Property Configuration
Prerequisites
To successfully integrate using Netacea, please ensure:
You have access to the relevant API and Secret keys from Netacea.
Akamai have configured the Netacea Fail Open on your behalf.
You have completed the Proxy Property Configuration.
You have completed the Edge Worker Installation.
Property Configuration
There will be a number of configurations that need to be completed on every property that Netacea will be protecting. These configurations consist of Variables and Rules.
Property Variables
We'll first set up the variables in the route of the property. These can be found in the Table below:
NETACEA_API_KEY
Blank
Netacea API Key. The value is set by a Rule.
Hidden
NETACEA_SECRET_KEY
Blank
Netacea Secret Key. The value is set by a Rule.
Hidden
CLIENT_IP
Blank
True Client IP
Visible
NETACEA_MITIGATION_TYPE
INGEST, MITIGATE, or INJECT
INGEST - Integration ingests only. MITIGATE - Integration ingests and mitigates.
INJECT - Integration ingests and returns mitigation header values rather than taking the action.
Visible
NETACEA_MITIGATION_URL
Proxy Property Hostname
Variable to proxy traffic to Netacea. This must contain a prefix of https://
Visible
NETACEA_DS2_CUSTOM_FIELD
Blank
Variable that contains bespoke session information
Hidden
FAILOVER_SECRET
<Netacea Provided Failover Secret>
Character string provided by Netacea to be used in the event of an EdgeWorker failure so that the EdgeWorker fails open
Sensitive
FAILOVER_HEADER_VALUE
Blank
The Value of the x-ew-failover header
Sensitive
ORIG_HOST
%(AK_HOST)
Host used for Netacea failover
Visible
NETACEA_INGEST_TYPE
ORIGIN
Defines ingest type, ensures Akamai does not default to HTTP
Visible
NETACEA_COOKIE_NAME
<Any Cookie Name>
Defines the name of the Netacea mitigation cookie.*
Visible
NETACEA_CAPT_COOKIE_NAME
<Any Cookie Name>
Defines the name of the Netacea captcha cookie.*
Visible
NETACEA_ENCRYPTION_KEY
<Netacea Provided Cookie Encryption Key>
Enables cookie encryption if not blank.*
Hidden
NETACEA_CAPT_REL_ASSETS
TRUE
Fetches CAPTCHA assets from Netacea server.
Visible
Once these have been configured, we can then move on to configuring the rules within the Property.
Property Rules
The property will need a number of rules configuring before the property can be deployed. Each of the rules and the associated configurations needed can be found below.
New Rule (Blank Rule Template): Netacea
This will act as the rule Nest to group the Netacea rules.

New Rule (Blank Rule Template): Set Failover Variable
Within the Netace nest rule, add the following.

Adding Criteria and Behaviors
Match All
If
Request Header
x-ew-failover
exists
Variable
PMUSER_FAILOVER_HEADER_VALUE
Create Value From
Extract
Get Data From
Request Header
Header Name
x-ew-failover
Operation
None
Action
Remove
Select Header Name
Other...
Custom Header Name
x-ew-failover
New Rule (Blank Rule Template): Set Mitigation for <hostname>

Adding Criteria and Behaviors
Mitigation Rule
Add a comment...
Match All
If
Hostname
Is one of
<hostname>
And
Variable
PMUSER_FAILOVER_HEADER_VALUE
is not
{{user.PMUSER_FAILOVER_SECRET}}
And*
Request Protocol*
HTTPS*
Variable
PMUSER_NETACEA_API_KEY
Create Value From
Expression
Expression
<Netacea API Key Value>
Operation
None
Variable
PMUSER_NETACEA_SECRET_KEY
Create Value From
Expression
Expression
<Netacea Secret Key Value>
Operation
None
Variable
PMUSER_CLIENT_IP
Create Value From
Expression
Expression
{{builtin.AK_CLIENT_REAL_IP}}
Operation
None
Enable
ON
Identifier
Select EdgeWorker ID that you have created previously
New Rule (Blank Rule Template): Netacea Fail Open

Match All
If
Metadata Stage
is
client-response
And
EdgeWorkers Execution Status
Failure
Enable
On
Action
Use an alternate hostname in this property
Alternative Hostname in This property
{{user.PMUSER_ORIG_HOST}}
Modify Request Path
No
Custom Behaviour
Add "x-ew-failover:true" header on failover request
Once the custom Behavior has been added, it will display like below as Advanced.

New Rule: Conditional Origin Group
This rule, along with the DataStream Rule will be outside of the Netcea nested rule, after the other property rules.

Adding Criteria and Behaviors
Conditional Origin Group
Add a comment...
Enable
Yes
Honour Origin Base Path
Yes
Origin Purge Query Parameter
originId
Edit/New Rule: Conditional Origin Definition
Adding Criteria and Behaviors
Conditional Origin Definition
Add a comment...
Match All
If
Conditional Origin ID
mitigations
Origin Type
Your Origin
Origin Server Hostname
The URL of your Proxy Property
Forward Host Header
Origin Hostname
Cache Key Hostname
Origin Hostname
Supports Gzip Compression
Yes
Send True Client IP Header
No
Origin SSL Certificate Verification
Verification Settings
Choose Your Own
Use SNI TLS Extension
Yes
Match CN/SAN To
{{Origin Hostname}} {{Forward Host Header}}
Trust
Akamai-managed Certificate Authorities Sets
Akamai-managed Certificate Authority Sets
Akamai Certificate Store
Enabled
Third-Party Certificate Store
Disabled
Ports
HTTP Port
80
HTTPS Port
443
Behavior
Allow
Allow POST without Content-Length header
Allow
Order of Rules
The order of the rules is very important. They must be completed in the same order as detailed in this document and will display like below.

Other Property rules will go after this block.
Finally the rules below need to be at the end of the rule list, with Conditional Origin rules right at the end.

Activate the Property
Once all the Rules described above have been created, click Save and use the Activate tab to activate (deploy) your changes to the property's configuration.
Finishing Up
Once the latest version of the property has been deployed, the Netacea plugin will be active. Discuss the best way to test mitigation is active, this will include temporarily adding suitable IP addresses or User-Agents to trigger mitigation.
Last updated