- Property Manager name: Enhanced Proxy Detection with GeoGuard
- Behavior version: The
v2024-01-09rule format supports theenhanced_proxy_detectionbehavior v1.2. - Rule format status: GA, stable
- Access: Read/Write
- Allowed in includes: Yes
Enhanced Proxy Detection (EPD) leverages the GeoGuard service provided by GeoComply to add proxy detection and location spoofing protection. It identifies requests for your content that have been redirected from an unwanted source through a proxy. You can then allow, deny, or redirect these requests.
Include this behavior in the same rule as epd_forward_header_enrichment. The epdForwardHeaderEnrichment behavior sends the Enhanced Proxy Detection (Akamai-EPD) header in the forward request to determine whether the connecting IP address is an anonymous proxy.
| Option | Type | Description | Requires | |
|---|---|---|---|---|
enabled | boolean | Applies GeoGuard proxy detection. | {"displayType":"boolean","tag":"input","type":"checkbox"} | |
forward_header_enrichment | boolean | Whether the Enhanced Proxy Detection (Akamai-EPD) header is included in the forward request to mark a connecting IP address as an anonymous proxy, with a two-letter designation. See the | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enabled","op":"eq","value":true}} | |
enable_configuration_mode | enum | Specifies how to field the proxy request. | {"displayType":"enum","options":["BEST_PRACTICE","ADVANCED"],"tag":"select"}{"if":{"attribute":"enabled","op":"eq","value":true}} | |
BEST_PRACTICE | GeoComply maintains a fixed list of categories for their GeoGuard service. Select this mode to automatically apply their primary, "must-have" categories for proxy detection. | |||
ADVANCED | Use this mode to selectively apply GeoGuard categories and customize the applied action. Make sure you include at least the categories GeoGuard considers "must-have." Akamai can't guarantee optimal proxy protection if you leave them out. | |||
best_practice_action | enum | Specifies how to field the proxy request. | enable_configuration_mode is BEST_PRACTICE | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"BEST_PRACTICE"}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
best_practice_redirecturl | string (allows variables) | This specifies the URL to which to redirect requests. | best_practice_action is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"bestPracticeAction","op":"eq","value":"REDIRECT"}} |
detect_anonymous_vpn | boolean | This enables detection of requests from anonymous VPNs. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_anonymous_vpnAction | enum | Specifies how to field anonymous VPN requests. | detect_anonymous_vpn is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectAnonymousVpn","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_anonymous_vpnRedirecturl | string (allows variables) | This specifies the URL to which to redirect anonymous VPN requests. | detect_anonymous_vpnAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectAnonymousVpnAction","op":"eq","value":"REDIRECT"}} |
detect_public_proxy | boolean | This enables detection of requests from public proxies. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_public_proxyAction | enum | Specifies how to field public proxy requests. | detect_public_proxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectPublicProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_public_proxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect public proxy requests. | detect_public_proxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectPublicProxyAction","op":"eq","value":"REDIRECT"}} |
detect_tor_exit_node | boolean | This enables detection of requests from Tor exit nodes. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_tor_exit_nodeAction | enum | This specifies whether to | detect_tor_exit_node is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectTorExitNode","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_tor_exit_nodeRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests from Tor exit nodes. | detect_tor_exit_nodeAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectTorExitNodeAction","op":"eq","value":"REDIRECT"}} |
detect_smart_dns_proxy | boolean | This enables detection of requests from smart DNS proxies. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_smart_dns_proxyAction | enum | Specifies whether to | detect_smart_dns_proxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectSmartDNSProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_smart_dns_proxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect DNS proxy requests. | detect_smart_dns_proxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectSmartDNSProxyAction","op":"eq","value":"REDIRECT"}} |
detect_hosting_provider | boolean | This detects requests from a hosting provider. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_hosting_providerAction | enum | This specifies whether to | detect_hosting_provider is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectHostingProvider","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_hosting_providerRedirecturl | string (allows variables) | This specifies the absolute URL to which to redirect requests from hosting providers. | detect_hosting_providerAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectHostingProviderAction","op":"eq","value":"REDIRECT"}} |
detect_vpn_data_center | boolean | This enables detection of requests from VPN data centers. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_vpn_data_centerAction | enum | This specifies whether to | detect_vpn_data_center is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectVpnDataCenter","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_vpn_data_centerRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests from VPN data centers. | detect_vpn_data_centerAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectVpnDataCenterAction","op":"eq","value":"REDIRECT"}} |
detect_residential_proxy | boolean | This enables detection of requests from a residential proxy. See Enhanced Proxy Detection with GeoGuard and learn more about this GeoGuard category before enabling it. | enable_configuration_mode is ADVANCED | {"displayType":"boolean","tag":"input","type":"checkbox"}{"if":{"attribute":"enableConfigurationMode","op":"eq","value":"ADVANCED"}} |
detect_residential_proxyAction | enum | This specifies whether to | detect_residential_proxy is true | {"displayType":"enum","options":["ALLOW","DENY","REDIRECT"],"tag":"select"}{"if":{"attribute":"detectResidentialProxy","op":"eq","value":true}} |
ALLOW | Allow the request. | |||
DENY | Deny the request. | |||
REDIRECT | Respond with a redirect. | |||
detect_residential_proxyRedirecturl | string (allows variables) | This specifies the URL to which to redirect requests. | detect_residential_proxyAction is REDIRECT | {"displayType":"string","tag":"input","type":"text"}{"if":{"attribute":"detectResidentialProxyAction","op":"eq","value":"REDIRECT"}} |