🧪 Test Lab
Use this lab to generate traffic against your test site and see how Akamai and your origin interpret it. Switch between Single Request and Rate Policy Test for burst scenarios.
Request Builder
This is the path your request will be sent to. It controls
REQUEST_URI, REQUEST_FILENAME, REQUEST_PATH_SEGMENT, etc.Sent as a
status query parameter to the inspect endpoint. If WAF/origin overrides this, the actual status may differ.One header per line. Use this to simulate bot signatures, attack payload markers, etc. (Some browser-controlled headers like
User-Agent cannot be overridden from JS.)How to Use This Lab
Think of this as a traffic generator plus a live WAF debugger. Follow the three tiles below for most test cases.
1️⃣ Shape the requestSelector focus: URI / METHOD
- Choose HTTP Method and Return Status Code to simulate success, 3xx, 4xx or 5xx paths.
- Adjust Request path & Query string to drive
REQUEST_URI,REQUEST_PATH_SEGMENTandARGS. - Use this for path-based policies, rate controls and URL protections.
2️⃣ Enrich with headers, cookies & bodySelector focus: HEADERS / BODY
- Add Custom Headers for bot signatures, API keys or attack markers (
REQUEST_HEADERS). - Set a cookie string to test
REQUEST_COOKIErules (non-HttpOnly cookies only). - Choose a Content-Type + body to exercise
JSON_PAIRS,XML_PAIRS,ARGSfrom form data andFILESfor uploads.
3️⃣ Inspect the Result viewStyled vs JSON
- Styled view highlights status, method, WAF indicator, headers, Akamai edge headers and parsed body.
- JSON view shows the raw
inspectandclientobjects for precise selector debugging. - When WAF returns a 403, you still see your request plus a preview of the blocked page.
💡 Quick recipes
• SQLi tuning: send POST with JSON or form payload and inspect JSON_PAIRS / ARGS.
• Bot tests: tweak headers, cookies and method, then check the edge headers card for behavior.
• Path-based rules: vary the Request path and status to validate REQUEST_URI, REQUEST_PATH_SEGMENT and cache keys.