wam policy
wam policy(1) BIG-IP TMSH Manual wam policy(1)
NAME
policy - Configures an acceleration policy for WebAccelerator.
MODULE
wam
SYNTAX
Configure the policy component within the wam module using the syntax shown in the following sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [[string] | none]
code [integer]
copy-from [name]
description [string]
nodes [add | delete | modify | replace-all-with] {
[name] {
options:
always-proxy [yes | no]
app-service [[string] | none]
assembly-compression [enable | disable]
assembly-compression-ows [enable | disable]
assembly-concatenation [enable | disable]
assembly-concatenation-sets [string ] ...
assembly-css-inlining [enable | disable]
assembly-css-inlining-urls [string ] ...
assembly-css-reorder [enable | disable]
assembly-css-reorder-cache-size [integer]
assembly-css-reorder-urls [string ] ...
assembly-dns-prefetch [enable | disable]
assembly-dns-prefetch-domain-lists [add | delete | replace-all-with] {
[string] ...
}
assembly-dns-prefetch-https-enable [enable | disable]
assembly-dns-prefetch-https-automatic [enable | disable]
assembly-ibr [enable | disable]
assembly-image-inlining [enable | disable]
assembly-image-inlining-max-size [integer]
assembly-image-inlining-urls [string ] ...
assembly-js-inlining [enable | disable]
assembly-js-inlining-urls [string ] ...
assembly-js-reorder [enable | disable]
assembly-js-reorder-cache-size [integer]
assembly-js-reorder-urls [string ] ...
assembly-intelligent-client-cache [enable | disable]
assembly-icc-force [enable | disable]
assembly-icc-image-max-size [integer]
assembly-icc-css-inlining-max-size [integer]
assembly-icc-js-inlining-max-size [integer]
assembly-icc-max-num-urls [integer]
assembly-icc-min-client-expiry [integer]
assembly-minification [enable | disable]
assembly-multiconnect [enable | disable]
assembly-on-proxies [enable | disable]
assembly-pdf-linearization [enable | disable]
cache-complete-only [enable | disable]
cache-first-hit [yes | no]
cache-mode [memory-and-disk | memory-only]
cache-priority [low | medium | high]
cache-stand-in-period [integer]
code [integer]
coherency [blade | cluster]
defaults-from [name]
description [string]
jpeg-quality-is-relative [yes | no]
jpeg-quality [integer]
jpeg-strip-keeps-copyright [yes | no]
jpeg-strip-exif [no | yes | if-safe | make-safe]
jpeg-sampling factor [preserve | 1x1 | 2x1 | 1x2 | 2x2]
jpeg-progressive-encoding [yes | no]
jpegxr-quality [integer]
lifetime-cache-control-extensions
[add | delete | replace-all-with] {
[string] ...
}
lifetime-cache-control-extensions none
lifetime-cache-max-age [integer]
lifetime-honor-ows [yes | no]
lifetime-honor-ows-values
[add | delete | replace-all-with] {
[all-values | no-cache | no-store | no-transform |
max-age | must-revalidate | private | proxy-revalidate |
s-maxage] ...
}
lifetime-honor-ows-values none
lifetime-honor-request [yes | no]
lifetime-honor-request-values
[add | delete | replace-all-with] {
[all-values | no-cache | no-store | no-transform |
max-age | max-stale | min-fresh] ...
}
lifetime-honor-request-values none
lifetime-http-heuristic [percentage]
lifetime-insert-no-cache [yes | no]
lifetime-preserve-response [yes | no]
lifetime-preserve-response-values
[add | delete | replace-all-with] {
[all-values | no-cache | no-store | no-transform |
max-age | must-revalidate | private | proxy-revalidate |
s-maxage | custom-extension] ...
}
lifetime-preserve-response-values none
lifetime-response-max-age [integer]
lifetime-response-s-maxage [integer]
lifetime-stand-in-codes
[add | delete | replace-all-with] {
[HTTP response code] ...
}
lifetime-stand-in-codes none
lifetime-use-heuristic [yes | no]
object-max-size [integer | from-profile]
object-min-size [integer | from-profile]
optimize-for-client [yes | no]
options { [hidden | nodelete | nowrite] ...}
order [integer]
response-codes-cached
[add | delete | replace-all-with] {
[HTTP response code] ...
}
viewstate-cache [yes | no]
viewstate-cache-size [integer]
viewstate-tag [string]
video-optimization-fast-start [enable | disable]
video-optimization-max-bitrate [integer]
video-optimization-insert-ad [enable | disable]
video-optimization-preroll-ad [enable | disable]
video-optimization-ad-frequency [integer]
video-acceleration-ad-policy [string]
webp-quality [integer]
matching [add | modify | delete | replace-all-with] {
[host | path | extension | method:[name] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip | content-type] {
options:
app-service [[string] | none]
arg-alias [string]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
}
}
values none
}
}
matching none
optimize-image [none | to-jpeg | to-gif | to-png | to-tiff]
png-256-colors [yes | no]
request-queueing [enable | disable]
variation [add | modify | delete | replace-all-with] {
[host | extension | method:[string] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip ] {
options:
app-service [[string] | none]
arg-alias [string]
arg-all [yes | no]
arg-ambiguous-as-unnamed [yes | no]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
cache-as [same | different]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
match-all [yes | no]
}
}
values none
}
}
variation none
[ proxy | proxy-override ]
[add | modify | delete | replace-all-with] {
[host | extension | method:[name] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip] {
options:
app-service [[string] | none]
arg-alias [string]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
}
}
values none
}
}
[ proxy | proxy-override ] none
substitutions [add | modify | delete | replace-all-with] {
[name] {
options:
app-service [[string] | none]
description [string]
dst-alias [string]
dst-direction [left-to-right | right-to-left]
dst-name [string]
dst-ordinal [number]
dst-type [query-param | unnamed-query-param | path-segment]
dst-urls [add | delete | replace-all-with] {
[URI] ...
}
dst-urls none
src-alias [string]
src-direction [left-to-right | right-to-left]
src-name [string]
src-ordinal [number]
src-type
[ randomizer | request-url | query-param |
unnamed-query-param | path-segment ]
src-url [absolute | relative]
}
}
substitutions none
invalidations [add | modify | delete | replace-all-with] {
[name] {
options:
active [yes | no]
app-service [[string] | none]
broadcast [no | yes]
description [string]
cache-content [add | modify | delete | replace-all-with] {
[host | path | extension | method:[name] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip] {
options:
app-service [[string] | none]
arg-alias [string]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
request-data-alias [string]
request-data-direction [left-to-right | right-to-left]
request-data-name [string]
request-data-ordinal [number]
request-data-type
[ host | path | extension | method |
query-param | unnamed-query-param |
path-segment | cookie | user-agent |
referrer | protocol | header |
client-ip ]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
}
}
values none
}
}
}
}
}
partition [name]
publish-build [integer]
publish-comment [string]
published-on [date]
Note: Policies can be created only in the Drafts folder. This is required to support publishing functionality. You may
create multiple Drafts folders, one for each folder where published policies are going to reside.
DISPLAY
list policy [name ...]
show running-config policy [name ...]
options:
all-properties
non-default-properties
partition
predefined
state
DELETE
delete policy [name ...]
SAVE/LOAD
save policy [name]
load policy [name]
options:
overwrite
file [filename]
PUBLISH
publish policy [name]
options:
publish-comment [string]
publish-build [integer]
Note: Published policies can be deleted, but cannot be modified. The only way to update a published policy is to edit and
then publish its development version.
DESCRIPTION
You can use the policy component to manage WebAccelerator acceleration policies. An acceleration policy is a collection of
defined rule parameters that dictate how the WebAccelerator system handles HTTP requests and responses. The WebAccelerator
system uses two types of rules to manage content: matching rules and acceleration rules. Matching rules are used to
classify requests by object type and match the request to a specific acceleration policy. Once matched to an acceleration
policy, the WebAccelerator system applies the associated acceleration rules to manage the requests and responses. There are
multiple types of acceleration rules: variation, proxy, proxy override, parameter value substitution, and invalidation. The
WebAccelerator system ships with several predefined acceleration policies that are optimized for specific Web applications,
in addition to several non-application specific policies for general delivery and one for an optional symmetric deployment.
EXAMPLES
Note: For the following examples, the current folder is assumed to be set to /Common.
create policy "Drafts/My Policy"
Creates a new empty policy named My Policy in the folder /Common/Drafts.
create policy "Drafts/My Policy" copy-from "/Common/Generic Policy - Complete"
Creates a new policy My Policy in the folder /Common/Drafts by copying standard system policy /Common/Generic Policy -
Complete.
modify policy "Drafts/My Policy" copy-from "/Common/Generic Policy - Complete"
Modifies the policy My Policy by overwriting it with standard system policy /Common/Generic Policy - Complete.
modify policy "Drafts/My Policy" nodes add { "My Node" { default-from Site }}
Adds a new node My Node as the child node of the node Site.
modify policy "Drafts/My Policy" nodes modify { "My Node" { matching add { content-type { values add { pages.other }}}}}
Adds a new matching rule into the node My Node. The rule will match content type of the requests to WAM object type
pages.other.
publish policy "Drafts/My Policy" publish-comment "Added new node My Node"
Publishes the policy My Policy.
modify policy "Drafts/My Policy" nodes delete { "My Node" }
Deletes the node My Node from the policy My Policy.
delete policy "My Policy"
Deletes the policy My Policy.
save policy "My Policy" file policy.txt
Saves the policy My Policy into the file /var/local/wam/policy.txt.
load policy "Drafts/My Policy" overwrite file /tmp/policy.txt
Loads the policy My Policy from the file /tmp/policy.txt and overwrites the policy if it already exists.
POLICY OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
code Specifies a numeric non-zero code of the policy that is used for troubleshooting and performance reporting. Each
policy must have a unique code. If not supplied, it will be generated by the system. Use the keyword generate to
specify that the system generate a new unique code.
copy-from
Specifies the name of an existing policy from which to copy all configuration options. If this field is used in the
modify command, the configuration options of the existing policy will be replaced with the new ones. The code, state,
publish-build, publish-comment, and published-at options are not updated.
description
User defined description of a policy.
nodes
Specifies the collection of policy nodes. Matching rules and acceleration rules for acceleration policies are
organized on the Policy Tree, which consists of nodes. The structure of the Policy Tree supports a parent-child
relationship. This enables you to easily randomize rules. That is, because a leaf node in a Policy Tree inherits all
the rules from its root node and branch node, you can quickly create multiple leaf nodes that contain the same rule
parameters by creating a branch with multiple leaf nodes. If you override or create new rules at the branch node
level, the WebAccelerator system reproduces those changes to the associated leaf nodes.
partition
Displays the administrative partition within which the policy resides.
publish-build
Specifies the policy build version that was used during policy publishing. If not specified, this number is
automatically incremented by the WebAccelerator system.
publish-comment
Specifies the user supplied comment that describes the changes in the policy that is being published.
published-on
Specifies the date and time when this policy was last published.
file Specifies the file name where the policy is going to be saved or loaded from. If a full path is not specified, it is
set to /var/local/wam directory.
overwrite
Specifies that the policy file for the save command or the policy component for the load command can be overwritten if
it exists.
NODE OPTIONS
always-proxy
Specifies that all requests matching this node must be proxied. If it enabled, proxy rules are not used, even if
configured. proxy-override rules still apply.
app-service
Specifies the name of the application service to which this node belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete this
node. Only the application service can modify or delete this node.
assembly-compression
Specifies, when enabled, that the WebAccelerator system compresses content for responses, using gzip-encoding. Note
that to use this feature, you must set the compress value for the response's object type in the corresponding object-
type component, and the client must be able to accept gzip-encoded content. The default value is enabled.
assembly-compression-ows
Specifies, when enabled, that the WebAccelerator system requests gzip-encoded or deflate-encoded content from the
origin Web server. Note that the origin Web server will comply only if it supports compression, otherwise it will
reply with uncompressed content. The default value is disabled.
assembly-concatenation
Specifies, when enabled, that the WebAccelerator system will perform JavaScript/CSS concatenation in HTML documents.
The URLs that may be concatenated are specified using the assembly-concatenation-sets option. See the WebAccelerator
documentation for more details. The default value is disabled.
assembly-concatenation-sets
Specifies the concatenation sets that are active for this node. If a URL in the HTML document that belongs to one of
the enabled sets is found, it will transformed with concatenation using the URL of the configured set. This is an
ordered set, and if the URL exists in multiple active concatenation sets, the first set specified by this option will
be used. See the WebAccelerator documentation for more details.
assembly-css-inlining
Specifies, when enabled, that the WebAccelerator system will inline CSS URLs in HTML documents. The CSS URLs that may
be inlined are specified using the assembly-css-inlining-urls option. See the WebAccelerator documentation for more
details. The default value is disabled.
assembly-css-inlining-urls
Specifies the CSS URLs that may be inlined.
assembly-css-reorder
Specifies, when enabled, that the WebAccelerator system will reorder CSS URLs to the HEAD section of HTML documents.
The CSS URLs that may be reordered are specified using the assembly-css-reorder-urls option. See the WebAccelerator
documentation for more details. The default value is disabled.
assembly-css-reorder-cache-size
Specifies the size of the intermediate cache used to store CSS URLs being reordered. Increasing the size of this cache
allows more CSS URLs to be reordered. The default value is 8kB. The maximum value is 8kB.
assembly-css-reorder-urls
Specifies the CSS URLs that may be reordered. The URLs must be fully-qualified and whitespace used to separate URLs.
The URLs must correspond to WebAccelerator URL resources created by the command create wam resource url. See the help
for wam resource url.
assembly-dns-prefetch
Specifies, when enabled, that the WebAccelerator system manipulates an HTML document to add DNS prefetch tags at the
end of the head. The DNS prefetch tags added are the combined list of domain lists specified in assembly-dns-prefetch-
domain-lists. DNS prefetch tags will not be inserted in the following conditions: when DNS prefetching is explicitly
disabled in the document, either by an HTTP header or by a meta-tag in the head of the HTML document; when the
connection is served over HTTPS without assembly-dns-prefetch-https-enable enabled; or when the connection is to a
client browser that does not support DNS prefetching.
In a document, most browsers will perform DNS prefetching on all domains linked with an HREF. This will speed up
performance by having the browser cache possible DNS resolutions before a client clicks on a link, but DNS prefetching
cannot automatically occur when a link is created through other means (such as javascript). Inserting DNS prefetch
tags addresses this issue.
The default value is disabled.
assembly-dns-prefetch-domain-lists
Specifies the lists of domains that will be inserted into a document. The domain lists must correspond to
WebAccelerator domain list resources created by the command create wam resource domain-list. See the help for wam
resource domain-list.
assembly-dns-prefetch-https-enable
Specifies, when enabled, that the WebAccelerator system manipulates an HTML document to add DNS prefetch tags at the
end of the head when a document is served over HTTPS when the client browser supports DNS prefetching. By default,
most browsers that support DNS prefetching will not do any DNS prefetching on pages served over HTTPS. Enabling
assembly-dns-prefetch-https-enable will insert a meta-header that will turn on DNS prefetching on the page and a meta-
header turning of DNS prefetching for the rest of the page. DNS prefetching cannot be turned on for the rest of an
HTML document once the meta-header turning of DNS prefetching is reached.
DNS prefetching is turned off on most browsers serving pages over HTTPS by default as a security measure. DNS
prefetching can be used to track which pages are seen over HTTPS by watching the domain resolution requests sent out
by the client. According to DNS prefetch standards currently, turning on DNS prefetching on a page will cause all
links in the page to have their domains prefetched. This is mitigated by this option with the insertion of an HTTP
meta-header turning off DNS prefetching after the DNS tags inserted by the WebAccelerator system. Turning on DNS
prefetching for the rest of the page in a request served over HTTPS can be done with the assembly-dns-prefetch-https-
automatic option.
The default value is disabled.
assembly-dns-prefetch-https-automatic
Specifies, when enabled, that the WebAccelerator system will not insert a meta-tag into an HTML document served over
HTTPS turning off DNS prefetching for the rest of a page. By default, most browsers that support DNS prefetching will
not do any DNS prefetching on pages served over HTTPS. assembly-dns-prefetch-https-enable must be enabled for this
option to work.
The default value is disabled.
assembly-ibr
Specifies, when enabled, that the WebAccelerator system manipulates the Web browser cache to reduce requests to your
site for relatively static content, such as images and style sheet (CSS) files. The default value is enabled.
assembly-image-inlining
Specifies, when enabled, that the WebAccelerator system will inline image URLs in CSS documents. The image URLs that
may be inlined are specified using the assembly-image-inlining-urls option. See the WebAccelerator documentation for
more details. The default value is disabled.
assembly-image-inlining-max-size
Specifies the maximum size of the image that is allowed to be inlined. The default value is 2kB. The maximum value is
8kB.
assembly-image-inlining-urls
Specifies the image URLs that may be inlined.
assembly-js-inlining
Specifies, when enabled, that the WebAccelerator system will inline JS URLs in HTML documents. The JS URLs that may be
inlined are specified using the assembly-js-inlining-urls option. See the WebAccelerator documentation for more
details. The default value is disabled.
assembly-js-inlining-urls
Specifies the JS URLs that may be inlined.
assembly-js-reorder
Specifies, when enabled, that the WebAccelerator system will reorder JavaScript URLs to the end of HTML documents. The
JavaScript URLs that may be reordered are specified using the assembly-js-reorder-urls option. See the WebAccelerator
documentation for more details. The default value is disabled.
assembly-js-reorder-cache-size
Specifies the size of the intermediate cache used to store JavaScript URLs being reordered. Increasing the size of
this cache allows more JavaScript URLs to be reordered. The default value is 8kB. The maximum value is 8kB.
assembly-js-reorder-urls
Specifies the JavaScript URLs that may be reordered. The URLs must be fully-qualified and whitespace used to separate
URLs. The URLs must correspond to WebAccelerator URL resources created by the command create wam resource url. See the
help for wam resource url.
assembly-intelligent-client-cache
Specifies, when enabled, that the WebAccelerator system will Intelligent Client Cache HTML documents. See the
WebAccelerator documentation for more details. The default value is disabled.
assembly-icc-force
Specifies, when enabled, that the WebAccelerator system will Intelligent Client Cache HTML documents, even if the
client does not support HTML5 localstorage. See the WebAccelerator documentation for more details. The default value
is disabled.
assembly-icc-image-max-size
Specifies the maximum size of the image that is allowed to be inlined as part of Intelligent Client Caching. The
default value is 32kB. The maximum value is 50kB.
assembly-icc-css-max-size
Specifies the maximum size of the CSS that is allowed to be inlined as part of Intelligent Client Caching. The default
value is 50kB. The maximum value is 1024kB.
assembly-icc-js-max-size
Specifies the maximum size of the JS that is allowed to be inlined as part of Intelligent Client Caching. The default
value is 50kB. The maximum value is 1024kB.
assembly-icc-max-num-urls
Specifies the maximum number of links in an HTML document that are allowed to be inlined as part of Intelligent Client
Caching. The default value is 10. The maximum value is 100.
assembly-icc-min-client-expiry
Specifies the minimum client expiry of a resource that is allowed to be inlined as part of Intelligent Client Caching.
The default value is 2days.
assembly-minification
Specifies, when enabled, that the WebAccelerator system will minify JavaScript and CSS.
assembly-multiconnect
Specifies, when enabled, that the WebAccelerator system modifies embedded URLs with unique sub-domains that prompt the
browser to open more persistent connections for each supported protocol (HTTP or HTTPS). To use this feature, you must
configure DNS with the additional domains and map those domains to the same IP address as the base origin server. The
default value is enabled.
assembly-on-proxies
Specifies, when enabled, that the WebAccelerator system applies the Content Compression and Intelligent Browser
Referencing features (if enabled) to content served to clients, even if the content is not served from the
WebAccelerator system's cache. Enable this option if you are using the Content Compression or Intelligent Browser
Referencing features. The default value is enabled.
assembly-pdf-linearization
Specifies, when enabled, that the WebAccelerator system applies linearization on PDF documents, if the documents match
the node matching rules. PDF linearization transforms the document to include the index of the pages in the beginning.
This allows Web browsers to load and show specific pages rather than a whole document. See the WebAccelerator
documentation for more details. The default value is disabled.
optimize-image
Specifies whether image optimization should be applied and the format conversion to use. Each of the 4 supported
formats (JPEG, PNG, GIF, TIFF) can be converted to any of the others. Images using a capability unique to one format
may lose that feature when converted to a format that does not support it. (For example, animated GIFs or multipage-
TIFFs will have only the first image when converted to PNG or JPEG). Transparency will be lost when converting from
GIF or PNG to JPEG. TIFF is a container for many different image formats so the results will be best-effort and may
not list completely.
A converted image will likely have a different number of bytes after conversion. Some conversions are likely to
produce fewer bytes; however, a requested conversion will be done even if it results in more bytes (for consistency).
For example, you may want to offer multiple formats of an image without storing them all on a server.
A correct Content-Type header will be generated for converted images, but HTML files will not be rewritten.
optimize-for-client Specifies whether to allow conversion to a format and/or size which is optimum for the specific client
making the request but which, if saved by that client and later sent elsewhere, might not be appropriate.
webp-quality WebP is a "lossy" compression format. This means when you convert an image to a WebP and then convert it back,
you will not get back exactly the same image you started with. Compression changes the amount of information stored (and
therefore the number of bytes), but not the image dimensions (the number of pixels). The webp-quality attribute represents
the absolute quality of the WebP produced. Compression (quality) is represented as a number between 1-100 where 1 is
minimal quality, but small, and 100 is high-quality, but large. For most images, useful values of quality will be from
about 30-70.
jpegxr-quality JPEG-XR is a "lossy" compression format. This means when you convert an image to a JPEG-XR and then convert
it back, you will not get back exactly the same image you started with. Compression changes the amount of information
stored (and therefore the number of bytes), but not the image dimensions (the number of pixels). The jpegxr-quality
attribute represents the absolute quality of the JPEG-XR produced. Compression (quality) is represented as a number between
1-100 where 1 is minimal quality, but small, and 100 is high-quality, but large. For most images, useful values of quality
will be from about 5-30.
jpeg-quality-is-relative =item jpeg-quality
JPEG is a "lossy" compression format. This means when you convert an image to a JPEG and then convert it back, you
will not get back exactly the same image you started with. Compression changes the amount of information stored (and
therefore the number of bytes), but not the image dimensions (the number of pixels). When jpeg-quality-is-relative is
set to no, the jpeg-quality attribute represents the absolute quality of the JPEG produced. Compression (quality) is
represented as a number between 1-100 where 1 is minimal quality, but small, and 100 is high-quality, but large. For
most images, useful values of quality will be from about 30-100. Because information once lost cannot be regained,
converting a low-quality JPEG to a higher quality is pointless and image optimization will prevent that (by not
changing the original to a higher JPEG quality).
You might be unable to choose a specific absolute quality for JPEG images. When jpeg-quality-is-relative is set to
yes, the relative JPEG quality setting is enabled. In this case, jpeg-quality is a percentage (a number between 1-100)
that when multiplied by each JPEG's original quality, becomes its optimized quality.
jpeg-strip-exif
JPEG files have a header (called EXIF) that contains optional data such as a date, time, camera model, exposure
settings, and so on. The EXIF header can also contain a color profile, which is required when included. EXIF headers
can be small or large. Unless they contain a color profile, they do not affect displaying the image, and so can be
removed if the loss of the information they contain is acceptable. There are four options for this setting:
no Leaves any EXIF headers alone.
yes Always strips EXIF headers.
if-safe
Only strips EXIF headers if they do not have color profiles (ensures that images display properly).
make-safe
Applies the color profile and then strips the EXIF header (typically decreases image file size). Applying a color
profile requires additional CPU time.
jpeg-strip-keeps-copyright This setting affects the meaning of jpeg-strip-exif. If it is set, stripping the EXIF header
will strip everything except the Copyright notice (if one is present).
jpeg-sampling-factor
Sets the sampling factor to be used when producing JPEG images. The default value is preserve, which matches the
original file. You can also explicitly specify this option, as it can sometimes improve compression.
jpeg-progressive-encoding
When enabled, progressive encoding will be used in JPEG images. For large JPEG files, this can improve compression.
When this is enabled, it will be applied only if the file is large enough to improve compression.
png-256-colors
It is often possible to significantly reduce the size of PNG files without changing their appearance very much by
reducing the number of colors to 256 optimally selected values. This optimization is enabled when png-256-colors is
set to yes.
cache-complete-only
Specifies, when enabled, that the WebAccelerator system caches HTML pages only if the HTML code within the page
contains begin and end tags. When disabled, the WebAccelerator system reviews HTTP response headers to determine if
the information contained on the page is complete. The default value is enabled.
cache-first-hit
Specifies that the first response should be cached according to the policy caching settings. When this is off, the
response is cached when more than one request for the document has been seen. Turning this on can reduce cache churn
for unpopular documents. The default value is no.
cache-mode
Specifies how where the cached documents will be stored. The default value is memory-and-disk. Possible values are:
memory-and-disk
The cached documents will be stored in memory or on disk.
memory-only
The cached documents will be stored in memory only.
cache-priority
Specifies the cache admission priority of documents matching the policy node. Documents with high priority are more
likely to be admitted into the cache. The default value is medium. Possible values are:
low Documents will have low priority.
medium
Documents will have medium priority.
high Documents will have high priority.
cache-stand-in-period
Specifies the amount of time that the WebAccelerator system continues to serve content from cache if the origin Web
server does not respond to the WebAccelerator system's requests for fresh content. The default value is 0 (zero),
which means the WebAccelerator system responds to requests for expired content with a HTTP 404 error.
code Specifies a numeric non-zero code for the node that is used for troubleshooting and performance reporting. All nodes
must have unique codes within the policy. If not supplied, the code will be generated by the system. Use the keyword
generate to specify that the system generate a new unique code.
coherency
Specifies if the WebAccelerator system will attempt to keep content matching the associated node in sync across the
blades of a cluster. The default behavior is to keep content in sync.
blade
The cached documents will not be kept coherent across blades. This causes each blade to have its own copy of a
given cached document.
cluster
The cached documents will be kept coherent across blades. This causes the cluster to have single version of a
given cached document.
defaults-from
Specifies the node that you want to use as the parent node. Your new node inherits all options and values from the
parent node specified. The default value is none, which means this is a root node.
description
User defined description of a node.
invalidations
Specifies the collection of invalidations rules. Invalidations rules enable you to expire cached content before it has
reached its time-to-live (TTL) value. This is useful when content updates are event-driven, such as when an item is
added to a shopping cart, a request contains a new auction bid, or a poster has submitted content on a forum thread.
Invalidations rules can be created only on leaf nodes.
lifetime-cache-control-extensions
Enables you to configure extension tokens to be added to the cache-control header of HTTP response. The WebAccelerator
system does not process any of these extensions. It is possible that the origin Web server will send cache-control
extensions as well. You can choose whether to preserve them by including the custom-extension in the lifetime-
preserve-response-values list.
lifetime-cache-max-age
Specifies the amount of time that the WebAccelerator system serves content from the cache before requesting fresh
content from the origin Web server. The default value is 4 hours.
lifetime-honor-ows
Specifies, if enabled, that the WebAccelerator system honors certain cache-control directives from the origin Web
server response to determine cache lifetime. The default value is disabled.
lifetime-honor-ows-values
Specifies which Cache-Control directive from the origin Web server response will determine cache lifetime. Available
directives are all-values, private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age, s-maxage, and
expires. This option is only effective if lifetime-honor-ows is enabled.
lifetime-honor-request
Specifies, if enabled, that the WebAccelerator system honors certain Cache-Control directives from the client's
browser request to determine cache lifetime. The default value is enabled.
lifetime-honor-request-values
Specifies which cache-control directive from client's browser request will determine cache lifetime. Available
directives are all-values, no-cache, no-store, max-age, max-stale, and min-fresh. This option is only effective if
lifetime-honor-request is enabled. The default values are max-age, max-stale, and min-fresh.
lifetime-http-heuristic
Specifies the percentage, based on the HTTP Last-Modified header, that the WebAccelerator system uses to compute TTL
values for cached content. For example, if content was modified 30 days ago and the lifetime-http-heuristic option is
set to 50%, the WebAccelerator system caches the content for 15 days. This option is applicable only if you use the
HTTP Last-Modified headers to identify content lifetime. The default value is 50%. This option is effective only if
lifetime-use-heuristic is enabled.
lifetime-insert-no-cache
Specifies, when enabled, that the WebAccelerator system inserts a no-cache directive into the HTTP Cache-Control
header, which stops the client's browser from locally caching content. This value overrides the HTTP Cache-Control
header cache directives sent to the client by the origin Web server.
lifetime-preserve-response
Specifies, if enabled, that the WebAccelerator system preserves certain Cache-Control directives from the origin Web
server and includes them into client's browser response. The default value is enabled.
lifetime-preserve-response-values
Specifies which Cache-Control directive from the origin web server response will be preserved in response to the
client's web browser. Available directives are all-values, private, no-cache, no-store, must-revalidate, proxy-
revalidate, max-age, s-maxage, expires, and custom-extension. This option is only effective if lifetime-preserve-
response is enabled. The default value is all-values.
lifetime-response-max-age
Specifies, when enabled, the amount of time that the client's browser should locally store content. This value
overrides the max-age and expires the directives in the HTTP Cache-Control header that are sent to the client by the
origin web server, only if the new value for the max-age is greater than the value supplied by the origin web server.
Modify this value only if there is an acceptable trade off between the freshness of the content served to clients and
overall site performance.
lifetime-response-s-maxage
Specifies, when enabled, the amount of time that the client's browser should locally store shared content. This value
overrides the s-maxage and expires the directives in the HTTP Cache-Control header that are sent to the client by the
origin web server, only if the new value for the s-maxage is greater than the value supplied by the origin web server.
Modify this value only if there is an acceptable trade off between the freshness of the shared content served to
clients and overall site performance.
lifetime-stand-in-codes
Specifies that the WebAccelerator system is allowed to serve stale content from the cache if it is not able to re-
validate its freshness with the origin web server. The WebAccelerator system serves invalid content to the downstream
proxies or clients if the response code from the origin web server matches one of codes specified with this option.
This option is effective only if cache-stand-in-period has a non-zero value. The default values are 404, 500, and 504.
lifetime-use-heuristic
Specifies, when enabled, that the WebAccelerator system uses the percentage from lifetime-use-heuristic option to
compute TTL values for cached content. The default value is no.
matching
Specifies the collection of matching rules. The rules consist of the HTTP request data type parameters that the
WebAccelerator system uses to match an incoming HTTP request to a specified node. The following types of HTTP
parameters are available for matching rules: host, path, extension, query-param, unnamed-query-param, path-segment,
cookie, user-agent, referrer, protocol, method, header, client-ip, and content-type.
object-min-size
Specifies the minimum object size required in order for content matching the associated node to eligible for caching.
The default behavior is to use the minimum object size specified by the associated web-acceleration profile.
object-max-size
Specifies the maximum object size allowed for content matching the associated node in order to eligible for caching.
The default behavior is to use the maximum object size specified by the associated web-acceleration profile.
order
Specifies the order of the node in the Policy Tree. All nodes in the policy must have an order. The order numbers are
sequential, staring from 2. Orders 0 and 1 are reserved for internal use. The child node orders must be greater than
the order of their parent node. You can change the order of the nodes by updating the order option of the node that
you would like to move. The system honors the specified order if it falls within the range of sibling node orders.
Otherwise, the system picks the closest valid order number. The remaining nodes are automatically re-ordered to free
requested order number. The node order is also used as a last resort to determine which node to use when multiple
nodes match the request. The node with a lower order wins. New nodes have their order assigned automatically to make
them last among their siblings.
proxy
Specifies the collection of proxy rules. In general, proxy rules options are relevant to only requests that match
their node, rather than to matched responses. The following types of HTTP parameters are available for proxy rules:
host, query-param, unnamed-query-param, path-segment, cookie, user-agent, referrer, protocol, method, header, and
client-ip.
proxy-override
Specifies the collection of proxy override rules. You can define proxy override rules and associated conditions under
which the WebAccelerator system should ignore proxying rules options. The following types of HTTP parameters are
available for proxy override rules: host, query-param, unnamed-query-param, path-segment, cookie, user-agent,
referrer, protocol, method, header, and client-ip.
request-queueing
Specifies, when enabled, that the WebAccelerator system will queue requests for expired or new documents and proxy
fewer requests to the origin web server (OWS). If the response is cachable, the response will be served to all waiting
requests; if not, the waiting requests will proxy normally.
response-codes-cached
Specifies the collection of HTTP response codes that determine whether the WebAccelerator system should cache the
content. The valid codes are 300, 301, 302, 307, and 410. The codes 200, 201, 203, and 207 are included into the list
implicitly. The default values are 300 and 301.
substitutions
Specifies the collection of parameter value substitution rules. Some requested pages include hyperlinks that require
that specific information appear in the response. You can configure parameter value substitution so that when a query
parameter contains identification information for a sites visitors, it prompts the WebAccelerator system to serve
different content for the request, based on the specific visitor. Conversely, if parameter value substitution is not
configured, the WebAccelerator system uses the value that it cached for the original request, for all subsequent
requests after the first, even if the subsequent requests have different values that should be used in the response.
If you configure parameter value substitution, the WebAccelerator system changes the targeted parameters value on the
page served from the cache, so that the parameter you specify appears on the URL embedded in that page.
variation
Specifies the collection of variation rules. When the WebAccelerator system caches responses from the origin web
server, it uses certain HTTP request parameters to create a Unique Content Identifier (UCI). The WebAccelerator system
stores the UCI in the form of a compiled response and uses the UCI to easily match future requests to the correct
content in its cache. You can configure variation rules to add or modify the parameters on which the WebAccelerator
system bases its caching process. If the WebAccelerator system receives two requests that are identical except for the
value of a query parameter defined in the variation rule, it creates a different UCI for each, and caches each
response under its unique UCI. The following types of HTTP parameters are available for variation rules: host, query-
param, unnamed-query-param, path-segment, cookie, user-agent, referrer, protocol, method, header, and client-ip.
viewstate-cache
Specifies, when enabled, that the WebAccelerator system accelerates requests and responses for Web form objects that
are generated by ASP.NET web applications. Because the file size of forms can be significant, the WebAccelerator
system is able to cache and substitute values, thus reducing the file size and achieving faster performance.
viewstate-cache-size
Specifies the size of the ViewState object cache in kilobytes. The default value is 100 kilobytes.
viewstate-tag
Specifies the name of the web form field where the ViewState object is stored. The default value is __VIEWSTATE.
video-optimization-fast-start
Specifies when enabled, that the WebAccelerator system optimizes video by prefetching.
video-optimization-max-bitrate
Specifies, the maximum bitrate of video that can be allowed in kilobits per sec. The default value is 0.
video-optimization-insert-ad
Specifies, when enabled, that the WebAccelerator system can insert ad into the video.
video-optimization-preroll-ad
Specifies, when enabled, that the WebAccelerator system can insert ad at the beginning of the video.
video-optimization-ad-frequency
Specifies the frequency of ad insertion. Units in seconds.
video-optimization-ad-policy
Specifies the ad policy applicable when processing the video.
type Displays the node type. The possible types are:
branch
The branch nodes exist only for the purpose of propagating rule parameters to leaf nodes. The WebAccelerator
system does not perform matching against branch nodes. Branch nodes can have multiple leaf (child) nodes, as well
as child branch nodes.
leaf A leaf node inherits rule parameters from its parent branch node. The WebAccelerator system performs matching
only against leaf nodes, and then applies the leaf nodes corresponding acceleration rules to the request.
HTTP PARAMETERS
Both matching and acceleration rules are identified by the type, and optionally, by the name of HTTP parameters that are
used inside the rules. The following types of HTTP parameters are available:
content-type
A rule that uses the content-type parameter is based on type definitions in the object-type components. Unlike the
HTTP request data types, a matching rule based on content type is specific to the content type parameter that the
WebAccelerator system generates for a response. You specify the regular expression that you want a response's content
type to match.
client-ip
A rule that uses the client IP parameter is based on the IP address of the client making the request. The IP address,
however, may not always be the address of the client that originated the request. For example, if the client goes
through a proxy server, the IP address is the IP address of the proxy server, rather than the client IP address that
originated the request. If several clients use a specific proxy server, they all appear to come from the same IP
address.
cookie:[name]
A rule that uses the cookie parameter is based on a particular cookie that you identify by name, and for which you
provide a value to match against. This value is usually literal and must appear on the cookie in the request or in a
regular expression that matches the request's cookie that appears on the cookie HTTP request headers. These are the
same names you use to set the cookies, using the HTTP Set-Cookie response headers. The HTTP request can contain
multiple cookies, and the rule identifier must include the name of the cookie separated with colon (:).
extension
A rule that uses the extension parameter is based on the value that follows the far-right period, in the far-right
segment key of the URL path.
header:[name]
A rule that uses the header parameter is based on a particular header that you identify by name and for which you
provide a value to match against. You can use an HTTP request data type header parameter to create rules based on any
request header other than one of the recognized HTTP request data types. The HTTP request can contain multiple
headers, and the rule identifier must include the name of the header separated with colon (:).
host A rule that uses the host parameter is based on the value provided for the HTTP Host request header field. This header
field describes the DNS name that the HTTP request is using.
method
A rule that uses the method parameter is based on whether the request uses the GET or POST method.
query-param:[name]
A rule that uses the query parameter is based on a particular query parameter that you identify by name and for which
you provide a value to match against. The value is usually literal and must appear on the query parameter in the
request, or in a regular expression that matches the requests query parameter value. The query parameter can be in a
request that uses GET or POST methods. The HTTP request can contain multiple query parameters, and the rule identifier
must include the name of the header separated with colon (:).
path A rule that uses the path parameter is based on the path portion of the URI. The path is defined as everything in the
URL after the host and up to the end of the URL, or up to the question mark (whichever comes first).
path-segment:[name]
A segment is the portion of a URI path that is delimited by a forward slash (/). For example, in the path:
/apps/search/full/complex.jsp, apps, search, full, and complex.jsp all represent path segments. The path can contain
multiple segments so the rule identifier must include the name of the segment separated with colon (:). The name can
be a segment ordinal or some other string to distinguish it from other segments rules in the same node.
protocol
A rule that uses the protocol parameter is based on whether the request uses the HTTP or HTTPS protocol.
referrer
A rule that uses the referrer parameter is based on the value provided for the HTTP Referer in the request header.
(Note the misspelling of Referer. This spelling is defined for this request header in all versions of the HTTP
specification.) This header provides the URL location that referred the client to the page that the client is
requesting. You do not typically base rules on the Referer request header, unless you want your sites behavior to be
dependent on the specific referrer. For example, one implementation would be for sites that provide different branding
for their pages based on the user's web portal or search engine.
unnamed-query-param:[name]
An unnamed query parameter is a query parameter that has no equal sign. That is, only the query parameter value is
provided in the URL of the request. The HTTP request may contain multiple unnamed query parameters so the rule
identifier must include the name of it separated with colon (:). The name can be the ordinal of unnamed query
parameter or some other string that can make it distinguishable from other unnamed query parameter rules in the same
node.
user-agent
A rule that uses the user agent parameter is based on the value provided for the HTTP User-Agent in the request
header, which identifies the browser that sent the request.
RULE OPTIONS
active
Specifies, when enabled, that the invalidation trigger rule is enabled. You can use this option to disable a specific
invalidation trigger rule temporary, without removing it from the policy.
arg-all
Specifies, when enabled, that the rule matches all HTTP parameters of this type rather than one identified by arg-name
or arg-ordinal. This option is applicable to variation rules query-param, unnamed-query-param, path-segment, cookie,
and header. Such rules serve as a fallback case for defining document variation. All root nodes must include one
variation rule of each type with this option enabled. The default value is disabled.
arg-alias
src-alias
dst-alias
request-data-alias
Specifies the user supplied alias for rules that use ordinals to identify HTTP request data. These include the
unnamed-query-param and path-segment rules. The src-alias and dst-alias options are used in parameter value
substitution rules to define aliases for the source and target definitions correspondingly. The request-data-alias
option defines an alias for the invalidation trigger rules.
arg-direction
src-direction
dst-direction
request-data-direction
Specifies the direction that the WebAccelerator system uses to count the ordinal of path-segment. The src-direction
and dst-direction options are used in parameter value substitution rules to define the ordinal direction for the
source and target definitions correspondingly. The request-data-direction option defines the ordinal direction for the
invalidation trigger rules. The default value is left-to-right. The possible values are:
left-to-right
The path segment is counted form left to right.
right-to-left
The path segment is counted form right to left.
arg-name
src-name
dst-name
request-data-name
Specifies the name of the parameter type for query-param, cookie, and header. If not specified, arg-name option is
initialized from the rule name. This option is not effective if arg-all is enabled. The src-name and dst-dst options
are used in parameter value substitution rules to define the parameter name for the source and target definitions
correspondingly. The request-data-name option defines the parameter name for the invalidation trigger rules.
arg-ordinal
src-ordinal
dst-ordinal
request-data-ordinal
Specifies, in the form of a number, the location of a parameter for unnamed-query-param and path-segment rules. The
numbering starts at 1 and follows the direction specified in the corresponding direction option. This option is not
effective if arg-all is enabled. The src-ordinal and dst-ordinal options are used in parameter value substitution
rules to define the parameter ordinal for the source and target definitions correspondingly. The request-data-ordinal
option defines the parameter ordinal for the invalidation trigger rules.
broadcast
Specifies whether a triggered invalidation rule is broadcast to other members of a multibox deployment. This option is
only effective when the application using this policy has multibox set to farm or symmetric.
cache-content
Specifies the parameter for which the WebAccelerator system must obtain fresh content when the invalidations rule is
triggered. The available request types are: host, path, extension, query-param, unnamed-query-param, path-segment,
cookie, user-agent, referrer, protocol, method, header, and client-ip.
Note: You must select and configure the path parameter for the cached content to invalidate, or the invalidations rule
will fail to trigger. All other parameters are optional.
description
User-defined description of a rule.
dst-type
Specifies the HTTP parameter type to use as target definition for the request value substitution rule. A target
definition contains a value in the embedded URL that you want the WebAccelerator system to replace with the value that
you specified for the source definition, during assembly. The possible values are:
path-segment
Specifies that the WebAccelerator system targets the URL parameter, as specified by the dst-ordinal and dst-
direction you define.
query-param
Specifies that the WebAccelerator system targets the URL parameter, as specified by the dst-name you define.
unnamed-query-param
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the dst-ordinal you
define.
dst-urls
Specifies the collection of URLs in the request for which you want the WebAccelerator system to replace content.
request
Specifies a parameter in the request that triggers the invalidations rule. The available request types are: host,
path, extension, query-param, unnamed-query-param, path-segment, cookie, user-agent, referrer, protocol, method,
header, and client-ip.
Note: You must select and configure the path parameter for the request header criteria, or the invalidations rule will
fail to trigger. All other parameters are optional.
request-data-type
Specifies the HTTP request parameter value that the WebAccelerator system should find in its cache and for which it
should request updated content from the origin Web server. The default value is undefined.
The following types of HTTP parameters are available:
host
query-param
unnamed-query-param
path-segment
cookie
user-agent
referrer
header
client-ip
Specifies that the WebAccelerator system should use the corresponding value from the request that triggered the
invalidation. Additional data, if required to identify the value, must be specified in the request-data-name,
request-data-ordinal, and request-data-direction options. The values option is ignored.
undefined
Specifies that the WebAccelerator system should not use any values from the request that triggered the
invalidation. You must add a value into the values option with which to compare the cached content.
src-type
Specifies the HTTP parameter type to use as source definition for the request value substitution rule. A source
definition contains the value that the WebAccelerator system embeds in the URL, in place of the cached (target
definition) value, during substitution. Typically, the source definition is a specific request element, such as a
particular query parameter; however, you can specify another source type, such as a random number. The possible values
are:
path-segment
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the src-ordinal and src-
direction options you define.
query-param
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the src-name option you
define.
randomizer
Specifies that the WebAccelerator system generates a random number and places that number on the targeted
location in an embedded URL.
request-url
Specifies that the WebAccelerator system is limited to target-specific URLs embedded in a page, as defined in the
prefix that an embedded URL must match before the WebAccelerator system performs substitution. If you use the
request URL as the source, the WebAccelerator system uses the entire request URL as the value to substitute.
unnamed-query-param
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the src-ordinal option
you define.
src-url
Specifies whether the request URL is a relative URL or an absolute URL. The default value is absolute.
value-case-sensitive
Specifies, when enabled, that the HTTP parameter must be matched against supplied value(s) in case sensitive manner.
The default value is no.
values
Values are a collection of rule parameters that enable you to specify different parameter values for the same rule.
Most rules allow only one value, while variation rules support multiple values. Each value can prompt a different
behavior by the WebAccelerator system. All variation rules must include at least one value with match-all option
enabled. A value can be represented by actual string, regex, or multiple strings, or regexes separated by space ( ).
RULE VALUE OPTIONS
can-be-empty
Specifies, when enabled, that the defined HTTP request parameter is included in the request, but has no value (is an
empty string). The default value is no.
can-be-missing
Specifies, when enabled, that the defined HTTP request parameter is absent from the request. The default value is no.
invert-match
Specifies, when enabled, that the defined HTTP request parameter does not match the associated regular expression that
you defined. The default value is no.
match-all
Specifies, when enabled, that the defined HTTP request parameter matches all possible values. This option is available
only for variation rule values as a fallback case. Each variation rule must have at least one value with this option
enabled. The default value is no.
cache-as
Specifies whether the associated value should prompt the WebAccelerator system to reply to matched requests with the
same or different content. This option is available only for variation rule values.
SEE ALSO
create, delete, edit, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2010-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 wam policy(1)