Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configure Support for Akamai Dynamic Site Accelerator

    You can configure WebApp Secure to work with a site that utilizes Akamai Dynamic Site Accelerator. You will need to make minor changes to your site's configuration in the Akamai Luna Control Center and in the Content Delivery Network section of the Security Engine configuration screen in the Configuration UI.

    To make the necessary changes, do the following:

    1. Log into Luna Control Center and select the Configure tab.
    2. Click the link corresponding to the desired site configuration under Configuration Name.
    3. On the next screen, find the currently-active configuration and click Create Version from... in the right-hand column. Make the following changes:

      Table 1: Luna Control Center Configuration Changes

      Configuration Section

      Parameter

      Value

      Honor HTTP Cache-Control and Expires Headers

      Cache Control Headers

      false (uncheck)

      Honor HTTP Cache-Control and Expires Headers

      HTTP Expires Headers

      false (uncheck)

      Browser Cache Control Headers

      Pass through the origin's Cache-Control headers to the browser

      true (select)

      Browser Cache Control Headers

      Pass through all origin cache control headers

      true (select)

      Edge Services - General

      Enable True Client IP Header

      true (check)

      Edge Services - General

      True Client IP Header Name

      True-Client-IP (or other; see below)

      Edge Services - General

      Enable Edge Server Identification

      false (uncheck)

      Note: Choosing a name for the True-Client-IP header other than the default may provide additional security by preventing malicious users from spoofing this header. Make a note of the value chosen for the header. You will need to configure it on the WebApp Secure side.

    4. After making these changes, scroll to the bottom of the page and activate the new Akamai configuration as you normally would.
    5. Once you have verified that your new Akamai configuration has gone live, log into the WebApp Secure web UI. If you are configuring Akamai support for an application, browse to that application's configuration page. Otherwise, browse to the Content Delivery Network section of the Security Engine configuration (or use the Configuration CLI). Make the following changes:

      Table 2: WebApp Secure Configuration Settings for Akamai Support

      Parameter ID

      Parameter Name

      Value

      engine.cdn.akamai.enabled

      Akamai: Enabled

      true

      engine.cdn.akamai.true_client_ip

      Akamai: True-Client-IP Header

      (value specified in Akamai configuration)

      engine.cdn.akamai.incidents.spoofing.enabled

      Akamai: Spoofing Incident Enabled

      true or false

    6. Set Akamai Enabled to true and True-Client-IP Header to the value that you configured in the Luna Control Center.

      Note: If you want a security incident to be triggered when a client attempts to spoof a request through Akamai, you may enable the Akamai Spoof Attempt incident. This incident carries a severity of Medium and may be incorporated into custom Autoresponse rules.

    Published: 2013-11-20