- Property Manager name: Enhanced Proxy Detection with GeoGuard
- Behavior version: The
v2023-01-05rule format supports theenhanced_proxy_detectionbehavior v1.2. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
This behavior allows you to apply proxy detection and location spoofing protection from Akamai's data provider, GeoGuard. Configure it to identify unwanted requests redirected from four types of proxy: anonymous VPN, public proxy, The Onion Router (Tor) exit node, and smart DNS proxy. Configure your edge content to deny or redirect requests, or allow them to pass through so that you can log and audit the traffic. This and the epd_forward_header_enrichment behavior work together and need to be included either in the same rule, or in the default one.
| Option | Type | Description | Requires | |
|---|---|---|---|---|
enabled | boolean | Applies GeoGuard proxy detection. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
forward_header_enrichment | boolean | Sends the Enhanced Proxy Detection (
| {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enabled","op":"eq","value":true}} | |
enable_configuration_mode | enum | Specifies how to field the proxy request. | {"displayType":"enum","options":["BEST_PRACTICE","ADVANCED"],"tag":"select"}{"if":{"attribute":"enabled","op":"eq","value":true}} | |
BEST_PRACTICE | Apply a single action to the four different categories of traffic. | |||
ADVANCED | Configure them separately. Choose the latter only if you are thoroughly familiar with GeoGuard proxy detection. See Enhanced Proxy Detection with GeoGuard for more information. | |||
best_practice_action | enum | Specifies how to field the proxy request. | enable_configuration_mode is BEST_PRACTICE | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"BEST_PRACTICE"}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
best_practice_redirecturl | string (allows variables) | This specifies the URL to which to redirect requests. | best_practice_action is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"bestPracticeAction","op":"eq","value":"REDIRECT"}} |
detect_anonymous_vpn | boolean | This enables detection of requests from anonymous VPNs. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_anonymous_vpnAction | enum | Specifies how to field anonymous VPN requests. | detect_anonymous_vpn is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectAnonymousVpn","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_anonymous_vpnRedirecturl | string (allows variables) | This specifies the URL to which to redirect anonymous VPN requests. | detect_anonymous_vpnAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectAnonymousVpnAction","op":"eq","value":"REDIRECT"}} |
detect_public_proxy | boolean | This enables detection of requests from public proxies. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_public_proxyAction | enum | Specifies how to field public proxy requests. | detect_public_proxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectPublicProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_public_proxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect public proxy requests. | detect_public_proxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectPublicProxyAction","op":"eq","value":"REDIRECT"}} |
detect_tor_exit_node | boolean | This enables detection of requests from Tor exit nodes. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_tor_exit_nodeAction | enum | This specifies whether to | detect_tor_exit_node is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectTorExitNode","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_tor_exit_nodeRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests from Tor exit nodes. | detect_tor_exit_nodeAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectTorExitNodeAction","op":"eq","value":"REDIRECT"}} |
detect_smart_dns_proxy | boolean | This enables detection of requests from smart DNS proxies. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_smart_dns_proxyAction | enum | Specifies whether to | detect_smart_dns_proxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectSmartDNSProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_smart_dns_proxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect DNS proxy requests. | detect_smart_dns_proxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectSmartDNSProxyAction","op":"eq","value":"REDIRECT"}} |
detect_hosting_provider | boolean | This detects requests from a hosting provider. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_hosting_providerAction | enum | This specifies whether to | detect_hosting_provider is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectHostingProvider","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_hosting_providerRedirecturl | string (allows variables) | This specifies the absolute URL to which to redirect requests from hosting providers. | detect_hosting_providerAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectHostingProviderAction","op":"eq","value":"REDIRECT"}} |
detect_vpn_data_center | boolean | This enables detection of requests from VPN data centers. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_vpn_data_centerAction | enum | This specifies whether to | detect_vpn_data_center is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectVpnDataCenter","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_vpn_data_centerRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests from VPN data centers. | detect_vpn_data_centerAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectVpnDataCenterAction","op":"eq","value":"REDIRECT"}} |