Centinel AnalyticaAkamai EdgeWorkers
Deploy Centinel Analytica on your Akamai property using EdgeWorkers.
Overview
This guide walks through deploying Centinel Analytica server-side validation on Akamai using EdgeWorkers. Property Manager changes take 15-30 minutes to propagate across the Akamai network.
Prerequisites
- Centinel secret key
- Akamai Control Center access
- Property Manager access for the property you want to protect
- Download
centinel-akamai-edgeworker.tar.gz. - Extract the archive to get
main.jsandbundle.json.
- Log into Akamai Control Center.
- Go to CDN → EdgeWorkers.
- Click Create EdgeWorker ID.
- Enter a name (e.g.
centinel-protection). - Select your Group and Resource tier.
- Click Create EdgeWorker ID.
- Select the EdgeWorker you just created.
- Click Create Version.
- Upload the
main.jsandbundle.jsonfiles. - Click Create Version.
The EdgeWorker calls the Centinel validator via an internal path. You need to route /centinel-validate to the Centinel API.
- Go to CDN → Properties and select your property.
- Click Edit New Version to create a draft.
- Under Property Configuration, click Add Rule.
- Name the rule
Centinel Validator. - Add a Criteria:
- Match Type: Path
- Match Operator: matches one of
- Value:
/centinel-validate
- Add a Behavior → Origin Server:
- Origin Server Hostname:
validator.centinelanalytica.com - Forward Host Header: Origin Hostname
- Origin SSL Certificate Verification: Yes
- Origin Server Hostname:
- Add a Behavior → Modify Outgoing Request Path:
- Action: Replace Entire Path
- Replace With:
/validate
- Add a Behavior → Caching:
- Caching Option: No Store
- Click Save.
Watch out
Make sure the EdgeWorker behavior is not applied to the /centinel-validate rule—otherwise you'll create a recursion loop.
- In your property configuration, go to Property Variables.
- Add:
| Variable | Value |
|---|---|
PMUSER_EW_CENTINEL_SECRET_KEY | Your Centinel secret key |
- (Optional) Add additional variables from the Configuration Reference below.
- Click Save.
Variable visibility
Set variables to Hidden (not Sensitive) in Property Manager. Hidden variables are readable by EdgeWorkers but won't be logged. Sensitive variables can't be read by EdgeWorker code at all.
- In your property, add or edit a rule where you want Centinel protection.
- Add a Behavior → EdgeWorkers.
- Select your
centinel-protectionEdgeWorker ID. - Click Save.
Scope
Apply the EdgeWorker to your default rule to protect all paths, or add it to specific rules to protect only certain parts of your site.
- Click Activate in Property Manager.
- Select Staging for initial testing, or Production when ready.
- Add activation notes and click Activate.
- Wait for activation to complete (15-30 minutes).
- Browse your site to confirm traffic flows normally.
- Check that static assets (
.js,.css,.png, etc.) load without delays. - Set
PMUSER_EW_CENTINEL_ENABLE_LOGGINGtotrueand check theX-Centinel-Logresponse header for validation outcomes.
Configuration reference
Required variables
| Variable | Type | Description |
|---|---|---|
PMUSER_EW_CENTINEL_SECRET_KEY | string | Your Centinel secret key for API authentication. |
Optional variables
| Variable | Type | Default | Description |
|---|---|---|---|
PMUSER_EW_CENTINEL_CLIENT_IP | string | request.clientIp | Override client IP for validation. Defaults to Akamai's built-in client IP detection. |
PMUSER_EW_CENTINEL_PROTECTED_PATHS_INCLUSION | string | – | Regex pattern to protect only matching paths. Leave empty to protect all. |
PMUSER_EW_CENTINEL_PROTECTED_PATHS_EXCLUSION | string | – | Regex pattern to skip validation. Static assets are excluded by default. |
Notes
- Timeout: Fixed at 500ms in v3.0.0. Not configurable via variables.
- Logging: Uses Akamai's built-in
loggermodule. Check EdgeWorker logs in Control Center.
Changelog
- 3.0.0 (2026-01-19) - Timeout set to 500ms, refactored logging, removed configurable timeout variable.
- 2.0.1 - Refactored logging, better error handling.
- 2.0.0 - Better cookie handling, improved validation flow.
- 1.0.0 - Initial release.