Include a header that identifies proxies
You can also include a header that tells you if a connecting IP address in a request is associated with an anonymous proxy. This can be especially helpful if you need to check the requester before providing access to your content.
It’s implemented in one of two ways, and both methods are supported for use with the "Best Practices" and "Advanced" modes for EPD.
Method 1: Enable it directly in the behavior
Here, you add the Enhanced Proxy Detection with GeoGuard behavior to a rule in your property and set the Enable Forward Header Enrichment slider to “On.” The header will be sent along with all requests that meet the Match criteria for that rule. For example, if you include the behavior in the Default Rule, that rule applies to all requests. So, the header will be sent along with all requests coming from proxies.
This is best used if you have other rules in your configuration that may block access, such as Content Targeting Protection. This way, you can apply EPD as a higher priority (lower in the rule list), and have all Enhanced Proxy Detection settings applied.
Method 2: Add a separate behavior
With this method, you add another behavior—Enhanced Proxy Detection with GeoGuard - Forward Header Enrichment—to a separate rule, and set its slider to “On.” This lets you better control how the header is applied. You would add this behavior to a separate rule and use a unique Match criteria. Only requests that meet that match criteria will include the header.
You also need Enhanced Proxy Detection with GeoGuard
This method also requires that you include the Enhanced Proxy Protection with GeoGuard behavior in your AMD property configuration. These points also apply:
- The behaviors need to exist in different rules. This behavior only applies if you want to use a different Match criteria to include the header after a request. If you want the Match criteria to be the same for both, just use Method 1.
- Ensure the Enable Forward Header Enrichment slider is set to “Off.”
- If you’re using other access blocking protections, such as Content Targeting Protection, you may not want to use Method 1, instead. Otherwise, ensure that both rules you need for this method are higher in priority (lower in the rule list).
About the header
The header is named "Akamai-EPD," and contains the following information:
Akamai-EPD: <two-letter codes>
The feature leverages GeoGuard's "must-have" and "optional" categories to identify and label requests in the header as two-letter codes:
| Akamai EPD Two-letter Code | GeoGuard Category |
|---|---|
av |
is_anonymous_vpn |
pp |
is_public_proxy |
dp |
is_smart_dns_proxy |
tn |
is_tor_exit_node |
vc |
is_vpn_datacenter |
hp |
is_hosting_provider |
So, for a Smart DNS Proxy running in a public cloud, you'd see:
Akamai-EPD: hp dp