# Property Configuration ### Prerequisites To successfully integrate using Netacea, please ensure: 1. You have access to the relevant API and Secret keys from Netacea. 2. Akamai have configured the [Netacea Fail Open](/netacea-plugin-information/akamai/installation-and-configuration.md#configuring-netacea-fail-open) on your behalf. 3. You have completed the [Proxy Property Configuration](/netacea-plugin-information/akamai/installation-and-configuration/proxy-property-configuration.md). 4. You have completed the [Edge Worker Installation](/netacea-plugin-information/akamai/installation-and-configuration/edgeworker-installation.md). ## Property Configuration There will be a number of configurations that need to be completed on every property that Netacea will be protecting. These configurations consist of Variables and Rules. #### Property Variables We'll first set up the variables in the route of the property. These can be found in the Table below:

Variable Name	Initial Value	Description	Security Setting
NETACEA_API_KEY	Blank	Netacea API Key. The value is set by a Rule.	Hidden
NETACEA_SECRET_KEY	Blank	Netacea Secret Key. The value is set by a Rule.	Hidden
CLIENT_IP	Blank	True Client IP	Visible
NETACEA_MITIGATION_TYPE	INGEST, MITIGATE, or INJECT	INGEST - Integration ingests only. MITIGATE - Integration ingests and mitigates. INJECT - Integration ingests and returns mitigation header values rather than taking the action.	Visible
NETACEA_MITIGATION_URL	Proxy Property Hostname	Variable to proxy traffic to Netacea. This must contain a prefix of https://	Visible
NETACEA_DS2_CUSTOM_FIELD	Blank	Variable that contains bespoke session information	Hidden
FAILOVER_SECRET	<Netacea Provided Failover Secret>	Character string provided by Netacea to be used in the event of an EdgeWorker failure so that the EdgeWorker fails open	Sensitive
FAILOVER_HEADER_VALUE	Blank	The Value of the x-ew-failover header	Sensitive
ORIG_HOST	%(AK_HOST)	Host used for Netacea failover	Visible
NETACEA_INGEST_TYPE	ORIGIN	Defines ingest type, ensures Akamai does not default to HTTP	Visible
NETACEA_COOKIE_NAME	<Any Cookie Name>	Defines the name of the Netacea mitigation cookie.*	Visible
NETACEA_CAPT_COOKIE_NAME	<Any Cookie Name>	Defines the name of the Netacea captcha cookie.*	Visible
NETACEA_ENCRYPTION_KEY	<Netacea Provided Cookie Encryption Key>	Enables cookie encryption if not blank.*	Hidden
NETACEA_CAPT_REL_ASSETS	TRUE	Fetches CAPTCHA assets from Netacea server.	Visible

{% hint style="info" %} \*These variables are used to increase security by concealing Netacea's default cookie names and values from public view. Please set the cookie names to values unrelated to Netacea. {% endhint %} Once these have been configured, we can then move on to configuring the rules within the Property. ### Property Rules The property will need a number of rules configuring before the property can be deployed. Each of the rules and the associated configurations needed can be found below. ### **New Rule (Blank Rule Template): Netacea** This will act as the rule Nest to group the Netacea rules.

### **New Rule (Blank Rule Template): Set Failover Variable** Within the Netace nest rule, add the following.

{% hint style="info" %} In order to compare the failover value header it must be read from the header and stored as a variable. Then the header is removed to prevent the leaking of the secret value. {% endhint %} ### Adding Criteria and Behaviors | Criteria | | ----------------- | | Match All | | **If** | | Request Header | | **x-ew-failover** | | exists | | Behaviors | | --------- | | | ### **New Rule (Blank Rule Template): Set Mitigation for \**

### Adding Criteria and Behaviors | **Mitigation Rule** | | ------------------- | | *Add a comment...* | | Criteria | | ------------------------------------- | | Match All | | **If** | | Hostname | | Is one of | | **\** | | **And** | | Variable | | **PMUSER\_FAILOVER\_HEADER\_VALUE** | | is not | | **{{user.PMUSER\_FAILOVER\_SECRET}}** | | **And\*** | | Request Protocol\* | | HTTPS\* | {% hint style="info" %} \*ONLY FOR PROPERTIES THAT FORWARD HTTP TO HTTPS {% endhint %} | Behaviors | | --------- | | | {% hint style="info" %} Please re-create the above rule for each domain (hostname) within this property that is associated with with unique Netacea API and Secret Keys. {% endhint %} ### **New Rule (Blank Rule Template): Netacea Fail Open**

{% hint style="info" %} This Fail Open rule requires the use of Advanced XML behavior. To add this advanced custom XML block, communicate with your Akamai account representative who can request that Akamai Professional Services create a custom behavior, which you can add to property configurations in your account. {% endhint %} | Criteria | | ---------------------------- | | Match All | | **If** | | Metadata Stage | | is | | **client-response** | | **And** | | EdgeWorkers Execution Status | | **Failure** | | Behaviors | | --------- | | | {% hint style="info" %} \*Failover Advanced Behavior will be unavailable until [Netacea Fail Open XML](/netacea-plugin-information/akamai/installation-and-configuration.md#configuring-netacea-fail-open-xml) has been added. {% endhint %} Once the custom Behavior has been added, it will display like below as **Advanced.**

### **New Rule: Conditional Origin Group** This rule, along with the [DataStream](/netacea-plugin-information/akamai/monitoring-configuration.md) Rule will be outside of the Netcea nested rule, after the other property rules.

### Adding Criteria and Behaviors | **Conditional Origin Group** | | ---------------------------- | | *Add a comment...* | | Behaviors | | --------- | | | ### **Edit/New Rule: Conditional Origin Definition** {% hint style="info" %} This rule is created automatically as a child-rule under Conditional Origin Group. {% endhint %} ### Adding Criteria and Behaviors | **Conditional Origin Definition** | | --------------------------------- | | *Add a comment...* | | Criteria | | --------------------- | | Match All | | **If** | | Conditional Origin ID | | **mitigations** |

Behaviours
Origin SSL Certificate Verification Akamai-managed Certificate Authority Sets Ports

Behaviours

Origin SSL Certificate Verification

Akamai-managed Certificate Authority Sets

Ports

### Order of Rules The order of the rules is very important. They must be completed in the same order as detailed in this document and will display like below.

Other Property rules will go after this block. Finally the rules below need to be at the end of the rule list, with Conditional Origin rules right at the end.

### Activate the Property Once all the Rules described above have been created, click **Save** and use the **Activate** tab to activate (deploy) your changes to the property's configuration. {% hint style="info" %} The process above needs to be repeated on each property Netacea will actively protected. {% endhint %} ### Finishing Up Once the latest version of the property has been deployed, the Netacea plugin will be active. Discuss the best way to test mitigation is active, this will include temporarily adding suitable IP addresses or User-Agents to trigger mitigation. ### --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.netacea.com/netacea-plugin-information/akamai/installation-and-configuration/property-configuration.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.