Update (April 2025 - June 2025)
The integration documentation has been updated to reflect enhancements and important behavioral clarifications:
New Configuration Fields:
Target(s) – You must now select one or more targets: Threat Actors, Custom Signature, or Malicious Sources IP Range. At least one must be selected to enable the integration.
Network ListID — This is Required for IP and threat actor-based blocking. All IPs are appended to a single, reusable list.
Improved Clarity on Setup Requirements:
Detailed prerequisites added for creating or reusing Akamai policies.
Explained when to clone an existing policy and how to attach and activate a network list.
Sequence clarified: Create policy → Attach list → Activate → Use IDs in integration.
Custom Signature Rule Behavior:
Now includes guidance on activation delays and limitations on pushing multiple rules simultaneously.
Notes that new custom rules cannot be created while the previous version is still activating.
New Section: Viewing WAF Configuration Rules:
Custom signature rules: View via Security Configurations → Custom Rules.
IP-based rules: View via Web Security → Network Lists.
These changes improve accuracy, provide operational clarity, and support successful integration setup and validation.
Akamai Web Application Firewall (WAF) is a robust cloud-based security solution that protects web applications from malicious attacks such as SQL injection, cross-site scripting (XSS), and other common threats. Integrating Traceable with Akamai WAF enhances the security posture by leveraging Traceable's deep API observability, AI-driven insights, and anomaly detection. This integration helps organizations gain comprehensive visibility into their API traffic and security events while benefiting from the scalable protection Akamai WAF provides. Together, they offer a powerful solution to detect, prevent, and respond to sophisticated threats targeting modern web applications and APIs.
Traceable’s integration with Akamai supports the following three types of rules:
IP range rules
Threat actor
Custom signature rules
The following is a high-level integration diagram:
Make a note of the following points regarding threat actors and IP range blocking:
Threat actor — Any status change of the threat actor on the Traceable Platform is propagated to Akamai. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using Akamai. Moreover, if you make any changes, such as adding a threat actor to the denylist or resolving the status, then such changes are reflected in Akamai in a few minutes.
IP-range blocking — If you configure any custom rules to enforce blocking, the action will be executed through Akamai.
Note
Akamai only supports block action.
Before you begin
Make a note of the following before you proceed with the integration:
Akamai integration supports custom signature rules. Keep the following points in mind for custom signature rules.
Note
Akamai supports only these two operators for custom signature:
Exactly match
Does not match
This means that custom signatures created using regular expressions is not supported.
Custom signature attributes
Supported/Not supported
Request URL
Not supported
Request header name
Supported
Request header value
Supported
Request parameter name
Supported
Request parameter value
Not supported
Request HTTP method
The following are supported:
GET
POST
HEAD
PUT
DELETE
HTTP_DELETE
OPTIONS
TRACE
CONNECT
Request host
Supported. It has to be in the format, for example,
example.com,text.aietc.Request user agent
Supported
Request body
Not supported.
Request cookie name
Supported.
Request cookie value
Supported.
Request header
Supported. Make a note of the following points:
Request Header Key supports only exactly match action.
Request Header Value only supports exactly match/not match.
Request cookie
Supported. Make a note of the following points:
Request Cookie Key supports only exactly match action.
Request Cookie Value only supports exactly match/not match.
Request parameter
Supported. Make a note of the following points:
Request Parameter Key supports only exactly match action.
Request Parameter Value only supports exactly match/not match.
Ensure you understand the Akamai network list, policy, and how to attach a network list to a policy.
Configuration
Complete the following steps to integrate Akamai with Traceable:
Step 1 — Navigate to WAF screen
Log into your Traceable account and navigate to Integrations → WAF.
.png)
Step 2 — Configuration
Complete the following configurations:
Integration name and Description
Provide a name for the Integration and describe the type of integration, such as dev, production, etc. Description is an optional field.
Environment
Choose the environment for which you wish to integrate Akamai. You can also choose All Environments, which will integrate Akamai with all the available environments.
Note
Each environment can have more than one Akamai integration.
Target(s)
The Target(s) field allows you to select one or more enforcement categories for which the integration will take action. The available options include:
Threat Actors – Blocks IP addresses associated with known or suspected threat actors.
Custom Signature – Applies blocking rules based on user-defined signature patterns.
Malicious Sources IP Range – Targets known malicious IP ranges for enforcement.
Depending on the scope of protection you want to configure through Akamai, you can select one, multiple, or all available options.
To proceed with the integration, at least one target must be selected. If no target is selected, the integration setup will not be allowed.
Akamai host
Provide the Akamai host. Contact your Akamai administrator to fetch this value.
Akamai configuration ID
Provide the Akamai configuration ID. Contact your Akamai administrator to fetch this value.
Akamai Policy ID
Add the ID of the policy that you wish to integrate with Traceable. Each integration can have only one Policy ID. If you want to integrate more than one policy, create separate integrations.
Navigate to Web and Data Center Security → Security Configurations in your Akamai account. All the security policies are listed in the Security Configurations. Each policy has a Policy ID. Choose the Policy ID for which you want to complete the integration.
Note
You can create only one integration with a unique policy ID in the same environment or across environments.Your content goes here
Network List ID
The Network List ID field references an existing network list configured in the Akamai Control Center. This list is required for IP-based blocking and threat actor rule enforcement. All IP addresses sent through the Traceable integration are appended to the specified network list, which must be associated with an activated Akamai policy.
Each time a new IP address or threat actor is identified, it is automatically pushed to the same network list. This centralized list is continuously updated without requiring the creation of new custom rules or policy versions. Once the network list is configured and activated, Traceable handles subsequent additions through API calls without user intervention.
Note
Custom signature rules behave differently from IP-based rules. Each update to a custom signature rule results in the creation of a new Akamai policy version, which must be activated before enforcement begins. While activation is in progress (typically 7–8 minutes), the new rule is not active, although existing rules remain in effect.
During this activation window, no additional custom signature rules can be pushed. Akamai does not allow cloning or modifying a policy version that is in the middle of an activation cycle. Attempting to do so may result in integration failure or silent rejection. Subsequent custom rules must wait until the previous version has completed activation before being processed.
Prerequisites
Before configuring the integration, ensure the following:
The Network List must be explicitly attached to the Akamai policy you plan to use with the Traceable integration. This is a required step. The integration will fail validation if the network list is not attached to the selected policy version.
There are two supported approaches depending on your scenario:
Suppose you are creating a new policy specifically for this integration. In that case, it is recommended that the policy be created, the network list be attached during configuration, and the policy ID and network list ID be activated before retrieving the policy ID and network list ID.
If you want to use an existing policy that is already active, note that Akamai does not allow modifying active versions. In this case, you must:
Clone the existing policy to create a new version.
Attach the network list to this unactivated version.
Activate the new version.
Once the policy version and network list are active and associated, use their IDs in the Traceable integration. This combination is validated during setup. If the list is not found to be attached to the activated policy, the integration will fail validation.
A network list is created in the Web Security section of the Akamai Control Center.
The network list is attached to a policy version that has not yet been activated.
The updated policy version is then activated. Akamai does not allow editing of an already activated policy version.
The Policy ID and Network List ID used in the integration must reference active and associated configurations.
Retrieving the Network List ID
To obtain the Network List ID:
Log in to the Akamai Control Center.
Navigate to Web Security → Network Lists.
Open the browser’s developer tools and go to the Network tab.
Click the desired network list entry. The request URL or response payload will display the Network List ID.
Copy the portion of the ID that appears before the query parameters.
Note
Only network lists that are attached to active policy versions can be used in the integration.
Behavior
When an IP address or threat actor is blocked through Traceable, the corresponding entry is added to the network list. Akamai then initiates an automatic activation cycle that takes approximately 5–7 minutes to complete. During this time, previously active entries continue to function normally.
If an IP address appears in multiple rule types (IP and threat actor), it is removed from the network list only after being deleted from all associated types. Deleting the Traceable integration removes all IPs added by Traceable from the network list; the list itself is retained.
Notification Emails
The Notification Emails field accepts one or more email addresses that will receive activation status alerts related to the integration. Notifications are sent when configurations are updated, IPs are added or removed, or policy changes are activated.
The notification mechanism uses a push-based model. A default internal address may be used for system-level logging if no email addresses are provided.
Akamai Auth Credentials
Provide the Access token, Client token, and Client Secret.
Step 3 — Test connection and save
Test the connection. The Save button is enabled only after the connection test is successful.
View the WAF rules
Rules generated through this integration can be viewed directly in the Akamai Control Center. How and where these rules appear depend on the target type selected in the configuration.
For Custom Signature rules:
Navigate to Web and Data Center Security → Security Configurations → Custom Rules.
Locate the policy used in the integration to view active rules pushed by Traceable.
If the same rule exists across multiple policies, its behavior (e.g., allow, deny) will vary by policy.
Rules cannot be deleted from Akamai if any active policy version uses them.
When Traceable deletes a rule, its status is updated to Not Used in Akamai.
Deleting the integration does not remove custom rules from Akamai, as active configurations may use them.
For IP-based Threat Actor and Malicious IP Range rules:
Navigate to Web Security → Network Lists.
Open the associated network list to view all IPs pushed by Traceable.
All IP updates occur within the same list. IPs remain active unless explicitly removed.
If the same IP is associated with multiple rule types, it is only removed after deletion from all associated sources.
Note
A maximum of 100 rules are allowed in Akamai. If rule creation fails due to Akamai’s 100-rule limit, users must manually delete rules via the Akamai console. Once the rule count drops below 100, successful creation events are generated for valid configurations.