Gunther Kochmann

How to Setup a Custom Failover for logged-in Users (via Property Manager)

Blog Post created by Gunther Kochmann Employee on Dec 30, 2015

Imagine this use-case, which I recently came across:


  • anonymous users shall receive a cached version served from Akamai Edge servers (if any exists)
  • authenticated users shall be treated as follows:
    1. When backend/origin is responsive (e.g. no HTTP5xx or origin timeout): never serve a cached object, but fetch content by forwarding request to origin servers (cached objects for anonymous users must not be expunged from Akamai caches!)
    2. In case backend/origin is down (in fact the situation is contrary from 1.): serve cached version from Akamai Edge server (which is anonymous/not personalized and meant for all users that are not logged-in)


How did we solve this?


  • Default rule must have the following:
    1. Origin behavior - 'Cache Key' set to 'Origin Hostname' *)
    2. Caching behavior - 'Serve stale if unable to validate' must be turned on **)




  • Introduce a new rule which contains a criteria that matches for logged-in users (e.g. presence of a particular cookie, like 'SESSION' or similar as in this case:
    • Note that Akamai Edge will not be able to validate the SESSION cookie value, this must be done at the origin still, where requests are forwarded to for logged-in users (or those that present such a cookie)


  • Add a child rule to this one, where you trigger/match on the hostname NOT being the (fake) failover hostname (which in the end means we are not in failover mode)


  • Below this rule two other child rules will be required:

    • set 'bypass cache'


    • and another one that matches on origin issues (5xx, origin timeout) and then initiates Site Failover to the 'fake' or 'alternate' hostname ''


In the end this means that requests for the 'fake' failover hostname '' will never trigger failover (which would be useless) or by-pass Akamai caches. On the other hand, we want all that to happen for the real (public-facing) hostname ''.

The structure for the failover would look like this:


For easier testing the following can be built in:

  • a new rule that will break any forward connection and hence simulate an origin issue


  • additional cache-key query string behavior in the default rule to make this fully work



*) If this were not the case, then objects for the regular hostname and the failover hostname '' would not share the same object in cache and serving stale for would not work.

**) This is important because otherwise Akamai Edge would not be allowed to serve stale content at if origin is not responsive.