- Property Manager name: Enhanced Proxy Detection with GeoGuard
- Behavior version: The
latest
rule format supports theenhancedProxyDetection
behavior v1.2. - Rule format status: Beta, possible breaking changes
- Access: Read-write
- Allowed in includes: Not available for
latest
rule format
This behavior allows you to apply proxy detection and location spoofing protection from Akamai's data provider, GeoGuard. Configure it to identify unwanted requests redirected from four types of proxy: anonymous VPN, public proxy, The Onion Router (Tor) exit node, and smart DNS proxy. Configure your edge content to deny or redirect requests, or allow them to pass through so that you can log and audit the traffic. This and the epdForwardHeaderEnrichment
behavior work together and need to be included either in the same rule, or in the default one.
Option | Type | Description | Requires | |
---|---|---|---|---|
enabled | boolean | Applies GeoGuard proxy detection. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
forwardHeaderEnrichment | boolean | Sends the Enhanced Proxy Detection (
| {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
enableConfigurationMode | enum | Specifies how to field the proxy request. | {"displayType":"enum","options":["BEST_PRACTICE","ADVANCED"],"tag":"select"} {"if":{"attribute":"enabled","op":"eq","value":true}} | |
BEST_PRACTICE | Apply a single action to the four different categories of traffic. | |||
ADVANCED | Configure them separately. Choose the latter only if you are thoroughly familiar with GeoGuard proxy detection. See Enhanced Proxy Detection with GeoGuard for more information. | |||
bestPracticeAction | enum | Specifies how to field the proxy request. | enableConfigurationMode is BEST_PRACTICE | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"BEST_PRACTICE"}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
bestPracticeRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests. | bestPracticeAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"bestPracticeAction","op":"eq","value":"REDIRECT"}} |
detectAnonymousVpn | boolean | This enables detection of requests from anonymous VPNs. | enableConfigurationMode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detectAnonymousVpnAction | enum | Specifies how to field anonymous VPN requests. | detectAnonymousVpn is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"detectAnonymousVpn","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detectAnonymousVpnRedirecturl | string (allows variables) | This specifies the URL to which to redirect anonymous VPN requests. | detectAnonymousVpnAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"detectAnonymousVpnAction","op":"eq","value":"REDIRECT"}} |
detectPublicProxy | boolean | This enables detection of requests from public proxies. | enableConfigurationMode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detectPublicProxyAction | enum | Specifies how to field public proxy requests. | detectPublicProxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"detectPublicProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detectPublicProxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect public proxy requests. | detectPublicProxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"detectPublicProxyAction","op":"eq","value":"REDIRECT"}} |
detectTorExitNode | boolean | This enables detection of requests from Tor exit nodes. | enableConfigurationMode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detectTorExitNodeAction | enum | This specifies whether to | detectTorExitNode is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"detectTorExitNode","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detectTorExitNodeRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests from Tor exit nodes. | detectTorExitNodeAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"detectTorExitNodeAction","op":"eq","value":"REDIRECT"}} |
detectSmartDNSProxy | boolean | This enables detection of requests from smart DNS proxies. | enableConfigurationMode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detectSmartDNSProxyAction | enum | Specifies whether to | detectSmartDNSProxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"detectSmartDNSProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detectSmartDNSProxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect DNS proxy requests. | detectSmartDNSProxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"detectSmartDNSProxyAction","op":"eq","value":"REDIRECT"}} |
detectHostingProvider | boolean | This detects requests from a hosting provider. | enableConfigurationMode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detectHostingProviderAction | enum | This specifies whether to | detectHostingProvider is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"detectHostingProvider","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detectHostingProviderRedirecturl | string (allows variables) | This specifies the absolute URL to which to redirect requests from hosting providers. | detectHostingProviderAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"detectHostingProviderAction","op":"eq","value":"REDIRECT"}} |
detectVpnDataCenter | boolean | This enables detection of requests from VPN data centers. | enableConfigurationMode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"} {"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detectVpnDataCenterAction | enum | This specifies whether to | detectVpnDataCenter is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"} {"if":{"attribute":"detectVpnDataCenter","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detectVpnDataCenterRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests from VPN data centers. | detectVpnDataCenterAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"} {"if":{"attribute":"detectVpnDataCenterAction","op":"eq","value":"REDIRECT"}} |