distil networks portal guide · portalguide distil networks portal guide new distil platform -...

PORTALGUIDE

Distil Networks Portal GuideNew Distil Platform - Released September 2017

(w) www.distilnetworks.com

(e) [email protected]

(p) 415-413-0831

http://www.distilnetworks.com

mailto:sales%40distilnetworks.com%20?subject=

2 Copyright 2017 DISTIL NETWORKS. All Rights Reserved.

Table of ContentsINTRODUCTION

SUPPORTED BROWSERS

LOGGING IN TO THE DISTIL PORTAL

WEB SECURITY OVERVIEW

Domains Dashboard

Reports

- Reports Dropdown

- Threat Analysis

- Premium Reports

Settings

- Protect Your Content

- Improve Website Performance

API SECURITY OVERVIEW

Web and Mobile App API Overview

Web and Mobile App API URL Management Overview

- Adding a Web and Mobile App API URL

Web and Mobile App API Settings Overview

- Managing Web and Mobile App API Settings

- Editing Web and Mobile App API URL Settings by Path

- Managing Web and Mobile App API Reports Overview

SUBSCRIBER API OVERVIEW

API DOMAIN MANAGEMENT

Adding a Domain

Managing Domains

Settings Overview

Security Settings Overview

- Adding a New Rule

Reports Overview

- Traffic Classifications

4

5

5

6

7

9

9

13

16

19

20

40

42

44

44

47

49

50

56

62

68

69

69

70

71

73

74

77

77


UNIVERSAL ACCESS CONTROL LISTS OVERVIEW

My ACLs

Creating a New ACL

- Adding Associated Rules

- Adding Associated Paths

- Managing Associated Rules

- Managing Associated Paths

- Deleting ACLs

Distil Published ACLs

AUDIT LOG

ACCOUNT MANAGEMENT & USER SETTINGS

Account Management

- User Management

- Password Protection Settings

- Email Notification Settings

User Settings

HELP

79

80

81

83

87

88

91

92

93

97

98

98

99

100

102

104

105


IntroductionThis guide outlines how to configure, monitor, and tailor your Distil

Networks deployment within the Distil Portal, including:

Web Security

Configure and manage content protection, distribution, access lists,

and extensive reports associated with Distil’s web security solution.

API Security

Manage your API domains and configure API endpoint protection

settings. Also view detailed, filterable reports associated with Distil’s

API security solution. This section includes Web & Mobile App API and

Subscriber API solutions.

Universal Access Control List

Configure your own ACLs and utilize Distil-published ACLs to blacklist

and whitelist access to your protected web and API domains. Rather than

manually tailoring an ACL for each new domain, simply create a universal

ACL, configure the access rule(s), and then add the domain(s) to the list.

Account Management and User Settings

Manage your Distil account. Modify user contact information and

password settings, regenerate your Distil authentication token, and

configure additional two-factor authentication settings.

Audit Log

Review actions and updates related to your Distil deployment. This

includes actions taken by members of your organization in addition to

automated actions taken by Distil.

Help

Launch Distil’s online knowledge base to search help articles, or contact


Supported BrowsersComprehensive platform testing has been performed to ensure functionality

using the following desktop web browsers:

• Chrome

• Safari

• Firefox

• Internet Explorer

Logging in to the Distil PortalLog in and password creation instructions are sent to you in an email once

you have signed up for a Distil Networks account.


Web Security OverviewWebsite content and performance is continually threatened by malicious bots

finding increasingly complex and sneaky ways to infiltrate or attack it.

Bad bots and their attacks assume any number of guises and use a variety of

tricks to circumvent even the sturdiest of security checkpoints.

Protecting your site from them requires:

• Extensive tracking of their attempts

• Learning their methods

• Adapting your protection tool suite to meet the ongoing challenge

they present

Located in the Distil Portal, the Web Security area provides all of the

necessary tools you’ll need to manage your site protection, including:


Domain Dashboard

Quickly access settings and reports associated

with your protected domains.

Reports

Review extensive traffic and threat reports

surrounding your domains.

Settings

Efficiently manage all domain protection

aspects, including custom pages, IP whitelisting

and blacklisting, country block list, content

distribution and more.

Web Security Overview

DOMAINS DASHBOARD

Use the Domains Dashboard as a handy way to

locate and manage various domains managed

within your account, including:

For information on Distil’s

API Security, jump ahead to

the API Security section.


Web Security Overview | Domains Dashboard

For more information

about adding domains,

read our how-to article:

Adding Domains and

Subdomains.

• Add Domain: Quickly add and configure a new

domain to be protected by Distil.

• Data Filter: Set a specific traffic date range

highlighted on the Domains Dashboard.

• Domain Table: View domain-specific traffic

analyses. Access extensive reports and settings

for your protected domains.

• Account Traffic Overview: View a graphical

representation of traffic across all of your managed

domains —including humans, good bots, bad bots,

whitelisted bots, and total requests.

This overview is similar to

the domain-specific Traffic

Overview report.

https://docs.google.com/document/d/1SgjyI-HhYD6GiquUhO7VWVRC6iKsNg202AKl-HFHbc4/edit

https://docs.google.com/document/d/1SgjyI-HhYD6GiquUhO7VWVRC6iKsNg202AKl-HFHbc4/edit


Web Security Overview | Reports

The Distil Portal offers detailed reports available for all deployments. They provide

extensive traffic overviews for all of your protected domains. Leverage any of them

to make calculated decisions and targeted configurations in balancing the protection

and performance of your sites.

REPORTS

Distil is continually adding and powering up reports available through the portal.

Access them from the Reports Drop Down located in the top menu bar.

They’re organized by:

Traffic Analysis

Review types of incoming traffic and breakdowns of upstream response times and

HTTP errors.

Reports Drop Down


Web Security Overview | Reports | Repots Drop Down

The Traffic Analysis reports group provide a visual representation of how

actual users, good bots, and bad bots affect your website and how it is

handling the traffic.

Traffic Overview

The Traffic Overview Report shows the total request volume for a selected

period, segmented by category. Each request is identified as either a human,

a bad bot, a good bot (search engines, such as Google, Bing, and Yahoo!, as

well as social media, such as Facebook, LinkedIn, Twitter), or a bad bot you

have added to your whitelist.

Traffic Analysis

Use the top date range menu to isolate data for a specific period of time.

Threat Analysis

Drill down to specific threats against your site,

including a threat overview and a deeper

breakdown of bad bots, organizations,

and countries.

Premium Reports

See additional site activity, including a breakdown

of good bots visiting your site, CAPTCHA requests,

click and link statistics, and the top paths or URLs

targeted by bots.


Refer to our Help Center

for more information on

the Traffic Overview report.

Web Security Overview | Reports | Traffic Analysis

Toggle the Scale switch to show page requests in a

linear or logarithmic format.

Upstream HTTP Errors

The Upstream HTTP Errors Report details the number

of errors (4xx and 5xx) returned to Distil by your origin

server. Use this report to correlate events and identify

problems at precise moments in time.

Refer to our Help Center for

more information on the

Upstream HTTP Errors report.

Upstream error responses either:

• Return directly from your origin server

• Indicate no response was received from your origin

• Indicate an invalid response was received from your origin server

https://help.distilnetworks.com/hc/en-us/articles/218310987-Traffic-Overview-Report

https://help.distilnetworks.com/hc/en-us/articles/217803618-Upstream-HTTP-Errors-Report



NOTE: This report is based on UTC time.

Data is summarized by week, day, and hour.

The Threat Analysis group of reports reveals how extensive threats are

to your site, as well as the various protection mechanisms Distil used to

protect your site from them.

Threat Analysis





Threats Overview report.

The Threats Overview Report provides

basic metrics on:

1) Bad Bot Classifications

2) Threats by Originating Country

3) Which Distil Threat Responses were triggered

You can filter results based on a certain day or month.

Threat Overview

Bad Bots

More than just a list of associated IP addresses, the Bad Bots Report provides

a dynamic view of the bad bots targeting your site. It’s segmented into a table,

listing the name, classification, and total page requests tied to each bot.

https://help.distilnetworks.com/hc/en-us/articles/218298867-Threats-Overview-Report


Web Security Overview | Reports | Threat Analysis


for more information

on the Bad Bots report.

Threats by Organization

Another way to view bad bot information is by lumping

together Internet service provider (ISP) owners,

otherwise known as organizations.

Additionally, the Most Frequent Bad Bots by

Classification graph provides a quick overview of

bad bot activity by classification, while the Most

Frequent Bad Bots graph shows bad bot activity

broken out by category (e.g., Reporting as Chrome,

Reporting as Safari, etc.).

https://help.distilnetworks.com/hc/en-us/articles/217516137-Bad-Bots-Report



for more information

on the Threats By

Organization report.


Bots often come from inexpensive hosting

environments such as Amazon and WeHostWebSites;

they’re able to cycle through a variety of IP addresses

and spin up/spin down different nodes.

With this report you’re able to click a given ISP and see

a list of IPs from which these violators are coming.

Malicious Countries

The Malicious Countries Report offers an interactive

map showing where bad bot threats are coming from.

Hover your mouse over any country on the map, or

click View Info Table to convert the data to

a table view.

Refer to our Help Center fo

rmore information on the

Malicious Countries Report

Trap Analysis

The Trap Analysis Report displays traps and threat

responses by category, triggered by bad bot activity

for a selected date range.



Trap Analysis report.

https://help.distilnetworks.com/hc/en-us/articles/218298307-Threats-By-Organization-Report

https://help.distilnetworks.com/hc/en-us/articles/218298307-Threats-By-Organization-Report

https://help.distilnetworks.com/hc/en-us/articles/217518947-Malicious-Countries-Report

https://help.distilnetworks.com/hc/en-us/articles/217905757-Trap-Analysis-Report



Premium Reports let you view additional site activity—including a breakdown of

good bots visiting your site, CAPTCHA requests, click and link statistics, and the

top paths or URLs targeted by bots.

Click Fraud

The Click Fraud Report shows how many bad bot clicks are hitting your website

through your pay-per-click (PPC) campaigns. Clearly see human versus bad

bot clicks. Review detailed, daily click fraud reports across all your advertising

networks. Select a specific agency to view even more detail about activity. This

report helps you understand where you should (and maybe shouldn’t) invest

more resources.

Use this data as evidence to get a refund or credit from your PPC provider.

Premium Reports

Click a category to view the associated IPs and the number of violations. This

report is useful to see how bad bots are behaving on your website.


Web Security Overview | Reports | Premium Reports

Captcha Requests

The CAPTCHA Requests Report displays how often

a CAPTCHA was served, solved, failed, or if no

attempts were made for a specified date range. This

report identifies how much traffic is challenged by

a CAPTCHA and which actions were taken on the

corresponding form.



Click Fraud report.


for more information on the

CAPTCHA Requests report.

https://help.distilnetworks.com/hc/en-us/articles/217520667-Click-Fraud-Report

https://help.distilnetworks.com/hc/en-us/articles/217521147-CAPTCHA-Requests-Report



Good Bots

The Good Bots Report conveys how good bots are

crawling your site across different days. Globally

recognized “good bots” are whitelisted on the Distil

platform as those you want crawling your site.



Good Bots report.

Targeted Content

The Targeted Content Report provides a quick and

comprehensive overview of the top URLs being

targeted by malicious bots per domain.


for more information on the

Targeted Content report.

These largely include search engine crawlers

(Googlebot, Bingbot, Yahoo Slurp, Baidu, Lycos,

Yandex, etc.) and social media crawlers (e.g.,

Facebook, LinkedIn, Twitter, Google+).

https://help.distilnetworks.com/hc/en-us/articles/217787537-Good-Bots-Report

https://help.distilnetworks.com/hc/en-us/articles/215978197-Targeted-Content-Report



With it you can:

• Understand the nature of your bot problem

• Perform ROI analysis on each incoming bot threat

• Configure key protection settings to improve detection and security

actions for targeted pages

SETTINGS


Web Security Overview | Settings

Protect Your Content

The Protect Your Content section organizes various settings used to

guard your site resources.

Content Protection Settings

The domain settings area provides a series of simplified options to let you

configure highly technical protection settings. Here you can create automated

rules and actions that respond to predefined threats and attacks.

The Content Protection settings let you change how Distil responds to

various threats.

Click Edit Default Settings to modify content protection settings for the

entire domain.

The domain settings area provides a series of simplified options to let you

configure highly technical protection options. Here you can create automated


To access content protection settings for a domain:

1) Log in to the Distil Portal.

2) Select a domain from your Domains dashboard.

3) Click Settings on the banner menu.


Web Security Overview | Settings | Protect Your Content

Alternately, click Edit Settings by Path to modify content protection settings

for specific paths.

Editing Default Settings

By editing a domain’s default settings, you can configure automated

responses to thwart attacks against your entire site and all of its content.

You can also tailor specific settings for individual paths.

To access default content protection settings for a domain:




4) Click Edit Default Settings in the Content Protection section.



Automated Threats Policy

Known violators, known violator data

centers, identities, aggregator user

agents, and automated browsers.

JavaScript Injection Configuration

JS delay, threshold, location, prefix,

and generated encoding.

Machine Learning Policy

Estimated graph and threshold slider.

Rate Limiting Policy

Pages per minute, pages per session,

and session length.

Content protection settings are organized

by tabs, including:

You can activate multiple threat responses for Distil to use in automatically

mitigating threats.

NOTE: All of these settings default to monitor-only mode for new customers.



Automated Threat Responses

Automated threat responses include:

• Monitor: Identify bots without taking any action. Distil automatically runs

our entire detection suite, but does not take action. However, Distil does

embed an X-Distil bot header that identifies the type of bot and the

different threats that it failed, if applicable.

• CAPTCHA: Present a CAPTCHA form to verify incoming questionable

requests. CAPTCHA forms are less aggressive than a block page but do

provide an effective Turing test against malicious bots.

• Block: Present a form where an end user can submit a request to

be unblocked. The Distil support team handles unblock requests,

subsequently investigating and unblocking validated requests. Unblock

requests are rarely completed by a human user who has been improperly

flagged as a bad bot. Instead, they are completed by a bot designed to

spam forms. When necessary, Distil unblocks legitimate users.

• Drop: Serve a drop page to the requester indicating their access to the

content has been blocked. The requester is unable to request access or

complete additional CAPTCHA forms.




Known Violators

Distil maintains a shared access control list (ACL) of prior threats that have already

been detected across our network. For example, if we have detected a known

violator on another site, your own site is automatically protected from that threat.

Known Violator Data Centers (KVDC)

Distil also maintains a list of data centers that commonly host malicious requests.

Blocking any traffic from such data centers on first request, the list includes both

common cloud and managed hosting providers (e.g., Amazon and Rackspace).

Distil is continually curating and updating our KVDC list.



Identities

Distil verifies the identity of incoming requests. Malicious bots can easily spoof

user agents by masquerading as a good bot (e.g., Googlebot). Distil forces two-

factor authentication for all good bots, verifying that they’re coming from correct

user agents. We then confirm that each request maps to one of the IP addresses

within the range of the corresponding bot. If it doesn’t, the request is flagged as a

malicious attempt.

Aggregator User Agents

Next, Distil checks a homegrown list of known malicious aggregator user agents.

These provide zero value to your site and can also crawl certain parts of it in

a harsh manner—potentially impacting performance and reliability. Unless you

require complete and open access to such tools as RSS or Atom feeds, Distil

recommends blocking these request types.

Automated Browsers

This final step examines different automation tools that might be built into

the browser, such as Selenium and PhantomJS. Distil catches these types of

tools by using stream injections with small JavaScript snippets or embedding

honeypot links to see if a bot gets caught in those types of traps. This is all

done asynchronously with the page load; your site doesn’t experience negative

performance issues on account of these actions.



JavaScript Injection Configuration

JavaScript (JS) injection lets Distil insert a script into HTML pages

served from your website, providing browser hi-def fingerprinting.

Important notes about our JS tests:

• Distil Networks uses first-party cookies on websites. The cookie is

only accessible on the website you’re currently visiting, much like

a login cookie would be.

• Distil doesn’t require cookies to be enabled by the client in order

to complete our JS test.

• Distil doesn’t collect any personally identifiable information (PII) in

our JS test.

• This Distil JS code is processed after all other JS execution.



Force Identify

When enabled, this requires all users to pass Distil’s JavaScript tests on

their first page request. We inject a script into HTML pages served from your

site, forcing each client to provide browser information. This helps build the

hi-def fingerprint associated with each request.

JavaScript Delay

When enabled, Distil delays the JS injection until after all other page

elements load.

NOTE: If a client leaves before JS injection occurs, it will not be identified.

JavaScript Threshold

Set the number of times a client can access your site without identifying

itself. DIstil serves the JS validation page to the client if its number of

requests surpasses this threshold.

NOTE: This setting is only available in the default setting for the domain.

You cannot set JS threshold for a specific path.

JavaScript Injection Location

Set the location where Distil injects the JS script. By default, we inject this

script before the '</head>' tag.


You cannot set a JS injection location for a specific path.

JavaScript Prefix

Set a specific prefix for the randomized JS injection. For example, if you

enter /ga in the JavaScript Prefix field, the injected string begins with /ga

when your Distil-protected site loads JS on a page

NOTE: JavaScript Prefix is only available in the default setting for the domain.

You cannot set JS prefix for a specific path

https://resources.distilnetworks.com/all-distil-blog-posts/device-fingerprinting-solution-bot-mitigation

https://help.distilnetworks.com/hc/en-us/articles/226771227-Customization-and-Branding-Overview



Generated Encoding

Set how the injected JS name is randomized.

Available options:

• Alphabetic: Uses alphabetic characters to randomize the fetched Distil

JavaScript file name. Example: /ga.abcdef.js.

• Numeric: Uses numerals to randomize the fetched Distil JavaScript file

name. Example: /ga.123456.js.

• Static: Uses a static filename for the Distil JavaScript filename.

NOTE: Alphabetic and Numeric JS scripts rehash every five minutes.

Static JS scripts do not rehash.

For example, if you enter /ga in the JavaScript Prefix (shown above) and

set Generated Encoding to Numeric, this results in a script formatted as

/ga.6587.js.


You cannot set generated encoding for a specific path.



Machine Learning Policy

Distil’s machine learning feature adds yet another layer of protection by

using behavioral modeling and pattern recognition to parse out bad users

and bots from good traffic. Machine learning settings let you set both the

threshold and protective action taken when Distil perceives a threat.

The machine learning graph displays a predictive estimate of the number

of blocked requests based on your account’s machine learning threshold.

It shows how users are blocked as you increase or decrease the machine

learning scale.



NOTE: The graph shows data for the entire domain and is based on historical

data covering the past seven days.

Use the Action dropdown list to set the responsive action taken when

Distil’s machine learning suspects a malicious bot is attempting access.

NOTE: This scale only affects requests identified by machine learning. Distil’s

primary web security protection identifies malicious bots no matter how

aggressive your machine learning is set.

The machine learning scale sets threshold aggressiveness.



• Less Aggressive: Slide the control left to decrease the machine learning

threshold. Caution: Doing so potentially lets through bots with

human-like behavior.

• More Aggressive: Slide the control right to increase the machine

learning threshold. Caution: Doing so potentially blocks human requests

that show bot-like behavior.


The Rate Limiting Policy section lets you configure automated responses

that react when a request amount or user behavior is above normal human

rates. It comes in handy for blocking either bots or nefarious users who run

automated scripts to quickly evaluate links and scrub your site’s content.


These rate limits are broken out by:

• Pages Per Minute: Limits the number of pages visited in one minute.

• Pages Per Session: Limits the number of pages visited during a

single session.

• Session Length: Limits the amount of time spent on the domain during

a single session.

Our system automatically machine-learns once you’ve onboarded a

domain with Distil, creating normal human behavioral models for your

site. After we have collected traffic for four to five days, our system makes

recommendations as to where you should set rate limiting thresholds.

Alternately, you can manually set thresholds to any limit at any time and set

an automated action when a rate limit is surpassed.



The rate limit graphs show data for your entire site, rather than a specific

domain. Each rate limit type provides a graph showing the number of visitors

to your site, your current rate limit setting, and Distil’s recommended setting.

Use this graph to dial the rate limit setting up or down according to your

business needs.

NOTE: The graphs shows traffic for the entire domain, rather than a specific path.


Editing Path Settings

Once you’ve configured default settings for your domain(s), tailor specific

settings for individual paths. This is especially useful for site pages

requiring unique sets of protection policies.

To access content protection settings by path:




4) Click Edit Settings by Path in the Content Protection section.



Use the path table to manage your content protection settings, including:

• Priority: The path priority in relation to other configured paths.

• Path: The specific path configured for the content protection setting.

• Match Type: The path match type, either Contains or Pattern.

Click Edit Priorities to reorganize the priorities of your paths.



Adding a Path

To apply content protection settings to a specific path, you must

first add a new path:

1) Click + Add a Path

2) Assign a priority to the path setting.

NOTE: This field automatically assigns the highest priority (1) to the path setting.

Manually enter a value to lower the priority.

3) Enter the path you are configuring.



4) Select a Match Type.

a. Contains: The content protection setting will

apply to any path that contains the string you

enter in the Path field (above).ys before a

password is considered expired.

b. Pattern Match: The content protection setting

applies to any path that matches the Lua pattern

you enter in the Path field (above).

5) Configure the path content protection settings, where applicable. Path-specific

content protection settings are inherited from the default content protection

settings and appear as Domain Default [action type] in the dropdown menu.

6) Click Save.

https://help.distilnetworks.com/hc/en-us/articles/115002699828-Path-Matching-Contains-Versus-Pattern-Match



Prioritizing Your Paths

Now that you’ve created paths, arrange their priority. Paths having a higher

priority (closer to 1) take precedence over those having a lower priority.

There are three ways to set path priority:

• Edit Priorities: Click Edit Priorities on the path table to manually edit

the Priority fields. Change the priority of one or multiple paths at a time,

and then click Save.

Alternately, drag the row selector of a single row to change the path priority.

• Edit Path: Select a single path from the path table, manually enter a priority

number, and then click Save.

• Drag and Drop: Hover over a single entry in the path table to

enable the row selector. Drag and drop the row up or down.


Deleting A Path

There are two ways to delete a path:

• Edit Priorities: Click Edit Priorities on the path table to enable the delete

(trash) icon. Delete one or multiple paths at a time and then click Save.

• Edit Path: Select a single path from the path table and then click Delete Path.



Web Security Overview | Settings | Custom Pages

Custom Pages

Distil hosts a number of default pages, but you also

have the option to custom-brand those pages with any

sort of messaging that you wish to provide. Customize

the Block, CAPTCHA, JavaScript validation, Drop,

Catch-all, and Error pages that a visiting bot will receive

when accessing their website.

Review our Creating Custom

Pages support article for

more information regarding

custom pages.

The pages exist on the protected website, allowing

customers full control over the pages they're serving as

a response.

https://help.distilnetworks.com/hc/en-us/articles/215636687-Creating-Custom-Threat-Response-Pages

https://help.distilnetworks.com/hc/en-us/articles/215636687-Creating-Custom-Threat-Response-Pages


Web Security Overview | Settings | Improve Website Performance

Depending how content is distributed, domain settings let you tweak the

overall performance of your website.

Content Distribution

Content distribution settings let you improve your site’s performance by

enabling content cache and compression.

NOTE: These settings largely pertain to cloud customers. In cloud deployments, Distil

acts as a reverse proxy to cache static assets, thereby offloading bandwidth from your

origin server. Managing your cache through the Distil portal lets you enable content

caching. Here you can also set caches, for both dynamic and static files, to expire

within a set number of minutes. Additionally, you can enable the caching of URLs not

having an extension, mobile content, and specific file types or extensions (e.g., .HTML,

.HTM, .CSS, .PHP).

Improve Website Performance


Web Security Overview | Settings | Improve Website Performance

Caching static content instructs the Distil nodes to cache and serve

JavaScript, CSS, and images from our edge. When enabled, Distil respects

the Cache-Control headers you have set for any content which is held in, or

served from, cache. As a fallback for content without Cache-Control headers

set, you can manually select a TTL setting in the Distil Portal.

Caching of dynamic content follows the same rules as static content. In

addition to cache enabling, the Distil Portal offers you additional control to

select/deselect the resource types to be cached.

Content distribution settings also give you

the option to:

• Disable or enable bypass cookies and

forced www reroutes

• Enter custom client IP headers

• Configure proxy upstream timeouts

Managing multiple domains? Apply

your content distribution settings

to additional domains in bulk.

https://help.distilnetworks.com/hc/en-us/articles/215880157-Applying-Content-Protection-and-Content-Distribution-Settings-to-Multiple-Domains


API Security Overview

Distil’s Web Security solution protects your websites’ content through an

evolving mix of detection methods, response actions, and more. Our Bot

Defense for API introduces protection that is of equal importance in defending

against automated attacks, API abuse, and developer errors.

Whether your APIs power a frontend website, partner data access, or a mobile

client, Distil automatically protects them and enforces all business rules you’ve

put in place:

• Comprehensive Protection- Rest easy knowing your websites, mobile

apps, and API servers are protected from bot attacks.

• Enables a Secure Approach to API-first Development- Reap all the

benefits of rich user experiences and continuous product innovation

without sacrificing security.

• Complements API Management Solutions- Deploy as a standalone

solution or add advanced bot defense to your existing API management

solution or API gateway.


API Security Overview

• Verifies Traffic to API Serve- Ensures that only legitimate humans have

access to your API server.

• Verifies Traffic to Mobile App APIs- Ensures that only legitimate humans

on real mobile devices have access to your mobile application.

• Automated API scraping- By way of your API, malicious bots directly pull

down online content and data within minutes.

• Changes the Game- Makes abusing your mobile app APIs cost prohibitive.

Forces all but the most heavily resourced and determined adversaries to

throw in the towel.

• Cost Savings- Reduce the volume of API calls, saving infrastructure costs.

This section covers both aspects of Distil’s Bot Defense for API:

Web & Mobile App API

Distil protects the API servers that power your dynamic web API and

mobile applications.

Subscriber API

Distil protects the API servers that power your website by verifying a

human is using a verified browser to gain access.


WEB & MOBILE APP API OVERVIEW

This section outlines how to configure, monitor, and manage the protection of

your web and app APIs within the Distil Portal.

For subscriber (token-based) API protection, refer to section II. Subscriber API

Overview.

The Web & Mobile App API area of the Distil Portal provides all of the

necessary tools you’ll need to manage your APIs, including:

Web & Mobile App API URL Management

Add and manage your API URLs

API URL Settings

Access content protection settings and configure custom pages

API Security Settings by Path

Tailor security rules to monitor and/or block requests for individual APIs

Web & Mobile App API Reports

View detailed reports of traffic (and violators) requesting access to your APIs

WEB & MOBILE APP API URL MANAGEMENT

OVERVIEW

Use the API URL dashboard as a handy way to locate and manage various API

domains managed within your account, including:

• API Requests- View a graphical representation of traffic across all of your

managed API domains—including good requests, bad requests, and total

requests. This overview is similar to the Traffic Analysis report.

API Security Overview | Web & Mobile App API Overview


• Add API URL- Quickly add and configure a new API URL to be

protected by Distil.

• Data Filter- Set a specific traffic date range highlighted on the

API Domains dashboard.

API Security Overview | Web & Mobile App API URL Management Overview


• API URL Table- Select an API URL to access extensive reports and

settings for your protected API URLs.

If an API URL has multiple paths, click the number in the Path column to view

and access them.

API Security Overview | Web & Mobile App API URL Management Overview


Adding a Web & Mobile App API URL


2) Click API Security on the top banner menu, then select Web & Mobile

App API.

3) Click Add API URL.

4) Enter the API URL.

API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API URL


NOTE: You can only add an API URL that correlates to a registered domain in the

Web Security section. For more information on adding a domain in Web Security,

refer to our article on Adding Domains.

5) Select an Identity Provider to set the type(s) of traffic allowed to access

the API, including:

a. All- Allows both web security traffic and mobile SDK traffic types.

b. Web Security- Allows only requests having a web security token.

Does not allow requests having a mobile SDK token.

c. Mobile SDK- Allows only requests having a mobile SDK token. Does

not allow requests having a web security token.

6) Click Add API URL.

The API URL has now been added to the Domain Management table. You

can now add specific API paths, manage settings, and view reports.

API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API URL

https://help.distilnetworks.com/hc/en-us/articles/216808648-Adding-Domains-and-Subdomains


WEB & MOBILE APP API SETTINGS OVERVIEW

Web & Mobile App API settings provides a series of simplified options to let

you configure highly technical protection. Here you can create automated


To access content protection settings for a web and/or mobile app

API domain:



App API.

3) Select a domain from your Web & App API Domains dashboard.


API Security Overview | Web & Mobile App API Settings Overview


API URL settings comprise:

• Content Protection – Click Edit Settings by Path to edit settings by

specific API URL paths—including policies for automated threats, rate

limiting, and mobile.

• Custom Pages – Click this link to access the Web Security

Custom Pages.

Managing Web & Mobile App API Path Settings

Tailor specific settings for individual API paths. This is especially useful for

APIs requiring unique sets of protection policies.

To access content protection settings by path:


API Security Overview | Web & Mobile App API Settings Overview

https://help.distilnetworks.com/hc/en-us/articles/215636687-Creating-Custom-Threat-Response-Pages#drop

https://help.distilnetworks.com/hc/en-us/articles/215636687-Creating-Custom-Threat-Response-Pages#drop



App API.




API Security Overview | Web & Mobile App API URL Management Overview | Managing Web & Mobile App API Path Settings


Use the path table to manage your content protection settings, including:

• Priority – The path priority in relation to other configured paths.

• Path – The specific path configured for the content protection setting.

• Match Type – The path match type (either Contains or Pattern).

6) (Optional) Click Edit Priorities to reorganize the priorities of your paths.

Adding a Web & Mobile App API Path Setting

To apply content protection settings to a specific path, you must first

add a new path:


API Security Overview | Web & Mobile App API URL Management Overview | Managing Web & Mobile App API Path Settings



App API.




API Security Overview | Web & Mobile App API URL Management Overview | Adding a Web & Mobile App API Path Setting


6) Click + Add an API URL.

7) Enter the path you are configuring.

8) Select a Match Type.

a. Contains – The content protection setting applies to any path

containing the string entered in the Path field (above).

b. Pattern Match – The content protection setting applies to any path

matching the Lua pattern entered in the Path field (above).


https://help.distilnetworks.com/hc/en-us/articles/115002699828-Path-Matching-Contains-Versus-Pattern-Match


9) Configure the path content protection settings, where applicable.

10) Click Save.

Prioritizing Your Paths

Once you’ve created paths, arrange their priority. Paths having a higher

priority (closer to 1) take precedence over those with a lower priority.

There are two ways to set path priority:

• Drag and Drop – Hover over a path table entry to enable the row selector.

Drag and drop the row up or down to position it.

• Edit Priorities – Click Edit Priorities on the path table to manually edit

the Priority fields. Change the priority of one or multiple paths at a

time, and then click Save.



Deleting a Path

There are two ways to delete a path:

• Edit Priorities – Click Edit Priorities on the path table to enable the delete

icon. Delete one or multiple paths at a time and then click Save.

• Edit Path – Select a single path from the path table and then click

Delete Path.

Editing Web & Mobile App API URL Settings by Path

By editing a domain’s default settings, you can configure automated

responses to thwart attacks against your entire site and its content. You

can also tailor specific settings for individual paths.



To access content protection settings for an API path:



App API.

3) Select an API URL from your API URLs dashboard.



API Security Overview | Web & Mobile App API URL Management Overview | Editing Web & Mobile App API URL Settings by Path



No Distil identifier and known threat

detection.


Requests per minute and requests

per session.

Mobile Policy

Bad client and invalid or expired token.

Content protection settings are organized

by tabs, including:

You can activate multiple threat responses for Distil to use in automatically

mitigating threats.

NOTE: All of these settings default to monitor-only mode for new customers.

Automated Threat Responses

Automated threat responses for dynamic web APIs include:

• Monitor – Identify bots without taking any action. Distil automatically

runs our entire detection suite, but does not take action. However,

Distil does embed an X-Distil bot header that identifies the type of bot

and the different threats that it failed, if applicable.

• Drop – Distil serves a drop page to the requester with the associated

violation indicating their access to the API has been blocked.

NOTE: The Mobile Policy tab is only available

for mobile SDK URLs.




Automated threat responses for dynamic web APIs include:

No Distil Identifier

Distil inspects each API request for an identifier denoting how the requested

API URL is used. If the associated identifier does not match the API URL’s

Identifier Provider (configured when adding the API URL), or does not have a

Distil identifier, then Distil automatically responds with the configured threat

response.

For example, an API URL is configured with the Identity Provider of Web

Security. If an API request for the URL is made using a mobile app built with

the mobile SDK, then the request’s Distil identifier is Mobile SDK and Distil

responds with the configured automated response.

Known Threat Detected

Distil maintains a shared access control list (ACL) of prior threats that have

already been detected across our network. Known Threats include a mix

of known violators, data centers, identities, aggregator user agents, and

automated browsers. For example, if we have detected a known violator on

another site, your own site is automatically protected from that threat.




Requests Per Minute

Set the max number (Threshold) of requests per minute and the automated

response (Action) Distil takes if a user bypasses the threshold.

Requests Per Session

Set the max number (Threshold) of requests per session and the automated

response (Action) Distil takes if a user bypasses the threshold.

NOTE: Requests Per Session is only applicable to web security API URLs.



Bad Client

Set the automated response Distil takes if a request is made using a bad

client, such as an emulator, simulator, rooted or jailbroken device, or an

automation tool.

For example, when you set Bad Client to Drop and a visitor uses an iPhone

emulator to make a request, Distil detects the simulator as a bad client and

serves a drop page to the visitor.

Invalid or Expired Token

Set the automated response Distil takes if a request is made with an invalid

token or an expired token, such as an invalid app signature or an unsupported

version of the SDK.

Mobile PolicyNOTE: The Mobile Policy tab is only available for mobile SDK URLs.



Web & Mobile App API Reports Overview

Similar to Distil’s Web Security reports, API Security reports provide integral

information about the traffic and actions protecting your APIs.

Traffic Analysis

Traffic Analysis lets you view your API requests and take additional action on

offending violators.

Total Daily Requests provides a graphical representation of all API request traffic

for a path and specific date range, including good requests, bad or malicious

requests, and the total number of requests.

Use the top filter menu to drill down to a specific API path and focus on a given

date range.

API Security Overview | Web & Mobile App API URL Management Overview | Web & Mobile App API Reports Overview


How we protected you shows the automated threats Distil served to

violating requests.

Top 5 Request Paths with Violations

Top 5 Request Paths with Violations shows the paths being hit by

malicious requests, including:

• Request Path – The specific API path.

• Bad Requests – The total number of bad requests.



Click Show All or select any record from the table to see additional

information in the Bot Report.

Top 5 IPs with Violations

Top 5 IPs with Violations shows the top IPs with malicious requests,

including:

• IP Address – The specific IP address.








Top 5 Violations

Top 5 Violations shows the top violations for all requests accessing your API

domain, including:

• Violation – The specific violation.




Bot Report

Accessible via Top 5 Request Paths with Violations, Top 5 IPs with

Violations, and the Top 5 Violations, the Bot report provides additional

insight into malicious requests attempting to access your APIs.

To access the Bot report:



App API.

3) Select an API URL from your API URLs dashboard.

4) Select Show All or a specific record from either Top 5 Request Paths with

Violations, Top 5 IPs with Violations, or Top 5 Violations.



Using the Bot report, you can filter your API traffic even further by:

• Path Dropdown – Isolate the Bot report to show data for a specific path

• Date Filter – Set a specific traffic date range highlighted on the Bot report

• Search – Search the Bot report for a specific data point

NOTE: The value to search depends on the selected Value (below).

• Value – Set the specific value shown by the Bot report and use the

Search box (above) to isolate a specific record.

• Bad Requests – Total number of bad requests associated with the

record.

• Bot Details – Additional bot details, including a breakdown of How we

protected you and daily bad requests.

As you drill down into the Bot report data, selected filters appear next to

the Date Filter in the top menu. Remove filters by clicking the X icon for any

given filter.



Subscriber API OverviewThis section outlines how to configure, monitor, and manage the protection of

your subscriber, token-based APIs within the Distil Portal.

For Web & Mobile App API protection, refer to section III. Web & Mobile App

API Overview.

The subscriber API area of API Security provides all of the necessary tools

you’ll need to manage your APIs, including:

Domain Management

Add and manage your API domains and endpoints using protection settings

and security rules

Settings

Establish basic API domain attributes—including session timeout lengths, token

placement priority and Distil authentication headers

Security Settings

Tailor security rules to monitor and/or block requests for individual APIs

Reports

View detailed reports of traffic (and violators) visiting your site


API Domain ManagementThe Domain Management tab holds your API protection configurations. The

first step in protecting an API is to add the domain(s) associated with it.

ADDING A DOMAIN


2) Click API Security on the top banner menu.

Within the Domain Management tab:

3) Click Add Domain.

4) Enter the corresponding information in the Domain

Name and Origin Server (IP address or CNAME) fields.


5) Click Save Domain.

6) Click Close.

7) Repeat steps 1-6 for each API domain.

The domain has now been added to the Domain Management table.

MANAGING DOMAINS

Use the Domains table to configure additional API settings and security rules.

This can be done for a single or multiple domains at one time.

Select one or several domains in the Domains table

to update settings, configure security rules, or delete them.

Use the Search field to help locate a specific domain, or the pagination

arrows to scroll through pages.

NOTE: Pagination arrows appear once your domain list exceeds 24 domains.

API Domain Management | Adding a Domain


SETTINGS OVERVIEW

The Domain Configuration Settings page lets you modify API

protection general attributes, including:

• Session Timeout: Set the amount of time (measured in seconds)

a user can be inactive for before their session expires.

• dstlSecure Header: Enter the corresponding header to

authenticate requests coming from Distil.

Token Settings let you to set token-specific API traits for the API,

including:

• Priority: Raise or lower the priority of the token.

• Name of Token: Enter the token name the origin server should

expect with a request.

• Token Locations: This setting tells Distil where to check for your

custom tokens.

• HTTP Status Code for Invalid Tokens: Enter the HTTP status

code the origin server will issue to indicate a token is invalid.

Tokens are flagged as invalid until the Session Timeout passes

without traffic.

API Domain Management | Settings Overview

Click the Settings icon (highlighted in red, on the previous page) to edit

one or more domain configurations.


In the above example, the server first looks in the header for the

distil_token token. If it doesn’t find it there, it then looks for the

auth_token in the argument, followed by the session_id token in

the cookie, and lastly the tracking token in the header.

API Domain Management | Settings Overview

The Gzip Settings section can be configured to allow/deny the

ability to zip outgoing content requests and unzip incoming

content requests. Additionally, you are able to select specific file

types to zip for outgoing requests.

The Upstream Settings let you route and proxy traffic for specific

API domains through alternate servers that are closer to the actual

origin of the request. It’s primarily of use for on-premise customers.


API Domain Management | Security Settings Overview

API security rules let you manage threat actions specific to individual API paths.

Offering high granularity, the degree of protection complexity is up to you.

Click the Security Rules icon (highlighted in red, above) to tailor security

rules for one or more domains.

One option lets you set a trigger action generic to all APIs associated with a

single domain. Alternately, you can dial in specific responses to be triggered at

different threat levels on an individual path basis.

For example:

If you’re managing 100 APIs, you can set a unique rule for each. Set 30 basic APIs

to only monitor traffic, but heighten the security of your 15 most sensitive APIs to

block highly active traffic.

SECURITY SETTINGS OVERVIEW


API Domain Management | Security Settings Overview

There are two types of actions available for your APIs:

• Monitor: Capture and identify malicious activity without

blocking access to your APIs.

• Block: Prevent access to your APIs.

By default, all API Security rules are set to allow and monitor all traffic.

Distil won’t block any requests for any reason.

To create a new security rule:

1) Click Add New Rule (highlighted in red, above) on the

Domain Security Settings page.

2) Within the Traffic Security Rules section, enter the desired

security rule name in the Rule Name field.

3) Enter the Specific Path to Match (actual API URL).

Adding a New Rule


API Domain Management | Security Settings Overview | Adding a New Rule

Complete the Rate Limiting section to set graduated usage thresholds for

normal and abnormal activity. You can also assign specific actions when any

user session surpasses those limits.

Using graduated API rate limiting, you can set automated multi-tiered actions

to heighten the response level when API activity becomes abusive.

Examples:

Set an initial threshold of Requests Per Minute to Monitor sessions that

exceed 5 requests per minute so you can monitor heightened levels of

activity, then Block sessions with more than 10 requests per minute.



Limit the number of Tokens Per IP.

Here, your company might have a pricing system based on the number of

API uses or requests in an account. A client might create multiple accounts

to avoid having to pay for additional requests. Set the security rule to Block

traffic using more than one (1) Token Per IP, thereby blocking attempts to cycle

through IPs while accessing your APIs.

Click Update Settings to save and apply your settings to the API path.

This sets a maximum amount of normal activity while blocking access

once the activity becomes abusive.


Use the Access Control List to allow/deny all requests by IP Address,

Country, Header, Organization or Token.

Click Update Settings to save and apply your settings to the API path.


Similar to Distil’s Web Security reports, API Security reports provide integral,

real-time information about the traffic and actions protecting your APIs.

REPORTS OVERVIEW

Traffic Classifications

Traffic Classifications reports your entire account traffic, giving you a rundown

of the request types accessing your APIs.

NOTE: These requests don’t include browser-related information, such as

browser type or cookies as seen in the Web Security reports.


API traffic can be classified as:

• Neutral: Requests are passing through without

violating any rules.

• Whitelist: Requests are manually allowed via

your Access List.

• Abusive: Requests are violating rules and/or are

manually blocked via your Access List.

Use the top Filter menu to drill down to a specific

domain and focus on a specific date range.

API Domain Management | Reports Overview | Traffic Classification

For more information on

using your Access List to

block specific organizations,

check out our blog post

on Dissecting the Dynamic

Nature of IP Access Control

Lists (ACL).

Abusive Clients

Similar to the Trap Analysis report available in Web Security, Abusive Clients

provides a summary of all API request violations caught by Distil. Drill down

to each violator to review specific IP addresses targeting your APIs, and

then add those malicious IPs to your Access List. This blocks any further

attempts against your APIs.

Organizations

The Organizations report lists all organizations flagged with a violation. Use

it to review violating organizations and blacklist them via your Access List.

Countries

Similar to the Organizations report, the Countries report shows those

countries flagged with a violation.

Token Distribution Report

The Token Distribution report shows API tokens and IPs prone to malicious

or abusive requests. Use it to isolate and review hashed tokens and IPs.

http://resources.distilnetworks.com/h/i/180982008-dissecting-the-dynamic-nature-of-ip-access-control-lists-acl/181642




Universal Access Control Lists OverviewUse access control lists (ACLs) to blacklist and whitelist access to your protected

web and API domains. Rather than manually tailoring an ACL for each new

domain, simply create a universal ACL, configure the access rule(s), and then

add the domain(s) to the list.

For all of your APIs, websites, and web apps, this helps to:

• Block all attempts by malicious users

• Allow all attempts by approved users

In addition to simply tracking by IP address, the Universal ACL

lets you globally blacklist or whitelist by:

• Organization (Amazon, Rackspace, etc.)

• Country

• User agent

• API token

• Device ID (Distil-generated)

• HTTP referrer

Once configured, tailor a series of ACLs according to your business needs and

practices. For example, create an ACL whitelisting your internal tools via API

tokens or IP addresses. Apply it to your API-specific URLs (e.g., api.example.com)

to ensure that only authorized users have access.

Create another ACL that blacklists problematic ISPs via organizations. Apply it to

specific paths in your domain (e.g., www.example.com/sign_in) to block requests

coming from suspect or temporary ISPs.

http://www.example.com/sign_in


Additionally, use Distil published ACLs to apply Distil-curated and

-recommended whitelists and blacklists to your domains.

The ACL dashboard presents two tabs:

• My ACLs: ACLs created by you within the Portal.

• Distil Published ACLs: ACLs created and curated by Distil (e.g., adding

file types to Static Content Whitelist).

Universal Access Control Lists Overview

MY ACLs

MY ACLS provides all of the tools you’ll need to manage the ACLs you

create in the Portal, including:

• Search ACLs: Search across all of your ACLs for a specific

data point, such as an ACL name, rule value, or a note.

• Actions: Delete a single ACL or multiple ACLs directly

within the dashboard.

NOTE: You must select one or more ACLs from the table to access

the Actions dropdown menu.


Universal Access Control Lists Overview | My ACLs

• Page Select: Browse through the pages of your ACL or jump to a

specific page.

NOTE: Pagination begins with 11 ACLs.

• + Create a New ACL: Open a blank ACL to create associated rules

and assign them to associated paths.

Click an ACL record to manage and update it, including its:

• Associated Rules: Protective rules associated with the ACL,

including the type, name, access, and notes.

• Associated Paths: Domains and/or specific URLs for pages,

content, and API endpoints.

CREATING A NEW ACL

To create a new ACL:

1) Log in to the Distil Networks Portal.

2) Click Access Control Lists on the banner menu.

https://portal.distilnetworks.com/sign_in


3) Click + Create a New ACL.

4) Enter a name for your ACL.

5) Click Save Access Control List .

Universal Access Control Lists Overview | Creating a New ACL


To add associated rules to an ACL:

1) Select an ACL from the ACL dashboard.

2) Click + Create or Upload Rule(s) on the ASSOCIATED RULES tab.

The Portal displays a confirmation message. Your newly created ACL

now appears in the ACL dashboard.

You can now tailor your ACL with associated rules to blacklist and

whitelist access. You will apply these rules to associated paths.

Adding Associated Rules

Universal Access Control Lists Overview | Creating a New ACL


3) Select an option from the Rule Type dropdown menu and then enter a

value in the subsequent field.

4) Set Access Rights, either Whitelist or Blacklist.

5) Select an option from the Expires dropdown menu and then enter

a value in the subsequent field.

Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Rules

NOTE: The option you select from the Rule Type dropdown creates a

corresponding value. For example, choosing IP Address creates an IP

Addresses field where you can enter any number of addresses. Choosing

Country creates a Country field where you can enter a country code.



NOTE: The option you select from the Expires dropdown creates a

corresponding value. For example, choosing Custom (ISO 8601 format) (shown

below) creates a Date select YYYY-MM-DD field and a Time (UTC) HH:MM field

where you can enter a specific date a time the associated rule will expire.

6) Enter any relevant notes about the associate rule in the Notes field.


Adding Associated Rules in Bulk

You can also set multiple rules at one time by uploading a .CSV file:


1) Click + Create or Upload Rule(s) on the Associated Rules tab.

2) Drag and drop your .CSV file into the upload box, or click

Create to select the .CSV from your computer. The Portal displays

a confirmation message.

7) Click Save Rule(s).

Alternately, you can add associated rules in bulk.

https://help.distilnetworks.com/hc/en-us/articles/228742987-Uploading-Your-ACL-Rules-CSV-


3) Click Verify the contents of your CSV before uploading to review

the rules before saving.

4) Review the parsed rules. Click Save Rule(s) if they are correct . If

incorrect, click Cancel, adjust your .CSV file, and then repeat steps

1 – 4 to re-upload and review your .CSV file.

Adding Associated Paths

You can now assign your ACL to specific paths, including entire domains

and API endpoints.

To add an associated path:

1) Click Add Path on the Associated Paths tab.

2) Enter a domain in the Domain field.



3) If adding a specific path, enter it in the Path field. If adding the

entire domain, leave the field blank and select the Include ALL paths

checkbox instead.

4) Click Save Path.

Managing Associated Rules

Use the Associated Rules tab to manage protective rules on an

ACL, including:

• Actions - Select one or multiple rules to edit basic rule settings,

including Type, Access Rights, and Note, or to delete the rule(s).

NOTE: Setting an associated rule to an associated path overrides

those set for an entire domain.

Universal Access Control Lists Overview | Creating a New ACL | Adding Associated Paths


• Search this list - Search for specific associated rule name or note.

• Page Select - Browse through the pages of your associated rules.

• Export Rules to .CSV Page Select - Select this to downloads all

associated rules for the ACL. Use the exported .CSV to edit and

upload associated rules in bulk. Browse through the pages of your

associated rules.

NOTE: You must select one or more rules from the table to enable the Actions dropdown menu.

Universal Access Control Lists Overview | Creating a New ACL | Managing Associated Rules


The associated rules table provides an overview of the

ACL rules, including:

• Type - The rule category (e.g. IP, organization, country, header, etc).

• Name - Name of the associated rule.

• Access - Whitelist or blacklist.

• Expires - Date and time the associated rule expires.

• Updated - Date and time the associated rule was last updated.

• Notes - Notes as to why the rule was created.

NOTE: Pagination begins at 11 associated rules.

Universal Access Control Lists Overview | Creating a New ACL | Managing Associated Rules


Use the Associated Paths tab to manage protective rules on an ACL,

including:

Managing Associated Paths

Universal Access Control Lists Overview | Creating a New ACL | Managing Associated Paths

• Actions: Delete the path(s).

NOTE: You must select one or more paths from the table to enable the

Actions dropdown menu.`

• Search this list - Search for specific associated paths by domain, URL,

endpoint, or type (Web or API).


• Page Select - Browse through the pages of your associated paths.

NOTE: Pagination begins at 11 associated paths.

The associated paths table provides an overview of the ACL paths,

including:

• Paths - Domain, URL, or endpoint.

NOTE: If the path applies to an entire domain, the path ends in a forward slash (/).

• Type - The category of the path (either web or API).

There are two ways to delete ACLs.

Deleting ACLs

From the ACL dashboard:

1) Select one or more ACLs from the ACL table.

Universal Access Control Lists Overview | Managing ACLs | Managing Associated Paths


Alternately, you can:

1) Click a single ACL from the ACL dashboard.

2) Click the 'Trash' icon to delete the ACL.

Universal Access Control Lists Overview | Creating a New ACL | Deleting ACLs

Distil Published ACLs provides all of the tools you’ll need to manage the ACLs

created and curated by Distil (e.g., adding file types to the Static Content

Extensions whitelist). You can choose to apply a Distil published ACL to all of

your domains. You can also enable or disable automatic updates at any time.

DISTIL PUBLISHED ACLs

2) Click the Actions dropdown and then select Delete.


Universal Access Control Lists Overview | Distil Published ACLs

Updates Enabled Updates Disabled

The Distil Published ACLs tab includes:

• Search ACLs - Search across all of your ACLs (including My ACLs and

Distil Published ACLs) for a specific data point, such as an ACL name,

rule value, or a note.

• Page Select - Browse through the pages of Distil Published ACLs or

jump to a specific page.

NOTE: Pagination begins with 11 ACLs.

• Name - Name of the ACL. The green checkmark icon denotes that the

ACL has automatic updates enabled.


Click an ACL record to manage and update it, including:

• ACL Settings - Use this dropdown to manage the ACL.

Enable Updates by Distil - Enables automatic updates from the Distil-

curated ACL. For example, when Distil adds a new extension to the

Static Content Extensions whitelist, it is automatically published to

the whitelist associated with your domains.

NOTE: We recommend using this setting to keep up-to-date.

Disable Updates by Distil - Disables automatic updates from the

Distil-curated ACL (e.g., adding file types to the Static Content

Extensions whitelist).

NOTE: We do not recommend using this setting, as your ACL will not be current

with Distil’s changes.

Apply to all Domains - Applies the ACL to all of your protected domains.

Remove from all Domains - Removes the ACL from all of your protected

domains.

Restore List to Default - Restores the ACL to current defaults. This

removes any updates, additions, or deletions you’ve made to the ACL.



• Export - Select this to download all associated rules for the ACL. Use

the exported .CSV to edit and upload associated rules in bulk.

• Associated Rules - Protective rules associated with the ACL, including

the type, name, access, and notes. Use this tab to create, upload, or

manage associated rules.

• Associated Paths - Domains and/or specific URLs for pages, content,

and API endpoints. Use this tab to add or manage associated paths.



Audit LogUse the Audit Log to review actions and updates related to your Distil

deployment. This includes those taken by members of your organization and

automated ones taken by Distil. Referring the audit logs is especially useful when

troubleshooting issues, as well as in researching updates and changes.

You can filter log results to show a specific date range, or search for events by

any domain affected by an action or user who took that action. You can also

select a record from the log results to view additional event-specific information.


Account Management & User SettingsThe Distil Portal gives you the ability to view and manage your account details—

including your company’s contact, reporting, billing, and plan information in

addition to your own user settings.

Click your username in the top-right corner of the banner menu and then select

Account Management from the dropdown menu for access. Use this page to

review and manage settings related to your actual account with Distil.

ACCOUNT MANAGEMENT


The Distil Portal offers basic user management.

There are two types of users:

• Account-level access

• Domain-level access

Within each user type, you can specify whether or not the user has

administrative access or statistics access. Statistics users may not view

configuration information for any domains.

• Account Admin users can modify all settings within the account.

• Account Statistics users can view all reports within the account.

• Domain Admin users can modify all settings for any included domains.

• Domain Statistics users can view all reports for any included domains.

The User Management table provides a high-level view of all users associated

with your account, including:

• Username/Email

• Account-level or Domain-level Access

• Two-factor Authentication status

User Management

Account Management and User Settings | Account Management | User Management


Account admins are able to select a specific user record from

the table to update that user’s access or remove the user from

your account.

To add a new user to your account:

1) Select Add User.

2) Enter the user’s email address.

3) Set the user’s access level (the choices are entire account or a

specific domain).

4) Set the user role to either Admin, Statistics, or No Access.

NOTE (4): No Access is only available for domain-level access. It blocks the user

from accessing domain information in the portal.

5) Select Add User to create the user. A confirmation email with login

instructions is sent to the user.

Account Management and User Settings | Account Management | User Management

Enable password protection settings to heighten the security level of

passwords associated with your Distil account. This tool is especially

useful when aligning password settings with your organization’s

security policies.

Password Protection


To manage the password protection settings:

1) Toggle Enable Advanced Password Controls to On.

2) Configure additional password settings

a. Password Age: Number of days before a

password is considered expired.

b. Failed Login Attempts Lockout: Number of

failed authentication attempts before a user’s

access is locked.

c. Lockout Period for Failed Login Attempts:

Number of minutes a user’s access remains

locked after too many failed attempts. This is

conditionally enabled when Failed Login

Attempts Lockout is Yes.

d. Password History: Number of previously

used passwords that cannot be reused.

e. Disable Inactive Users: Number of days of

no activity before a user’s access is locked.

3) Select Save Settings.

Account Management and User Settings | Account Management | Password Protection


For system maintenance and emergency outage notifications, it’s critical to

route the correct message to the right person without delay. Here is how to

add and update unique recipients of such notifications.

Once configured, the email messages are sent directly to the group email

alias, or to a specific member of your team who requires the update.

Email Notification Settings

Account Management and User Settings | Account Management | Email Notifications Settings

1) Log in to the Distil Networks Portal

2) Select Account Management from the top banner.



Adding an Email Contact

1) Enter the recipient’s email address.

2) Select the notification type from the dropdown.

Types include:

a. All: Emergency and maintenance notifications.

b. Emergency: Unplanned notifications, including

traffic-impacting events on an inline Distil

Networks appliance, DDoS attacks, or any other

events resulting in global network bypass.

c. Maintenance: Planned notifications, including

monthly platform maintenance that potentially

requires system downtime.

3) Click [+] to add the email contact.

Distil Networks automatically sends a confirmation

email to the contact to verify their information.

NOTE: The contact person will not receive Distil Networks

notifications until that person confirms their email by way of the

provided confirmation link.

The yellow exclamation mark icon denotes an unconfirmed email

address. Click resend confirmation to send another confirmation

message to the contact.


Click your username in the top-right corner of the banner menu and

then select User Settings from the dropdown menu for access.

From this page you can:

• Modify user contact information and password settings.

• Regenerate your Distil authentication token.

• Configure additional two-factor authentication settings.

USER SETTINGS


Removing an Email Contact

1) Click [-] to remove an email contact from your list.

The email contact is no longer associated with your account.

Updating an Email Contact

1) Click [-] to remove the email contact from your list.

2) Re-enter the recipient’s email address.

3) Select the notification type from the dropdown.

4) Click [+] to add the email contact.


Available in the bottom-right corner of every page in the Distil Portal, the

Help button provides quick access to Distil’s support knowledge base.

Additionally, select Contact Us to send a question or support request directly

to Distil’s support team.

Help

https://help.distilnetworks.com/hc/en-us

distil networks portal guide · portalguide distil networks portal guide new distil platform -...

Documents