wam policy
wam policy(1) BIG-IP TMSH Manual wam policy(1)
NAME
policy - Configures an acceleration policy for WebAccelerator.
MODULE
wam
SYNTAX
Configure the policy component within the wam module using the syntax shown in the following sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [[string] | none]
code [integer]
copy-from [name]
description [string]
nodes [add | delete | modify | replace-all-with] {
[name] {
options:
always-proxy [yes | no]
app-service [[string] | none]
assembly-compression [enable | disable]
assembly-compression-ows [enable | disable]
assembly-concatenation [enable | disable]
assembly-concatenation-sets [string ] ...
assembly-css-inlining [enable | disable]
assembly-css-inlining-urls [string ] ...
assembly-css-reorder [enable | disable]
assembly-css-reorder-cache-size [integer]
assembly-css-reorder-urls [string ] ...
assembly-dns-prefetch [enable | disable]
assembly-dns-prefetch-domain-lists [add | delete | replace-all-with] {
[string] ...
}
assembly-dns-prefetch-https-enable [enable | disable]
assembly-dns-prefetch-https-automatic [enable | disable]
assembly-ibr [enable | disable]
assembly-image-inlining [enable | disable]
assembly-image-inlining-max-size [integer]
assembly-image-inlining-urls [string ] ...
assembly-js-inlining [enable | disable]
assembly-js-inlining-urls [string ] ...
assembly-js-reorder [enable | disable]
assembly-js-reorder-cache-size [integer]
assembly-js-reorder-urls [string ] ...
assembly-intelligent-client-cache [enable | disable]
assembly-icc-force [enable | disable]
assembly-icc-image-max-size [integer]
assembly-icc-css-inlining-max-size [integer]
assembly-icc-js-inlining-max-size [integer]
assembly-icc-max-num-urls [integer]
assembly-icc-min-client-expiry [integer]
assembly-minification [enable | disable]
assembly-multiconnect [enable | disable]
assembly-on-proxies [enable | disable]
assembly-pdf-linearization [enable | disable]
cache-complete-only [enable | disable]
cache-first-hit [yes | no]
cache-mode [memory-and-disk | memory-only]
cache-priority [low | medium | high]
cache-stand-in-period [integer]
code [integer]
coherency [blade | cluster]
defaults-from [name]
description [string]
jpeg-quality-is-relative [yes | no]
jpeg-quality [integer]
jpeg-strip-keeps-copyright [yes | no]
jpeg-strip-exif [no | yes | if-safe | make-safe]
jpeg-sampling factor [preserve | 1x1 | 2x1 | 1x2 | 2x2]
jpeg-progressive-encoding [yes | no]
jpegxr-quality [integer]
lifetime-cache-control-extensions
[add | delete | replace-all-with] {
[string] ...
}
lifetime-cache-control-extensions none
lifetime-cache-max-age [integer]
lifetime-honor-ows [yes | no]
lifetime-honor-ows-values
[add | delete | replace-all-with] {
[all-values | no-cache | no-store | no-transform |
max-age | must-revalidate | private | proxy-revalidate |
s-maxage] ...
}
lifetime-honor-ows-values none
lifetime-honor-request [yes | no]
lifetime-honor-request-values
[add | delete | replace-all-with] {
[all-values | no-cache | no-store | no-transform |
max-age | max-stale | min-fresh] ...
}
lifetime-honor-request-values none
lifetime-http-heuristic [percentage]
lifetime-insert-no-cache [yes | no]
lifetime-preserve-response [yes | no]
lifetime-preserve-response-values
[add | delete | replace-all-with] {
[all-values | no-cache | no-store | no-transform |
max-age | must-revalidate | private | proxy-revalidate |
s-maxage | custom-extension] ...
}
lifetime-preserve-response-values none
lifetime-response-max-age [integer]
lifetime-response-s-maxage [integer]
lifetime-stand-in-codes
[add | delete | replace-all-with] {
[HTTP response code] ...
}
lifetime-stand-in-codes none
lifetime-use-heuristic [yes | no]
object-max-size [integer | from-profile]
object-min-size [integer | from-profile]
optimize-for-client [yes | no]
options { [hidden | nodelete | nowrite] ...}
order [integer]
response-codes-cached
[add | delete | replace-all-with] {
[HTTP response code] ...
}
viewstate-cache [yes | no]
viewstate-cache-size [integer]
viewstate-tag [string]
video-optimization-fast-start [enable | disable]
video-optimization-max-bitrate [integer]
video-optimization-insert-ad [enable | disable]
video-optimization-preroll-ad [enable | disable]
video-optimization-ad-frequency [integer]
video-acceleration-ad-policy [string]
webp-quality [integer]
matching [add | modify | delete | replace-all-with] {
[host | path | extension | method:[name] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip | content-type] {
options:
app-service [[string] | none]
arg-alias [string]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
}
}
values none
}
}
matching none
optimize-image [none | to-jpeg | to-gif | to-png | to-tiff]
png-256-colors [yes | no]
request-queueing [enable | disable]
variation [add | modify | delete | replace-all-with] {
[host | extension | method:[string] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip ] {
options:
app-service [[string] | none]
arg-alias [string]
arg-all [yes | no]
arg-ambiguous-as-unnamed [yes | no]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
cache-as [same | different]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
match-all [yes | no]
}
}
values none
}
}
variation none
[ proxy | proxy-override ]
[add | modify | delete | replace-all-with] {
[host | extension | method:[name] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip] {
options:
app-service [[string] | none]
arg-alias [string]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
}
}
values none
}
}
[ proxy | proxy-override ] none
substitutions [add | modify | delete | replace-all-with] {
[name] {
options:
app-service [[string] | none]
description [string]
dst-alias [string]
dst-direction [left-to-right | right-to-left]
dst-name [string]
dst-ordinal [number]
dst-type [query-param | unnamed-query-param | path-segment]
dst-urls [add | delete | replace-all-with] {
[URI] ...
}
dst-urls none
src-alias [string]
src-direction [left-to-right | right-to-left]
src-name [string]
src-ordinal [number]
src-type
[ randomizer | request-url | query-param |
unnamed-query-param | path-segment ]
src-url [absolute | relative]
}
}
substitutions none
invalidations [add | modify | delete | replace-all-with] {
[name] {
options:
active [yes | no]
app-service [[string] | none]
broadcast [no | yes]
description [string]
cache-content [add | modify | delete | replace-all-with] {
[host | path | extension | method:[name] |
query-param:[name] | unnamed-query-param:[name] |
path-segment:[name] | cookie:[name] |
user-agent | referrer | protocol | header:[name] |
client-ip] {
options:
app-service [[string] | none]
arg-alias [string]
arg-direction [left-to-right | right-to-left]
arg-name [string]
arg-ordinal [number]
description [string]
value-case-sensitive [yes | no]
request-data-alias [string]
request-data-direction [left-to-right | right-to-left]
request-data-name [string]
request-data-ordinal [number]
request-data-type
[ host | path | extension | method |
query-param | unnamed-query-param |
path-segment | cookie | user-agent |
referrer | protocol | header |
client-ip ]
values [add | modify | delete | replace-all-with] {
[ [regex] | [string] ] {
options:
app-service [[string] | none]
can-be-empty [yes | no]
can-be-missing [yes | no]
invert-match [yes | no]
}
}
values none
}
}
}
}
}
partition [name]
publish-build [integer]
publish-comment [string]
published-on [date]
Note: Policies can be created only in the Drafts folder. This is required to support publishing functionality.
You may create multiple Drafts folders, one for each folder where published policies are going to reside.
DISPLAY
list policy [name ...]
show running-config policy [name ...]
options:
all-properties
non-default-properties
partition
predefined
state
DELETE
delete policy [name ...]
SAVE/LOAD
save policy [name]
load policy [name]
options:
overwrite
file [filename]
PUBLISH
publish policy [name]
options:
publish-comment [string]
publish-build [integer]
Note: Published policies can be deleted, but cannot be modified. The only way to update a published policy is
to edit and then publish its development version.
DESCRIPTION
You can use the policy component to manage WebAccelerator acceleration policies. An acceleration policy is a
collection of defined rule parameters that dictate how the WebAccelerator system handles HTTP requests and
responses. The WebAccelerator system uses two types of rules to manage content: matching rules and
acceleration rules. Matching rules are used to classify requests by object type and match the request to a
specific acceleration policy. Once matched to an acceleration policy, the WebAccelerator system applies the
associated acceleration rules to manage the requests and responses. There are multiple types of acceleration
rules: variation, proxy, proxy override, parameter value substitution, and invalidation. The WebAccelerator
system ships with several predefined acceleration policies that are optimized for specific Web applications,
in addition to several non-application specific policies for general delivery and one for an optional
symmetric deployment.
EXAMPLES
Note: For the following examples, the current folder is assumed to be set to /Common.
create policy "Drafts/My Policy"
Creates a new empty policy named My Policy in the folder /Common/Drafts.
create policy "Drafts/My Policy" copy-from "/Common/Generic Policy - Complete"
Creates a new policy My Policy in the folder /Common/Drafts by copying standard system policy /Common/Generic
Policy - Complete.
modify policy "Drafts/My Policy" copy-from "/Common/Generic Policy - Complete"
Modifies the policy My Policy by overwriting it with standard system policy /Common/Generic Policy - Complete.
modify policy "Drafts/My Policy" nodes add { "My Node" { default-from Site }}
Adds a new node My Node as the child node of the node Site.
modify policy "Drafts/My Policy" nodes modify { "My Node" { matching add { content-type { values add {
pages.other }}}}}
Adds a new matching rule into the node My Node. The rule will match content type of the requests to WAM object
type pages.other.
publish policy "Drafts/My Policy" publish-comment "Added new node My Node"
Publishes the policy My Policy.
modify policy "Drafts/My Policy" nodes delete { "My Node" }
Deletes the node My Node from the policy My Policy.
delete policy "My Policy"
Deletes the policy My Policy.
save policy "My Policy" file policy.txt
Saves the policy My Policy into the file /var/local/wam/policy.txt.
load policy "Drafts/My Policy" overwrite file /tmp/policy.txt
Loads the policy My Policy from the file /tmp/policy.txt and overwrites the policy if it already exists.
POLICY OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the object. Only the application service can modify or delete the object.
code Specifies a numeric non-zero code of the policy that is used for troubleshooting and performance
reporting. Each policy must have a unique code. If not supplied, it will be generated by the system. Use
the keyword generate to specify that the system generate a new unique code.
copy-from
Specifies the name of an existing policy from which to copy all configuration options. If this field is
used in the modify command, the configuration options of the existing policy will be replaced with the
new ones. The code, state, publish-build, publish-comment, and published-at options are not updated.
description
User defined description of a policy.
nodes
Specifies the collection of policy nodes. Matching rules and acceleration rules for acceleration policies
are organized on the Policy Tree, which consists of nodes. The structure of the Policy Tree supports a
parent-child relationship. This enables you to easily randomize rules. That is, because a leaf node in a
Policy Tree inherits all the rules from its root node and branch node, you can quickly create multiple
leaf nodes that contain the same rule parameters by creating a branch with multiple leaf nodes. If you
override or create new rules at the branch node level, the WebAccelerator system reproduces those changes
to the associated leaf nodes.
partition
Displays the administrative partition within which the policy resides.
publish-build
Specifies the policy build version that was used during policy publishing. If not specified, this number
is automatically incremented by the WebAccelerator system.
publish-comment
Specifies the user supplied comment that describes the changes in the policy that is being published.
published-on
Specifies the date and time when this policy was last published.
file Specifies the file name where the policy is going to be saved or loaded from. If a full path is not
specified, it is set to /var/local/wam directory.
overwrite
Specifies that the policy file for the save command or the policy component for the load command can be
overwritten if it exists.
NODE OPTIONS
always-proxy
Specifies that all requests matching this node must be proxied. If it enabled, proxy rules are not used,
even if configured. proxy-override rules still apply.
app-service
Specifies the name of the application service to which this node belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete this node. Only the application service can modify or delete this node.
assembly-compression
Specifies, when enabled, that the WebAccelerator system compresses content for responses, using gzip-
encoding. Note that to use this feature, you must set the compress value for the response's object type
in the corresponding object-type component, and the client must be able to accept gzip-encoded content.
The default value is enabled.
assembly-compression-ows
Specifies, when enabled, that the WebAccelerator system requests gzip-encoded or deflate-encoded content
from the origin Web server. Note that the origin Web server will comply only if it supports compression,
otherwise it will reply with uncompressed content. The default value is disabled.
assembly-concatenation
Specifies, when enabled, that the WebAccelerator system will perform JavaScript/CSS concatenation in HTML
documents. The URLs that may be concatenated are specified using the assembly-concatenation-sets option.
See the WebAccelerator documentation for more details. The default value is disabled.
assembly-concatenation-sets
Specifies the concatenation sets that are active for this node. If a URL in the HTML document that
belongs to one of the enabled sets is found, it will transformed with concatenation using the URL of the
configured set. This is an ordered set, and if the URL exists in multiple active concatenation sets, the
first set specified by this option will be used. See the WebAccelerator documentation for more details.
assembly-css-inlining
Specifies, when enabled, that the WebAccelerator system will inline CSS URLs in HTML documents. The CSS
URLs that may be inlined are specified using the assembly-css-inlining-urls option. See the
WebAccelerator documentation for more details. The default value is disabled.
assembly-css-inlining-urls
Specifies the CSS URLs that may be inlined.
assembly-css-reorder
Specifies, when enabled, that the WebAccelerator system will reorder CSS URLs to the HEAD section of HTML
documents. The CSS URLs that may be reordered are specified using the assembly-css-reorder-urls option.
See the WebAccelerator documentation for more details. The default value is disabled.
assembly-css-reorder-cache-size
Specifies the size of the intermediate cache used to store CSS URLs being reordered. Increasing the size
of this cache allows more CSS URLs to be reordered. The default value is 8kB. The maximum value is 8kB.
assembly-css-reorder-urls
Specifies the CSS URLs that may be reordered. The URLs must be fully-qualified and whitespace used to
separate URLs. The URLs must correspond to WebAccelerator URL resources created by the command create wam
resource url. See the help for wam resource url.
assembly-dns-prefetch
Specifies, when enabled, that the WebAccelerator system manipulates an HTML document to add DNS prefetch
tags at the end of the head. The DNS prefetch tags added are the combined list of domain lists specified
in assembly-dns-prefetch-domain-lists. DNS prefetch tags will not be inserted in the following
conditions: when DNS prefetching is explicitly disabled in the document, either by an HTTP header or by a
meta-tag in the head of the HTML document; when the connection is served over HTTPS without assembly-dns-
prefetch-https-enable enabled; or when the connection is to a client browser that does not support DNS
prefetching.
In a document, most browsers will perform DNS prefetching on all domains linked with an HREF. This will
speed up performance by having the browser cache possible DNS resolutions before a client clicks on a
link, but DNS prefetching cannot automatically occur when a link is created through other means (such as
javascript). Inserting DNS prefetch tags addresses this issue.
The default value is disabled.
assembly-dns-prefetch-domain-lists
Specifies the lists of domains that will be inserted into a document. The domain lists must correspond to
WebAccelerator domain list resources created by the command create wam resource domain-list. See the help
for wam resource domain-list.
assembly-dns-prefetch-https-enable
Specifies, when enabled, that the WebAccelerator system manipulates an HTML document to add DNS prefetch
tags at the end of the head when a document is served over HTTPS when the client browser supports DNS
prefetching. By default, most browsers that support DNS prefetching will not do any DNS prefetching on
pages served over HTTPS. Enabling assembly-dns-prefetch-https-enable will insert a meta-header that will
turn on DNS prefetching on the page and a meta-header turning of DNS prefetching for the rest of the
page. DNS prefetching cannot be turned on for the rest of an HTML document once the meta-header turning
of DNS prefetching is reached.
DNS prefetching is turned off on most browsers serving pages over HTTPS by default as a security measure.
DNS prefetching can be used to track which pages are seen over HTTPS by watching the domain resolution
requests sent out by the client. According to DNS prefetch standards currently, turning on DNS
prefetching on a page will cause all links in the page to have their domains prefetched. This is
mitigated by this option with the insertion of an HTTP meta-header turning off DNS prefetching after the
DNS tags inserted by the WebAccelerator system. Turning on DNS prefetching for the rest of the page in a
request served over HTTPS can be done with the assembly-dns-prefetch-https-automatic option.
The default value is disabled.
assembly-dns-prefetch-https-automatic
Specifies, when enabled, that the WebAccelerator system will not insert a meta-tag into an HTML document
served over HTTPS turning off DNS prefetching for the rest of a page. By default, most browsers that
support DNS prefetching will not do any DNS prefetching on pages served over HTTPS. assembly-dns-
prefetch-https-enable must be enabled for this option to work.
The default value is disabled.
assembly-ibr
Specifies, when enabled, that the WebAccelerator system manipulates the Web browser cache to reduce
requests to your site for relatively static content, such as images and style sheet (CSS) files. The
default value is enabled.
assembly-image-inlining
Specifies, when enabled, that the WebAccelerator system will inline image URLs in CSS documents. The
image URLs that may be inlined are specified using the assembly-image-inlining-urls option. See the
WebAccelerator documentation for more details. The default value is disabled.
assembly-image-inlining-max-size
Specifies the maximum size of the image that is allowed to be inlined. The default value is 2kB. The
maximum value is 8kB.
assembly-image-inlining-urls
Specifies the image URLs that may be inlined.
assembly-js-inlining
Specifies, when enabled, that the WebAccelerator system will inline JS URLs in HTML documents. The JS
URLs that may be inlined are specified using the assembly-js-inlining-urls option. See the WebAccelerator
documentation for more details. The default value is disabled.
assembly-js-inlining-urls
Specifies the JS URLs that may be inlined.
assembly-js-reorder
Specifies, when enabled, that the WebAccelerator system will reorder JavaScript URLs to the end of HTML
documents. The JavaScript URLs that may be reordered are specified using the assembly-js-reorder-urls
option. See the WebAccelerator documentation for more details. The default value is disabled.
assembly-js-reorder-cache-size
Specifies the size of the intermediate cache used to store JavaScript URLs being reordered. Increasing
the size of this cache allows more JavaScript URLs to be reordered. The default value is 8kB. The maximum
value is 8kB.
assembly-js-reorder-urls
Specifies the JavaScript URLs that may be reordered. The URLs must be fully-qualified and whitespace used
to separate URLs. The URLs must correspond to WebAccelerator URL resources created by the command create
wam resource url. See the help for wam resource url.
assembly-intelligent-client-cache
Specifies, when enabled, that the WebAccelerator system will Intelligent Client Cache HTML documents. See
the WebAccelerator documentation for more details. The default value is disabled.
assembly-icc-force
Specifies, when enabled, that the WebAccelerator system will Intelligent Client Cache HTML documents,
even if the client does not support HTML5 localstorage. See the WebAccelerator documentation for more
details. The default value is disabled.
assembly-icc-image-max-size
Specifies the maximum size of the image that is allowed to be inlined as part of Intelligent Client
Caching. The default value is 32kB. The maximum value is 50kB.
assembly-icc-css-max-size
Specifies the maximum size of the CSS that is allowed to be inlined as part of Intelligent Client
Caching. The default value is 50kB. The maximum value is 1024kB.
assembly-icc-js-max-size
Specifies the maximum size of the JS that is allowed to be inlined as part of Intelligent Client Caching.
The default value is 50kB. The maximum value is 1024kB.
assembly-icc-max-num-urls
Specifies the maximum number of links in an HTML document that are allowed to be inlined as part of
Intelligent Client Caching. The default value is 10. The maximum value is 100.
assembly-icc-min-client-expiry
Specifies the minimum client expiry of a resource that is allowed to be inlined as part of Intelligent
Client Caching. The default value is 2days.
assembly-minification
Specifies, when enabled, that the WebAccelerator system will minify JavaScript and CSS.
assembly-multiconnect
Specifies, when enabled, that the WebAccelerator system modifies embedded URLs with unique sub-domains
that prompt the browser to open more persistent connections for each supported protocol (HTTP or HTTPS).
To use this feature, you must configure DNS with the additional domains and map those domains to the same
IP address as the base origin server. The default value is enabled.
assembly-on-proxies
Specifies, when enabled, that the WebAccelerator system applies the Content Compression and Intelligent
Browser Referencing features (if enabled) to content served to clients, even if the content is not served
from the WebAccelerator system's cache. Enable this option if you are using the Content Compression or
Intelligent Browser Referencing features. The default value is enabled.
assembly-pdf-linearization
Specifies, when enabled, that the WebAccelerator system applies linearization on PDF documents, if the
documents match the node matching rules. PDF linearization transforms the document to include the index
of the pages in the beginning. This allows Web browsers to load and show specific pages rather than a
whole document. See the WebAccelerator documentation for more details. The default value is disabled.
optimize-image
Specifies whether image optimization should be applied and the format conversion to use. Each of the 4
supported formats (JPEG, PNG, GIF, TIFF) can be converted to any of the others. Images using a capability
unique to one format may lose that feature when converted to a format that does not support it. (For
example, animated GIFs or multipage-TIFFs will have only the first image when converted to PNG or JPEG).
Transparency will be lost when converting from GIF or PNG to JPEG. TIFF is a container for many different
image formats so the results will be best-effort and may not list completely.
A converted image will likely have a different number of bytes after conversion. Some conversions are
likely to produce fewer bytes; however, a requested conversion will be done even if it results in more
bytes (for consistency). For example, you may want to offer multiple formats of an image without storing
them all on a server.
A correct Content-Type header will be generated for converted images, but HTML files will not be
rewritten.
optimize-for-client Specifies whether to allow conversion to a format and/or size which is optimum for the
specific client making the request but which, if saved by that client and later sent elsewhere, might not be
appropriate.
webp-quality WebP is a "lossy" compression format. This means when you convert an image to a WebP and then
convert it back, you will not get back exactly the same image you started with. Compression changes the amount
of information stored (and therefore the number of bytes), but not the image dimensions (the number of
pixels). The webp-quality attribute represents the absolute quality of the WebP produced. Compression
(quality) is represented as a number between 1-100 where 1 is minimal quality, but small, and 100 is high-
quality, but large. For most images, useful values of quality will be from about 30-70.
jpegxr-quality JPEG-XR is a "lossy" compression format. This means when you convert an image to a JPEG-XR and
then convert it back, you will not get back exactly the same image you started with. Compression changes the
amount of information stored (and therefore the number of bytes), but not the image dimensions (the number of
pixels). The jpegxr-quality attribute represents the absolute quality of the JPEG-XR produced. Compression
(quality) is represented as a number between 1-100 where 1 is minimal quality, but small, and 100 is high-
quality, but large. For most images, useful values of quality will be from about 5-30.
jpeg-quality-is-relative =item jpeg-quality
JPEG is a "lossy" compression format. This means when you convert an image to a JPEG and then convert it
back, you will not get back exactly the same image you started with. Compression changes the amount of
information stored (and therefore the number of bytes), but not the image dimensions (the number of
pixels). When jpeg-quality-is-relative is set to no, the jpeg-quality attribute represents the absolute
quality of the JPEG produced. Compression (quality) is represented as a number between 1-100 where 1 is
minimal quality, but small, and 100 is high-quality, but large. For most images, useful values of quality
will be from about 30-100. Because information once lost cannot be regained, converting a low-quality
JPEG to a higher quality is pointless and image optimization will prevent that (by not changing the
original to a higher JPEG quality).
You might be unable to choose a specific absolute quality for JPEG images. When jpeg-quality-is-relative
is set to yes, the relative JPEG quality setting is enabled. In this case, jpeg-quality is a percentage
(a number between 1-100) that when multiplied by each JPEG's original quality, becomes its optimized
quality.
jpeg-strip-exif
JPEG files have a header (called EXIF) that contains optional data such as a date, time, camera model,
exposure settings, and so on. The EXIF header can also contain a color profile, which is required when
included. EXIF headers can be small or large. Unless they contain a color profile, they do not affect
displaying the image, and so can be removed if the loss of the information they contain is acceptable.
There are four options for this setting:
no Leaves any EXIF headers alone.
yes Always strips EXIF headers.
if-safe
Only strips EXIF headers if they do not have color profiles (ensures that images display properly).
make-safe
Applies the color profile and then strips the EXIF header (typically decreases image file size).
Applying a color profile requires additional CPU time.
jpeg-strip-keeps-copyright This setting affects the meaning of jpeg-strip-exif. If it is set, stripping the
EXIF header will strip everything except the Copyright notice (if one is present).
jpeg-sampling-factor
Sets the sampling factor to be used when producing JPEG images. The default value is preserve, which
matches the original file. You can also explicitly specify this option, as it can sometimes improve
compression.
jpeg-progressive-encoding
When enabled, progressive encoding will be used in JPEG images. For large JPEG files, this can improve
compression. When this is enabled, it will be applied only if the file is large enough to improve
compression.
png-256-colors
It is often possible to significantly reduce the size of PNG files without changing their appearance very
much by reducing the number of colors to 256 optimally selected values. This optimization is enabled when
png-256-colors is set to yes.
cache-complete-only
Specifies, when enabled, that the WebAccelerator system caches HTML pages only if the HTML code within
the page contains begin and end tags. When disabled, the WebAccelerator system reviews HTTP response
headers to determine if the information contained on the page is complete. The default value is enabled.
cache-first-hit
Specifies that the first response should be cached according to the policy caching settings. When this is
off, the response is cached when more than one request for the document has been seen. Turning this on
can reduce cache churn for unpopular documents. The default value is no.
cache-mode
Specifies how where the cached documents will be stored. The default value is memory-and-disk. Possible
values are:
memory-and-disk
The cached documents will be stored in memory or on disk.
memory-only
The cached documents will be stored in memory only.
cache-priority
Specifies the cache admission priority of documents matching the policy node. Documents with high
priority are more likely to be admitted into the cache. The default value is medium. Possible values are:
low Documents will have low priority.
medium
Documents will have medium priority.
high Documents will have high priority.
cache-stand-in-period
Specifies the amount of time that the WebAccelerator system continues to serve content from cache if the
origin Web server does not respond to the WebAccelerator system's requests for fresh content. The default
value is 0 (zero), which means the WebAccelerator system responds to requests for expired content with a
HTTP 404 error.
code Specifies a numeric non-zero code for the node that is used for troubleshooting and performance
reporting. All nodes must have unique codes within the policy. If not supplied, the code will be
generated by the system. Use the keyword generate to specify that the system generate a new unique code.
coherency
Specifies if the WebAccelerator system will attempt to keep content matching the associated node in sync
across the blades of a cluster. The default behavior is to keep content in sync.
blade
The cached documents will not be kept coherent across blades. This causes each blade to have its own
copy of a given cached document.
cluster
The cached documents will be kept coherent across blades. This causes the cluster to have single
version of a given cached document.
defaults-from
Specifies the node that you want to use as the parent node. Your new node inherits all options and values
from the parent node specified. The default value is none, which means this is a root node.
description
User defined description of a node.
invalidations
Specifies the collection of invalidations rules. Invalidations rules enable you to expire cached content
before it has reached its time-to-live (TTL) value. This is useful when content updates are event-driven,
such as when an item is added to a shopping cart, a request contains a new auction bid, or a poster has
submitted content on a forum thread. Invalidations rules can be created only on leaf nodes.
lifetime-cache-control-extensions
Enables you to configure extension tokens to be added to the cache-control header of HTTP response. The
WebAccelerator system does not process any of these extensions. It is possible that the origin Web server
will send cache-control extensions as well. You can choose whether to preserve them by including the
custom-extension in the lifetime-preserve-response-values list.
lifetime-cache-max-age
Specifies the amount of time that the WebAccelerator system serves content from the cache before
requesting fresh content from the origin Web server. The default value is 4 hours.
lifetime-honor-ows
Specifies, if enabled, that the WebAccelerator system honors certain cache-control directives from the
origin Web server response to determine cache lifetime. The default value is disabled.
lifetime-honor-ows-values
Specifies which Cache-Control directive from the origin Web server response will determine cache
lifetime. Available directives are all-values, private, no-cache, no-store, must-revalidate, proxy-
revalidate, max-age, s-maxage, and expires. This option is only effective if lifetime-honor-ows is
enabled.
lifetime-honor-request
Specifies, if enabled, that the WebAccelerator system honors certain Cache-Control directives from the
client's browser request to determine cache lifetime. The default value is enabled.
lifetime-honor-request-values
Specifies which cache-control directive from client's browser request will determine cache lifetime.
Available directives are all-values, no-cache, no-store, max-age, max-stale, and min-fresh. This option
is only effective if lifetime-honor-request is enabled. The default values are max-age, max-stale, and
min-fresh.
lifetime-http-heuristic
Specifies the percentage, based on the HTTP Last-Modified header, that the WebAccelerator system uses to
compute TTL values for cached content. For example, if content was modified 30 days ago and the lifetime-
http-heuristic option is set to 50%, the WebAccelerator system caches the content for 15 days. This
option is applicable only if you use the HTTP Last-Modified headers to identify content lifetime. The
default value is 50%. This option is effective only if lifetime-use-heuristic is enabled.
lifetime-insert-no-cache
Specifies, when enabled, that the WebAccelerator system inserts a no-cache directive into the HTTP Cache-
Control header, which stops the client's browser from locally caching content. This value overrides the
HTTP Cache-Control header cache directives sent to the client by the origin Web server.
lifetime-preserve-response
Specifies, if enabled, that the WebAccelerator system preserves certain Cache-Control directives from the
origin Web server and includes them into client's browser response. The default value is enabled.
lifetime-preserve-response-values
Specifies which Cache-Control directive from the origin web server response will be preserved in response
to the client's web browser. Available directives are all-values, private, no-cache, no-store, must-
revalidate, proxy-revalidate, max-age, s-maxage, expires, and custom-extension. This option is only
effective if lifetime-preserve-response is enabled. The default value is all-values.
lifetime-response-max-age
Specifies, when enabled, the amount of time that the client's browser should locally store content. This
value overrides the max-age and expires the directives in the HTTP Cache-Control header that are sent to
the client by the origin web server, only if the new value for the max-age is greater than the value
supplied by the origin web server. Modify this value only if there is an acceptable trade off between the
freshness of the content served to clients and overall site performance.
lifetime-response-s-maxage
Specifies, when enabled, the amount of time that the client's browser should locally store shared
content. This value overrides the s-maxage and expires the directives in the HTTP Cache-Control header
that are sent to the client by the origin web server, only if the new value for the s-maxage is greater
than the value supplied by the origin web server. Modify this value only if there is an acceptable trade
off between the freshness of the shared content served to clients and overall site performance.
lifetime-stand-in-codes
Specifies that the WebAccelerator system is allowed to serve stale content from the cache if it is not
able to re-validate its freshness with the origin web server. The WebAccelerator system serves invalid
content to the downstream proxies or clients if the response code from the origin web server matches one
of codes specified with this option. This option is effective only if cache-stand-in-period has a non-
zero value. The default values are 404, 500, and 504.
lifetime-use-heuristic
Specifies, when enabled, that the WebAccelerator system uses the percentage from lifetime-use-heuristic
option to compute TTL values for cached content. The default value is no.
matching
Specifies the collection of matching rules. The rules consist of the HTTP request data type parameters
that the WebAccelerator system uses to match an incoming HTTP request to a specified node. The following
types of HTTP parameters are available for matching rules: host, path, extension, query-param, unnamed-
query-param, path-segment, cookie, user-agent, referrer, protocol, method, header, client-ip, and
content-type.
object-min-size
Specifies the minimum object size required in order for content matching the associated node to eligible
for caching. The default behavior is to use the minimum object size specified by the associated web-
acceleration profile.
object-max-size
Specifies the maximum object size allowed for content matching the associated node in order to eligible
for caching. The default behavior is to use the maximum object size specified by the associated web-
acceleration profile.
order
Specifies the order of the node in the Policy Tree. All nodes in the policy must have an order. The order
numbers are sequential, staring from 2. Orders 0 and 1 are reserved for internal use. The child node
orders must be greater than the order of their parent node. You can change the order of the nodes by
updating the order option of the node that you would like to move. The system honors the specified order
if it falls within the range of sibling node orders. Otherwise, the system picks the closest valid order
number. The remaining nodes are automatically re-ordered to free requested order number. The node order
is also used as a last resort to determine which node to use when multiple nodes match the request. The
node with a lower order wins. New nodes have their order assigned automatically to make them last among
their siblings.
proxy
Specifies the collection of proxy rules. In general, proxy rules options are relevant to only requests
that match their node, rather than to matched responses. The following types of HTTP parameters are
available for proxy rules: host, query-param, unnamed-query-param, path-segment, cookie, user-agent,
referrer, protocol, method, header, and client-ip.
proxy-override
Specifies the collection of proxy override rules. You can define proxy override rules and associated
conditions under which the WebAccelerator system should ignore proxying rules options. The following
types of HTTP parameters are available for proxy override rules: host, query-param, unnamed-query-param,
path-segment, cookie, user-agent, referrer, protocol, method, header, and client-ip.
request-queueing
Specifies, when enabled, that the WebAccelerator system will queue requests for expired or new documents
and proxy fewer requests to the origin web server (OWS). If the response is cachable, the response will
be served to all waiting requests; if not, the waiting requests will proxy normally.
response-codes-cached
Specifies the collection of HTTP response codes that determine whether the WebAccelerator system should
cache the content. The valid codes are 300, 301, 302, 307, and 410. The codes 200, 201, 203, and 207 are
included into the list implicitly. The default values are 300 and 301.
substitutions
Specifies the collection of parameter value substitution rules. Some requested pages include hyperlinks
that require that specific information appear in the response. You can configure parameter value
substitution so that when a query parameter contains identification information for a sites visitors, it
prompts the WebAccelerator system to serve different content for the request, based on the specific
visitor. Conversely, if parameter value substitution is not configured, the WebAccelerator system uses
the value that it cached for the original request, for all subsequent requests after the first, even if
the subsequent requests have different values that should be used in the response.
If you configure parameter value substitution, the WebAccelerator system changes the targeted parameters
value on the page served from the cache, so that the parameter you specify appears on the URL embedded in
that page.
variation
Specifies the collection of variation rules. When the WebAccelerator system caches responses from the
origin web server, it uses certain HTTP request parameters to create a Unique Content Identifier (UCI).
The WebAccelerator system stores the UCI in the form of a compiled response and uses the UCI to easily
match future requests to the correct content in its cache. You can configure variation rules to add or
modify the parameters on which the WebAccelerator system bases its caching process. If the WebAccelerator
system receives two requests that are identical except for the value of a query parameter defined in the
variation rule, it creates a different UCI for each, and caches each response under its unique UCI. The
following types of HTTP parameters are available for variation rules: host, query-param, unnamed-query-
param, path-segment, cookie, user-agent, referrer, protocol, method, header, and client-ip.
viewstate-cache
Specifies, when enabled, that the WebAccelerator system accelerates requests and responses for Web form
objects that are generated by ASP.NET web applications. Because the file size of forms can be
significant, the WebAccelerator system is able to cache and substitute values, thus reducing the file
size and achieving faster performance.
viewstate-cache-size
Specifies the size of the ViewState object cache in kilobytes. The default value is 100 kilobytes.
viewstate-tag
Specifies the name of the web form field where the ViewState object is stored. The default value is
__VIEWSTATE.
video-optimization-fast-start
Specifies when enabled, that the WebAccelerator system optimizes video by prefetching.
video-optimization-max-bitrate
Specifies, the maximum bitrate of video that can be allowed in kilobits per sec. The default value is 0.
video-optimization-insert-ad
Specifies, when enabled, that the WebAccelerator system can insert ad into the video.
video-optimization-preroll-ad
Specifies, when enabled, that the WebAccelerator system can insert ad at the beginning of the video.
video-optimization-ad-frequency
Specifies the frequency of ad insertion. Units in seconds.
video-optimization-ad-policy
Specifies the ad policy applicable when processing the video.
type Displays the node type. The possible types are:
branch
The branch nodes exist only for the purpose of propagating rule parameters to leaf nodes. The
WebAccelerator system does not perform matching against branch nodes. Branch nodes can have multiple
leaf (child) nodes, as well as child branch nodes.
leaf A leaf node inherits rule parameters from its parent branch node. The WebAccelerator system performs
matching only against leaf nodes, and then applies the leaf nodes corresponding acceleration rules
to the request.
HTTP PARAMETERS
Both matching and acceleration rules are identified by the type, and optionally, by the name of HTTP
parameters that are used inside the rules. The following types of HTTP parameters are available:
content-type
A rule that uses the content-type parameter is based on type definitions in the object-type components.
Unlike the HTTP request data types, a matching rule based on content type is specific to the content type
parameter that the WebAccelerator system generates for a response. You specify the regular expression
that you want a response's content type to match.
client-ip
A rule that uses the client IP parameter is based on the IP address of the client making the request. The
IP address, however, may not always be the address of the client that originated the request. For
example, if the client goes through a proxy server, the IP address is the IP address of the proxy server,
rather than the client IP address that originated the request. If several clients use a specific proxy
server, they all appear to come from the same IP address.
cookie:[name]
A rule that uses the cookie parameter is based on a particular cookie that you identify by name, and for
which you provide a value to match against. This value is usually literal and must appear on the cookie
in the request or in a regular expression that matches the request's cookie that appears on the cookie
HTTP request headers. These are the same names you use to set the cookies, using the HTTP Set-Cookie
response headers. The HTTP request can contain multiple cookies, and the rule identifier must include the
name of the cookie separated with colon (:).
extension
A rule that uses the extension parameter is based on the value that follows the far-right period, in the
far-right segment key of the URL path.
header:[name]
A rule that uses the header parameter is based on a particular header that you identify by name and for
which you provide a value to match against. You can use an HTTP request data type header parameter to
create rules based on any request header other than one of the recognized HTTP request data types. The
HTTP request can contain multiple headers, and the rule identifier must include the name of the header
separated with colon (:).
host A rule that uses the host parameter is based on the value provided for the HTTP Host request header
field. This header field describes the DNS name that the HTTP request is using.
method
A rule that uses the method parameter is based on whether the request uses the GET or POST method.
query-param:[name]
A rule that uses the query parameter is based on a particular query parameter that you identify by name
and for which you provide a value to match against. The value is usually literal and must appear on the
query parameter in the request, or in a regular expression that matches the requests query parameter
value. The query parameter can be in a request that uses GET or POST methods. The HTTP request can
contain multiple query parameters, and the rule identifier must include the name of the header separated
with colon (:).
path A rule that uses the path parameter is based on the path portion of the URI. The path is defined as
everything in the URL after the host and up to the end of the URL, or up to the question mark (whichever
comes first).
path-segment:[name]
A segment is the portion of a URI path that is delimited by a forward slash (/). For example, in the
path: /apps/search/full/complex.jsp, apps, search, full, and complex.jsp all represent path segments. The
path can contain multiple segments so the rule identifier must include the name of the segment separated
with colon (:). The name can be a segment ordinal or some other string to distinguish it from other
segments rules in the same node.
protocol
A rule that uses the protocol parameter is based on whether the request uses the HTTP or HTTPS protocol.
referrer
A rule that uses the referrer parameter is based on the value provided for the HTTP Referer in the
request header. (Note the misspelling of Referer. This spelling is defined for this request header in all
versions of the HTTP specification.) This header provides the URL location that referred the client to
the page that the client is requesting. You do not typically base rules on the Referer request header,
unless you want your sites behavior to be dependent on the specific referrer. For example, one
implementation would be for sites that provide different branding for their pages based on the user's web
portal or search engine.
unnamed-query-param:[name]
An unnamed query parameter is a query parameter that has no equal sign. That is, only the query parameter
value is provided in the URL of the request. The HTTP request may contain multiple unnamed query
parameters so the rule identifier must include the name of it separated with colon (:). The name can be
the ordinal of unnamed query parameter or some other string that can make it distinguishable from other
unnamed query parameter rules in the same node.
user-agent
A rule that uses the user agent parameter is based on the value provided for the HTTP User-Agent in the
request header, which identifies the browser that sent the request.
RULE OPTIONS
active
Specifies, when enabled, that the invalidation trigger rule is enabled. You can use this option to
disable a specific invalidation trigger rule temporary, without removing it from the policy.
arg-all
Specifies, when enabled, that the rule matches all HTTP parameters of this type rather than one
identified by arg-name or arg-ordinal. This option is applicable to variation rules query-param, unnamed-
query-param, path-segment, cookie, and header. Such rules serve as a fallback case for defining document
variation. All root nodes must include one variation rule of each type with this option enabled. The
default value is disabled.
arg-alias
src-alias
dst-alias
request-data-alias
Specifies the user supplied alias for rules that use ordinals to identify HTTP request data. These
include the unnamed-query-param and path-segment rules. The src-alias and dst-alias options are used in
parameter value substitution rules to define aliases for the source and target definitions
correspondingly. The request-data-alias option defines an alias for the invalidation trigger rules.
arg-direction
src-direction
dst-direction
request-data-direction
Specifies the direction that the WebAccelerator system uses to count the ordinal of path-segment. The
src-direction and dst-direction options are used in parameter value substitution rules to define the
ordinal direction for the source and target definitions correspondingly. The request-data-direction
option defines the ordinal direction for the invalidation trigger rules. The default value is left-to-
right. The possible values are:
left-to-right
The path segment is counted form left to right.
right-to-left
The path segment is counted form right to left.
arg-name
src-name
dst-name
request-data-name
Specifies the name of the parameter type for query-param, cookie, and header. If not specified, arg-name
option is initialized from the rule name. This option is not effective if arg-all is enabled. The src-
name and dst-dst options are used in parameter value substitution rules to define the parameter name for
the source and target definitions correspondingly. The request-data-name option defines the parameter
name for the invalidation trigger rules.
arg-ordinal
src-ordinal
dst-ordinal
request-data-ordinal
Specifies, in the form of a number, the location of a parameter for unnamed-query-param and path-segment
rules. The numbering starts at 1 and follows the direction specified in the corresponding direction
option. This option is not effective if arg-all is enabled. The src-ordinal and dst-ordinal options are
used in parameter value substitution rules to define the parameter ordinal for the source and target
definitions correspondingly. The request-data-ordinal option defines the parameter ordinal for the
invalidation trigger rules.
broadcast
Specifies whether a triggered invalidation rule is broadcast to other members of a multibox deployment.
This option is only effective when the application using this policy has multibox set to farm or
symmetric.
cache-content
Specifies the parameter for which the WebAccelerator system must obtain fresh content when the
invalidations rule is triggered. The available request types are: host, path, extension, query-param,
unnamed-query-param, path-segment, cookie, user-agent, referrer, protocol, method, header, and client-ip.
Note: You must select and configure the path parameter for the cached content to invalidate, or the
invalidations rule will fail to trigger. All other parameters are optional.
description
User-defined description of a rule.
dst-type
Specifies the HTTP parameter type to use as target definition for the request value substitution rule. A
target definition contains a value in the embedded URL that you want the WebAccelerator system to replace
with the value that you specified for the source definition, during assembly. The possible values are:
path-segment
Specifies that the WebAccelerator system targets the URL parameter, as specified by the dst-ordinal
and dst-direction you define.
query-param
Specifies that the WebAccelerator system targets the URL parameter, as specified by the dst-name you
define.
unnamed-query-param
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the dst-
ordinal you define.
dst-urls
Specifies the collection of URLs in the request for which you want the WebAccelerator system to replace
content.
request
Specifies a parameter in the request that triggers the invalidations rule. The available request types
are: host, path, extension, query-param, unnamed-query-param, path-segment, cookie, user-agent, referrer,
protocol, method, header, and client-ip.
Note: You must select and configure the path parameter for the request header criteria, or the
invalidations rule will fail to trigger. All other parameters are optional.
request-data-type
Specifies the HTTP request parameter value that the WebAccelerator system should find in its cache and
for which it should request updated content from the origin Web server. The default value is undefined.
The following types of HTTP parameters are available:
host
query-param
unnamed-query-param
path-segment
cookie
user-agent
referrer
header
client-ip
Specifies that the WebAccelerator system should use the corresponding value from the request that
triggered the invalidation. Additional data, if required to identify the value, must be specified in
the request-data-name, request-data-ordinal, and request-data-direction options. The values option
is ignored.
undefined
Specifies that the WebAccelerator system should not use any values from the request that triggered
the invalidation. You must add a value into the values option with which to compare the cached
content.
src-type
Specifies the HTTP parameter type to use as source definition for the request value substitution rule. A
source definition contains the value that the WebAccelerator system embeds in the URL, in place of the
cached (target definition) value, during substitution. Typically, the source definition is a specific
request element, such as a particular query parameter; however, you can specify another source type, such
as a random number. The possible values are:
path-segment
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the src-
ordinal and src-direction options you define.
query-param
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the src-name
option you define.
randomizer
Specifies that the WebAccelerator system generates a random number and places that number on the
targeted location in an embedded URL.
request-url
Specifies that the WebAccelerator system is limited to target-specific URLs embedded in a page, as
defined in the prefix that an embedded URL must match before the WebAccelerator system performs
substitution. If you use the request URL as the source, the WebAccelerator system uses the entire
request URL as the value to substitute.
unnamed-query-param
Specifies that the WebAccelerator system substitutes the URL parameter, as specified by the src-
ordinal option you define.
src-url
Specifies whether the request URL is a relative URL or an absolute URL. The default value is absolute.
value-case-sensitive
Specifies, when enabled, that the HTTP parameter must be matched against supplied value(s) in case
sensitive manner. The default value is no.
values
Values are a collection of rule parameters that enable you to specify different parameter values for the
same rule. Most rules allow only one value, while variation rules support multiple values. Each value can
prompt a different behavior by the WebAccelerator system. All variation rules must include at least one
value with match-all option enabled. A value can be represented by actual string, regex, or multiple
strings, or regexes separated by space ( ).
RULE VALUE OPTIONS
can-be-empty
Specifies, when enabled, that the defined HTTP request parameter is included in the request, but has no
value (is an empty string). The default value is no.
can-be-missing
Specifies, when enabled, that the defined HTTP request parameter is absent from the request. The default
value is no.
invert-match
Specifies, when enabled, that the defined HTTP request parameter does not match the associated regular
expression that you defined. The default value is no.
match-all
Specifies, when enabled, that the defined HTTP request parameter matches all possible values. This option
is available only for variation rule values as a fallback case. Each variation rule must have at least
one value with this option enabled. The default value is no.
cache-as
Specifies whether the associated value should prompt the WebAccelerator system to reply to matched
requests with the same or different content. This option is available only for variation rule values.
SEE ALSO
create, delete, edit, list, modify, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2010-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 wam policy(1)