Introduction to Akamai CDN
Akamai is one of the world’s largest Content Delivery Network (CDN) providers, operating over 325,000 servers in more than 135 countries. It delivers between 15-30% of all web traffic and helps businesses accelerate content delivery, enhance website performance, improve security, and scale globally. As a pioneer in the CDN industry since 1998, Akamai provides a distributed platform that reduces latency by placing content closer to end users, shields origin servers from direct traffic, and offers numerous performance and security optimizations.
Core Concepts & Architecture
| Concept | Description |
|---|
| Edge Servers | Distributed servers that cache and deliver content close to end users |
| Origin Server | Your web server where original content is hosted |
| Edge Network | Akamai’s global network of distributed servers |
| PoPs (Points of Presence) | Physical locations containing edge servers |
| Caching | Storing copies of content on edge servers to reduce latency |
| Content Purging | Process of removing content from the cache |
| Edge Compute | Running code at the edge for performance and customization |
Akamai Platform Components
- Intelligent Platform: Core infrastructure for content delivery and acceleration
- Control Center: Web portal for managing Akamai services
- Luna Portal: Management interface for configuration and reporting
- Property Manager: Tool for creating and managing property configurations
- EdgeWorkers: JavaScript-based edge computing platform
- Image Manager: Automated image optimization service
- Ion: Web performance solution suite
- Kona Security Solutions: Web security products including WAF
Akamai Configuration Basics
Property Configuration Structure
Property
└── Property Hostname(s)
└── Property Configuration
└── Default Rule
├── Behaviors
└── Child Rules
└── Behaviors & Criteria
Common Property Manager Behaviors
| Behavior | Purpose |
|---|
| Origin Server | Define the origin hostname, path, and connection settings |
| Caching | Configure cache TTL and validation behavior |
| Content Compression | Enable/configure GZIP/Brotli compression |
| Last Mile Acceleration | Optimize delivery over the last network hop |
| Prefresh Cache | Proactively refresh cached content before expiration |
| Site Failover | Configure failover destinations if origin is unavailable |
| Adaptive Acceleration | Automatically optimize based on real user metrics |
| Advanced Cache Control | Fine-tune caching behavior with detailed settings |
Common Property Manager Match Criteria
| Criteria | Purpose |
|---|
| Path | Match based on the request path |
| Filename Extension | Match specific file types |
| Query String Parameter | Match based on query parameters |
| Cookie | Match based on cookie values |
| Client IP | Match specific IP addresses/ranges |
| Request Method | Match specific HTTP methods (GET, POST, etc.) |
| User Agent | Match based on browser/device information |
| Response Code | Match based on HTTP response code |
Caching Configuration
Cache TTL Settings
// Sample Property Manager caching settings
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"mustRevalidate": false,
"ttl": "1d"
}
}
]
Common Cache Time Values
| Content Type | Recommended TTL |
|---|
| Static Assets (CSS/JS) | 7-30 days |
| Images | 30 days |
| HTML | 0 minutes (no caching) to 1 hour |
| API Responses | Varies by use case (0 min to 1 day) |
| Error Pages | 5-10 minutes |
Cache-Control Directives
| Directive | Effect |
|---|
| max-age | Specifies TTL in seconds |
| s-maxage | Specific to shared caches like CDNs |
| no-cache | Must revalidate before serving cached content |
| no-store | Don’t cache at all |
| private | Only cacheable in browser, not CDN |
| public | Cacheable by browsers and CDNs |
| must-revalidate | Must revalidate after expiration |
Content Purging Methods
- Fast Purge API:
curl -X POST "https://api.ccu.akamai.com/ccu/v3/invalidate/url" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{"objects": ["https://www.example.com/path/to/asset.jpg"]}'
- Purge by Content Provider Code (CPCODE):
curl -X POST "https://api.ccu.akamai.com/ccu/v3/invalidate/cpcode" \
-H "Content-Type: application/json" \
-H "Authorization: Bearer $TOKEN" \
-d '{"objects": [12345]}'
- Via Luna Control Center:
- Navigate to Purge → Create a New Purge
- Select purge type (URL, CPCODE, Cache Tag)
- Enter objects to purge
- Submit request
Performance Optimization Techniques
Optimizing Origin Connectivity
- Origin Connection Settings: Configure persistent connections, request timeouts
- Forward Host Headers: Control the Host header sent to origin
- Allow/Deny Origin IPs: Restrict origin access to Akamai IPs only
Image & Resource Optimization
- Image Manager: Automatic device-specific image optimization
- Adaptive Image Compression: Adjusts compression based on network conditions
- Image & Midgress Cache Optimization: Fine-tune image delivery
- Prefetching: Preload resources before they’re requested
Front-End Optimization
- Resource Minification: Minimize CSS, JS, and HTML
- Resource Consolidation: Combine multiple resources
- Adaptive Acceleration: Automatically optimize based on network conditions
- Script Management: Control script loading and execution
- Lazy Loading: Defer loading of non-critical assets
Mobile Optimization
- Responsive Image Delivery: Serve device-appropriate images
- Mobile Detection: Detect and adapt to mobile devices
- Transcoding: Convert content formats for mobile compatibility
- Mobile Redirect: Redirect mobile users to mobile-specific experiences
Security Features
Web Application Firewall (WAF) Configuration
- Rule Sets: Predefined security rules (OWASP Top 10, etc.)
- Custom Rules: Create custom security rules
- Rate Controls: Limit request rates to prevent abuse
- IP/Geo Blocking: Block specific regions or IP addresses
- Bot Manager: Identify and control bot traffic
- API Gateway: Secure and manage API traffic
SSL/TLS Configuration
- Shared Certificates: Use Akamai-managed shared certificates
- Custom Certificates: Upload and manage your own certificates
- SNI: Configure Server Name Indication for multiple hostnames
- TLS Versions: Control supported TLS versions (1.2, 1.3)
- Cipher Suites: Configure supported encryption methods
DDoS Protection
- Site Shield: Hide origin from direct access
- Prolexic: Protection against large-scale DDoS attacks
- Rate Controls: Limit request rates
- Security Monitors: Real-time attack monitoring
EdgeWorkers (Edge Computing)
EdgeWorkers Lifecycle Events
| Event | Purpose |
|---|
| onClientRequest | Executes when request is received from client |
| onOriginRequest | Executes before request is sent to origin |
| onOriginResponse | Executes after response is received from origin |
| onClientResponse | Executes before response is sent to client |
Sample EdgeWorker Code
// main.js
import { logger } from 'log';
import { createResponse } from 'create-response';
export function onClientRequest(request) {
// Add a custom request header
request.setHeader('X-Custom-Header', 'EdgeWorker-Value');
// Log the client IP
logger.log('Client IP: %s', request.userLocation.clientIp);
}
export function onOriginResponse(request, response) {
// Modify the response headers
response.setHeader('X-Powered-By', 'Akamai EdgeWorkers');
// If response is JSON, parse and possibly modify it
if (response.getHeader('Content-Type') === 'application/json') {
return response.text().then(responseText => {
const jsonData = JSON.parse(responseText);
// Modify the JSON
jsonData.processedBy = 'EdgeWorkers';
// Return modified response
return createResponse(
200,
{'Content-Type': ['application/json']},
JSON.stringify(jsonData)
);
});
}
}
EdgeWorkers Deployment
- Create EdgeWorker ID in Control Center
- Bundle code (main.js + bundle.json)
- Upload bundle using API or Control Center
- Activate version in staging/production
- Add EdgeWorkers behavior to Property
API Gateway
API Gateway Key Features
- API Security: Authentication, authorization, and input validation
- Rate Limiting: Control request rates per API key/client
- Quota Management: Limit usage over time periods
- Analytics: Monitor API usage and performance
- Versioning: Manage multiple API versions
- Caching: Cache API responses at the edge
API Authentication Methods
| Method | Use Case |
|---|
| API Keys | Simple authentication with keys in header or query parameter |
| OAuth 2.0 | Token-based authorization for more secure access |
| JWT | JSON Web Tokens for stateless authentication |
| IP/Geo Restrictions | Restrict access based on caller location |
Common Troubleshooting Techniques
Debugging Tools
- Akamai Debug Headers: Add
Pragma: akamai-x-check-cacheable and similar debug headers - Akamai Diagnostic Tools: Control Center troubleshooting utilities
- Log Delivery Service (LDS): Configure and analyze logs
- Real User Monitoring (RUM): Analyze real user performance data
- Akamai CLI: Command-line tools for troubleshooting
Key Debug Headers
| Header | Purpose |
|---|
| X-Cache | Shows cache hit/miss status |
| X-Cache-Key | Shows the cache key used |
| X-Cache-Remote | Indicates if served from parent cache |
| X-Check-Cacheable | Shows if content is cacheable |
| X-Akamai-Request-ID | Unique identifier for request tracking |
Testing Cache Status
# Test cache status with curl
curl -I -H "Pragma: akamai-x-check-cacheable" https://www.example.com/path/to/asset
Common Error Responses
| Error | Possible Causes |
|---|
| 503 Service Unavailable | Origin server unavailable or timeout |
| 504 Gateway Timeout | Origin not responding within timeout period |
| 502 Bad Gateway | Origin returned invalid response |
| 403 Forbidden | WAF blocks, IP restrictions, or authentication failures |
| 404 Not Found | Resource not found on origin or edge |
Real-World Optimization Scenarios
High-Traffic Media Site
- Aggressive caching of static assets (30+ days)
- Image Manager for automatic optimization
- Prefetching for anticipated user journeys
- Tiered Distribution to handle traffic surges
- Cache Tag-based purging for content updates
E-commerce Site
- Selective caching (static content vs. dynamic)
- Edge Side Includes (ESI) for personalized components
- A/B Testing at the edge
- API Acceleration for product and inventory calls
- Bot management to protect against scraping
Mobile App Backend
- API Gateway for security and rate limiting
- JSON optimization for bandwidth reduction
- Push APIs for notification delivery
- Mobile performance optimizations
- Geolocation-based content customization
Configuration Examples
Basic Origin Configuration
{
"rules": {
"behaviors": [
{
"name": "origin",
"options": {
"originType": "CUSTOMER",
"hostname": "origin.example.com",
"forwardHostHeader": "ORIGIN_HOSTNAME",
"cacheKeyHostname": "ORIGIN_HOSTNAME",
"compress": true,
"enableTrueClientIp": true
}
}
]
}
}
Caching Strategy for Different Content Types
{
"rules": {
"children": [
{
"name": "Static Assets",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchOperator": "IS_ONE_OF",
"values": ["css", "js", "jpg", "png", "gif", "svg"]
}
}
],
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"ttl": "30d"
}
}
]
},
{
"name": "HTML Content",
"criteria": [
{
"name": "fileExtension",
"options": {
"matchOperator": "IS_ONE_OF",
"values": ["html", "htm"]
}
}
],
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "MAX_AGE",
"ttl": "1h"
}
}
]
},
{
"name": "API Responses",
"criteria": [
{
"name": "path",
"options": {
"matchOperator": "MATCHES_ONE_OF",
"values": ["/api/*"]
}
}
],
"behaviors": [
{
"name": "caching",
"options": {
"behavior": "NO_STORE"
}
}
]
}
]
}
}
Best Practices & Tips
Performance Best Practices
- Cache as much as possible for as long as possible
- Use Cache Tags for efficient content invalidation
- Enable Brotli compression for text-based content
- Implement Adaptive Image Compression for varying networks
- Use prefetch hints for common user journeys
- Enable HTTP/2 and HTTP/3 where supported
- Implement Resource Timing API for performance monitoring
Security Best Practices
- Apply the Principle of Least Privilege for origin access
- Enable Site Shield to hide your origin
- Implement Content Security Policy (CSP) headers
- Use Strict Transport Security (HSTS) headers
- Configure Client Reputation scoring
- Enable Bot Manager for bot control
- Regularly review Security Monitor reports
Operational Tips
- Create a purge strategy before implementation
- Use Staging environment for testing before production
- Implement gradual rollouts of major changes
- Set up Real User Monitoring for performance metrics
- Configure Log Delivery Service for troubleshooting
- Use Property Variables for environment-specific settings
- Leverage Property Manager templates for consistency
Resources for Further Learning
Documentation & Learning
Tools & Utilities
Training & Certification
