Include a header that identifies proxies

You can also include a header that tells you if a connecting IP address in a request is associated with an anonymous proxy. This can be especially helpful if you need to check the requester before providing access to your content.

It’s implemented in one of two ways, and both methods are supported for use with the "Best Practices" and "Advanced" modes for EPD.

Method 1: Enable it directly in the behavior

Here, you add the Enhanced Proxy Detection with GeoGuard behavior to a rule in your property and set the Enable Forward Header Enrichment slider to “On.” The header will be sent along with all requests that meet the Match criteria for that rule. For example, if you include the behavior in the Default Rule, that rule applies to all requests. So, the header will be sent along with all requests coming from proxies.

This is best used if you have other rules in your configuration that may block access, such as Content Targeting Protection. This way, you can apply EPD as a higher priority (lower in the rule list), and have all Enhanced Proxy Detection settings applied.

Method 2: Add a separate behavior

With this method, you add another behavior—Enhanced Proxy Detection with GeoGuard - Forward Header Enrichment—to a separate rule, and set its slider to “On.” This lets you better control how the header is applied. You would add this behavior to a separate rule and use a unique Match criteria. Only requests that meet that match criteria will include the header.

You also need Enhanced Proxy Detection with GeoGuard

This method also requires that you include the Enhanced Proxy Protection with GeoGuard behavior in your AMD property configuration. These points also apply:

  • The behaviors need to exist in different rules. This behavior only applies if you want to use a different Match criteria to include the header after a request. If you want the Match criteria to be the same for both, just use Method 1.
  • Ensure the Enable Forward Header Enrichment slider is set to “Off.
  • If you’re using other access blocking protections, such as Content Targeting Protection, you may not want to use Method 1, instead. Otherwise, ensure that both rules you need for this method are higher in priority (lower in the rule list).

About the header

The header is named "Akamai-EPD," and contains the following information:

Akamai-EPD: <two-letter codes>

The feature leverages GeoGuard's "must-have" and "optional" categories to identify and label requests in the header as two-letter codes:

Akamai EPD Two-letter Code GeoGuard Category
av is_anonymous_vpn
pp is_public_proxy
dp is_smart_dns_proxy
tn is_tor_exit_node
vc is_vpn_datacenter
hp is_hosting_provider

So, for a Smart DNS Proxy running in a public cloud, you'd see:

Akamai-EPD: hp dp