Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Related Documentation


    Configure Support for Akamai Dynamic Site Accelerator

    You can configure WebApp Secure to work with a site that utilizes Akamai Dynamic Site Accelerator. You will need to make minor changes to your site's configuration in the Akamai Luna Control Center and in the Content Delivery Network section of the Security Engine configuration screen in the Web UI.

    To make the necessary changes, do the following:

    1. Log into Luna Control Center and select the Configure tab.
    2. Click the link corresponding to the desired site configuration under Configuration Name.
    3. On the next screen, find the currently-active configuration and click Create Version from... in the right-hand column. Make the following changes:

      Table 1: Luna Control Center Configuration Changes

      Configuration Section



      Honor HTTP Cache-Control and Expires Headers

      Cache Control Headers

      false (uncheck)

      Honor HTTP Cache-Control and Expires Headers

      HTTP Expires Headers

      false (uncheck)

      Browser Cache Control Headers

      Pass through the origin's Cache-Control headers to the browser

      true (select)

      Browser Cache Control Headers

      Pass through all origin cache control headers

      true (select)

      Edge Services - General

      Enable True Client IP Header

      true (check)

      Edge Services - General

      True Client IP Header Name

      True-Client-IP (or other; see below)

      Edge Services - General

      Enable Edge Server Identification

      false (uncheck)

      Note: Choosing a name for the True-Client-IP header other than the default can provide additional security by preventing malicious users from spoofing this header. Make a note of the value chosen for the header. You will need to configure it on the WebApp Secure side.

    4. After making these changes, scroll to the bottom of the page and activate the new Akamai configuration as you normally would.
    5. Once you have verified that your new Akamai configuration has gone live, log into the WebApp Secure Web UI. If you are configuring Akamai support for an application, browse to that application's configuration page. Otherwise, browse to the Content Delivery Network section of the Security Engine configuration (or use the Configuration CLI). Make the following changes:

      Table 2: WebApp Secure Configuration Settings for Akamai Support

      Parameter ID

      Parameter Name



      Akamai: Enabled



      Akamai: True-Client-IP Header

      (value specified in Akamai configuration)


      Akamai: Spoofing Incident Enabled

      true or false

    6. Set Akamai Enabled to true and True-Client-IP Header to the value that you configured in the Luna Control Center.

      Note: If you want a security incident to be triggered when a client attempts to spoof a request through Akamai, you can enable the Akamai Spoof Attempt incident. This incident carries a severity of Medium and can be incorporated into custom Autoresponse rules.

      Note: If WebApp Secure is configured to function alongside Akamai and a direct request comes in to the web server's backend, a warning will appear in mws.log, indicating "Unexpected direct access to origin server. This could be malicious or it could be origin site maintainers doing checkout." While this could be malicious, it could also be an indication that the site maintainer is doing work directly with the backend. It is always safe to confirm these direct backend requests with the webmaster.


    Related Documentation


    Published: 2015-02-04