How do I write Akamai Property Manager rules in Terraform?

Select 'Akamai' as your platform, choose your conditions and behaviors, and select the 'Terraform' output toggle. The tool will automatically generate the akamai_property_rules_builder HCL code using the correct match_criteria_ block naming convention for you to paste into your .tf files.

How do I block SQL Injection across all CDNs?

Select the 'Block SQLi (Basic)' template from the 50+ production recipes dropdown. The tool automatically populates the required regex to block union/select statements, and translates it into Cloudflare Wirefilter, AWS WAF JSON, GCP Cloud Armor CEL, or Akamai PAPI configurations.

Can I convert Apache .htaccess rules to NGINX?

Yes. Define your routing logic in the visual builder, then toggle between the Apache and NGINX platform buttons to see the exact syntax translation. The tool uses the correct module wrapper — mod_rewrite for routing and mod_headers for header rules — in Apache output.

Does this tool send my WAF configurations to a server?

No. Your security architecture is sensitive. The entire rule generation engine runs in client-side JavaScript. No configuration data is ever transmitted to or stored on any server.

CDN & WAF Rule Generator — Cloudflare, Akamai, NGINX, AWS WAF, Apache

Mastering Edge Routing & Security

Akamai Property Manager

Akamai utilises complex JSON structures for the Property Manager API (PAPI) and custom HCL blocks for Terraform. Our builder automatically translates standard logic into constructResponse, modifyIncomingRequestPath, and caching behaviors using the correct PAPI criterion names and Terraform match_criteria_ block syntax.

Cloudflare Expressions

Cloudflare uses a Wireshark-inspired language called Wirefilter. Learning exactly when to use http.request.uri.path versus http.request.full_uri can be tricky. Our builder handles the exact variable mapping, integer comparisons for ASN fields, and empty-string detection automatically.

NGINX & Apache

Writing a safe location ~* ^/api/ block in NGINX or a RewriteRule in Apache requires careful escaping. Apache header rules use mod_headers, not mod_rewrite — our engine wraps them in the correct IfModule block and warns about add_header limitations inside NGINX if blocks.

GCP Cloud Armor

Google Cloud Armor uses CEL (Common Expression Language) for custom security policies. The generator outputs valid expression strings using the correct request.path, origin.ip, and origin.region_code field names compatible with google_compute_security_policy Terraform resources.

Vercel

Vercel handles routing entirely through vercel.json configuration arrays. The generator outputs valid rewrites, redirects, and headers blocks. For block/deny logic, the output correctly directs you to use Vercel Edge Middleware instead.

Caddy

Caddy's Caddyfile uses named matchers prefixed with @ for clean, readable rule definitions. The generator outputs valid matcher blocks for path, method, hostname, IP, and user-agent conditions, with a note for country matching which requires the MaxMind GeoIP2 Caddy module.

Frequently Asked Questions

How do I block traffic in Akamai Property Manager?

Instead of deploying a full WAF rule, you can block traffic directly at the edge in Property Manager using the Construct Response behavior. Set the status code to 403. Our tool automatically formats this as valid JSON (PAPI) or Terraform HCL for you.

What is the difference between "Matches Regex" and "Contains"?

"Contains" does a simple substring search (e.g., searching for "wp-admin" anywhere in the URL). "Matches Regex" allows complex pattern matching (like ^/api/v[1-9]/), which is more powerful but computationally heavier on edge servers. Use "Contains" where possible for performance.

Does this tool send my configurations to a server?

No. Your security architecture is highly sensitive. The entire 50+ template translation engine runs entirely in client-side JavaScript. Nothing is ever transmitted to or stored on any server.

Why does AWS WAF not support redirect or rewrite goals?

AWS WAFv2 is a pure security layer — its rule actions are limited to Allow, Block, Count, and CAPTCHA. Redirects, rewrites, and header injection must be handled at the CloudFront layer using CloudFront Functions or Lambda@Edge. The tool shows the correct guidance when these goals are selected for AWS.

CDN & WAF Rule Generator

Rule Configuration

If traffic matches... (Criteria)

Generated Cloudflare Code