Blog

New Updates to Akamai Web Application Protector

February 20, 2019 · by Hans Cathcart ·
Categories:

We wanted to give you some timely information on the latest update to Akamai’s Web Application Protector. The update includes these changes (click to jump to any selection):

Here are further details on each item:

Two new attack groups

The Web Application Protector update adds two new attack groups to your web application firewall (WAF):

  • Web Protocol Attack
  • Web Platform Attack
two new attack groups
The two new attack groups as they appear in the Web Application Protector interface
  • The "Web Protocol Attack" group identifies errors and anomalies related to the HTTP protocol, including request-body parsing errors and RFC violations (such as required request headers that are missing).
  • The "Web Platform Attack" group identifies attacks against the web platform, including attacks against the web server or application technology.

By default, this update adds these two groups in Disabled mode (as shown above) to existing configurations. To enable attack detection for these two groups, you must change them to Alert and activate the configuration. To enable attack blocking, you must change them to Deny and activate the configuration.

We recommend that customers set these attack groups into Alert mode as soon as practical. You can then use Akamai’s Security Center and web security analytics to monitor for attacks and potential false-positive triggers. Once you’re satisfied that these attack groups are not triggering on false positives, then set the attack groups into Deny mode.

Renamed “Web DoS Attack” group

The "Web DoS Attack" group has been renamed "Web Attack Tool" to more accurately describe its function.

web attack tool
The renamed group as it appears in the Web Application Protector interface
  • The "Web Attack Tool" group identifies common application-level attack tools (including vulnerability scanners) along with exploit tools and DoS programs like Pandora, Drive, LOIC, and Hulk.

Changes to the home screen

The Web Application Protector home screen now automatically displays both the new and renamed attack groups.

Old ViewNew View
old viewnew view

Support for wildcard hostnames

Web Application Protector now supports wildcard hostnames. To select wildcard hostnames for protection, configure a wildcard hostname in your delivery configuration, and then protect the wildcard hostname via the New Hostnames to Protect option in the Hostnames navigation link (shown below).

wildcard

Coming soon: protection improvements for API traffic

In the coming weeks, Web Application Protector will deliver improved inspection of JSON and XML requests in order to better protect your API traffic. You won’t need to make any changes to your security configuration to get this improved inspection capability; additional information will be coming soon.

As these improvements roll out, and as you deploy new APIs to be protected with Web Application Protector, you may find it necessary to specify certain API-specific exceptions. As part of this update, Akamai has added support for enhanced exception-handling of JSON and XML requests. There are now three additional exception criteria you can add to each attack group in Web Application Protector:

  • JSON Parameter Value(s)
  • JSON Parameter Names
  • XML Parameter Value(s)
    exceptions selecting
    The last three items in this menu show the newly added exception criteria

     

exceptions setting
The interface shows how to define JSON and XML parameter value exceptions

To start a free trial of Akamai Web Application Protector that will help you discover how easy web application and DDoS protection can be, click here.

Hans Cathcart is a senior product manager at Akamai Technologies.