TrainingSupportCommunity

enhancedProxyDetection

This behavior allows you to apply proxy detection and location spoofing protection from Akamai's data provider, Geo​Guard. Configure it to identify unwanted requests redirected from four types of proxy: anonymous VPN, public proxy, The Onion Router (Tor) exit node, and smart DNS proxy. Configure your edge content to deny or redirect requests, or allow them to pass through so that you can log and audit the traffic. This and the epd​Forward​Header​Enrichment behavior work together and need to be included either in the same rule, or in the default one.

OptionTypeDescriptionRequires
enabledboolean

Applies Geo​Guard proxy detection.

{"displayType":"boolean","tag":"input","type":"checkbox"}
forward​Header​Enrichmentboolean 
Sends the Enhanced Proxy Detection (Akamai-EPD) header in the forward request to determine whether the connecting IP address is an anonymous proxy. The header can contain one or more two-letter codes that indicate the IP address type detected by edge servers:
    

  • av for is_anonymous_vpn
    • 

  • hp for is_hosting_provider
    • 

  • pp for is_public_proxy
    • 

  • dp for is_smart_dns_proxy
    • 

  • tn for is_tor_exit_node
    • 

  • vc for is_vpn_datacentre
    • 

{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
enable​Configuration​Modeenum 
Specifies how to field the proxy request.
{"displayType":"enum","options":["BEST_PRACTICE","ADVANCED"],"tag":"select"}
{"if":{"attribute":"enabled","op":"eq","value":true}}
BEST_​PRACTICE
Apply a single action to the four different categories of traffic.
ADVANCED
Configure them separately. Choose the latter only if you are thoroughly familiar with Geo​Guard proxy detection. See Enhanced Proxy Detection with Geo​Guard for more information.
best​Practice​Actionenum 
Specifies how to field the proxy request.
enable​Configuration​Mode is BEST_​PRACTICE
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"BEST_PRACTICE"}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
best​Practice​Redirecturlstring (allows variables)
This specifies the URL to which to redirect requests.
best​Practice​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"bestPracticeAction","op":"eq","value":"REDIRECT"}}
detect​Anonymous​Vpnboolean 
This enables detection of requests from anonymous VPNs.
enable​Configuration​Mode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect​Anonymous​Vpn​Actionenum 
Specifies how to field anonymous VPN requests.
detect​Anonymous​Vpn is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectAnonymousVpn","op":"eq","value":true}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
detect​Anonymous​Vpn​Redirecturlstring (allows variables)
This specifies the URL to which to redirect anonymous VPN requests.
detect​Anonymous​Vpn​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectAnonymousVpnAction","op":"eq","value":"REDIRECT"}}
detect​Public​Proxyboolean 
This enables detection of requests from public proxies.
enable​Configuration​Mode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect​Public​Proxy​Actionenum 
Specifies how to field public proxy requests.
detect​Public​Proxy is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectPublicProxy","op":"eq","value":true}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
detect​Public​Proxy​Redirecturlstring (allows variables)
This specifies the URL to which to redirect public proxy requests.
detect​Public​Proxy​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectPublicProxyAction","op":"eq","value":"REDIRECT"}}
detect​Tor​Exit​Nodeboolean 
This enables detection of requests from Tor exit nodes.
enable​Configuration​Mode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect​Tor​Exit​Node​Actionenum 
This specifies whether to DENY, ALLOW, or REDIRECT requests from Tor exit nodes.
detect​Tor​Exit​Node is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectTorExitNode","op":"eq","value":true}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
detect​Tor​Exit​Node​Redirecturlstring (allows variables)
This specifies the URL to which to redirect requests from Tor exit nodes.
detect​Tor​Exit​Node​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectTorExitNodeAction","op":"eq","value":"REDIRECT"}}
detect​Smart​DNSProxyboolean 
This enables detection of requests from smart DNS proxies.
enable​Configuration​Mode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect​Smart​DNSProxy​Actionenum 
Specifies whether to DENY, ALLOW, or REDIRECT smart DNS proxy requests.
detect​Smart​DNSProxy is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectSmartDNSProxy","op":"eq","value":true}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
detect​Smart​DNSProxy​Redirecturlstring (allows variables)
This specifies the URL to which to redirect DNS proxy requests.
detect​Smart​DNSProxy​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectSmartDNSProxyAction","op":"eq","value":"REDIRECT"}}
detect​Hosting​Providerboolean 
This detects requests from a hosting provider.
enable​Configuration​Mode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect​Hosting​Provider​Actionenum 
This specifies whether to DENY, ALLOW, or REDIRECT requests from hosting providers.
detect​Hosting​Provider is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectHostingProvider","op":"eq","value":true}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
detect​Hosting​Provider​Redirecturlstring (allows variables)
This specifies the absolute URL to which to redirect requests from hosting providers.
detect​Hosting​Provider​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectHostingProviderAction","op":"eq","value":"REDIRECT"}}
detect​Vpn​Data​Centerboolean 
This enables detection of requests from VPN data centers.
enable​Configuration​Mode is ADVANCED
{"displayType":"boolean","tag":"input","type":"checkbox"}
{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}}
detect​Vpn​Data​Center​Actionenum 
This specifies whether to DENY, ALLOW, or REDIRECT requests from VPN data centers.
detect​Vpn​Data​Center is true
{"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}
{"if":{"attribute":"detectVpnDataCenter","op":"eq","value":true}}
ALLOW
Allow the request.
DENY
Deny the request.
REDIRECT
Respond with a redirect.
detect​Vpn​Data​Center​Redirecturlstring (allows variables)
This specifies the URL to which to redirect requests from VPN data centers.
detect​Vpn​Data​Center​Action is REDIRECT
{"displayType":"string","tag":"input","type":"text"}
{"if":{"attribute":"detectVpnDataCenterAction","op":"eq","value":"REDIRECT"}}