- Learn >
- Release notes >
- Security >
- Kona Site Defender
Browse By Category
-
Web Performance
-
Media Delivery
-
Cloud Security
-
Enterprise Security
-
Core Features
- Akamai Test Center
- Alerts
- Case Management
- Certificate Provisioning System
- Client Access Control
- Content Preparation
- Control Center Authentication
- Diagnostic Tools
- Edge Hostname
- Purge
- Firewall Rules Notification
- Log Delivery Service
- Identity Management
- Property Manager
- Reporting
- Billing Center
- Event Center
- Onboard & Configuration Assistant
- SAML Single Sign-On
- Support
-
Network Operator
- Show All
2017-01-01
Custom Rule Builder is now available only to Kona Site Defender customers.
Custom Rule Builder allows for the construction of custom application layer control rules to cover customer-specific situations that the KRS v1.0 rule set does not address.
A set of new Akamai APIs are available to manage API definitions as part of Kona Site Defender’s upcoming API Protection capability.
Specifications are available in the API catalog.
Client Reputation now supports enhanced criteria.
Previously, reputation profiles could only be configured based on a certain category and a threshold. Now, enhanced criteria are available that can be combined in profiles to achieve different outcomes based on the source’s location, as well as exclude certain partners from Client Reputation scrutiny.
2016-11-01
Custom Rule Builder is now available to Web Application Firewall customers.
Custom Rule Builder allows for the construction of custom application layer control rules to cover customer-specific situations that neither the CRS v1.6.1 nor KRS v1.0 rule sets address.
2016-05-01
A new network list, Image Manager Servers, is now available to all WAF customers using network lists.
2016-04-01
Rate categories now support network lists.
You can now choose, as rate category criteria, one or more IP network lists to either match on or not match on.
2016-01-01
Rate Controls now support IPv6 client IP addresses for Rate Accounting for select accounts.
This change applies to accounts participating in the proof-of-concept testing of the IPv6 rate accounting feature. Nonparticipating accounts will see no changes in Luna’s Rate Category definition pages. IPv6 rate accounting will be released to all customers in a forthcoming Luna Control Center release.
Network List validation now includes and enforces IP validation.
Previously, some IP addresses and CIDRs added to Network Lists would either cause an entire list to be ignored, or the entries in question would not properly match to request IP addresses. Now, Luna Control Center and the related Network List APIs warn you when invalid network list construction is encountered. Specifically, this occurs when an IP address has an octet with a leading zero (e.g., 192.168.1.001) and/or the CIDR mask is /0. Luna does not correct the lists for you, however. You must correct the errors yourself and then reload the list
Client Reputation no longer considers XFF request headers when applying Client Reputation whitelists.
Previously, Client Reputation considered both the connecting IP address and the XFF request header when applying whitelists. If a whitelisted IP address was added to this header, the request would then bypass Client Reputation, an undesired behavior. This has been rectified, and XFF request headers are no longer considered.
Creation of new Firewall Policies based on CRS v1.6.1 is no longer permitted.
To facilitate transitioning all Kona Site Defender customers to the Kona Rule Set, only KRS v1.0 is now available to new Firewall Policies’ Application Layer Controls. In addition, cloning an existing Firewall Policy that uses CRS v1.6.1 is not permitted. You can still, however, create a new KSD configuration based on an existing one that contains a Firewall Policy using CRS v1.6.1.
Multiple WAF Bypass Network Lists are now allowed.
Previously, in a KSD configuration, only one WAF Bypass Network List could be entered per Match Target. Since this feature is commonly used to eliminate all WAF processing on client requests and responses, it has now been expanded to allow for multiple WAF Bypass Network List entries per Match Target up to a maximum of ten.
2015-11-01
Rate Controls now support IPv6 client IP addresses for Rate Accounting for select accounts.
This change applies to accounts participating in the proof-of-concept testing of the IPv6 rate accounting feature. Nonparticipating accounts will see no changes in Luna’s Rate Category definition pages. IPv6 rate accounting will be released to all customers in a forthcoming Luna Control Center release.
Network List validation now includes and enforces IP validation.
Previously, some IP addresses and CIDRs added to Network Lists would either cause an entire list to be ignored, or the entries in question would not properly match to request IP addresses. Now, Luna Control Center and the related Network List APIs warn you when invalid network list construction is encountered. Specifically, this occurs when an IP address has an octet with a leading zero (e.g., 192.168.1.001) and/or the CIDR mask is /0. Luna does not correct the lists for you, however. You must correct the errors yourself and then reload the list.
2015-10-01
The Client Identifier parameter is no longer on the Rate Category Management setup scheme.
To simplify KSD configuration and facilitate consolidation of Rate Category definitions with those of Rate Policies, the Client Identifier menu is now on the Rate Policy setup scheme, which you can access from the Security Configuration parameters page.
For Multiple Security Configuration customers, the Security Configuration page’s Security Configurations tab now displays the ACG Alignment of each configuration.
The account-level configuration is blank.
For Multiple Security Configuration customers, the Security Configuration page’s Protection Coverage tab now displays the ACG Alignment of each hostname.
2015-09-01
WAF Activity widgets now load properly for the Firewall Policy Summary.
The overall available time frame for recurring reports is now increased to encompass the previous 90-days.
The start-date-to-end-date report length is restricted to a 30-day window within the 90-day period.
An error has been corrected in which Network List activation emails were sent multiple times.
Multiple domain levels are now allowed for Match Target hostnames.
Previously, only one level of domain was allowed (e.g., .example.com). Now, multiple levels are allowed (e.g., .example.example.com, *a.b.c.d.e.com).