We wanted to give you some timely information on the latest update to Akamai’s Web Application Protector. The update includes these changes (click to jump to any selection):
- Two new attack groups
- Renamed “Web DoS Attack” group
- Changes to the home screen
- Support for wildcard hostnames
- Coming soon: protection improvements for API traffic
Here are further details on each item:
Two new attack groups
The Web Application Protector update adds two new attack groups to your web application firewall (WAF):
- Web Protocol Attack
- Web Platform Attack
- The "Web Protocol Attack" group identifies errors and anomalies related to the HTTP protocol, including request-body parsing errors and RFC violations (such as required request headers that are missing).
- The "Web Platform Attack" group identifies attacks against the web platform, including attacks against the web server or application technology.
By default, this update adds these two groups in Disabled mode (as shown above) to existing configurations. To enable attack detection for these two groups, you must change them to Alert and activate the configuration. To enable attack blocking, you must change them to Deny and activate the configuration.
We recommend that customers set these attack groups into Alert mode as soon as practical. You can then use Akamai’s Security Center and web security analytics to monitor for attacks and potential false-positive triggers. Once you’re satisfied that these attack groups are not triggering on false positives, then set the attack groups into Deny mode.
Renamed “Web DoS Attack” group
The "Web DoS Attack" group has been renamed "Web Attack Tool" to more accurately describe its function.
- The "Web Attack Tool" group identifies common application-level attack tools (including vulnerability scanners) along with exploit tools and DoS programs like Pandora, Drive, LOIC, and Hulk.
Changes to the home screen
The Web Application Protector home screen now automatically displays both the new and renamed attack groups.
|Old View||New View|
Support for wildcard hostnames
Web Application Protector now supports wildcard hostnames. To select wildcard hostnames for protection, configure a wildcard hostname in your delivery configuration, and then protect the wildcard hostname via the New Hostnames to Protect option in the Hostnames navigation link (shown below).
Coming soon: protection improvements for API traffic
In the coming weeks, Web Application Protector will deliver improved inspection of JSON and XML requests in order to better protect your API traffic. You won’t need to make any changes to your security configuration to get this improved inspection capability; additional information will be coming soon.
As these improvements roll out, and as you deploy new APIs to be protected with Web Application Protector, you may find it necessary to specify certain API-specific exceptions. As part of this update, Akamai has added support for enhanced exception-handling of JSON and XML requests. There are now three additional exception criteria you can add to each attack group in Web Application Protector:
- JSON Parameter Value(s)
- JSON Parameter Names
- XML Parameter Value(s)
To start a free trial of Akamai Web Application Protector that will help you discover how easy web application and DDoS protection can be, click here.
Hans Cathcart is a senior product manager at Akamai Technologies.