Use the setup wizard to create a Connection Configuration and, optionally, a Security Configuration.

In Step 1 of the wizard, you create a Connection Configuration. In Step 2, you can either create a new Security Configuration or select an existing one. Creating a Security Configuration is optional at this stage and can be completed or modified later.

After completing the wizard, you can edit and activate the Security Configuration at any time. After your Connection Configuration is ready, you can deploy App & API Protector Hybrid.

Create a Connection Configuration

1. Visit Akamai Control Center and log in.

2. Go to ☰ > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Connection Configurations.

3. Click the Create new Connection and Security Configuration button available in the top-right corner of your screen.

4. In Step 1 of the creation modal, configure the connection settings to ensure integration between the Protector software and Akamai services:

   1. In General settings, enter your Connection Configuration name and provide a description (optional). Select a Contract and Group ID.

   2. In Deployment type, choose Reverse proxy and provide additional connection details:

      1. Target ports. Ports that your origin application uses to listen for incoming traffic. If you enter multiple ports, separate each port number with a comma. Protector will also listen on the same port(s) you specify. Ensure the provided ports are open on the target host.
      2. Target host/IP. IP address or hostname where traffic is sent on its way to the origin application. It may either be an Application Load Balancer, or your origin application. Enter the target IP or domain.
      3. Protocol. Choose HTTPS or HTTP that will be used before the target IP or hostname to specify the protocol. For example, http://192.0.2.49 (non-TLS), or https://192.0.2.49 (TLS or mTLS). HTTPS protocol is selected by default.

         👍

         While these fields are optional during the creation of your Connection Configuration, they must be specified before deploying Protector on your infrastructure. If not configured, communication with Akamai services will still be possible, but Protector may display registration errors.

   3. Select a Protector software version for your deployment.

   🚧

   The Protector version determines the available configuration options and features in your Security Configuration. Each Protector version is associated with a specific Security Configuration dashboard and supported feature set.

   Note that Akamai’s software support policy applies to the latest three releases of the software. We strongly recommend that you continuously upgrade your applications with new releases.

   👍

   AWS Marketplace deployments

   As AWS Marketplace provides a preconfigured Amazon Machine Image (AMI) only for the latest supported Protector version, the corresponding version must be selected when creating the Connection Configuration.

5. Click Next to continue to Step 2.

Create a Security Configuration

Create a Security Configuration

1. In Step 2, you set up a Security Configuration and its protections. You can modify the default protection settings later:

   1. Name your Security Configuration and add a description (optional).

   2. Enter hostnames you want to associate and protect with this configuration, like example.com. You can change this list later. Type in an asterisk (*) if you want to protect all hostnames.

   🚧

   Entries here affect detection and reporting, but don't set protections directly. If you want, copy and paste a comma-delimited list.

   When you specify a hostname in this field, all its paths will also be a part of your Security Configuration.
   Wildcards are supported (* and ?). For example, the hostname*.example.com will cover all subdomains, such as subdomain.example.com, or reports.example.com.

   3. Click Add and enter paths you would like to exclude from monitoring. Wildcards are allowed (* and ?).

   4. Review the protections that make up your security policy. Note that the policy with response actions for handling protection rules and controls is created by default, but you can change its settings after you create your Security Configuration.

   📘

   To start, App & API Protector Hybrid automatically sets your Web Application Firewall protections to Alert only. After you onboard your web properties, you can start security setup and change actions to Deny when you're ready.

   🚧

   You can skip this step and create your Connection Configuration without linking it with a Security Configuration. To skip this step, simply click Skip security setup, review your Connection Configuration settings and click Create. However, your applications are protected only if an active App & API Protector Hybrid Security Configuration is associated with the Connection Configuration, and a Protector is deployed on your infrastructure.

Review and create

In Step 3, review all details of your connection and security settings and click Create.

Next steps

After you finish creating your Connection Configuration, you can copy the token and deploy App & API Protector Hybrid in your AWS infrastructure. For detailed instructions, see Deployment steps.