enhancedProxyDetection


This behavior allows you to apply proxy detection and location spoofing protection from Akamai's data provider, Geo‚ÄčGuard. Configure it to identify unwanted requests redirected from four types of proxy: anonymous VPN, public proxy, The Onion Router (Tor) exit node, and smart DNS proxy. Configure your edge content to deny or redirect requests, or allow them to pass through so that you can log and audit the traffic. This and the epd‚ÄčForward‚ÄčHeader‚ÄčEnrichment behavior work together and need to be included either in the same rule, or in the default one.

OptionTypeDescriptionRequires
enabledboolean

Applies Geo‚ÄčGuard proxy detection.

{"displayType":"boolean","tag":"input","type":"checkbox"}
forward‚ÄčHeader‚ÄčEnrichmentboolean

Sends the Enhanced Proxy Detection (Akamai-EPD) header in the forward request to determine whether the connecting IP address is an anonymous proxy. The header can contain one or more two-letter codes that indicate the IP address type detected by edge servers:

  • av for is_anonymous_vpn
  • hp for is_hosting_provider
  • pp for is_public_proxy
  • dp for is_smart_dns_proxy
  • tn for is_tor_exit_node
  • vc for is_vpn_datacentre
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
enable‚ÄčConfiguration‚ÄčModeenum

Specifies how to field the proxy request.

{"displayType":"enum","options":["BEST_PRACTICE","ADVANCED"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
BEST_‚ÄčPRACTICE

Apply a single action to the four different categories of traffic.

ADVANCED

Configure them separately. Choose the latter only if you are thoroughly familiar with Geo‚ÄčGuard proxy detection. See Enhanced Proxy Detection with Geo‚ÄčGuard for more information.

best‚ÄčPractice‚ÄčActionenum

Specifies how to field the proxy request.

enable‚ÄčConfiguration‚ÄčMode is BEST_‚ÄčPRACTICE
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"BEST_PRACTICE"}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

best‚ÄčPractice‚ÄčRedirecturlstring (allows¬†variables)

This specifies the URL to which to redirect requests.

best‚ÄčPractice‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"bestPracticeAction","op":"eq","value":"REDIRECT"}}
detect‚ÄčAnonymous‚ÄčVpnboolean

This enables detection of requests from anonymous VPNs.

enable‚ÄčConfiguration‚ÄčMode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect‚ÄčAnonymous‚ÄčVpn‚ÄčActionenum

Specifies how to field anonymous VPN requests.

detect‚ÄčAnonymous‚ÄčVpn is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectAnonymousVpn","op":"eq","value":true}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

detect‚ÄčAnonymous‚ÄčVpn‚ÄčRedirecturlstring (allows¬†variables)

This specifies the URL to which to redirect anonymous VPN requests.

detect‚ÄčAnonymous‚ÄčVpn‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectAnonymousVpnAction","op":"eq","value":"REDIRECT"}}
detect‚ÄčPublic‚ÄčProxyboolean

This enables detection of requests from public proxies.

enable‚ÄčConfiguration‚ÄčMode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect‚ÄčPublic‚ÄčProxy‚ÄčActionenum

Specifies how to field public proxy requests.

detect‚ÄčPublic‚ÄčProxy is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectPublicProxy","op":"eq","value":true}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

detect‚ÄčPublic‚ÄčProxy‚ÄčRedirecturlstring (allows¬†variables)

This specifies the URL to which to redirect public proxy requests.

detect‚ÄčPublic‚ÄčProxy‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectPublicProxyAction","op":"eq","value":"REDIRECT"}}
detect‚ÄčTor‚ÄčExit‚ÄčNodeboolean

This enables detection of requests from Tor exit nodes.

enable‚ÄčConfiguration‚ÄčMode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect‚ÄčTor‚ÄčExit‚ÄčNode‚ÄčActionenum

This specifies whether to DENY, ALLOW, or REDIRECT requests from Tor exit nodes.

detect‚ÄčTor‚ÄčExit‚ÄčNode is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectTorExitNode","op":"eq","value":true}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

detect‚ÄčTor‚ÄčExit‚ÄčNode‚ÄčRedirecturlstring (allows¬†variables)

This specifies the URL to which to redirect requests from Tor exit nodes.

detect‚ÄčTor‚ÄčExit‚ÄčNode‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectTorExitNodeAction","op":"eq","value":"REDIRECT"}}
detect‚ÄčSmart‚ÄčDNSProxyboolean

This enables detection of requests from smart DNS proxies.

enable‚ÄčConfiguration‚ÄčMode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect‚ÄčSmart‚ÄčDNSProxy‚ÄčActionenum

Specifies whether to DENY, ALLOW, or REDIRECT smart DNS proxy requests.

detect‚ÄčSmart‚ÄčDNSProxy is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectSmartDNSProxy","op":"eq","value":true}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

detect‚ÄčSmart‚ÄčDNSProxy‚ÄčRedirecturlstring (allows¬†variables)

This specifies the URL to which to redirect DNS proxy requests.

detect‚ÄčSmart‚ÄčDNSProxy‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectSmartDNSProxyAction","op":"eq","value":"REDIRECT"}}
detect‚ÄčHosting‚ÄčProviderboolean

This detects requests from a hosting provider.

enable‚ÄčConfiguration‚ÄčMode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect‚ÄčHosting‚ÄčProvider‚ÄčActionenum

This specifies whether to DENY, ALLOW, or REDIRECT requests from hosting providers.

detect‚ÄčHosting‚ÄčProvider is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectHostingProvider","op":"eq","value":true}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

detect‚ÄčHosting‚ÄčProvider‚ÄčRedirecturlstring (allows¬†variables)

This specifies the absolute URL to which to redirect requests from hosting providers.

detect‚ÄčHosting‚ÄčProvider‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectHostingProviderAction","op":"eq","value":"REDIRECT"}}
detect‚ÄčVpn‚ÄčData‚ÄčCenterboolean

This enables detection of requests from VPN data centers.

enable‚ÄčConfiguration‚ÄčMode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect‚ÄčVpn‚ÄčData‚ÄčCenter‚ÄčActionenum

This specifies whether to DENY, ALLOW, or REDIRECT requests from VPN data centers.

detect‚ÄčVpn‚ÄčData‚ÄčCenter is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectVpnDataCenter","op":"eq","value":true}}
ALLOW

Allow the request.

DENY

Deny the request.

REDIRECT

Respond with a redirect.

detect‚ÄčVpn‚ÄčData‚ÄčCenter‚ÄčRedirecturlstring (allows¬†variables)

This specifies the URL to which to redirect requests from VPN data centers.

detect‚ÄčVpn‚ÄčData‚ÄčCenter‚ÄčAction is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectVpnDataCenterAction","op":"eq","value":"REDIRECT"}}