cache-tags === Cache states === TCP_HIT: The object was fresh in cache and object from disk cache. TCP_MISS: The object was not in cache, server fetched object from origin. TCP_REFRESH_HIT: The object was stale in cache and we successfully refreshed with the origin on an If-modified-Since request. TCP_REFRESH_MISS: Object was stale in cache and refresh obtained a new object from origin in response to our IF-Modified-Since request. TCP_REFRESH_FAIL_HIT: Object was stale in cache and we failed on refresh (couldn't reach origin) so we served the stale object. TCP_IMS_HIT: IF-Modified-Since request from client and object was fresh in cache and served. TCP_NEGATIVE_HIT: Object previously returned a "not found" (or any other negativelycacheable response) and that cached response was a hit for this new request. TCP_MEM_HIT: Object was on disk and in the memory cache. Server served it without hitting the disk. TCP_DENIED: Denied access to the client for whatever reason. TCP_COOKIE_DENY: Denied access on cookie authentication (if centralized or decentralized authorization feature is being used in config). === Reference error codes === 1.xx - ERR_READ_TIMEOUT (Generally the HTTP request/response timed out when Akamai tried fetching content from origin. Default read timeout is 120s). 3.xx - ERR_READ_ERROR (Generally the TCP connection from Akamai to origin was successful but the origin did not send any (valid) HTTP response headers back). 4.xx - ERR_WRITE_ERROR (Usually happens when connection is closed by origin before Akamai could send the complete request). 6.xx - ERR_CONNECT_FAIL (When Akamai is trying to connect to origin, the origin or a firewall is actively refusing the connection - e.g. it sent a TCP RST packet). 9.xx - ERR_INVALID_URL (The Akamai Edge server does not have a configuration file associated for the host/URL visited). 11.xx - ERR_DNS_FAIL (This happens if origin is specified as an FQDN and the Edgeserver cannot resolve the origin hostname to IP. e.g. due to a DNS resolver issue). 18.xx - ERR_ACCESS_DENIED (Request denied due to WAP/WAF/Botman rule or configuration (auth) setting). 15.xx - ERR_ZERO_SIZE_OBJECT (Origin server responded with a 0 size object for a request from Akamai). 24.xx - ERR_REFERER_DENIED (The referrer was denied). 27.xx - ERR_CLIENT_ABORT (The client closed the connection to Akamai edge server before the complete object could be transferred to the client - this happens when a client/user navigates away from the page during browser loading). 30.xx - ERR_FWD_SSL_HANDSHAKE (SSL certificate verification failed when connecting to the origin). 97.xx - ERR_CONNECT_TIMEOUT (Generic error where Akamai is not able to connect to origin server at a network level, TCP/IP layer). 199.xx - ERR_AUTH_BROWSER_TOKEN_FAILED 174.xx - ERR_METADATA_APPLY_FAILURE