Portal Home > Knowledgebase > CDN > Fastly > Fastly - Adding authorization to PURGE

Fastly - Adding authorization to PURGE

Fastly lets you purge content either via the interactive dashboard or by the API
When purging by API, by default there is no need to authenticate and no authorization checks. 
This means that a simple call like the following wild card purge works right away. 

curl -X PURGE* 

However, let me show you how to limit the purge API only to authorized calls. 
We're going to add a custom response of 401 (unathorized) if the method is PURGE, and a secret predefined secret is not present, very much like an API key. 

On the service configuration, go to "Content" and select to add a new response. Select a 401 code. Click "Create".

Edit the new response, and select "Request Conditions".

Add a condition that checks for method FASTLYPURGE and non-existence of a required secret purge key. You can select any header but I recommend using something that will make sense later.

req.request == "FASTLYPURGE" && req.http.X-Purge-Auth != "somesecret"

The PURGE API now requires a "X-Purge-Auth" secret key to work.

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Fastly - ESI support (Views: 1297)


Improve your web performance, reduce costs and boost ROI!

Contact us today