Guide

Security Configurations

A Security Configuration is the basic building block you use to set protections. You activate a Security Configuration to all Protector instances where it works to evaluate requests and handle them the way you want.

A Security Configuration contains:

  • Hostname associations. Use hostname associations to specify web properties you want to protect. You can associate one Security Configuration with many hostnames, and a single hostname can be part of many Security Configurations.
  • Security Policy. It lets you set controls for handling different requests and define response actions that should occur. Each Security Configuration contains one security policy within it. Your Security Configuration's Web Application Firewall rules and Custom Rules are an integral part of the policy.

Security Configurations are versioned. As you refine and test your updates, you have an audit trail of changes and can roll back to prior versions. Learn about versioning.

You can have multiple Security Configurations, which is a handy way to manage different protection needs for:

  • Hostname groups, like those used by different parts of your organization (your main brand vs. a subsidiary) or that exist for separate geographic regions. For example, if your Paris-based ops team runs all your European hostnames, you can manage those hostnames in their own Security Configuration.
  • Business units, so separate operations teams with different release schedules and policies can manage their own sites and protections.
  • Development environments, in order to apply protections suitable for each environment.

👍

App & API Protector Hybrid is independent from other ​Akamai​ security solutions and has separate Security Configurations. Note that a single Security Configuration can be associated with only one Connection Configuration.

Each Security Configuration you add increases your administrative workload, so consider carefully. Usually, it's only worth maintaining multiple Security Configurations if the groups in question have separate change-control policies and update schedules. Or, if members of each staff require separate levels of access permissions to your ​Akamai​ control settings.

Understand Protector version-based differences in Security Configurations

Each version of a Security Configuration is tied to a specific Protector software version, ensuring compatibility with its features. It means that depending on which Protector version you have installed (it’s the major/minor version of Protector that counts), you get access to a unique Security Configuration feature set based on the software version it supports.

As App & API Protector Hybrid evolves, new features and enhancements are introduced. Because of this, the dashboard and available functionalities can differ across Security Configuration versions, ensuring compatibility with the respective Protector software versions they are tied to. When working with different Security Configurations, it’s important to understand these variations and make informed decisions when applying protections over your apps.

Key highlights:

  • Protector versions are backward compatible as far as security measures are concerned. It means that Protector v1.7 can still enforce protections introduced in v1.5 and v1.6, so you can upgrade the software on your infrastructure and still use the Security Configuration compatible with the Protector software version v1.5. To have new security features offered by Protector v1.7, you need to simply create a new version from your existing Security Configuration and update it for the new Protector version you’ve installed.

Compatible version mapping between your on-premises Protector and Security Configuration:

Incompatible version mapping:

  • Remember that individual Security Configuration versions are tied to specific Protector versions. It means that if you already have new features unlocked in your Security Configuration, you cannot roll back to the previous Protector version as it will not be able to handle the new features. For example, if your Security Configuration is tied to Protector v1.1, but you try to register Protector v1.0 on your instances, the registration will fail and we will notify you about this fact in an Activity Log. In this case, you must first activate a Security Configuration compatible with the previous Protector version and then do the downgrade.
  • Upgrading your Protector software unlocks new features in your Security Configurations. All you need to do is go and activate it for the new Protector version.

Manage Security Configurations

Edit a Security Configuration

Make changes to an inactive Security Configuration.

You can’t edit a Security Configuration that has been activated, even if you deactivate it. However, you can create a new version of an active or deactivated Security Configuration version and edit the new one.

  1. Visit Akamai Control Center and log in.
  2. Go to > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Security Configurations.
  3. Click the Security Configuration's name to open the Version history modal and find the version you want to edit. You can also click the Security Configuration's action button and select Manage all versions.
  4. In the Version history modal, choose the version you want to edit. If you want to edit a Security Configuration whose production status is:
    • Inactive (it's never been activated). Open and edit it by simply clicking its version numbers or selecting Edit from the action menu.
    • Active or Deactivated. Create a new version from the Security Configuration by selecting Create new version from from the action menu.
  5. In the Create new version popup modal, select the Protector software version you want your Security Configuration to be compatible with. You can choose to keep the Protector version it already supports, or upgrade it to a new Protector version. Next, click Create new version.

👍

Each new Protector software release installed on your infrastructure unlocks new features in your Security Configuration. All you need to do is upgrade your Security Configuration to be compatible with a new Protector version. Learn more about Protector version-based differences in Security Configurations.

  1. Make desired changes, then activate your configuration to apply the changes you’ve made on production.

Copy a Security Configuration

Use versioning to copy or clone an existing active version of a Security Configuration. Read how to use versioning.

Use versioning

Tweak protections and track past settings with Security Configuration versions.

You may find that you want to build upon or experiment with a specific version of a Security Configuration. To do so, duplicating a specific version can save you lots of time. You can create and save multiple versions of a Security Configuration. This is a handy way to update a configuration, even if it’s active on production. Create a new version of your Security Configuration, edit it, and when it’s ready, activate the new version. As you refine your updates, you have an audit trail of changes and can rollback to prior versions.

👍

Creating a new version from an existing one increments the Security Configuration version by one. For example, if your latest version is v31 and you clone it, the new version is v32. If you intend to radically change the Security Configuration, you may want to create a new Security Configuration within a new Connection Configuration, which you can name and start at v1.

  1. Visit Akamai Control Center and log in.
  2. Go to > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Security Configurations.
  3. Click the Security Configuration's name to open the Version history modal and find the version you want to copy/clone. You can also click the Security Configuration's action button and select Manage all versions.
  4. Select Create new version from from the action menu by the version you want to copy.
  5. If you want to create a new version from:
    1. last created or production version, click the Security Configuration’s action menu and select Create new version from
    2. any past version, you can display a list of all versions. Either click the security configuration name or click the Security Configuration’s action menu and select Manage all versions. When the version list appears, find the version you want to copy, click its action menu and select Create new version from.

👍

If there is a new version of Protector detected on your infrastructure, you can choose the Protector version you want your new Security Configuration version to be compatible with. You can choose to stay on the existing Protector version or update your Security Configuration to be compatible with the new one. If you choose to upgrade, your Security Configuration will have a new feature set offered by the new Protector release.

You cannot create a new version of a Security Configuration if App & API Protector Hybrid cannot detect a relevant Protector version on your infrastructure. Ensure that a compatible Protector version is installed on your infrastructure before creating a new version of your configuration. It's also not possible to create a new version of a Security Configuration if it's compatible with the Protector version that Akamai no longer supports.

  1. Make desired changes, then save and activate it to have the introduced changes live on production.

Upgrade your Security Configuration directly from the Connection Configurations page

You can also create a new version of a Security Configuration directly from the App & API Protector Hybrid Connection Configurations dashboard. After you upgrade the Protector software version on your local instances, Akamai will automatically detect it and notify you in the Connection Configurations page about the option to update your Security Configuration.

To upgrade your Security Configuration directly from the Connection Configurations page:

  1. Go to ☰ > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Connection Configurations.
  2. Expand the Connection Configuration linked to a Security Configuration that you want to upgrade.
  3. In General Settings > Security Configuration, click Upgrade.
  4. In the Create new version popup modal, click Create new version to confirm that you want to create a new version of your Security Configuration and update it for the new Protector version you’ve installed. It will unlock new features in your Security Configuration dashboard.
  5. Make desired changes in your Security Configuration, then save and activate it to have the introduced changes live on production.
  6. To exit click Close.

Deactivate a Security Configuration version

🚧

Warning: Don't remove protections

Usually, you don't need to deactivate. If you want to update protection settings, just activate a new version instead. New settings replace the old ones without any interruption in coverage. You don't need to deactivate the old version first.

  1. Visit Akamai Control Center and log in.
  2. Go to > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Security Configurations.
  3. Find the Security Configuration you want to deactivate.
  4. Click the Security Configuration's action menu and select Manage all versions.
  5. When the version list appears, find the active version you want to deactivate, click its action menu and select Deactivate.

Delete a Security Configuration

Done with that Security Configuration you were using? Get rid of it. You can delete a Security Configuration as long as you have permissions to do so. You can't delete a Security Configuration if one of its versions is currently active on production or if it is linked to a Connection Configuration.

  1. Visit Akamai Control Center and log in.
  2. Go to > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Security Configurations.
  3. Find the Security Configuration you want to delete.
  4. Click the Security Configuration’s action menu and select Delete.
  5. Click Delete configuration.

📘

You can delete version 1 of your Security Configuration if it hasn't been activated before or it's not currently active.

Activate a Security Configuration

To make protections live on your site, activate your Security Configuration on production:

  1. Visit Akamai Control Center and log in.
  2. Go to > WEB & DATA CENTER SECURITY > App & API Protector Hybrid > Security Configurations.
  3. Find the Security Configuration and version you want to activate and click the version name (which is also a link).
    The Security Configuration opens.
  4. Click Activate.
  5. In the Activation details tab, review and provide required information, such as:
    1. Security Configuration version number. The Security Configuration version that you want to activate.
    2. Notification email. Enter email addresses you want to notify when the configuration deploys successfully.
    3. Review Protector version number that this Security Configuration is compatible with.
    4. Activation notes. Enter an explanation of what you changed in this version.
  6. Click Activate.

👍

When you activate a new version of your App & API Protector Hybrid Security Configuration, the Connection Configuration that it is linked to will be automatically re-associated with the latest active version of that security configuration, ensuring everything remains up to date.

Key highlights:

  • You can always activate a Security Configuration compatible with an equal or lower version of the Protector software than you currently have installed on your infrastructure. For example, say you currently have Protector v1.1.X installed on your instances, you will be able to activate a Security Configuration whose version is compatible with Protector v1.0.X. The Security Configuration’s Protector version cannot exceed the Protector version installed on your infrastructure.

You cannot activate a Security Configuration that:

  • is not associated with a Connection Configuration.
    Remember that individual Security Configuration versions are tied to specific Protector versions. It means that if you already have new features unlocked in your Security Configuration, you cannot roll back to the previous Protector version as it will not be able to handle the new features. For example, if your Security Configuration is tied to Protector v1.1, but you try to register Protector v1.0 on your instances, the registration will fail and we will notify you about this fact in an Activity Log. In this case, you must first activate a Security Configuration compatible with the previous Protector version and then do the downgrade.
  • is compatible with the Protector version that Akamai no longer supports.
  • has a higher Protector version than you currently have installed on your infrastructure. The reason is that it already has protections enabled that are not supported by an older Protector version. Learn more

Updated 1 day ago