Users are exploring whether Shopify storefronts can be routed through Akamai for DDoS protection and WAF services. The main technical challenge involves DNS/CNAME configuration and compatibility issues.
Key Technical Issue:
Proposed Workarounds:
Current Status:
We have a customer who requires their Shopify shop to be placed behind Akamai for DDOS protection and WAF services. Is this possible? has anyone tried this before?
Can the CNAME for the domain be changed to connect directly to Shopify to connect the site to the domain then switched back to Akamai?
+1 for this topic, is there any info on this?
Is there any update on this? I am currently trying to do the same thing. When routing through Akamai, Cloudflare is giving me a 403 on the Shopify side. We don’t use Cloudflare so it’s not on our side.
Cloudflare doesn’t like the requests coming from Akamai. If we would send a specific header or can whitelist certain IPs in Cloudflare that would most likely let the traffic through.
Looking for additional options to see how to make this work
Yes, Akamai (DDoS, WAF, Bot, etc.) + Shopify is possible–just reach out to the Akamai sales rep - and according to SecureIQLab’s 2025 Cloud WAAP CyberRisk Comparative Validation Report v4.0, Akamai is still the WAF leader.