distil networks portal guide · portalguide distil networks portal guide new distil platform -...
TRANSCRIPT
PORTALGUIDE
Distil Networks Portal GuideNew Distil Platform - Released September 2017
(w) www.distilnetworks.com
(p) 415-413-0831
2 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Table of ContentsINTRODUCTION
SUPPORTED BROWSERS
LOGGING IN TO THE DISTIL PORTAL
WEB SECURITY OVERVIEW
Domains Dashboard
Reports
- Reports Dropdown
- Threat Analysis
- Premium Reports
Settings
- Protect Your Content
- Improve Website Performance
API SECURITY OVERVIEW
Web and Mobile App API Overview
Web and Mobile App API URL Management Overview
- Adding a Web and Mobile App API URL
Web and Mobile App API Settings Overview
- Managing Web and Mobile App API Settings
- Editing Web and Mobile App API URL Settings by Path
- Managing Web and Mobile App API Reports Overview
SUBSCRIBER API OVERVIEW
API DOMAIN MANAGEMENT
Adding a Domain
Managing Domains
Settings Overview
Security Settings Overview
- Adding a New Rule
Reports Overview
- Traffic Classifications
4
5
5
6
7
9
9
13
16
19
20
40
42
44
44
47
49
50
56
62
68
69
69
70
71
73
74
77
77
3 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
UNIVERSAL ACCESS CONTROL LISTS OVERVIEW
My ACLs
Creating a New ACL
- Adding Associated Rules
- Adding Associated Paths
- Managing Associated Rules
- Managing Associated Paths
- Deleting ACLs
Distil Published ACLs
AUDIT LOG
ACCOUNT MANAGEMENT & USER SETTINGS
Account Management
- User Management
- Password Protection Settings
- Email Notification Settings
User Settings
HELP
79
80
81
83
87
88
91
92
93
97
98
98
99
100
102
104
105
4 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
IntroductionThis guide outlines how to configure, monitor, and tailor your Distil
Networks deployment within the Distil Portal, including:
Web Security
Configure and manage content protection, distribution, access lists,
and extensive reports associated with Distil’s web security solution.
API Security
Manage your API domains and configure API endpoint protection
settings. Also view detailed, filterable reports associated with Distil’s
API security solution. This section includes Web & Mobile App API and
Subscriber API solutions.
Universal Access Control List
Configure your own ACLs and utilize Distil-published ACLs to blacklist
and whitelist access to your protected web and API domains. Rather than
manually tailoring an ACL for each new domain, simply create a universal
ACL, configure the access rule(s), and then add the domain(s) to the list.
Account Management and User Settings
Manage your Distil account. Modify user contact information and
password settings, regenerate your Distil authentication token, and
configure additional two-factor authentication settings.
Audit Log
Review actions and updates related to your Distil deployment. This
includes actions taken by members of your organization in addition to
automated actions taken by Distil.
Help
Launch Distil’s online knowledge base to search help articles, or contact
5 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Supported BrowsersComprehensive platform testing has been performed to ensure functionality
using the following desktop web browsers:
• Chrome
• Safari
• Firefox
• Internet Explorer
Logging in to the Distil PortalLog in and password creation instructions are sent to you in an email once
you have signed up for a Distil Networks account.
6 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security OverviewWebsite content and performance is continually threatened by malicious bots
finding increasingly complex and sneaky ways to infiltrate or attack it.
Bad bots and their attacks assume any number of guises and use a variety of
tricks to circumvent even the sturdiest of security checkpoints.
Protecting your site from them requires:
• Extensive tracking of their attempts
• Learning their methods
• Adapting your protection tool suite to meet the ongoing challenge
they present
Located in the Distil Portal, the Web Security area provides all of the
necessary tools you’ll need to manage your site protection, including:
7 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Domain Dashboard
Quickly access settings and reports associated
with your protected domains.
Reports
Review extensive traffic and threat reports
surrounding your domains.
Settings
Efficiently manage all domain protection
aspects, including custom pages, IP whitelisting
and blacklisting, country block list, content
distribution and more.
Web Security Overview
DOMAINS DASHBOARD
Use the Domains Dashboard as a handy way to
locate and manage various domains managed
within your account, including:
For information on Distil’s
API Security, jump ahead to
the API Security section.
8 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Domains Dashboard
For more information
about adding domains,
read our how-to article:
Adding Domains and
Subdomains.
• Add Domain: Quickly add and configure a new
domain to be protected by Distil.
• Data Filter: Set a specific traffic date range
highlighted on the Domains Dashboard.
• Domain Table: View domain-specific traffic
analyses. Access extensive reports and settings
for your protected domains.
• Account Traffic Overview: View a graphical
representation of traffic across all of your managed
domains —including humans, good bots, bad bots,
whitelisted bots, and total requests.
This overview is similar to
the domain-specific Traffic
Overview report.
9 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports
The Distil Portal offers detailed reports available for all deployments. They provide
extensive traffic overviews for all of your protected domains. Leverage any of them
to make calculated decisions and targeted configurations in balancing the protection
and performance of your sites.
REPORTS
Distil is continually adding and powering up reports available through the portal.
Access them from the Reports Drop Down located in the top menu bar.
They’re organized by:
Traffic Analysis
Review types of incoming traffic and breakdowns of upstream response times and
HTTP errors.
Reports Drop Down
10 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Repots Drop Down
The Traffic Analysis reports group provide a visual representation of how
actual users, good bots, and bad bots affect your website and how it is
handling the traffic.
Traffic Overview
The Traffic Overview Report shows the total request volume for a selected
period, segmented by category. Each request is identified as either a human,
a bad bot, a good bot (search engines, such as Google, Bing, and Yahoo!, as
well as social media, such as Facebook, LinkedIn, Twitter), or a bad bot you
have added to your whitelist.
Traffic Analysis
Use the top date range menu to isolate data for a specific period of time.
Threat Analysis
Drill down to specific threats against your site,
including a threat overview and a deeper
breakdown of bad bots, organizations,
and countries.
Premium Reports
See additional site activity, including a breakdown
of good bots visiting your site, CAPTCHA requests,
click and link statistics, and the top paths or URLs
targeted by bots.
11 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Refer to our Help Center
for more information on
the Traffic Overview report.
Web Security Overview | Reports | Traffic Analysis
Toggle the Scale switch to show page requests in a
linear or logarithmic format.
Upstream HTTP Errors
The Upstream HTTP Errors Report details the number
of errors (4xx and 5xx) returned to Distil by your origin
server. Use this report to correlate events and identify
problems at precise moments in time.
Refer to our Help Center for
more information on the
Upstream HTTP Errors report.
Upstream error responses either:
• Return directly from your origin server
• Indicate no response was received from your origin
• Indicate an invalid response was received from your origin server
12 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Traffic Analysis
NOTE: This report is based on UTC time.
Data is summarized by week, day, and hour.
The Threat Analysis group of reports reveals how extensive threats are
to your site, as well as the various protection mechanisms Distil used to
protect your site from them.
Threat Analysis
13 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Traffic Analysis
Refer to our Help Center for
more information on the
Threats Overview report.
The Threats Overview Report provides
basic metrics on:
1) Bad Bot Classifications
2) Threats by Originating Country
3) Which Distil Threat Responses were triggered
You can filter results based on a certain day or month.
Threat Overview
Bad Bots
More than just a list of associated IP addresses, the Bad Bots Report provides
a dynamic view of the bad bots targeting your site. It’s segmented into a table,
listing the name, classification, and total page requests tied to each bot.
14 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Threat Analysis
Refer to our Help Center
for more information
on the Bad Bots report.
Threats by Organization
Another way to view bad bot information is by lumping
together Internet service provider (ISP) owners,
otherwise known as organizations.
Additionally, the Most Frequent Bad Bots by
Classification graph provides a quick overview of
bad bot activity by classification, while the Most
Frequent Bad Bots graph shows bad bot activity
broken out by category (e.g., Reporting as Chrome,
Reporting as Safari, etc.).
15 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Refer to our Help Center
for more information
on the Threats By
Organization report.
Web Security Overview | Reports | Threat Analysis
Bots often come from inexpensive hosting
environments such as Amazon and WeHostWebSites;
they’re able to cycle through a variety of IP addresses
and spin up/spin down different nodes.
With this report you’re able to click a given ISP and see
a list of IPs from which these violators are coming.
Malicious Countries
The Malicious Countries Report offers an interactive
map showing where bad bot threats are coming from.
Hover your mouse over any country on the map, or
click View Info Table to convert the data to
a table view.
Refer to our Help Center fo
rmore information on the
Malicious Countries Report
Trap Analysis
The Trap Analysis Report displays traps and threat
responses by category, triggered by bad bot activity
for a selected date range.
Refer to our Help Center for
more information on the
Trap Analysis report.
16 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Threat Analysis
Premium Reports let you view additional site activity—including a breakdown of
good bots visiting your site, CAPTCHA requests, click and link statistics, and the
top paths or URLs targeted by bots.
Click Fraud
The Click Fraud Report shows how many bad bot clicks are hitting your website
through your pay-per-click (PPC) campaigns. Clearly see human versus bad
bot clicks. Review detailed, daily click fraud reports across all your advertising
networks. Select a specific agency to view even more detail about activity. This
report helps you understand where you should (and maybe shouldn’t) invest
more resources.
Use this data as evidence to get a refund or credit from your PPC provider.
Premium Reports
Click a category to view the associated IPs and the number of violations. This
report is useful to see how bad bots are behaving on your website.
17 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Premium Reports
Captcha Requests
The CAPTCHA Requests Report displays how often
a CAPTCHA was served, solved, failed, or if no
attempts were made for a specified date range. This
report identifies how much traffic is challenged by
a CAPTCHA and which actions were taken on the
corresponding form.
Refer to our Help Center for
more information on the
Click Fraud report.
Refer to our Help Center
for more information on the
CAPTCHA Requests report.
18 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Premium Reports
Good Bots
The Good Bots Report conveys how good bots are
crawling your site across different days. Globally
recognized “good bots” are whitelisted on the Distil
platform as those you want crawling your site.
Refer to our Help Center for
more information on the
Good Bots report.
Targeted Content
The Targeted Content Report provides a quick and
comprehensive overview of the top URLs being
targeted by malicious bots per domain.
Refer to our Help Center
for more information on the
Targeted Content report.
These largely include search engine crawlers
(Googlebot, Bingbot, Yahoo Slurp, Baidu, Lycos,
Yandex, etc.) and social media crawlers (e.g.,
Facebook, LinkedIn, Twitter, Google+).
19 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Reports | Premium Reports
With it you can:
• Understand the nature of your bot problem
• Perform ROI analysis on each incoming bot threat
• Configure key protection settings to improve detection and security
actions for targeted pages
SETTINGS
20 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings
Protect Your Content
The Protect Your Content section organizes various settings used to
guard your site resources.
Content Protection Settings
The domain settings area provides a series of simplified options to let you
configure highly technical protection settings. Here you can create automated
rules and actions that respond to predefined threats and attacks.
The Content Protection settings let you change how Distil responds to
various threats.
Click Edit Default Settings to modify content protection settings for the
entire domain.
The domain settings area provides a series of simplified options to let you
configure highly technical protection options. Here you can create automated
rules and actions that respond to predefined threats and attacks.
To access content protection settings for a domain:
1) Log in to the Distil Portal.
2) Select a domain from your Domains dashboard.
3) Click Settings on the banner menu.
21 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Alternately, click Edit Settings by Path to modify content protection settings
for specific paths.
Editing Default Settings
By editing a domain’s default settings, you can configure automated
responses to thwart attacks against your entire site and all of its content.
You can also tailor specific settings for individual paths.
To access default content protection settings for a domain:
1) Log in to the Distil Portal.
2) Select a domain from your Domains dashboard.
3) Click Settings on the banner menu.
4) Click Edit Default Settings in the Content Protection section.
22 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Automated Threats Policy
Known violators, known violator data
centers, identities, aggregator user
agents, and automated browsers.
JavaScript Injection Configuration
JS delay, threshold, location, prefix,
and generated encoding.
Machine Learning Policy
Estimated graph and threshold slider.
Rate Limiting Policy
Pages per minute, pages per session,
and session length.
Content protection settings are organized
by tabs, including:
You can activate multiple threat responses for Distil to use in automatically
mitigating threats.
NOTE: All of these settings default to monitor-only mode for new customers.
23 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Automated Threat Responses
Automated threat responses include:
• Monitor: Identify bots without taking any action. Distil automatically runs
our entire detection suite, but does not take action. However, Distil does
embed an X-Distil bot header that identifies the type of bot and the
different threats that it failed, if applicable.
• CAPTCHA: Present a CAPTCHA form to verify incoming questionable
requests. CAPTCHA forms are less aggressive than a block page but do
provide an effective Turing test against malicious bots.
• Block: Present a form where an end user can submit a request to
be unblocked. The Distil support team handles unblock requests,
subsequently investigating and unblocking validated requests. Unblock
requests are rarely completed by a human user who has been improperly
flagged as a bad bot. Instead, they are completed by a bot designed to
spam forms. When necessary, Distil unblocks legitimate users.
• Drop: Serve a drop page to the requester indicating their access to the
content has been blocked. The requester is unable to request access or
complete additional CAPTCHA forms.
24 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Automated Threats Policy
Web Security Overview | Settings | Protect Your Content
Known Violators
Distil maintains a shared access control list (ACL) of prior threats that have already
been detected across our network. For example, if we have detected a known
violator on another site, your own site is automatically protected from that threat.
Known Violator Data Centers (KVDC)
Distil also maintains a list of data centers that commonly host malicious requests.
Blocking any traffic from such data centers on first request, the list includes both
common cloud and managed hosting providers (e.g., Amazon and Rackspace).
Distil is continually curating and updating our KVDC list.
25 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Identities
Distil verifies the identity of incoming requests. Malicious bots can easily spoof
user agents by masquerading as a good bot (e.g., Googlebot). Distil forces two-
factor authentication for all good bots, verifying that they’re coming from correct
user agents. We then confirm that each request maps to one of the IP addresses
within the range of the corresponding bot. If it doesn’t, the request is flagged as a
malicious attempt.
Aggregator User Agents
Next, Distil checks a homegrown list of known malicious aggregator user agents.
These provide zero value to your site and can also crawl certain parts of it in
a harsh manner—potentially impacting performance and reliability. Unless you
require complete and open access to such tools as RSS or Atom feeds, Distil
recommends blocking these request types.
Automated Browsers
This final step examines different automation tools that might be built into
the browser, such as Selenium and PhantomJS. Distil catches these types of
tools by using stream injections with small JavaScript snippets or embedding
honeypot links to see if a bot gets caught in those types of traps. This is all
done asynchronously with the page load; your site doesn’t experience negative
performance issues on account of these actions.
26 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
JavaScript Injection Configuration
JavaScript (JS) injection lets Distil insert a script into HTML pages
served from your website, providing browser hi-def fingerprinting.
Important notes about our JS tests:
• Distil Networks uses first-party cookies on websites. The cookie is
only accessible on the website you’re currently visiting, much like
a login cookie would be.
• Distil doesn’t require cookies to be enabled by the client in order
to complete our JS test.
• Distil doesn’t collect any personally identifiable information (PII) in
our JS test.
• This Distil JS code is processed after all other JS execution.
27 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Force Identify
When enabled, this requires all users to pass Distil’s JavaScript tests on
their first page request. We inject a script into HTML pages served from your
site, forcing each client to provide browser information. This helps build the
hi-def fingerprint associated with each request.
JavaScript Delay
When enabled, Distil delays the JS injection until after all other page
elements load.
NOTE: If a client leaves before JS injection occurs, it will not be identified.
JavaScript Threshold
Set the number of times a client can access your site without identifying
itself. DIstil serves the JS validation page to the client if its number of
requests surpasses this threshold.
NOTE: This setting is only available in the default setting for the domain.
You cannot set JS threshold for a specific path.
JavaScript Injection Location
Set the location where Distil injects the JS script. By default, we inject this
script before the '</head>' tag.
NOTE: This setting is only available in the default setting for the domain.
You cannot set a JS injection location for a specific path.
JavaScript Prefix
Set a specific prefix for the randomized JS injection. For example, if you
enter /ga in the JavaScript Prefix field, the injected string begins with /ga
when your Distil-protected site loads JS on a page
NOTE: JavaScript Prefix is only available in the default setting for the domain.
You cannot set JS prefix for a specific path
28 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Generated Encoding
Set how the injected JS name is randomized.
Available options:
• Alphabetic: Uses alphabetic characters to randomize the fetched Distil
JavaScript file name. Example: /ga.abcdef.js.
• Numeric: Uses numerals to randomize the fetched Distil JavaScript file
name. Example: /ga.123456.js.
• Static: Uses a static filename for the Distil JavaScript filename.
NOTE: Alphabetic and Numeric JS scripts rehash every five minutes.
Static JS scripts do not rehash.
For example, if you enter /ga in the JavaScript Prefix (shown above) and
set Generated Encoding to Numeric, this results in a script formatted as
/ga.6587.js.
NOTE: This setting is only available in the default setting for the domain.
You cannot set generated encoding for a specific path.
29 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Machine Learning Policy
Distil’s machine learning feature adds yet another layer of protection by
using behavioral modeling and pattern recognition to parse out bad users
and bots from good traffic. Machine learning settings let you set both the
threshold and protective action taken when Distil perceives a threat.
The machine learning graph displays a predictive estimate of the number
of blocked requests based on your account’s machine learning threshold.
It shows how users are blocked as you increase or decrease the machine
learning scale.
30 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
NOTE: The graph shows data for the entire domain and is based on historical
data covering the past seven days.
Use the Action dropdown list to set the responsive action taken when
Distil’s machine learning suspects a malicious bot is attempting access.
NOTE: This scale only affects requests identified by machine learning. Distil’s
primary web security protection identifies malicious bots no matter how
aggressive your machine learning is set.
The machine learning scale sets threshold aggressiveness.
31 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
• Less Aggressive: Slide the control left to decrease the machine learning
threshold. Caution: Doing so potentially lets through bots with
human-like behavior.
• More Aggressive: Slide the control right to increase the machine
learning threshold. Caution: Doing so potentially blocks human requests
that show bot-like behavior.
Rate Limiting Policy
The Rate Limiting Policy section lets you configure automated responses
that react when a request amount or user behavior is above normal human
rates. It comes in handy for blocking either bots or nefarious users who run
automated scripts to quickly evaluate links and scrub your site’s content.
32 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
These rate limits are broken out by:
• Pages Per Minute: Limits the number of pages visited in one minute.
• Pages Per Session: Limits the number of pages visited during a
single session.
• Session Length: Limits the amount of time spent on the domain during
a single session.
Our system automatically machine-learns once you’ve onboarded a
domain with Distil, creating normal human behavioral models for your
site. After we have collected traffic for four to five days, our system makes
recommendations as to where you should set rate limiting thresholds.
Alternately, you can manually set thresholds to any limit at any time and set
an automated action when a rate limit is surpassed.
Web Security Overview | Settings | Protect Your Content
33 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
The rate limit graphs show data for your entire site, rather than a specific
domain. Each rate limit type provides a graph showing the number of visitors
to your site, your current rate limit setting, and Distil’s recommended setting.
Use this graph to dial the rate limit setting up or down according to your
business needs.
NOTE: The graphs shows traffic for the entire domain, rather than a specific path.
Web Security Overview | Settings | Protect Your Content
Editing Path Settings
Once you’ve configured default settings for your domain(s), tailor specific
settings for individual paths. This is especially useful for site pages
requiring unique sets of protection policies.
To access content protection settings by path:
1) Log in to the Distil Portal.
2) Select a domain from your Domains dashboard.
3) Click Settings on the banner menu.
4) Click Edit Settings by Path in the Content Protection section.
34 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Use the path table to manage your content protection settings, including:
• Priority: The path priority in relation to other configured paths.
• Path: The specific path configured for the content protection setting.
• Match Type: The path match type, either Contains or Pattern.
Click Edit Priorities to reorganize the priorities of your paths.
35 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Adding a Path
To apply content protection settings to a specific path, you must
first add a new path:
1) Click + Add a Path
2) Assign a priority to the path setting.
NOTE: This field automatically assigns the highest priority (1) to the path setting.
Manually enter a value to lower the priority.
3) Enter the path you are configuring.
36 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
4) Select a Match Type.
a. Contains: The content protection setting will
apply to any path that contains the string you
enter in the Path field (above).ys before a
password is considered expired.
b. Pattern Match: The content protection setting
applies to any path that matches the Lua pattern
you enter in the Path field (above).
5) Configure the path content protection settings, where applicable. Path-specific
content protection settings are inherited from the default content protection
settings and appear as Domain Default [action type] in the dropdown menu.
6) Click Save.
37 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Protect Your Content
Prioritizing Your Paths
Now that you’ve created paths, arrange their priority. Paths having a higher
priority (closer to 1) take precedence over those having a lower priority.
There are three ways to set path priority:
• Edit Priorities: Click Edit Priorities on the path table to manually edit
the Priority fields. Change the priority of one or multiple paths at a time,
and then click Save.
Alternately, drag the row selector of a single row to change the path priority.
• Edit Path: Select a single path from the path table, manually enter a priority
number, and then click Save.
• Drag and Drop: Hover over a single entry in the path table to
enable the row selector. Drag and drop the row up or down.
38 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Deleting A Path
There are two ways to delete a path:
• Edit Priorities: Click Edit Priorities on the path table to enable the delete
(trash) icon. Delete one or multiple paths at a time and then click Save.
• Edit Path: Select a single path from the path table and then click Delete Path.
Web Security Overview | Settings | Protect Your Content
39 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Custom Pages
Custom Pages
Distil hosts a number of default pages, but you also
have the option to custom-brand those pages with any
sort of messaging that you wish to provide. Customize
the Block, CAPTCHA, JavaScript validation, Drop,
Catch-all, and Error pages that a visiting bot will receive
when accessing their website.
Review our Creating Custom
Pages support article for
more information regarding
custom pages.
The pages exist on the protected website, allowing
customers full control over the pages they're serving as
a response.
40 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Improve Website Performance
Depending how content is distributed, domain settings let you tweak the
overall performance of your website.
Content Distribution
Content distribution settings let you improve your site’s performance by
enabling content cache and compression.
NOTE: These settings largely pertain to cloud customers. In cloud deployments, Distil
acts as a reverse proxy to cache static assets, thereby offloading bandwidth from your
origin server. Managing your cache through the Distil portal lets you enable content
caching. Here you can also set caches, for both dynamic and static files, to expire
within a set number of minutes. Additionally, you can enable the caching of URLs not
having an extension, mobile content, and specific file types or extensions (e.g., .HTML,
.HTM, .CSS, .PHP).
Improve Website Performance
41 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web Security Overview | Settings | Improve Website Performance
Caching static content instructs the Distil nodes to cache and serve
JavaScript, CSS, and images from our edge. When enabled, Distil respects
the Cache-Control headers you have set for any content which is held in, or
served from, cache. As a fallback for content without Cache-Control headers
set, you can manually select a TTL setting in the Distil Portal.
Caching of dynamic content follows the same rules as static content. In
addition to cache enabling, the Distil Portal offers you additional control to
select/deselect the resource types to be cached.
Content distribution settings also give you
the option to:
• Disable or enable bypass cookies and
forced www reroutes
• Enter custom client IP headers
• Configure proxy upstream timeouts
Managing multiple domains? Apply
your content distribution settings
to additional domains in bulk.
42 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Security Overview
Distil’s Web Security solution protects your websites’ content through an
evolving mix of detection methods, response actions, and more. Our Bot
Defense for API introduces protection that is of equal importance in defending
against automated attacks, API abuse, and developer errors.
Whether your APIs power a frontend website, partner data access, or a mobile
client, Distil automatically protects them and enforces all business rules you’ve
put in place:
• Comprehensive Protection- Rest easy knowing your websites, mobile
apps, and API servers are protected from bot attacks.
• Enables a Secure Approach to API-first Development- Reap all the
benefits of rich user experiences and continuous product innovation
without sacrificing security.
• Complements API Management Solutions- Deploy as a standalone
solution or add advanced bot defense to your existing API management
solution or API gateway.
43 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Security Overview
• Verifies Traffic to API Serve- Ensures that only legitimate humans have
access to your API server.
• Verifies Traffic to Mobile App APIs- Ensures that only legitimate humans
on real mobile devices have access to your mobile application.
• Automated API scraping- By way of your API, malicious bots directly pull
down online content and data within minutes.
• Changes the Game- Makes abusing your mobile app APIs cost prohibitive.
Forces all but the most heavily resourced and determined adversaries to
throw in the towel.
• Cost Savings- Reduce the volume of API calls, saving infrastructure costs.
This section covers both aspects of Distil’s Bot Defense for API:
Web & Mobile App API
Distil protects the API servers that power your dynamic web API and
mobile applications.
Subscriber API
Distil protects the API servers that power your website by verifying a
human is using a verified browser to gain access.
44 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
WEB & MOBILE APP API OVERVIEW
This section outlines how to configure, monitor, and manage the protection of
your web and app APIs within the Distil Portal.
For subscriber (token-based) API protection, refer to section II. Subscriber API
Overview.
The Web & Mobile App API area of the Distil Portal provides all of the
necessary tools you’ll need to manage your APIs, including:
Web & Mobile App API URL Management
Add and manage your API URLs
API URL Settings
Access content protection settings and configure custom pages
API Security Settings by Path
Tailor security rules to monitor and/or block requests for individual APIs
Web & Mobile App API Reports
View detailed reports of traffic (and violators) requesting access to your APIs
WEB & MOBILE APP API URL MANAGEMENT
OVERVIEW
Use the API URL dashboard as a handy way to locate and manage various API
domains managed within your account, including:
• API Requests- View a graphical representation of traffic across all of your
managed API domains—including good requests, bad requests, and total
requests. This overview is similar to the Traffic Analysis report.
API Security Overview | Web & Mobile App API Overview
45 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
• Add API URL- Quickly add and configure a new API URL to be
protected by Distil.
• Data Filter- Set a specific traffic date range highlighted on the
API Domains dashboard.
API Security Overview | Web & Mobile App API URL Management Overview
46 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
• API URL Table- Select an API URL to access extensive reports and
settings for your protected API URLs.
If an API URL has multiple paths, click the number in the Path column to view
and access them.
API Security Overview | Web & Mobile App API URL Management Overview
47 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Adding a Web & Mobile App API URL
1) Log in to the Distil Portal.
2) Click API Security on the top banner menu, then select Web & Mobile
App API.
3) Click Add API URL.
4) Enter the API URL.
API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API URL
48 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
NOTE: You can only add an API URL that correlates to a registered domain in the
Web Security section. For more information on adding a domain in Web Security,
refer to our article on Adding Domains.
5) Select an Identity Provider to set the type(s) of traffic allowed to access
the API, including:
a. All- Allows both web security traffic and mobile SDK traffic types.
b. Web Security- Allows only requests having a web security token.
Does not allow requests having a mobile SDK token.
c. Mobile SDK- Allows only requests having a mobile SDK token. Does
not allow requests having a web security token.
6) Click Add API URL.
The API URL has now been added to the Domain Management table. You
can now add specific API paths, manage settings, and view reports.
API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API URL
49 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
WEB & MOBILE APP API SETTINGS OVERVIEW
Web & Mobile App API settings provides a series of simplified options to let
you configure highly technical protection. Here you can create automated
rules and actions that respond to predefined threats and attacks.
To access content protection settings for a web and/or mobile app
API domain:
1) Log in to the Distil Portal.
2) Click API Security on the top banner menu, then select Web & Mobile
App API.
3) Select a domain from your Web & App API Domains dashboard.
4) Click Settings on the banner menu.
API Security Overview | Web & Mobile App API Settings Overview
50 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API URL settings comprise:
• Content Protection – Click Edit Settings by Path to edit settings by
specific API URL paths—including policies for automated threats, rate
limiting, and mobile.
• Custom Pages – Click this link to access the Web Security
Custom Pages.
Managing Web & Mobile App API Path Settings
Tailor specific settings for individual API paths. This is especially useful for
APIs requiring unique sets of protection policies.
To access content protection settings by path:
1) Log in to the Distil Portal.
API Security Overview | Web & Mobile App API Settings Overview
51 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
2) Click API Security on the top banner menu, then select Web & Mobile
App API.
3) Select a domain from your Domains dashboard.
4) Click Settings on the banner menu.
5) Click Edit Settings by Path in the Content Protection section.
API Security Overview | Web & Mobile App API URL Management Overview | Managing Web & Mobile App API Path Settings
52 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Use the path table to manage your content protection settings, including:
• Priority – The path priority in relation to other configured paths.
• Path – The specific path configured for the content protection setting.
• Match Type – The path match type (either Contains or Pattern).
6) (Optional) Click Edit Priorities to reorganize the priorities of your paths.
Adding a Web & Mobile App API Path Setting
To apply content protection settings to a specific path, you must first
add a new path:
1) Log in to the Distil Portal.
API Security Overview | Web & Mobile App API URL Management Overview | Managing Web & Mobile App API Path Settings
53 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
2) Click API Security on the top banner menu, then select Web & Mobile
App API.
3) Select a domain from your Domains dashboard.
4) Click Settings on the banner menu.
5) Click Edit Settings by Path in the Content Protection section.
API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API Path Setting
54 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
6) Click + Add an API URL.
7) Enter the path you are configuring.
8) Select a Match Type.
a. Contains – The content protection setting applies to any path
containing the string entered in the Path field (above).
b. Pattern Match – The content protection setting applies to any path
matching the Lua pattern entered in the Path field (above).
API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API Path Setting
55 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
9) Configure the path content protection settings, where applicable.
10) Click Save.
Prioritizing Your Paths
Once you’ve created paths, arrange their priority. Paths having a higher
priority (closer to 1) take precedence over those with a lower priority.
There are two ways to set path priority:
• Drag and Drop – Hover over a path table entry to enable the row selector.
Drag and drop the row up or down to position it.
• Edit Priorities – Click Edit Priorities on the path table to manually edit
the Priority fields. Change the priority of one or multiple paths at a
time, and then click Save.
API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API Path Setting
56 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Deleting a Path
There are two ways to delete a path:
• Edit Priorities – Click Edit Priorities on the path table to enable the delete
icon. Delete one or multiple paths at a time and then click Save.
• Edit Path – Select a single path from the path table and then click
Delete Path.
Editing Web & Mobile App API URL Settings by Path
By editing a domain’s default settings, you can configure automated
responses to thwart attacks against your entire site and its content. You
can also tailor specific settings for individual paths.
API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API Path Setting
57 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
To access content protection settings for an API path:
1) Log in to the Distil Portal.
2) Click API Security on the top banner menu, then select Web & Mobile
App API.
3) Select an API URL from your API URLs dashboard.
4) Click Settings on the banner menu.
5) Click Edit Settings by Path in the Content Protection section.
API Security Overview | Web & Mobile App API URL Management Overview | Editing Web & Mobile App API URL Settings by Path
58 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Automated Threats Policy
No Distil identifier and known threat
detection.
Rate Limiting Policy
Requests per minute and requests
per session.
Mobile Policy
Bad client and invalid or expired token.
Content protection settings are organized
by tabs, including:
You can activate multiple threat responses for Distil to use in automatically
mitigating threats.
NOTE: All of these settings default to monitor-only mode for new customers.
Automated Threat Responses
Automated threat responses for dynamic web APIs include:
• Monitor – Identify bots without taking any action. Distil automatically
runs our entire detection suite, but does not take action. However,
Distil does embed an X-Distil bot header that identifies the type of bot
and the different threats that it failed, if applicable.
• Drop – Distil serves a drop page to the requester with the associated
violation indicating their access to the API has been blocked.
NOTE: The Mobile Policy tab is only available
for mobile SDK URLs.
API Security Overview | Web & Mobile App API URL Management Overview | Editing Web & Mobile App API URL Settings by Path
59 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Automated Threats Policy
Automated threat responses for dynamic web APIs include:
No Distil Identifier
Distil inspects each API request for an identifier denoting how the requested
API URL is used. If the associated identifier does not match the API URL’s
Identifier Provider (configured when adding the API URL), or does not have a
Distil identifier, then Distil automatically responds with the configured threat
response.
For example, an API URL is configured with the Identity Provider of Web
Security. If an API request for the URL is made using a mobile app built with
the mobile SDK, then the request’s Distil identifier is Mobile SDK and Distil
responds with the configured automated response.
Known Threat Detected
Distil maintains a shared access control list (ACL) of prior threats that have
already been detected across our network. Known Threats include a mix
of known violators, data centers, identities, aggregator user agents, and
automated browsers. For example, if we have detected a known violator on
another site, your own site is automatically protected from that threat.
API Security Overview | Web & Mobile App API URL Management Overview | Editing Web & Mobile App API URL Settings by Path
60 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Rate Limiting Policy
Requests Per Minute
Set the max number (Threshold) of requests per minute and the automated
response (Action) Distil takes if a user bypasses the threshold.
Requests Per Session
Set the max number (Threshold) of requests per session and the automated
response (Action) Distil takes if a user bypasses the threshold.
NOTE: Requests Per Session is only applicable to web security API URLs.
API Security Overview | Web & Mobile App API URL Management Overview | Editing Web & Mobile App API URL Settings by Path
61 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Bad Client
Set the automated response Distil takes if a request is made using a bad
client, such as an emulator, simulator, rooted or jailbroken device, or an
automation tool.
For example, when you set Bad Client to Drop and a visitor uses an iPhone
emulator to make a request, Distil detects the simulator as a bad client and
serves a drop page to the visitor.
Invalid or Expired Token
Set the automated response Distil takes if a request is made with an invalid
token or an expired token, such as an invalid app signature or an unsupported
version of the SDK.
Mobile PolicyNOTE: The Mobile Policy tab is only available for mobile SDK URLs.
API Security Overview | Web & Mobile App API URL Management Overview | Editing Web & Mobile App API URL Settings by Path
62 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Web & Mobile App API Reports Overview
Similar to Distil’s Web Security reports, API Security reports provide integral
information about the traffic and actions protecting your APIs.
Traffic Analysis
Traffic Analysis lets you view your API requests and take additional action on
offending violators.
Total Daily Requests provides a graphical representation of all API request traffic
for a path and specific date range, including good requests, bad or malicious
requests, and the total number of requests.
Use the top filter menu to drill down to a specific API path and focus on a given
date range.
API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview
63 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
How we protected you shows the automated threats Distil served to
violating requests.
Top 5 Request Paths with Violations
Top 5 Request Paths with Violations shows the paths being hit by
malicious requests, including:
• Request Path – The specific API path.
• Bad Requests – The total number of bad requests.
API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview
64 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Click Show All or select any record from the table to see additional
information in the Bot Report.
Top 5 IPs with Violations
Top 5 IPs with Violations shows the top IPs with malicious requests,
including:
• IP Address – The specific IP address.
• Bad Requests – The total number of bad requests.
Click Show All or select any record from the table to see additional
information in the Bot Report.
API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview
65 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Click Show All or select any record from the table to see additional
information in the Bot Report.
Top 5 Violations
Top 5 Violations shows the top violations for all requests accessing your API
domain, including:
• Violation – The specific violation.
• Bad Requests – The total number of bad requests.
API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview
66 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Bot Report
Accessible via Top 5 Request Paths with Violations, Top 5 IPs with
Violations, and the Top 5 Violations, the Bot report provides additional
insight into malicious requests attempting to access your APIs.
To access the Bot report:
1) Log in to the Distil Portal.
2) Click API Security on the top banner menu, then select Web & Mobile
App API.
3) Select an API URL from your API URLs dashboard.
4) Select Show All or a specific record from either Top 5 Request Paths with
Violations, Top 5 IPs with Violations, or Top 5 Violations.
API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview
67 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Using the Bot report, you can filter your API traffic even further by:
• Path Dropdown – Isolate the Bot report to show data for a specific path
• Date Filter – Set a specific traffic date range highlighted on the Bot report
• Search – Search the Bot report for a specific data point
NOTE: The value to search depends on the selected Value (below).
• Value – Set the specific value shown by the Bot report and use the
Search box (above) to isolate a specific record.
• Bad Requests – Total number of bad requests associated with the
record.
• Bot Details – Additional bot details, including a breakdown of How we
protected you and daily bad requests.
As you drill down into the Bot report data, selected filters appear next to
the Date Filter in the top menu. Remove filters by clicking the X icon for any
given filter.
API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview
68 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Subscriber API OverviewThis section outlines how to configure, monitor, and manage the protection of
your subscriber, token-based APIs within the Distil Portal.
For Web & Mobile App API protection, refer to section III. Web & Mobile App
API Overview.
The subscriber API area of API Security provides all of the necessary tools
you’ll need to manage your APIs, including:
Domain Management
Add and manage your API domains and endpoints using protection settings
and security rules
Settings
Establish basic API domain attributes—including session timeout lengths, token
placement priority and Distil authentication headers
Security Settings
Tailor security rules to monitor and/or block requests for individual APIs
Reports
View detailed reports of traffic (and violators) visiting your site
69 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Domain ManagementThe Domain Management tab holds your API protection configurations. The
first step in protecting an API is to add the domain(s) associated with it.
ADDING A DOMAIN
1) Log in to the Distil Portal.
2) Click API Security on the top banner menu.
Within the Domain Management tab:
3) Click Add Domain.
4) Enter the corresponding information in the Domain
Name and Origin Server (IP address or CNAME) fields.
70 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
5) Click Save Domain.
6) Click Close.
7) Repeat steps 1-6 for each API domain.
The domain has now been added to the Domain Management table.
MANAGING DOMAINS
Use the Domains table to configure additional API settings and security rules.
This can be done for a single or multiple domains at one time.
Select one or several domains in the Domains table
to update settings, configure security rules, or delete them.
Use the Search field to help locate a specific domain, or the pagination
arrows to scroll through pages.
NOTE: Pagination arrows appear once your domain list exceeds 24 domains.
API Domain Management | Adding a Domain
71 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
SETTINGS OVERVIEW
The Domain Configuration Settings page lets you modify API
protection general attributes, including:
• Session Timeout: Set the amount of time (measured in seconds)
a user can be inactive for before their session expires.
• dstlSecure Header: Enter the corresponding header to
authenticate requests coming from Distil.
Token Settings let you to set token-specific API traits for the API,
including:
• Priority: Raise or lower the priority of the token.
• Name of Token: Enter the token name the origin server should
expect with a request.
• Token Locations: This setting tells Distil where to check for your
custom tokens.
• HTTP Status Code for Invalid Tokens: Enter the HTTP status
code the origin server will issue to indicate a token is invalid.
Tokens are flagged as invalid until the Session Timeout passes
without traffic.
API Domain Management | Settings Overview
Click the Settings icon (highlighted in red, on the previous page) to edit
one or more domain configurations.
72 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
In the above example, the server first looks in the header for the
distil_token token. If it doesn’t find it there, it then looks for the
auth_token in the argument, followed by the session_id token in
the cookie, and lastly the tracking token in the header.
API Domain Management | Settings Overview
The Gzip Settings section can be configured to allow/deny the
ability to zip outgoing content requests and unzip incoming
content requests. Additionally, you are able to select specific file
types to zip for outgoing requests.
The Upstream Settings let you route and proxy traffic for specific
API domains through alternate servers that are closer to the actual
origin of the request. It’s primarily of use for on-premise customers.
73 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Domain Management | Security Settings Overview
API security rules let you manage threat actions specific to individual API paths.
Offering high granularity, the degree of protection complexity is up to you.
Click the Security Rules icon (highlighted in red, above) to tailor security
rules for one or more domains.
One option lets you set a trigger action generic to all APIs associated with a
single domain. Alternately, you can dial in specific responses to be triggered at
different threat levels on an individual path basis.
For example:
If you’re managing 100 APIs, you can set a unique rule for each. Set 30 basic APIs
to only monitor traffic, but heighten the security of your 15 most sensitive APIs to
block highly active traffic.
SECURITY SETTINGS OVERVIEW
74 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Domain Management | Security Settings Overview
There are two types of actions available for your APIs:
• Monitor: Capture and identify malicious activity without
blocking access to your APIs.
• Block: Prevent access to your APIs.
By default, all API Security rules are set to allow and monitor all traffic.
Distil won’t block any requests for any reason.
To create a new security rule:
1) Click Add New Rule (highlighted in red, above) on the
Domain Security Settings page.
2) Within the Traffic Security Rules section, enter the desired
security rule name in the Rule Name field.
3) Enter the Specific Path to Match (actual API URL).
Adding a New Rule
75 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Domain Management | Security Settings Overview | Adding a New Rule
Complete the Rate Limiting section to set graduated usage thresholds for
normal and abnormal activity. You can also assign specific actions when any
user session surpasses those limits.
Using graduated API rate limiting, you can set automated multi-tiered actions
to heighten the response level when API activity becomes abusive.
Examples:
Set an initial threshold of Requests Per Minute to Monitor sessions that
exceed 5 requests per minute so you can monitor heightened levels of
activity, then Block sessions with more than 10 requests per minute.
76 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API Domain Management | Security Settings Overview | Adding a New Rule
Limit the number of Tokens Per IP.
Here, your company might have a pricing system based on the number of
API uses or requests in an account. A client might create multiple accounts
to avoid having to pay for additional requests. Set the security rule to Block
traffic using more than one (1) Token Per IP, thereby blocking attempts to cycle
through IPs while accessing your APIs.
Click Update Settings to save and apply your settings to the API path.
This sets a maximum amount of normal activity while blocking access
once the activity becomes abusive.
77 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Use the Access Control List to allow/deny all requests by IP Address,
Country, Header, Organization or Token.
Click Update Settings to save and apply your settings to the API path.
API Domain Management | Security Settings Overview | Adding a New Rule
Similar to Distil’s Web Security reports, API Security reports provide integral,
real-time information about the traffic and actions protecting your APIs.
REPORTS OVERVIEW
Traffic Classifications
Traffic Classifications reports your entire account traffic, giving you a rundown
of the request types accessing your APIs.
NOTE: These requests don’t include browser-related information, such as
browser type or cookies as seen in the Web Security reports.
78 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
API traffic can be classified as:
• Neutral: Requests are passing through without
violating any rules.
• Whitelist: Requests are manually allowed via
your Access List.
• Abusive: Requests are violating rules and/or are
manually blocked via your Access List.
Use the top Filter menu to drill down to a specific
domain and focus on a specific date range.
API Domain Management | Reports Overview | Traffic Classification
For more information on
using your Access List to
block specific organizations,
check out our blog post
on Dissecting the Dynamic
Nature of IP Access Control
Lists (ACL).
Abusive Clients
Similar to the Trap Analysis report available in Web Security, Abusive Clients
provides a summary of all API request violations caught by Distil. Drill down
to each violator to review specific IP addresses targeting your APIs, and
then add those malicious IPs to your Access List. This blocks any further
attempts against your APIs.
Organizations
The Organizations report lists all organizations flagged with a violation. Use
it to review violating organizations and blacklist them via your Access List.
Countries
Similar to the Organizations report, the Countries report shows those
countries flagged with a violation.
Token Distribution Report
The Token Distribution report shows API tokens and IPs prone to malicious
or abusive requests. Use it to isolate and review hashed tokens and IPs.
79 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Universal Access Control Lists OverviewUse access control lists (ACLs) to blacklist and whitelist access to your protected
web and API domains. Rather than manually tailoring an ACL for each new
domain, simply create a universal ACL, configure the access rule(s), and then
add the domain(s) to the list.
For all of your APIs, websites, and web apps, this helps to:
• Block all attempts by malicious users
• Allow all attempts by approved users
In addition to simply tracking by IP address, the Universal ACL
lets you globally blacklist or whitelist by:
• Organization (Amazon, Rackspace, etc.)
• Country
• User agent
• API token
• Device ID (Distil-generated)
• HTTP referrer
Once configured, tailor a series of ACLs according to your business needs and
practices. For example, create an ACL whitelisting your internal tools via API
tokens or IP addresses. Apply it to your API-specific URLs (e.g., api.example.com)
to ensure that only authorized users have access.
Create another ACL that blacklists problematic ISPs via organizations. Apply it to
specific paths in your domain (e.g., www.example.com/sign_in) to block requests
coming from suspect or temporary ISPs.
80 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Additionally, use Distil published ACLs to apply Distil-curated and
-recommended whitelists and blacklists to your domains.
The ACL dashboard presents two tabs:
• My ACLs: ACLs created by you within the Portal.
• Distil Published ACLs: ACLs created and curated by Distil (e.g., adding
file types to Static Content Whitelist).
Universal Access Control Lists Overview
MY ACLs
MY ACLS provides all of the tools you’ll need to manage the ACLs you
create in the Portal, including:
• Search ACLs: Search across all of your ACLs for a specific
data point, such as an ACL name, rule value, or a note.
• Actions: Delete a single ACL or multiple ACLs directly
within the dashboard.
NOTE: You must select one or more ACLs from the table to access
the Actions dropdown menu.
81 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Universal Access Control Lists Overview | My ACLs
• Page Select: Browse through the pages of your ACL or jump to a
specific page.
NOTE: Pagination begins with 11 ACLs.
• + Create a New ACL: Open a blank ACL to create associated rules
and assign them to associated paths.
Click an ACL record to manage and update it, including its:
• Associated Rules: Protective rules associated with the ACL,
including the type, name, access, and notes.
• Associated Paths: Domains and/or specific URLs for pages,
content, and API endpoints.
CREATING A NEW ACL
To create a new ACL:
1) Log in to the Distil Networks Portal.
2) Click Access Control Lists on the banner menu.
82 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
3) Click + Create a New ACL.
4) Enter a name for your ACL.
5) Click Save Access Control List .
Universal Access Control Lists Overview | Creating a New ACL
83 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
To add associated rules to an ACL:
1) Select an ACL from the ACL dashboard.
2) Click + Create or Upload Rule(s) on the ASSOCIATED RULES tab.
The Portal displays a confirmation message. Your newly created ACL
now appears in the ACL dashboard.
You can now tailor your ACL with associated rules to blacklist and
whitelist access. You will apply these rules to associated paths.
Adding Associated Rules
Universal Access Control Lists Overview | Creating a New ACL
84 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
3) Select an option from the Rule Type dropdown menu and then enter a
value in the subsequent field.
4) Set Access Rights, either Whitelist or Blacklist.
5) Select an option from the Expires dropdown menu and then enter
a value in the subsequent field.
Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Rules
NOTE: The option you select from the Rule Type dropdown creates a
corresponding value. For example, choosing IP Address creates an IP
Addresses field where you can enter any number of addresses. Choosing
Country creates a Country field where you can enter a country code.
85 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Rules
NOTE: The option you select from the Expires dropdown creates a
corresponding value. For example, choosing Custom (ISO 8601 format) (shown
below) creates a Date select YYYY-MM-DD field and a Time (UTC) HH:MM field
where you can enter a specific date a time the associated rule will expire.
6) Enter any relevant notes about the associate rule in the Notes field.
86 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Adding Associated Rules in Bulk
You can also set multiple rules at one time by uploading a .CSV file:
Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Rules
1) Click + Create or Upload Rule(s) on the Associated Rules tab.
2) Drag and drop your .CSV file into the upload box, or click
Create to select the .CSV from your computer. The Portal displays
a confirmation message.
7) Click Save Rule(s).
Alternately, you can add associated rules in bulk.
87 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
3) Click Verify the contents of your CSV before uploading to review
the rules before saving.
4) Review the parsed rules. Click Save Rule(s) if they are correct . If
incorrect, click Cancel, adjust your .CSV file, and then repeat steps
1 – 4 to re-upload and review your .CSV file.
Adding Associated Paths
You can now assign your ACL to specific paths, including entire domains
and API endpoints.
To add an associated path:
1) Click Add Path on the Associated Paths tab.
2) Enter a domain in the Domain field.
Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Rules
88 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
3) If adding a specific path, enter it in the Path field. If adding the
entire domain, leave the field blank and select the Include ALL paths
checkbox instead.
4) Click Save Path.
Managing Associated Rules
Use the Associated Rules tab to manage protective rules on an
ACL, including:
• Actions - Select one or multiple rules to edit basic rule settings,
including Type, Access Rights, and Note, or to delete the rule(s).
NOTE: Setting an associated rule to an associated path overrides
those set for an entire domain.
Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Paths
89 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
• Search this list - Search for specific associated rule name or note.
• Page Select - Browse through the pages of your associated rules.
• Export Rules to .CSV Page Select - Select this to downloads all
associated rules for the ACL. Use the exported .CSV to edit and
upload associated rules in bulk. Browse through the pages of your
associated rules.
NOTE: You must select one or more rules from the table to enable the Actions dropdown menu.
Universal Access Control Lists Overview | Creating a New ACL | Managing Associated Rules
90 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
The associated rules table provides an overview of the
ACL rules, including:
• Type - The rule category (e.g. IP, organization, country, header, etc).
• Name - Name of the associated rule.
• Access - Whitelist or blacklist.
• Expires - Date and time the associated rule expires.
• Updated - Date and time the associated rule was last updated.
• Notes - Notes as to why the rule was created.
NOTE: Pagination begins at 11 associated rules.
Universal Access Control Lists Overview | Creating a New ACL | Managing Associated Rules
91 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Use the Associated Paths tab to manage protective rules on an ACL,
including:
Managing Associated Paths
Universal Access Control Lists Overview | Creating a New ACL | Managing Associated Paths
• Actions: Delete the path(s).
NOTE: You must select one or more paths from the table to enable the
Actions dropdown menu.`
• Search this list - Search for specific associated paths by domain, URL,
endpoint, or type (Web or API).
92 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
• Page Select - Browse through the pages of your associated paths.
NOTE: Pagination begins at 11 associated paths.
The associated paths table provides an overview of the ACL paths,
including:
• Paths - Domain, URL, or endpoint.
NOTE: If the path applies to an entire domain, the path ends in a forward slash (/).
• Type - The category of the path (either web or API).
There are two ways to delete ACLs.
Deleting ACLs
From the ACL dashboard:
1) Select one or more ACLs from the ACL table.
Universal Access Control Lists Overview | Managing ACLs | Managing Associated Paths
93 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Alternately, you can:
1) Click a single ACL from the ACL dashboard.
2) Click the 'Trash' icon to delete the ACL.
Universal Access Control Lists Overview | Creating a New ACL | Deleting ACLs
Distil Published ACLs provides all of the tools you’ll need to manage the ACLs
created and curated by Distil (e.g., adding file types to the Static Content
Extensions whitelist). You can choose to apply a Distil published ACL to all of
your domains. You can also enable or disable automatic updates at any time.
DISTIL PUBLISHED ACLs
2) Click the Actions dropdown and then select Delete.
94 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Universal Access Control Lists Overview | Distil Published ACLs
Updates Enabled Updates Disabled
The Distil Published ACLs tab includes:
• Search ACLs - Search across all of your ACLs (including My ACLs and
Distil Published ACLs) for a specific data point, such as an ACL name,
rule value, or a note.
• Page Select - Browse through the pages of Distil Published ACLs or
jump to a specific page.
NOTE: Pagination begins with 11 ACLs.
• Name - Name of the ACL. The green checkmark icon denotes that the
ACL has automatic updates enabled.
95 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Click an ACL record to manage and update it, including:
• ACL Settings - Use this dropdown to manage the ACL.
Enable Updates by Distil - Enables automatic updates from the Distil-
curated ACL. For example, when Distil adds a new extension to the
Static Content Extensions whitelist, it is automatically published to
the whitelist associated with your domains.
NOTE: We recommend using this setting to keep up-to-date.
Disable Updates by Distil - Disables automatic updates from the
Distil-curated ACL (e.g., adding file types to the Static Content
Extensions whitelist).
NOTE: We do not recommend using this setting, as your ACL will not be current
with Distil’s changes.
Apply to all Domains - Applies the ACL to all of your protected domains.
Remove from all Domains - Removes the ACL from all of your protected
domains.
Restore List to Default - Restores the ACL to current defaults. This
removes any updates, additions, or deletions you’ve made to the ACL.
Universal Access Control Lists Overview | Distil Published ACLs
96 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
• Export - Select this to download all associated rules for the ACL. Use
the exported .CSV to edit and upload associated rules in bulk.
• Associated Rules - Protective rules associated with the ACL, including
the type, name, access, and notes. Use this tab to create, upload, or
manage associated rules.
• Associated Paths - Domains and/or specific URLs for pages, content,
and API endpoints. Use this tab to add or manage associated paths.
Universal Access Control Lists Overview | Distil Published ACLs
97 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Audit LogUse the Audit Log to review actions and updates related to your Distil
deployment. This includes those taken by members of your organization and
automated ones taken by Distil. Referring the audit logs is especially useful when
troubleshooting issues, as well as in researching updates and changes.
You can filter log results to show a specific date range, or search for events by
any domain affected by an action or user who took that action. You can also
select a record from the log results to view additional event-specific information.
98 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Account Management & User SettingsThe Distil Portal gives you the ability to view and manage your account details—
including your company’s contact, reporting, billing, and plan information in
addition to your own user settings.
Click your username in the top-right corner of the banner menu and then select
Account Management from the dropdown menu for access. Use this page to
review and manage settings related to your actual account with Distil.
ACCOUNT MANAGEMENT
99 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
The Distil Portal offers basic user management.
There are two types of users:
• Account-level access
• Domain-level access
Within each user type, you can specify whether or not the user has
administrative access or statistics access. Statistics users may not view
configuration information for any domains.
• Account Admin users can modify all settings within the account.
• Account Statistics users can view all reports within the account.
• Domain Admin users can modify all settings for any included domains.
• Domain Statistics users can view all reports for any included domains.
The User Management table provides a high-level view of all users associated
with your account, including:
• Username/Email
• Account-level or Domain-level Access
• Two-factor Authentication status
User Management
Account Management and User Settings | Account Management | User Management
100 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Account admins are able to select a specific user record from
the table to update that user’s access or remove the user from
your account.
To add a new user to your account:
1) Select Add User.
2) Enter the user’s email address.
3) Set the user’s access level (the choices are entire account or a
specific domain).
4) Set the user role to either Admin, Statistics, or No Access.
NOTE (4): No Access is only available for domain-level access. It blocks the user
from accessing domain information in the portal.
5) Select Add User to create the user. A confirmation email with login
instructions is sent to the user.
Account Management and User Settings | Account Management | User Management
Enable password protection settings to heighten the security level of
passwords associated with your Distil account. This tool is especially
useful when aligning password settings with your organization’s
security policies.
Password Protection
101 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
To manage the password protection settings:
1) Toggle Enable Advanced Password Controls to On.
2) Configure additional password settings
a. Password Age: Number of days before a
password is considered expired.
b. Failed Login Attempts Lockout: Number of
failed authentication attempts before a user’s
access is locked.
c. Lockout Period for Failed Login Attempts:
Number of minutes a user’s access remains
locked after too many failed attempts. This is
conditionally enabled when Failed Login
Attempts Lockout is Yes.
d. Password History: Number of previously
used passwords that cannot be reused.
e. Disable Inactive Users: Number of days of
no activity before a user’s access is locked.
3) Select Save Settings.
Account Management and User Settings | Account Management | Password Protection
102 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
For system maintenance and emergency outage notifications, it’s critical to
route the correct message to the right person without delay. Here is how to
add and update unique recipients of such notifications.
Once configured, the email messages are sent directly to the group email
alias, or to a specific member of your team who requires the update.
Email Notification Settings
Account Management and User Settings | Account Management | Email Notifications Settings
1) Log in to the Distil Networks Portal
2) Select Account Management from the top banner.
103 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Account Management and User Settings | Account Management | Email Notifications Settings
Adding an Email Contact
1) Enter the recipient’s email address.
2) Select the notification type from the dropdown.
Types include:
a. All: Emergency and maintenance notifications.
b. Emergency: Unplanned notifications, including
traffic-impacting events on an inline Distil
Networks appliance, DDoS attacks, or any other
events resulting in global network bypass.
c. Maintenance: Planned notifications, including
monthly platform maintenance that potentially
requires system downtime.
3) Click [+] to add the email contact.
Distil Networks automatically sends a confirmation
email to the contact to verify their information.
NOTE: The contact person will not receive Distil Networks
notifications until that person confirms their email by way of the
provided confirmation link.
The yellow exclamation mark icon denotes an unconfirmed email
address. Click resend confirmation to send another confirmation
message to the contact.
104 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Click your username in the top-right corner of the banner menu and
then select User Settings from the dropdown menu for access.
From this page you can:
• Modify user contact information and password settings.
• Regenerate your Distil authentication token.
• Configure additional two-factor authentication settings.
USER SETTINGS
Account Management and User Settings | Account Management | Email Notifications Settings
Removing an Email Contact
1) Click [-] to remove an email contact from your list.
The email contact is no longer associated with your account.
Updating an Email Contact
1) Click [-] to remove the email contact from your list.
2) Re-enter the recipient’s email address.
3) Select the notification type from the dropdown.
4) Click [+] to add the email contact.
105 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.
Available in the bottom-right corner of every page in the Distil Portal, the
Help button provides quick access to Distil’s support knowledge base.
Additionally, select Contact Us to send a question or support request directly
to Distil’s support team.
Help