Property Configuration
Last updated
Last updated
To successfully integrate using Netacea, please ensure:
You have access to the relevant API and Secret keys from Netacea.
Akamai have configured the on your behalf.
You have completed the .
You have completed the .
There will be a number of configurations that need to be completed on every property that Netacea will be protecting. These configurations consist of Variables and Rules.
We'll first set up the variables in the route of the property. These can be found in the Table below:
NETACEA_API_KEY
Blank
Netacea API Key. The value is set by a Rule.
Hidden
NETACEA_SECRET_KEY
Blank
Netacea Secret Key. The value is set by a Rule.
Hidden
CLIENT_IP
Blank
True Client IP
Visible
NETACEA_MITIGATION_TYPE
INGEST, MITIGATE, or INJECT
INGEST - Integration ingests only. MITIGATE - Integration ingests and mitigates.
INJECT - Integration ingests and returns mitigation header values rather than taking the action.
Visible
NETACEA_MITIGATION_URL
Variable to proxy traffic to Netacea. This must contain a prefix of https://
Visible
NETACEA_DS2_CUSTOM_FIELD
Blank
Variable that contains bespoke session information
Hidden
FAILOVER_SECRET
<Netacea Provided Failover Secret>
Character string provided by Netacea to be used in the event of an EdgeWorker failure so that the EdgeWorker fails open
Sensitive
FAILOVER_HEADER_VALUE
Blank
The Value of the x-ew-failover header
Sensitive
ORIG_HOST
%(AK_HOST)
Host used for Netacea failover
Visible
NETACEA_INGEST_TYPE
ORIGIN
Defines ingest type, ensures Akamai does not default to HTTP
Visible
NETACEA_COOKIE_NAME
<Any Cookie Name>
Defines the name of the Netacea mitigation cookie.*
Visible
NETACEA_CAPT_COOKIE_NAME
<Any Cookie Name>
Defines the name of the Netacea captcha cookie.*
Visible
NETACEA_ENCRYPTION_KEY
<Netacea Provided Cookie Encryption Key>
Enables cookie encryption if not blank.*
Hidden
NETACEA_CAPT_REL_ASSETS
TRUE
Fetches CAPTCHA assets from Netacea server.
Visible
Once these have been configured, we can then move on to configuring the rules within the Property.
The property will need a number of rules configuring before the property can be deployed. Each of the rules and the associated configurations needed can be found below.
This will act as the rule Nest to group the Netacea rules.
Within the Netace nest rule, add the following.
Match All
If
Request Header
x-ew-failover
exists
Mitigation Rule
Add a comment...
Match All
If
Hostname
Is one of
<hostname>
And
Variable
PMUSER_FAILOVER_HEADER_VALUE
is not
{{user.PMUSER_FAILOVER_SECRET}}
And*
Request Protocol*
HTTPS*
Match All
If
Metadata Stage
is
client-response
And
EdgeWorkers Execution Status
Failure
Once the custom Behavior has been added, it will display like below as Advanced.
Conditional Origin Group
Add a comment...
Conditional Origin Definition
Add a comment...
Match All
If
Conditional Origin ID
mitigations
Origin SSL Certificate Verification
Akamai-managed Certificate Authority Sets
Ports
The order of the rules is very important. They must be completed in the same order as detailed in this document and will display like below.
Other Property rules will go after this block.
Finally the rules below need to be at the end of the rule list, with Conditional Origin rules right at the end.
Once all the Rules described above have been created, click Save and use the Activate tab to activate (deploy) your changes to the property's configuration.
Once the latest version of the property has been deployed, the Netacea plugin will be active. Discuss the best way to test mitigation is active, this will include temporarily adding suitable IP addresses or User-Agents to trigger mitigation.
Hostname
*Failover Advanced Behavior will be unavailable until has been added.
This rule, along with the Rule will be outside of the Netcea nested rule, after the other property rules.
Variable
PMUSER_FAILOVER_HEADER_VALUE
Create Value From
Extract
Get Data From
Request Header
Header Name
x-ew-failover
Operation
None
Action
Remove
Select Header Name
Other...
Custom Header Name
x-ew-failover
Variable
PMUSER_NETACEA_API_KEY
Create Value From
Expression
Expression
<Netacea API Key Value>
Operation
None
Variable
PMUSER_NETACEA_SECRET_KEY
Create Value From
Expression
Expression
<Netacea Secret Key Value>
Operation
None
Variable
PMUSER_CLIENT_IP
Create Value From
Expression
Expression
{{builtin.AK_CLIENT_REAL_IP}}
Operation
None
Enable
ON
Identifier
Select EdgeWorker ID that you have created previously
Enable
On
Action
Use an alternate hostname in this property
Alternative Hostname in This property
{{user.PMUSER_ORIG_HOST}}
Modify Request Path
No
Custom Behaviour
Add "x-ew-failover:true" header on failover request
Enable
Yes
Honour Origin Base Path
Yes
Origin Purge Query Parameter
originId
Origin Type
Your Origin
Origin Server Hostname
The URL of your Proxy Property
Forward Host Header
Origin Hostname
Cache Key Hostname
Origin Hostname
Supports Gzip Compression
Yes
Send True Client IP Header
No
Verification Settings
Choose Your Own
Use SNI TLS Extension
Yes
Match CN/SAN To
{{Origin Hostname}} {{Forward Host Header}}
Trust
Akamai-managed Certificate Authorities Sets
Akamai Certificate Store
Enabled
Third-Party Certificate Store
Disabled
HTTP Port
80
HTTPS Port
443
Behavior
Allow
Allow POST without Content-Length header
Allow