This is a Beta Software
NOTE: This tool is intended to be installed via the Akamai CLI package manager, which can be retrieved from the releases page of the Akamai CLI tool.
- Node 7
- npm install after every update
- Ensure that the 'bin' subdirectory is in your path
- Version number - if not specified, the tool will assume the latest version is editable and try to execute the actions on the version. If the version is not editable1, you will get an error.
- Config ID - if not specified, the tool will make an assumption that the user has only one configuration and try to execute the action on the editable1 version.
- Security policy id - if not provided in commands that required a security policy, the tool will assume that the editable1 version has only one policy and try to use it. If the said version has more than one policy, an error will be thrown asking for the policy id.
If left to these assumptions, the commands will perform slower than when these options are provided explicitly.
In order to use this configuration, you need to:
- Set up your credential files as described in the authorization and credentials sections of the getting started guide on developer.akamai.com.
- When working through this process you need to give grants for the Application Security API. The section in your configuration file should be called 'appsec' unless you would like to pass the section name in every command using the
--sectionoption.
The akamai appsec Kit is a set of nodejs libraries that wraps Akamai's {OPEN} APIs to help simplify protection to the properties delivered by Akamai. This kit can be used as a no-fuss command line utility to interact with the library.
$ akamai appsec
Usage: akamai appsec <command> [options]
Commands:
activate Activate a version.
activation Get activation status.
clone Clone a config.
configs List all available configurations.
enable-custom-rule Assigns an action (such as alert or deny) to an existing custom rule in a policy.
create-custom-rule Create a custom rule.
delete-custom-rule Delete a custom rule.
custom-rule Display contents of custom rule.
modify-custom-rule Update existing custom rule.
structured-rule-template Prints sample JSON of a structured custom rule. [aliases: srt]
custom-rules List all custom rules.
export Export a configuration version.
add-hostname Add hostnames to selected list
selectable-hostnames List all selectable hostnames.
selected-hostnames List all currently chosen hostnames.
create-match-target Creates a match target.
modify-match-target Updates a match target.
match-target-order Change the match target sequence.
match-targets List all match targets.
policies List all security policies.
version Read a config version
versions List all config versions
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Copyright (C) Akamai Technologies, Inc
Visit http://github.com/akamai/cli-appsec for detailed documentation
This script wraps all of the functionality from the library into a command line utility which can be used to support the following use cases.
Akamai customers can currently configure delivery of a new web property using the PAPI API/CLI. This use case enables protecting these new web properties. This protection is limited to adding the host to an existing security policy. The typical steps are listed in the following table:
| # | Commands | Comments |
|---|---|---|
| 1 | akamai property create | |
| 2 | akamai property activate | |
| 3 | akamai appsec configs |
|
| 4 | akamai appsec versions --config=<config id> |
|
| 5 | akamai appsec clone --config=<config id> |
Optional. You can skip this step if you choose to use an existing editable1 configuration version |
| 6 | akamai appsec selectable-hostnames |
|
| 7 | akamai appsec add-hostname <comma separated hostnames> |
|
| 8a | akamai appsec policies --config=<config id> --version=<version number> |
|
| 8b | akamai appsec create-match-target --hostnames=<comma separated hostnames> --paths=<comma separated paths> --policy=<security policy id> |
|
| 8c | akamai appsec match-target-order --insert=<match target id> --config=<config id> --version=<version number> |
|
| 8d | akamai appsec modify-match-target <match target id> add-hostname <hostname> |
|
| 9 | akamai appsec activate --network=<activation network> --notes=<activation notes> --notify=<emails> |
|
| 10 | akamai appsec activation --activation-id=<activation id> |
Adding or updating a custom rule to the protection of a hostname requires a change to a policy. The custom rule action API is used to enable the custom rule.
| # | Commands | Comments |
|---|---|---|
| 1 | akamai appsec clone --config=<config id> |
Optional. You can skip this step if you choose to use an existing editable1 configuration version |
| 2 | akamai appsec structured-rule-template > structuredRule.json |
This prints a template json to the standard output. You must edit this template appropriately before creating the custom rule |
| 3 | vim structuredRule.json |
|
| 4 | akamai appsec create-custom-rule @structuredRule.json |
|
| 5 | akamai appsec enable-custom-rule --custom-rule=<custom rule id> --policy=<security policy id> --action=<alert or deny> |
|
| 6 | akamai appsec activate --network=<activation network> --notes=<activation notes> --notify=<emails> |
|
| 7 | akamai appsec activation --activation-id=<activation id> |
For details about individual commands, please look at Commands
- Retrieve available configurations
- Retrieve available configuration versions
- Retrieve a configuration version
- Clone a configuration version
- Retrieve hostnames available for protection
- Retrieve hostnames that are protected
- Add hostname(s) to protect
- Retrieve Security policies
- Create a Website Match target
- Retrieve Website Match targets
- Modify a Website Match target
- Change Website Match target order
- Custom rule template
- Create custom rule
- Delete custom rule
- Modify a custom rule
- Enable a custom rule
- Retrieve all custom rules
- Retrieve a custom rule
- Delete a custom rule
- Activate a configuration version
- Check activation status
- Export a configuration version
Usage: akamai appsec configs [options]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. Defaults to ~/.edgrrc [string]
--section The section of .edgerc to use. Defaults to 'appsec' [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec versions [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--limit <num> Specifies the number of most recent versions of the selected configuration to be fetched. [number]
--verbose Provides more details about each version. [boolean]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. Defaults to ~/.edgrrc [string]
--section The section of .edgerc to use. Defaults to 'appsec' [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec version [options]
Options:
--config <id> Configuration id number. If not provided, assumes there is only one configuration and
chooses it. If there's more, an error is thrown.
[number]
--version <num> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If
not provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. Defaults to ~/.edgrrc [string]
--section The section of .edgerc to use. Defaults to 'appsec' [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Clones the configuration version.
sage: akamai appsec clone [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--version <num> The version number to clone [required] [string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Copyright (C) Akamai Technologies, Inc
Visit http://github.com/akamai/cli-appsec for detailed documentation
These are the hostnames that the user can choose from, to add to the configuration version for protection.
Usage: akamai appsec selectable-hostnames [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <id> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not
provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
These are the hostnames that the user is already protecting as part of this configuration version.
Usage: akamai appsec selected-hostnames [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <id> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not
provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Adds a new hostname to the protected list(selected hostnames). The hostnames chosen here should be from the selectable hostnames list.
Usage: akamai appsec add-hostname <hostnames> [options]
Arguments:
<hostnames> The comma separated list of hostnames to add.
[required] [array:string]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <num> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If
not provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Retrieves the list of security policies present in this configuration version.
Usage: akamai appsec policies [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <id> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If not
provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec create-match-target [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <id> The version number. It can also take the values 'PROD' or 'PRODUCTION'
or 'STAGING'. If not provided, latest version is assumed.
[string]
--hostnames <a.com, b.net, c.d.com> Hostnames to add.
[required] [array:string]
--paths <x,y,z> The file paths
[required] [array:string]
--policy <id> The policy id to use. If not provided, we try to use the policy
available on file(slow). If you have more than one policy, this option must
be provided.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec match-targets [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <num> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If
not provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Updates an existing match target. As of now, the only supported operation is to add a hostname to the existing match target.
Usage: akamai appsec modify-match-target <match-target> <subcommand> <hostname> [options]
Arguments:
<match-target> The match target id. [required] [string]
<hostname> The hostname to add to the match target. [required] [string]
Sub Commands:
<subcommand> The subcommand. [add-hostname] [required] [string]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <num> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If
not provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Updates the order of the website match targets
Usage: akamai appsec match-target-order [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <num> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If
not provided, latest version is assumed.
[string]
--insert <id> Match target id to move to the start.
[number]
--append <id> Match target id to move to the end.
[number]
[order] The comma separated list of numeric match target ids in desired order.
[array:number]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
The custom rule needs to be fed as as json and this command prints the json template for creating a custom rule. You must add the required details in the json and remove the rest before creating a custom rule.
Usage: akamai appsec structured-rule-template
Usage: akamai appsec create-custom-rule [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--file <path> File with JSON rules [required] [file] [must exist]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec modify-custom-rule [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--custom-rule <id> Rule ID. [required] [number]
--file <path> File with JSON rules [file] [must exist]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec enable-custom-rule [options]
Options:
--custom-rule <id> Rule ID.
[required] [number]
--policy <id> Policy ID.
[required] [string]
--action <action> Action to assign. If the action is "none", it is not associated with the policy
[required] [enum] [alert, deny, none]
--config <id> Configuration id. Mandatory if you have more than one configuration.
[number]
--version <num> The version number. It can also take the values 'PROD' or 'PRODUCTION' or 'STAGING'. If
not provided, latest version is assumed.
[string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec custom-rules [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Usage: akamai appsec custom-rule [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--custom-rule <id> Rule ID. [required] [number]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Activates a configuration version and provides the activation id. This ID is required to monitor the activation status.
Usage: akamai appsec activate [options]
Options:
--config <id> Configuration id.
[number]
--version <id> The version number.
[string]
--network <network> The network in which the configuration must be activated.
[required] [enum] [PRODUCTION, STAGING]
--note <note> The activation notes.
[string]
--notify <emails> The comma separated email ids to get notification.
[required] [array:string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Copyright (C) Akamai Technologies, Inc
Visit http://github.com/akamai/cli-appsec for detailed documentation
Prints the current state of the activation request. This command needs the activation id from the activation step.
Usage: akamai appsec activation [options]
Options:
--activation-id <id> Activation request id. [required] [number]
--verbose Provides more details about the activation status. [boolean]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Copyright (C) Akamai Technologies, Inc
Visit http://github.com/akamai/cli-appsec for detailed documentation
Usage: akamai appsec delete-custom-rule [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--custom-rule <id> Rule ID. [required] [number]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
Exports the complete details of a configuration version.
Usage: akamai appsec export [options]
Options:
--config <id> Configuration id. Mandatory if you have more than one configuration. [number]
--version <num> The version number to Export [string]
Command options:
--json Print the raw json response. All commands respect this option. [boolean]
--edgerc The full path to the .edgerc file. [string]
--section The section of .edgerc to use. [string]
--help Prints help information. [commands: help] [boolean]
--version Current version of the program. [boolean]
The Akamai CLI is a new tool and as such we have made some design choices worth mentioning.
- Credentials - the tool expects your credentials to be stored under a 'appsec' section in your ~/.edgerc file. Alternatively you can provide the section name using the --section option in every command. If you are unfamiliar with the authentication and provisioning for OPEN APIs, see the "Get Started" section of https://developer.akamai.com
1A configuration version is editable if it is not active currently or in the past in any of the environments(staging or production).