ContactSign in

The azion.config.js file is an IaC configuration file created during the application’s build process, based on the chosen preset, and serves as the source of truth for the configuration. Each preset provides a set of default settings, which can be replaced by the user. If the file is deleted, the default configuration will be recreated the next time the build process is triggered.

The configurations set by this file include:

  • Build Configurations
  • Origins
  • Cache Settings
  • Rules Engine
  • Network List
  • Purge Settings
  • Firewall Settings
  • WAF Settings

API Reference

defineConfig

Configures and validates the options for the Application.

Parameters:

  • config: AzionConfig - Configuration object for Applications.

Types

AzionConfig

Properties:

  • build?: AzionBuild - The build configuration.
  • domain?: AzionDomain - The domain object.
  • origin?: AzionOrigin[] - List of origins.
  • cache?: AzionCache[] - List of cache settings.
  • rules?: AzionRules[] - List of application rules.
  • purge?: AzionPurge[] - List of URLs or CacheKeys to purge.
  • networkLists?: AzionNetworkList[] - List of network lists.
  • waf?: AzionWaf[] - List of WAF configurations.

AzionBuild

Type definition for the build configuration.

Properties:

  • builder?: 'esbuild' | 'webpack' - The builder to use.
  • preset?: string - The preset to use.
  • entry?: string - The entry file.
  • polyfills?: boolean - Whether to use Polyfills.
  • worker?: boolean - Whether to build a worker.
  • custom?: Record<string, any> - Custom build configuration.
  • memoryFS?: { injectionDirs: string[], removePathPrefix: string } - Memory file system configuration.

AzionDomain

Type definition for the domain configuration.

Properties:

  • name: string - The domain name.
  • cnameAccessOnly?: boolean - Whether to restrict access only to CNAMEs.
  • cnames?: string[] - List of CNAMEs for the domain.
  • id?: number - Domain ID.
  • edgeApplicationId?: number - Application ID.
  • edgeFirewallId?: number - Firewall ID.
  • digitalCertificateId?: string | number | null - Digital certificate ID.
  • active?: boolean - Whether the domain is active.
  • mtls?: MTLSConfig - Configuration for mTLS.
    • verification: 'enforce' | 'permissive' - mTLS verification mode.
    • trustedCaCertificateId: number - Trusted CA certificate ID.
    • crlList?: number[] - List of Certificate Revocation Lists (CRLs).

AzionOrigin

Type definition for the origin configuration.

Properties:

  • id?: number - Origin ID.
  • key?: string - Origin key.
  • name: string - Origin name.
  • type: string - Type of the origin. For example: ‘single_origin’, ‘load_balancer’.
  • bucket?: string | null - Bucket name for storage origins.
  • prefix?: string | null - Prefix for storage origins.
  • addresses?: (string | { address: string; weight?: number })[] - Array of addresses for the origin.
  • hostHeader?: string - Custom host header.
  • protocolPolicy?: 'http' | 'https' | 'preserve' - Protocol policy for the origin.
  • redirection?: boolean - Whether to enable redirection.
  • method?: 'ip_hash' | 'least_connections' | 'round_robin' - Load balancing method.
  • path?: string - Path for the origin.
  • connectionTimeout?: number - Connection timeout in seconds.
  • timeoutBetweenBytes?: number - Timeout between bytes in seconds.
  • hmac?: { region: string; accessKey: string; secretKey: string } - HMAC configuration for the origin.

AzionCache

Type definition for the cache configuration.

Properties:

  • name: string - Name of the cache configuration.
  • stale?: boolean - Whether to allow stale content.
  • queryStringSort?: boolean - Whether to sort query string parameters.
  • methods?: CacheMethods - HTTP methods to cache.
    • post?: boolean - Whether to cache POST requests.
    • options?: boolean - Whether to cache OPTIONS requests.
  • browser?: BrowserCacheConfig - Browser cache settings.
    • maxAgeSeconds: number | string - Maximum age for browser cache in seconds.
  • edge?: EdgeCacheConfig - Cache settings.
    • maxAgeSeconds: number | string - Maximum age for cache in seconds.
  • cacheByCookie?: CacheByCookieConfig - Cache by cookie settings.
    • option: 'ignore' | 'varies' | 'whitelist' | 'blacklist' - Cache by cookie option.
    • list?: string[] - List of cookies to use for caching.
  • cacheByQueryString?: CacheByQueryStringConfig - Cache by query string settings.
    • option: 'ignore' | 'varies' | 'whitelist' | 'blacklist' - Cache by query string option.
    • list?: string[] - List of query string parameters to use for caching.

AzionRequestRule

Type definition for the request rule configuration.

Properties:

  • name: string - Name of the request rule.
  • description?: string - Description of the request rule.
  • active?: boolean - Whether the rule is active.
  • match: string - Match criteria for the rule.
  • variable?: string - Variable to be used in the match.
  • behavior?: RequestBehavior - Behavior to apply when the rule matches.
    • setOrigin?: { name: string; type: string } - Set a new origin.
    • rewrite?: string - Rewrite the request.
    • setHeaders?: string[] - Set headers.
    • bypassCache?: boolean | null - Bypass cache.
    • httpToHttps?: boolean | null - Force HTTPS.
    • redirectTo301?: string | null - Redirect with 301 status.
    • redirectTo302?: string | null - Redirect with 302 status.
    • forwardCookies?: boolean | null - Forward cookies.
    • setCookie?: string | null - Set a cookie.
    • deliver?: boolean | null - Deliver the content.
    • capture?: { match: string; captured: string; subject: string } - Capture configuration.
    • runFunction?: { path: string; name?: string | null } - Run a serverless function.
    • setCache?: string | { name: string; browser_cache_settings_maximum_ttl?: number | null; cdn_cache_settings_maximum_ttl?: number | null } - Cache configuration.

AzionResponseRule

Type definition for the response rule configuration.

Properties:

  • name: string - Name of the response rule.
  • description?: string - Description of the response rule.
  • active?: boolean - Whether the rule is active.
  • match: string - Match criteria for the rule.
  • variable?: string - Variable to be used in the match.
  • behavior?: ResponseBehavior - Behavior to apply when the rule matches.
    • setCookie?: string | null - Set a cookie.
    • setHeaders?: string[] - Set headers.
    • deliver?: boolean | null - Deliver the content.
    • capture?: { match: string; captured: string; subject: string } - Capture configuration.
    • enableGZIP?: boolean | null - Enable GZIP compression.
    • filterCookie?: string | null - Filter a cookie.
    • filterHeader?: string | null - Filter a header.
    • runFunction?: { path: string; name?: string | null } - Run a serverless function.
    • redirectTo301?: string | null - Redirect with 301 status.
    • redirectTo302?: string | null - Redirect with 302 status.

AzionRules

Type definition for the rule set.

Properties:

  • request: AzionRequestRule[] - Rule set for the Request phase.
  • response?: AzionResponseRule[] - Rule set for the Response phase.

AzionPurge

Type definition for the purge configuration.

Properties:

  • type: 'url' | 'cachekey' | 'wildcard' - The type of purge to be performed.
  • urls: string[] - List of URLs to be purged.
  • method?: 'delete' - HTTP method for the purge request.
  • layer?: 'edge_caching' | 'l2_caching' - Cache layer to be purged.

AzionNetworkList

Type definition for the network list configuration.

Properties:

  • id: number - Network list ID.
  • listType: 'ip_cidr' | 'asn' | 'countries' - Network list type.
  • listContent: string[] | number[] - List of IP CIDRs, ASNs, or countries.

AzionFirewall

Type definition for the Firewall configuration.

Properties:

  • name: string - Name of the firewall.
  • domains?: string[] - List of domains associated with the firewall.
  • active?: boolean - Whether the firewall is active.
  • edgeFunctions?: boolean - Whether Functions are enabled.
  • networkProtection?: boolean - Whether Network Protection is enabled.
  • waf?: boolean - Whether WAF is enabled.
  • variable?: RuleVariable - Variable to be used in matches.
  • rules?: AzionFirewallRule[] - List of firewall rules.
  • debugRules?: boolean - Whether debug mode is enabled for rules.

AzionFirewallRule

Type definition for firewall rules.

Properties:

  • name: string - Name of the rule.
  • description?: string - Description of the rule.
  • active?: boolean - Whether the rule is active.
  • match?: string - Match criteria for the rule.
  • variable?: RuleVariable - Variable to be used in the match.
  • criteria?: AzionFirewallCriteria[] - Array of criteria for complex conditions.
  • behavior: AzionFirewallBehavior - Behavior to be applied when the rule matches.

AzionFirewallBehavior

Type definition for firewall rule behaviors.

Properties:

  • runFunction?: { path: string } - Run a function.
  • setWafRuleset?: { wafMode: FirewallWafMode; wafId: string } - Set WAF rule set.
  • setRateLimit?: - Set rate limit configuration.
    • type: FirewallRateLimitType - Rate limit type (second, minute, hour).
    • limitBy: FirewallRateLimitBy - Rate limit by (client_ip, global, token).
    • averageRateLimit: string - Average rate limit.
    • maximumBurstSize: string - Maximum burst size.
  • deny?: boolean - Deny the request.
  • drop?: boolean - Drop the request.
  • setCustomResponse?: - Set custom response.
    • statusCode: number | string - HTTP status code (200-499).
    • contentType: string - Response content type.
    • contentBody: string - Response content body.

AzionFirewallCriteria

Type definition for firewall rule criteria.

Properties:

  • variable: RuleVariable - Variable to be evaluated.
  • conditional: RuleConditional - Conditional type.
  • operator: RuleOperatorWithValue | RuleOperatorWithoutValue - Comparison operator.
  • inputValue?: string - Input value for comparison (required for operators with value).

AzionWaf

Type definition for the Web Application Firewall (WAF) configuration.

Properties:

  • id?: number - WAF ID.
  • name: string - WAF name.
  • active: boolean - Whether the WAF is active.
  • mode: WafMode - WAF mode (learning, blocking, counting).
  • sqlInjection?: object - SQL Injection settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • remoteFileInclusion?: object - Remote File Inclusion settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • directoryTraversal?: object - Directory Traversal settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • crossSiteScripting?: object - Cross-Site Scripting settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • evadingTricks?: object - Evading Tricks settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • fileUpload?: object - File Upload settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • unwantedAccess?: object - Unwanted Access settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • identifiedAttack?: object - Identified Attack settings.
    • sensitivity: string - Sensitivity level (low, medium, high).
  • bypassAdresses?: string[] - List of IP addresses to bypass the WAF.

Example

Here’s an example of an implementation of the azion.config.js file:


export default {
  build: {
    entry: './src/index.js',
    preset: 'angular',
  },
  domain: {
    name: 'my_domain',
    cnameAccessOnly: false, // Optional, defaults to false
    cnames: ['www.example.com'], // Optional
    edgeApplicationId: 12345, // Optional
    edgeFirewallId: 12345, // Optional
    digitalCertificateId: 'lets_encrypt', // 'lets_encrypt' or null
    mtls: {
      verification: 'enforce', // 'enforce' or 'permissive'
      trustedCaCertificateId: 12345,
      crlList: [111, 222],
    }, // Optional
  },
  origin: [
    {
      id: 123, // Optional. ID of your origin. Obtain this value via GET request. Cannot be changed via API.
      key: 'myorigin', // Optional. Key of your origin. Obtain this value via GET request. Cannot be changed via API.
      name: 'myneworigin', // Required
      type: 'single_origin', // Required. Options: single_origin, load_balancer, object_storage, live_ingest. Defaults to single_origin if not provided.
      path: '', // Optional. Default '' if not provided
      addresses: [
        // Required for single_origin, load_balancer, live_ingest. Optional for object_storage.
        // or addresses: ['http.bin.org']
        {
          address: 'http.bin.org',
          weight: 1, // Optional. Assign a number from 1 to 10 to determine how much traffic a server can handle.
        },
      ],
      protocolPolicy: 'preserve', // Optional. Options: preserve, https, http. Defaults to preserve if not provided.
      hostHeader: '${host}', // Defaults to '${host}' if not provided
      connectionTimeout: 60, // Optional. Default 60 if not provided
      timeoutBetweenBytes: 120, // Optional. Default 120 if not provided
      redirection: false, // Optional. Default false if not provided
      hmac: {
        region: 'us-east-1', // Required for hmac
        accessKey: 'myaccesskey', // Required for hmac
        secretKey: 'secretKey', // Required for hmac
      }, // Optional
    },
    {
      id: 456, // Optional. ID of your origin. Obtain this value via GET request. Cannot be changed via API.
      key: 'myorigin', // Optional. Key of your origin. Obtain this value via GET request. Cannot be changed via API.
      name: 'myneworigin', // Required
      type: 'object_storage', // Required. Options: single_origin, load_balancer, object_storage, live_ingest. Defaults to single_origin if not provided.
      bucket: 'blue-courage', // Required for object_storage.
      prefix: '0101010101001', // Optional. Default '' if not provided.
    },
  ],
  cache: [
    {
      name: 'mycache',
      stale: false,
      queryStringSort: false,
      methods: {
        post: false,
        options: false,
      },
      browser: {
        maxAgeSeconds: 1000 * 5, // 5000 seconds
      },
      edge: {
        maxAgeSeconds: 1000,
      },
      cacheByQueryString: {
        option: 'blacklist', // Options: ['blacklist', 'whitelist', 'varies', 'ignore']
        list: ['order', 'user'],
      },
      cacheByCookie: {
        option: 'whitelist', // Options: ['blacklist', 'whitelist', 'varies', 'ignore']
        list: ['session', 'user'],
      },
    },
  ],
  rules: {
    request: [
      {
        name: 'rewriteRuleExample',
        description: 'Rewrites URLs, sets cookies and headers, and forwards cookies.',
        active: true,
        variable: 'uri', // Optional, defaults to 'uri' if not provided.
        match: '^/rewrite$',
        behavior: {
          setCache: 'mycache1',
          rewrite: `/new/%{captured[1]}`, // Rewrites /original/image.jpg to /new/image.jpg.
          setCookie: 'user=12345; Path=/; Secure',
          setHeaders: 'Cache-Control: no-cache',
          forwardCookies: true,
        },
      },
      {
        name: 'gzipCompressionRuleExample',
        description: 'Enables GZIP compression for specified paths.',
        active: true,
        variable: 'uri', // Optional, defaults to 'uri' if not provided.
        match: '^/compress',
        behavior: {
          enableGZIP: true,
        },
      },
      {
        name: 'forceHttpsRuleExample',
        description: 'Redirects HTTP requests to HTTPS for secure areas.',
        active: true,
        variable: 'uri', // Optional, defaults to 'uri' if not provided.
        match: '^/secure-area',
        behavior: {
          httpToHttps: true,
        },
      },
    ],
    response: [
      {
        name: 'apiDataResponseRuleExample',
        description: 'Manages headers, cookies, and GZIP compression for API responses.',
        active: true,
        variable: 'uri', // Optional, defaults to 'uri' if not provided.
        match: '^/api/data',
        behavior: {
          setHeaders: 'Content-Type: application/json',
          setCookie: 'session=abcdef; Path=/; HttpOnly',
          filterHeader: 'Server',
          filterCookie: 'tracking',
          enableGZIP: true,
        },
      },
      {
        name: 'computeResultFunctionRuleExample',
        description: 'Executes a function and captures the full URI path for computational results.',
        active: true,
        variable: 'uri', // Optional, defaults to 'uri' if not provided.
        match: '^/compute-result',
        behavior: {
          runFunction: {
            path: '.edge/computeResult.js',
          },
          // Captures the full URI path and stores it in the variable 'full_path_arr'.
          capture: {
            match: '^(.*)$', // The regular expression '^(.*)$' captures the full URI path.
            captured: 'full_path_arr', // The result of the capture is stored in the variable 'full_path_arr'.
            subject: 'uri', // The capture is based on the value of the 'uri' variable.
          },
          // Permanently redirects to the first element captured in 'full_path_arr'.
          redirectTo301: '%{full_path_arr[0]}', // Uses the first element of the 'full_path_arr' array as part of the new URL.
        },
      },
    ],
  },
  purge: [
    {
      type: 'url',
      urls: ['http://www.example.com/image.jpg'],
    },
    {
      type: 'cachekey',
      urls: ['https://example.com/test1', 'https://example.com/test2'],
      method: 'delete',
    },
    {
      type: 'wildcard',
      urls: ['http://www.example.com/*'],
    },
  ],
};