PII exclusions (Beta)

If you notice false positives occurring in PII constraint enforcement you can exclude the parameters from inspection that trigger those false positives.

For example, you have a parameter that allows a numerical string. The string contains digits that look like a credit card number and is flagged as a credit card number, resulting in a firewall action. However, the parameter's value isn't a credit card number. You can add this parameter to API parameters to exclude from PII constraint enforcement so it's not inspected for PII in the future.

ūüďė

This only excludes the parameters you choose from PII inspection. Other API payload inspections still apply.

Exclude a parameter from PII inspection

  1. Log into ‚ÄčAkamai Control Center‚Äč.
  2. Go to ‚ėį > CDN > API definitions.
  3. Select your API and version.
  4. Go to API PII security settings > API parameters with PII > API parameters to excluded from PII inspection
  5. Click +.
  6. Select the API resource you want to exclude from PII inspection.
  7. Select the API method. For example, select PUT to exclude PUT request payloads from PII inspection.
  8. Select the payload location to exclude from inspection, either Request body or Response body.
  9. Select the name of the parameter to excluded from PII inspection.
  10. Save.