Distil Networks Portal Guide

Transcription

1 PORTALGUIDE Distil Networks Portal Guide New Distil Platform - Released September 2017 (w) (e) sales@distilnetworks.com (p)

2 Table of Contents INTRODUCTION SUPPORTED BROWSERS LOGGING IN TO THE DISTIL PORTAL WEB SECURITY OVERVIEW Domains Dashboard Reports - Reports Dropdown - Threat Analysis - Premium Reports Settings - Protect Your Content - Improve Website Performance API SECURITY OVERVIEW Web and Mobile App API Overview Web and Mobile App API URL Management Overview - Adding a Web and Mobile App API URL Web and Mobile App API Settings Overview - Managing Web and Mobile App API Settings - Editing Web and Mobile App API URL Settings by Path - Managing Web and Mobile App API Reports Overview SUBSCRIBER API OVERVIEW API DOMAIN MANAGEMENT Adding a Domain Managing Domains Settings Overview Security Settings Overview - Adding a New Rule Reports Overview - Traffic Classifications

3 UNIVERSAL ACCESS CONTROL LISTS OVERVIEW My ACLs Creating a New ACL - Adding Associated Rules - Adding Associated Paths - Managing Associated Rules - Managing Associated Paths - Deleting ACLs Distil Published ACLs AUDIT LOG ACCOUNT MANAGEMENT & USER SETTINGS Account Management - User Management - Password Protection Settings - Notification Settings User Settings HELP

4 Introduction This guide outlines how to configure, monitor, and tailor your Distil Networks deployment within the Distil Portal, including: Web Security Configure and manage content protection, distribution, access lists, and extensive reports associated with Distil s web security solution. API Security Manage your API domains and configure API endpoint protection settings. Also view detailed, filterable reports associated with Distil s API security solution. This section includes Web & Mobile App API and Subscriber API solutions. Universal Access Control List Configure your own ACLs and utilize Distil-published ACLs to blacklist and whitelist access to your protected web and API domains. Rather than manually tailoring an ACL for each new domain, simply create a universal ACL, configure the access rule(s), and then add the domain(s) to the list. Account Management and User Settings Manage your Distil account. Modify user contact information and password settings, regenerate your Distil authentication token, and configure additional two-factor authentication settings. Audit Log Review actions and updates related to your Distil deployment. This includes actions taken by members of your organization in addition to automated actions taken by Distil. Help Launch Distil s online knowledge base to search help articles, or contact 4

5 Supported Browsers Comprehensive platform testing has been performed to ensure functionality using the following desktop web browsers: Chrome Safari Firefox Internet Explorer Logging in to the Distil Portal Log in and password creation instructions are sent to you in an once you have signed up for a Distil Networks account. 5

6 Web Security Overview Website content and performance is continually threatened by malicious bots finding increasingly complex and sneaky ways to infiltrate or attack it. Bad bots and their attacks assume any number of guises and use a variety of tricks to circumvent even the sturdiest of security checkpoints. Protecting your site from them requires: Extensive tracking of their attempts Learning their methods Adapting your protection tool suite to meet the ongoing challenge they present Located in the Distil Portal, the Web Security area provides all of the necessary tools you ll need to manage your site protection, including: 6

7 Web Security Overview Domain Dashboard Quickly access settings and reports associated with your protected domains. For information on Distil s API Security, jump ahead to the API Security section. Reports Review extensive traffic and threat reports surrounding your domains. Settings Efficiently manage all domain protection aspects, including custom pages, IP whitelisting and blacklisting, country block list, content distribution and more. DOMAINS DASHBOARD Use the Domains Dashboard as a handy way to locate and manage various domains managed within your account, including: 7

8 Web Security Overview Domains Dashboard Account Traffic Overview: View a graphical representation of traffic across all of your managed domains including humans, good bots, bad bots, whitelisted bots, and total requests. This overview is similar to the domain-specific Traffic Overview report. Add Domain: Quickly add and configure a new domain to be protected by Distil. Data Filter: Set a specific traffic date range highlighted on the Domains Dashboard. Domain Table: View domain-specific traffic analyses. Access extensive reports and settings for your protected domains. For more information about adding domains, read our how-to article: Adding Domains and Subdomains. 8

9 Web Security Overview Reports REPORTS The Distil Portal offers detailed reports available for all deployments. They provide extensive traffic overviews for all of your protected domains. Leverage any of them to make calculated decisions and targeted configurations in balancing the protection and performance of your sites. Reports Drop Down Distil is continually adding and powering up reports available through the portal. Access them from the Reports Drop Down located in the top menu bar. They re organized by: Traffic Analysis Review types of incoming traffic and breakdowns of upstream response times and HTTP errors. 9

10 Web Security Overview Reports Repots Drop Down Threat Analysis Drill down to specific threats against your site, including a threat overview and a deeper breakdown of bad bots, organizations, and countries. Premium Reports See additional site activity, including a breakdown of good bots visiting your site, CAPTCHA requests, click and link statistics, and the top paths or URLs targeted by bots. Traffic Analysis The Traffic Analysis reports group provide a visual representation of how actual users, good bots, and bad bots affect your website and how it is handling the traffic. Traffic Overview The Traffic Overview Report shows the total request volume for a selected period, segmented by category. Each request is identified as either a human, a bad bot, a good bot (search engines, such as Google, Bing, and Yahoo!, as well as social media, such as Facebook, LinkedIn, Twitter), or a bad bot you have added to your whitelist. Use the top date range menu to isolate data for a specific period of time. 10

11 Web Security Overview Reports Traffic Analysis Refer to our Help Center for more information on the Traffic Overview report. Toggle the Scale switch to show page requests in a linear or logarithmic format. Upstream HTTP Errors The Upstream HTTP Errors Report details the number of errors (4xx and 5xx) returned to Distil by your origin server. Use this report to correlate events and identify problems at precise moments in time. Refer to our Help Center for more information on the Upstream HTTP Errors report. Upstream error responses either: Return directly from your origin server Indicate no response was received from your origin Indicate an invalid response was received from your origin server 11

12 Web Security Overview Reports Traffic Analysis Data is summarized by week, day, and hour. NOTE: This report is based on UTC time. Threat Analysis The Threat Analysis group of reports reveals how extensive threats are to your site, as well as the various protection mechanisms Distil used to protect your site from them. 12

13 Web Security Overview Reports Traffic Analysis Threat Overview The Threats Overview Report provides basic metrics on: 1) Bad Bot Classifications Refer to our Help Center for more information on the Threats Overview report. 2) Threats by Originating Country 3) Which Distil Threat Responses were triggered You can filter results based on a certain day or month. Bad Bots More than just a list of associated IP addresses, the Bad Bots Report provides a dynamic view of the bad bots targeting your site. It s segmented into a table, listing the name, classification, and total page requests tied to each bot. 13

14 Web Security Overview Reports Threat Analysis Additionally, the Most Frequent Bad Bots by Classification graph provides a quick overview of bad bot activity by classification, while the Most Frequent Bad Bots graph shows bad bot activity broken out by category (e.g., Reporting as Chrome, Reporting as Safari, etc.). Refer to our Help Center for more information on the Bad Bots report. Threats by Organization Another way to view bad bot information is by lumping together Internet service provider (ISP) owners, otherwise known as organizations. 14

15 Web Security Overview Reports Threat Analysis Bots often come from inexpensive hosting environments such as Amazon and WeHostWebSites; they re able to cycle through a variety of IP addresses and spin up/spin down different nodes. Refer to our Help Center for more information on the Threats By Organization report. With this report you re able to click a given ISP and see a list of IPs from which these violators are coming. Malicious Countries The Malicious Countries Report offers an interactive map showing where bad bot threats are coming from. Hover your mouse over any country on the map, or click View Info Table to convert the data to a table view. Refer to our Help Center fo rmore information on the Malicious Countries Report Trap Analysis The Trap Analysis Report displays traps and threat responses by category, triggered by bad bot activity for a selected date range. Refer to our Help Center for more information on the Trap Analysis report. 15

16 Web Security Overview Reports Threat Analysis Click a category to view the associated IPs and the number of violations. This report is useful to see how bad bots are behaving on your website. Premium Reports Premium Reports let you view additional site activity including a breakdown of good bots visiting your site, CAPTCHA requests, click and link statistics, and the top paths or URLs targeted by bots. Click Fraud The Click Fraud Report shows how many bad bot clicks are hitting your website through your pay-per-click (PPC) campaigns. Clearly see human versus bad bot clicks. Review detailed, daily click fraud reports across all your advertising networks. Select a specific agency to view even more detail about activity. This report helps you understand where you should (and maybe shouldn t) invest more resources. Use this data as evidence to get a refund or credit from your PPC provider. 16

17 Web Security Overview Reports Premium Reports Refer to our Help Center for more information on the Click Fraud report. Captcha Requests The CAPTCHA Requests Report displays how often a CAPTCHA was served, solved, failed, or if no attempts were made for a specified date range. This report identifies how much traffic is challenged by a CAPTCHA and which actions were taken on the corresponding form. Refer to our Help Center for more information on the CAPTCHA Requests report. 17

18 Web Security Overview Reports Premium Reports Good Bots The Good Bots Report conveys how good bots are crawling your site across different days. Globally recognized good bots are whitelisted on the Distil platform as those you want crawling your site. Refer to our Help Center for more information on the Good Bots report. These largely include search engine crawlers (Googlebot, Bingbot, Yahoo Slurp, Baidu, Lycos, Yandex, etc.) and social media crawlers (e.g., Facebook, LinkedIn, Twitter, Google+). Targeted Content The Targeted Content Report provides a quick and comprehensive overview of the top URLs being targeted by malicious bots per domain. Refer to our Help Center for more information on the Targeted Content report. 18

19 Web Security Overview Reports Premium Reports With it you can: Understand the nature of your bot problem Perform ROI analysis on each incoming bot threat Configure key protection settings to improve detection and security actions for targeted pages SETTINGS 19

20 Web Security Overview Settings The domain settings area provides a series of simplified options to let you configure highly technical protection settings. Here you can create automated rules and actions that respond to predefined threats and attacks. Protect Your Content The Protect Your Content section organizes various settings used to guard your site resources. Content Protection Settings The domain settings area provides a series of simplified options to let you configure highly technical protection options. Here you can create automated rules and actions that respond to predefined threats and attacks. To access content protection settings for a domain: 1) Log in to the Distil Portal. 2) Select a domain from your Domains dashboard. 3) Click Settings on the banner menu. The Content Protection settings let you change how Distil responds to various threats. Click Edit Default Settings to modify content protection settings for the entire domain. 20

21 Web Security Overview Settings Protect Your Content Alternately, click Edit Settings by Path to modify content protection settings for specific paths. Editing Default Settings By editing a domain s default settings, you can configure automated responses to thwart attacks against your entire site and all of its content. You can also tailor specific settings for individual paths. To access default content protection settings for a domain: 1) Log in to the Distil Portal. 2) Select a domain from your Domains dashboard. 3) Click Settings on the banner menu. 4) Click Edit Default Settings in the Content Protection section. 21

22 Web Security Overview Settings Protect Your Content Content protection settings are organized by tabs, including: Automated Threats Policy Known violators, known violator data centers, identities, aggregator user agents, and automated browsers. JavaScript Injection Configuration JS delay, threshold, location, prefix, and generated encoding. Machine Learning Policy Estimated graph and threshold slider. Rate Limiting Policy Pages per minute, pages per session, and session length. You can activate multiple threat responses for Distil to use in automatically mitigating threats. NOTE: All of these settings default to monitor-only mode for new customers. 22

23 Web Security Overview Settings Protect Your Content Automated Threat Responses Automated threat responses include: Monitor: Identify bots without taking any action. Distil automatically runs our entire detection suite, but does not take action. However, Distil does embed an X-Distil bot header that identifies the type of bot and the different threats that it failed, if applicable. CAPTCHA: Present a CAPTCHA form to verify incoming questionable requests. CAPTCHA forms are less aggressive than a block page but do provide an effective Turing test against malicious bots. Block: Present a form where an end user can submit a request to be unblocked. The Distil support team handles unblock requests, subsequently investigating and unblocking validated requests. Unblock requests are rarely completed by a human user who has been improperly flagged as a bad bot. Instead, they are completed by a bot designed to spam forms. When necessary, Distil unblocks legitimate users. Drop: Serve a drop page to the requester indicating their access to the content has been blocked. The requester is unable to request access or complete additional CAPTCHA forms. 23

24 Web Security Overview Settings Protect Your Content Automated Threats Policy Known Violators Distil maintains a shared access control list (ACL) of prior threats that have already been detected across our network. For example, if we have detected a known violator on another site, your own site is automatically protected from that threat. Known Violator Data Centers (KVDC) Distil also maintains a list of data centers that commonly host malicious requests. Blocking any traffic from such data centers on first request, the list includes both common cloud and managed hosting providers (e.g., Amazon and Rackspace). Distil is continually curating and updating our KVDC list. 24

25 Web Security Overview Settings Protect Your Content Identities Distil verifies the identity of incoming requests. Malicious bots can easily spoof user agents by masquerading as a good bot (e.g., Googlebot). Distil forces twofactor authentication for all good bots, verifying that they re coming from correct user agents. We then confirm that each request maps to one of the IP addresses within the range of the corresponding bot. If it doesn t, the request is flagged as a malicious attempt. Aggregator User Agents Next, Distil checks a homegrown list of known malicious aggregator user agents. These provide zero value to your site and can also crawl certain parts of it in a harsh manner potentially impacting performance and reliability. Unless you require complete and open access to such tools as RSS or Atom feeds, Distil recommends blocking these request types. Automated Browsers This final step examines different automation tools that might be built into the browser, such as Selenium and PhantomJS. Distil catches these types of tools by using stream injections with small JavaScript snippets or embedding honeypot links to see if a bot gets caught in those types of traps. This is all done asynchronously with the page load; your site doesn t experience negative performance issues on account of these actions. 25

26 Web Security Overview Settings Protect Your Content JavaScript Injection Configuration JavaScript (JS) injection lets Distil insert a script into HTML pages served from your website, providing browser hi-def fingerprinting. Important notes about our JS tests: Distil Networks uses first-party cookies on websites. The cookie is only accessible on the website you re currently visiting, much like a login cookie would be. Distil doesn t require cookies to be enabled by the client in order to complete our JS test. Distil doesn t collect any personally identifiable information (PII) in our JS test. This Distil JS code is processed after all other JS execution. 26

27 Web Security Overview Settings Protect Your Content Force Identify When enabled, this requires all users to pass Distil s JavaScript tests on their first page request. We inject a script into HTML pages served from your site, forcing each client to provide browser information. This helps build the hi-def fingerprint associated with each request. JavaScript Delay When enabled, Distil delays the JS injection until after all other page elements load. NOTE: If a client leaves before JS injection occurs, it will not be identified. JavaScript Threshold Set the number of times a client can access your site without identifying itself. DIstil serves the JS validation page to the client if its number of requests surpasses this threshold. NOTE: This setting is only available in the default setting for the domain. You cannot set JS threshold for a specific path. JavaScript Injection Location Set the location where Distil injects the JS script. By default, we inject this script before the '</head>' tag. NOTE: This setting is only available in the default setting for the domain. You cannot set a JS injection location for a specific path. JavaScript Prefix Set a specific prefix for the randomized JS injection. For example, if you enter /ga in the JavaScript Prefix field, the injected string begins with /ga when your Distil-protected site loads JS on a page NOTE: JavaScript Prefix is only available in the default setting for the domain. You cannot set JS prefix for a specific path 27

28 Web Security Overview Settings Protect Your Content Generated Encoding Set how the injected JS name is randomized. Available options: Alphabetic: Uses alphabetic characters to randomize the fetched Distil JavaScript file name. Example: /ga.abcdef.js. Numeric: Uses numerals to randomize the fetched Distil JavaScript file name. Example: /ga js. Static: Uses a static filename for the Distil JavaScript filename. NOTE: Alphabetic and Numeric JS scripts rehash every five minutes. Static JS scripts do not rehash. For example, if you enter /ga in the JavaScript Prefix (shown above) and set Generated Encoding to Numeric, this results in a script formatted as /ga.6587.js. NOTE: This setting is only available in the default setting for the domain. You cannot set generated encoding for a specific path. 28

29 Web Security Overview Settings Protect Your Content Machine Learning Policy Distil s machine learning feature adds yet another layer of protection by using behavioral modeling and pattern recognition to parse out bad users and bots from good traffic. Machine learning settings let you set both the threshold and protective action taken when Distil perceives a threat. The machine learning graph displays a predictive estimate of the number of blocked requests based on your account s machine learning threshold. It shows how users are blocked as you increase or decrease the machine learning scale. 29

30 Web Security Overview Settings Protect Your Content NOTE: The graph shows data for the entire domain and is based on historical data covering the past seven days. Use the Action dropdown list to set the responsive action taken when Distil s machine learning suspects a malicious bot is attempting access. The machine learning scale sets threshold aggressiveness. NOTE: This scale only affects requests identified by machine learning. Distil s primary web security protection identifies malicious bots no matter how aggressive your machine learning is set. 30

31 Web Security Overview Settings Protect Your Content Less Aggressive: Slide the control left to decrease the machine learning threshold. Caution: Doing so potentially lets through bots with human-like behavior. More Aggressive: Slide the control right to increase the machine learning threshold. Caution: Doing so potentially blocks human requests that show bot-like behavior. Rate Limiting Policy The Rate Limiting Policy section lets you configure automated responses that react when a request amount or user behavior is above normal human rates. It comes in handy for blocking either bots or nefarious users who run automated scripts to quickly evaluate links and scrub your site s content. 31

32 Web Security Overview Settings Protect Your Content These rate limits are broken out by: Pages Per Minute: Limits the number of pages visited in one minute. Pages Per Session: Limits the number of pages visited during a single session. Session Length: Limits the amount of time spent on the domain during a single session. Our system automatically machine-learns once you ve onboarded a domain with Distil, creating normal human behavioral models for your site. After we have collected traffic for four to five days, our system makes recommendations as to where you should set rate limiting thresholds. Alternately, you can manually set thresholds to any limit at any time and set an automated action when a rate limit is surpassed. 32

33 Web Security Overview Settings Protect Your Content The rate limit graphs show data for your entire site, rather than a specific domain. Each rate limit type provides a graph showing the number of visitors to your site, your current rate limit setting, and Distil s recommended setting. Use this graph to dial the rate limit setting up or down according to your business needs. NOTE: The graphs shows traffic for the entire domain, rather than a specific path. Editing Path Settings Once you ve configured default settings for your domain(s), tailor specific settings for individual paths. This is especially useful for site pages requiring unique sets of protection policies. To access content protection settings by path: 1) Log in to the Distil Portal. 2) Select a domain from your Domains dashboard. 3) Click Settings on the banner menu. 4) Click Edit Settings by Path in the Content Protection section. 33

34 Web Security Overview Settings Protect Your Content Use the path table to manage your content protection settings, including: Priority: The path priority in relation to other configured paths. Path: The specific path configured for the content protection setting. Match Type: The path match type, either Contains or Pattern. Click Edit Priorities to reorganize the priorities of your paths. 34

35 Web Security Overview Settings Protect Your Content Adding a Path To apply content protection settings to a specific path, you must first add a new path: 1) Click + Add a Path 2) Assign a priority to the path setting. NOTE: This field automatically assigns the highest priority (1) to the path setting. Manually enter a value to lower the priority. 3) Enter the path you are configuring. 35

36 Web Security Overview Settings Protect Your Content 4) Select a Match Type. a. Contains: The content protection setting will apply to any path that contains the string you enter in the Path field (above).ys before a password is considered expired. b. Pattern Match: The content protection setting applies to any path that matches the Lua pattern you enter in the Path field (above). 5) Configure the path content protection settings, where applicable. Path-specific content protection settings are inherited from the default content protection settings and appear as Domain Default [action type] in the dropdown menu. 6) Click Save. 36

37 Web Security Overview Settings Protect Your Content Prioritizing Your Paths Now that you ve created paths, arrange their priority. Paths having a higher priority (closer to 1) take precedence over those having a lower priority. There are three ways to set path priority: Drag and Drop: Hover over a single entry in the path table to enable the row selector. Drag and drop the row up or down. Edit Priorities: Click Edit Priorities on the path table to manually edit the Priority fields. Change the priority of one or multiple paths at a time, and then click Save. Alternately, drag the row selector of a single row to change the path priority. Edit Path: Select a single path from the path table, manually enter a priority number, and then click Save. 37

38 Web Security Overview Settings Protect Your Content Deleting A Path There are two ways to delete a path: Edit Priorities: Click Edit Priorities on the path table to enable the delete (trash) icon. Delete one or multiple paths at a time and then click Save. Edit Path: Select a single path from the path table and then click Delete Path. 38

39 Web Security Overview Settings Custom Pages Custom Pages Distil hosts a number of default pages, but you also have the option to custom-brand those pages with any sort of messaging that you wish to provide. Customize the Block, CAPTCHA, JavaScript validation, Drop, Catch-all, and Error pages that a visiting bot will receive when accessing their website. Review our Creating Custom Pages support article for more information regarding custom pages. The pages exist on the protected website, allowing customers full control over the pages they're serving as a response. 39

40 Web Security Overview Settings Improve Website Performance Improve Website Performance Depending how content is distributed, domain settings let you tweak the overall performance of your website. Content Distribution Content distribution settings let you improve your site s performance by enabling content cache and compression. NOTE: These settings largely pertain to cloud customers. In cloud deployments, Distil acts as a reverse proxy to cache static assets, thereby offloading bandwidth from your origin server. Managing your cache through the Distil portal lets you enable content caching. Here you can also set caches, for both dynamic and static files, to expire within a set number of minutes. Additionally, you can enable the caching of URLs not having an extension, mobile content, and specific file types or extensions (e.g.,.html,.htm,.css,.php). 40

41 Web Security Overview Settings Improve Website Performance Caching static content instructs the Distil nodes to cache and serve JavaScript, CSS, and images from our edge. When enabled, Distil respects the Cache-Control headers you have set for any content which is held in, or served from, cache. As a fallback for content without Cache-Control headers set, you can manually select a TTL setting in the Distil Portal. Caching of dynamic content follows the same rules as static content. In addition to cache enabling, the Distil Portal offers you additional control to select/deselect the resource types to be cached. Content distribution settings also give you the option to: Disable or enable bypass cookies and forced www reroutes Managing multiple domains? Apply your content distribution settings to additional domains in bulk. Enter custom client IP headers Configure proxy upstream timeouts 41

42 API Security Overview Distil s Web Security solution protects your websites content through an evolving mix of detection methods, response actions, and more. Our Bot Defense for API introduces protection that is of equal importance in defending against automated attacks, API abuse, and developer errors. Whether your APIs power a frontend website, partner data access, or a mobile client, Distil automatically protects them and enforces all business rules you ve put in place: Comprehensive Protection- Rest easy knowing your websites, mobile apps, and API servers are protected from bot attacks. Enables a Secure Approach to API-first Development- Reap all the benefits of rich user experiences and continuous product innovation without sacrificing security. Complements API Management Solutions- Deploy as a standalone solution or add advanced bot defense to your existing API management solution or API gateway. 42

43 API Security Overview Verifies Traffic to API Serve- Ensures that only legitimate humans have access to your API server. Verifies Traffic to Mobile App APIs- Ensures that only legitimate humans on real mobile devices have access to your mobile application. Automated API scraping- By way of your API, malicious bots directly pull down online content and data within minutes. Changes the Game- Makes abusing your mobile app APIs cost prohibitive. Forces all but the most heavily resourced and determined adversaries to throw in the towel. Cost Savings- Reduce the volume of API calls, saving infrastructure costs. This section covers both aspects of Distil s Bot Defense for API: Web & Mobile App API Distil protects the API servers that power your dynamic web API and mobile applications. Subscriber API Distil protects the API servers that power your website by verifying a human is using a verified browser to gain access. 43

44 API Security Overview Web & Mobile App API Overview WEB & MOBILE APP API OVERVIEW This section outlines how to configure, monitor, and manage the protection of your web and app APIs within the Distil Portal. For subscriber (token-based) API protection, refer to section II. Subscriber API Overview. The Web & Mobile App API area of the Distil Portal provides all of the necessary tools you ll need to manage your APIs, including: Web & Mobile App API URL Management Add and manage your API URLs API URL Settings Access content protection settings and configure custom pages API Security Settings by Path Tailor security rules to monitor and/or block requests for individual APIs Web & Mobile App API Reports View detailed reports of traffic (and violators) requesting access to your APIs WEB & MOBILE APP API URL MANAGEMENT OVERVIEW Use the API URL dashboard as a handy way to locate and manage various API domains managed within your account, including: API Requests- View a graphical representation of traffic across all of your managed API domains including good requests, bad requests, and total requests. This overview is similar to the Traffic Analysis report. 44

45 API Security Overview Web & Mobile App API URL Management Overview Add API URL- Quickly add and configure a new API URL to be protected by Distil. Data Filter- Set a specific traffic date range highlighted on the API Domains dashboard. 45

46 API Security Overview Web & Mobile App API URL Management Overview API URL Table- Select an API URL to access extensive reports and settings for your protected API URLs. If an API URL has multiple paths, click the number in the Path column to view and access them. 46

47 API Security Overview Web & Mobile App API URL Management Overview Adding a Web & Mobile App API URL Adding a Web & Mobile App API URL 1) Log in to the Distil Portal. 2) Click API Security on the top banner menu, then select Web & Mobile App API. 3) Click Add API URL. 4) Enter the API URL. 47

48 API Security Overview Web & Mobile App API URL Management Overview Adding a Web & Mobile App API URL NOTE: You can only add an API URL that correlates to a registered domain in the Web Security section. For more information on adding a domain in Web Security, refer to our article on Adding Domains. 5) Select an Identity Provider to set the type(s) of traffic allowed to access the API, including: a. All- Allows both web security traffic and mobile SDK traffic types. b. Web Security- Allows only requests having a web security token. Does not allow requests having a mobile SDK token. c. Mobile SDK- Allows only requests having a mobile SDK token. Does not allow requests having a web security token. 6) Click Add API URL. The API URL has now been added to the Domain Management table. You can now add specific API paths, manage settings, and view reports. 48

49 API Security Overview Web & Mobile App API Settings Overview WEB & MOBILE APP API SETTINGS OVERVIEW Web & Mobile App API settings provides a series of simplified options to let you configure highly technical protection. Here you can create automated rules and actions that respond to predefined threats and attacks. To access content protection settings for a web and/or mobile app API domain: 1) Log in to the Distil Portal. 2) Click API Security on the top banner menu, then select Web & Mobile App API. 3) Select a domain from your Web & App API Domains dashboard. 4) Click Settings on the banner menu. 49

50 API Security Overview Web & Mobile App API Settings Overview API URL settings comprise: Content Protection Click Edit Settings by Path to edit settings by specific API URL paths including policies for automated threats, rate limiting, and mobile. Custom Pages Click this link to access the Web Security Custom Pages. Managing Web & Mobile App API Path Settings Tailor specific settings for individual API paths. This is especially useful for APIs requiring unique sets of protection policies. To access content protection settings by path: 1) Log in to the Distil Portal. 50

51 API Security Overview Web & Mobile App API URL Management Overview Managing Web & Mobile App API Path Settings 2) Click API Security on the top banner menu, then select Web & Mobile App API. 3) Select a domain from your Domains dashboard. 4) Click Settings on the banner menu. 5) Click Edit Settings by Path in the Content Protection section. 51

52 API Security Overview Web & Mobile App API URL Management Overview Managing Web & Mobile App API Path Settings Use the path table to manage your content protection settings, including: Priority The path priority in relation to other configured paths. Path The specific path configured for the content protection setting. Match Type The path match type (either Contains or Pattern). 6) (Optional) Click Edit Priorities to reorganize the priorities of your paths. Adding a Web & Mobile App API Path Setting To apply content protection settings to a specific path, you must first add a new path: 1) Log in to the Distil Portal. 52

53 API Security Overview Web & Mobile App API URL Management Overview Adding a Web & Mobile App API Path Setting 2) Click API Security on the top banner menu, then select Web & Mobile App API. 3) Select a domain from your Domains dashboard. 4) Click Settings on the banner menu. 5) Click Edit Settings by Path in the Content Protection section. 53

54 API Security Overview Web & Mobile App API URL Management Overview Adding a Web & Mobile App API Path Setting 6) Click + Add an API URL. 7) Enter the path you are configuring. 8) Select a Match Type. a. Contains The content protection setting applies to any path containing the string entered in the Path field (above). b. Pattern Match The content protection setting applies to any path matching the Lua pattern entered in the Path field (above). 54

55 API Security Overview Web & Mobile App API URL Management Overview Adding a Web & Mobile App API Path Setting 9) Configure the path content protection settings, where applicable. 10) Click Save. Prioritizing Your Paths Once you ve created paths, arrange their priority. Paths having a higher priority (closer to 1) take precedence over those with a lower priority. There are two ways to set path priority: Drag and Drop Hover over a path table entry to enable the row selector. Drag and drop the row up or down to position it. Edit Priorities Click Edit Priorities on the path table to manually edit the Priority fields. Change the priority of one or multiple paths at a time, and then click Save. 55

56 API Security Overview Web & Mobile App API URL Management Overview Adding a Web & Mobile App API Path Setting Deleting a Path There are two ways to delete a path: Edit Priorities Click Edit Priorities on the path table to enable the delete icon. Delete one or multiple paths at a time and then click Save. Edit Path Select a single path from the path table and then click Delete Path. Editing Web & Mobile App API URL Settings by Path By editing a domain s default settings, you can configure automated responses to thwart attacks against your entire site and its content. You can also tailor specific settings for individual paths. 56

57 API Security Overview Web & Mobile App API URL Management Overview Editing Web & Mobile App API URL Settings by Path To access content protection settings for an API path: 1) Log in to the Distil Portal. 2) Click API Security on the top banner menu, then select Web & Mobile App API. 3) Select an API URL from your API URLs dashboard. 4) Click Settings on the banner menu. 5) Click Edit Settings by Path in the Content Protection section. 57

58 API Security Overview Web & Mobile App API URL Management Overview Editing Web & Mobile App API URL Settings by Path Content protection settings are organized by tabs, including: Automated Threats Policy No Distil identifier and known threat detection. Rate Limiting Policy Requests per minute and requests per session. Mobile Policy Bad client and invalid or expired token. NOTE: The Mobile Policy tab is only available for mobile SDK URLs. You can activate multiple threat responses for Distil to use in automatically mitigating threats. NOTE: All of these settings default to monitor-only mode for new customers. Automated Threat Responses Automated threat responses for dynamic web APIs include: Monitor Identify bots without taking any action. Distil automatically runs our entire detection suite, but does not take action. However, Distil does embed an X-Distil bot header that identifies the type of bot and the different threats that it failed, if applicable. Drop Distil serves a drop page to the requester with the associated violation indicating their access to the API has been blocked. 58

59 API Security Overview Web & Mobile App API URL Management Overview Editing Web & Mobile App API URL Settings by Path Automated Threats Policy Automated threat responses for dynamic web APIs include: No Distil Identifier Distil inspects each API request for an identifier denoting how the requested API URL is used. If the associated identifier does not match the API URL s Identifier Provider (configured when adding the API URL), or does not have a Distil identifier, then Distil automatically responds with the configured threat response. For example, an API URL is configured with the Identity Provider of Web Security. If an API request for the URL is made using a mobile app built with the mobile SDK, then the request s Distil identifier is Mobile SDK and Distil responds with the configured automated response. Known Threat Detected Distil maintains a shared access control list (ACL) of prior threats that have already been detected across our network. Known Threats include a mix of known violators, data centers, identities, aggregator user agents, and automated browsers. For example, if we have detected a known violator on another site, your own site is automatically protected from that threat. 59

60 API Security Overview Web & Mobile App API URL Management Overview Editing Web & Mobile App API URL Settings by Path Rate Limiting Policy Requests Per Minute Set the max number (Threshold) of requests per minute and the automated response (Action) Distil takes if a user bypasses the threshold. Requests Per Session Set the max number (Threshold) of requests per session and the automated response (Action) Distil takes if a user bypasses the threshold. NOTE: Requests Per Session is only applicable to web security API URLs. 60

61 API Security Overview Web & Mobile App API URL Management Overview Editing Web & Mobile App API URL Settings by Path Mobile Policy NOTE: The Mobile Policy tab is only available for mobile SDK URLs. Bad Client Set the automated response Distil takes if a request is made using a bad client, such as an emulator, simulator, rooted or jailbroken device, or an automation tool. For example, when you set Bad Client to Drop and a visitor uses an iphone emulator to make a request, Distil detects the simulator as a bad client and serves a drop page to the visitor. Invalid or Expired Token Set the automated response Distil takes if a request is made with an invalid token or an expired token, such as an invalid app signature or an unsupported version of the SDK. 61

62 API Security Overview Web & Mobile App API URL Management Overview Web & Mobile App API Reports Overview Web & Mobile App API Reports Overview Similar to Distil s Web Security reports, API Security reports provide integral information about the traffic and actions protecting your APIs. Traffic Analysis Traffic Analysis lets you view your API requests and take additional action on offending violators. Total Daily Requests provides a graphical representation of all API request traffic for a path and specific date range, including good requests, bad or malicious requests, and the total number of requests. Use the top filter menu to drill down to a specific API path and focus on a given date range. 62

63 API Security Overview Web & Mobile App API URL Management Overview Web & Mobile App API Reports Overview How we protected you shows the automated threats Distil served to violating requests. Top 5 Request Paths with Violations Top 5 Request Paths with Violations shows the paths being hit by malicious requests, including: Request Path The specific API path. Bad Requests The total number of bad requests. 63

64 API Security Overview Web & Mobile App API URL Management Overview Web & Mobile App API Reports Overview Click Show All or select any record from the table to see additional information in the Bot Report. Top 5 IPs with Violations Top 5 IPs with Violations shows the top IPs with malicious requests, including: IP Address The specific IP address. Bad Requests The total number of bad requests. Click Show All or select any record from the table to see additional information in the Bot Report. 64

65 API Security Overview Web & Mobile App API URL Management Overview Web & Mobile App API Reports Overview Top 5 Violations Top 5 Violations shows the top violations for all requests accessing your API domain, including: Violation The specific violation. Bad Requests The total number of bad requests. Click Show All or select any record from the table to see additional information in the Bot Report. 65

66 API Security Overview Web & Mobile App API URL Management Overview Web & Mobile App API Reports Overview Bot Report Accessible via Top 5 Request Paths with Violations, Top 5 IPs with Violations, and the Top 5 Violations, the Bot report provides additional insight into malicious requests attempting to access your APIs. To access the Bot report: 1) Log in to the Distil Portal. 2) Click API Security on the top banner menu, then select Web & Mobile App API. 3) Select an API URL from your API URLs dashboard. 4) Select Show All or a specific record from either Top 5 Request Paths with Violations, Top 5 IPs with Violations, or Top 5 Violations. 66

67 API Security Overview Web & Mobile App API URL Management Overview Web & Mobile App API Reports Overview Using the Bot report, you can filter your API traffic even further by: Path Dropdown Isolate the Bot report to show data for a specific path Date Filter Set a specific traffic date range highlighted on the Bot report Search Search the Bot report for a specific data point NOTE: The value to search depends on the selected Value (below). Value Set the specific value shown by the Bot report and use the Search box (above) to isolate a specific record. Bad Requests Total number of bad requests associated with the record. Bot Details Additional bot details, including a breakdown of How we protected you and daily bad requests. As you drill down into the Bot report data, selected filters appear next to the Date Filter in the top menu. Remove filters by clicking the X icon for any given filter. 67

68 Subscriber API Overview This section outlines how to configure, monitor, and manage the protection of your subscriber, token-based APIs within the Distil Portal. For Web & Mobile App API protection, refer to section III. Web & Mobile App API Overview. The subscriber API area of API Security provides all of the necessary tools you ll need to manage your APIs, including: Domain Management Add and manage your API domains and endpoints using protection settings and security rules Settings Establish basic API domain attributes including session timeout lengths, token placement priority and Distil authentication headers Security Settings Tailor security rules to monitor and/or block requests for individual APIs Reports View detailed reports of traffic (and violators) visiting your site 68

69 API Domain Management The Domain Management tab holds your API protection configurations. The first step in protecting an API is to add the domain(s) associated with it. ADDING A DOMAIN 1) Log in to the Distil Portal. 2) Click API Security on the top banner menu. Within the Domain Management tab: 3) Click Add Domain. 4) Enter the corresponding information in the Domain Name and Origin Server (IP address or CNAME) fields. 69

70 API Domain Management Adding a Domain 5) Click Save Domain. 6) Click Close. 7) Repeat steps 1-6 for each API domain. The domain has now been added to the Domain Management table. MANAGING DOMAINS Use the Domains table to configure additional API settings and security rules. This can be done for a single or multiple domains at one time. Select one or several domains in the Domains table to update settings, configure security rules, or delete them. Use the Search field to help locate a specific domain, or the pagination arrows to scroll through pages. NOTE: Pagination arrows appear once your domain list exceeds 24 domains. 70

71 API Domain Management Settings Overview SETTINGS OVERVIEW Click the Settings icon (highlighted in red, on the previous page) to edit one or more domain configurations. The Domain Configuration Settings page lets you modify API protection general attributes, including: Session Timeout: Set the amount of time (measured in seconds) a user can be inactive for before their session expires. dstlsecure Header: Enter the corresponding header to authenticate requests coming from Distil. Token Settings let you to set token-specific API traits for the API, including: Priority: Raise or lower the priority of the token. Name of Token: Enter the token name the origin server should expect with a request. Token Locations: This setting tells Distil where to check for your custom tokens. HTTP Status Code for Invalid Tokens: Enter the HTTP status code the origin server will issue to indicate a token is invalid. Tokens are flagged as invalid until the Session Timeout passes without traffic. 71

72 API Domain Management Settings Overview In the above example, the server first looks in the header for the distil_token token. If it doesn t find it there, it then looks for the auth_token in the argument, followed by the session_id token in the cookie, and lastly the tracking token in the header. The Gzip Settings section can be configured to allow/deny the ability to zip outgoing content requests and unzip incoming content requests. Additionally, you are able to select specific file types to zip for outgoing requests. The Upstream Settings let you route and proxy traffic for specific API domains through alternate servers that are closer to the actual origin of the request. It s primarily of use for on-premise customers. 72

73 API Domain Management Security Settings Overview SECURITY SETTINGS OVERVIEW API security rules let you manage threat actions specific to individual API paths. Offering high granularity, the degree of protection complexity is up to you. Click the Security Rules icon (highlighted in red, above) to tailor security rules for one or more domains. One option lets you set a trigger action generic to all APIs associated with a single domain. Alternately, you can dial in specific responses to be triggered at different threat levels on an individual path basis. For example: If you re managing 100 APIs, you can set a unique rule for each. Set 30 basic APIs to only monitor traffic, but heighten the security of your 15 most sensitive APIs to block highly active traffic. 73

74 API Domain Management Security Settings Overview There are two types of actions available for your APIs: Monitor: Capture and identify malicious activity without blocking access to your APIs. Block: Prevent access to your APIs. Adding a New Rule By default, all API Security rules are set to allow and monitor all traffic. Distil won t block any requests for any reason. To create a new security rule: 1) Click Add New Rule (highlighted in red, above) on the Domain Security Settings page. 2) Within the Traffic Security Rules section, enter the desired security rule name in the Rule Name field. 3) Enter the Specific Path to Match (actual API URL). 74

75 API Domain Management Security Settings Overview Adding a New Rule Complete the Rate Limiting section to set graduated usage thresholds for normal and abnormal activity. You can also assign specific actions when any user session surpasses those limits. Using graduated API rate limiting, you can set automated multi-tiered actions to heighten the response level when API activity becomes abusive. Examples: Set an initial threshold of Requests Per Minute to Monitor sessions that exceed 5 requests per minute so you can monitor heightened levels of activity, then Block sessions with more than 10 requests per minute. 75

76 API Domain Management Security Settings Overview Adding a New Rule This sets a maximum amount of normal activity while blocking access once the activity becomes abusive. Limit the number of Tokens Per IP. Here, your company might have a pricing system based on the number of API uses or requests in an account. A client might create multiple accounts to avoid having to pay for additional requests. Set the security rule to Block traffic using more than one (1) Token Per IP, thereby blocking attempts to cycle through IPs while accessing your APIs. Click Update Settings to save and apply your settings to the API path. 76

77 API Domain Management Security Settings Overview Adding a New Rule Use the Access Control List to allow/deny all requests by IP Address, Country, Header, Organization or Token. Click Update Settings to save and apply your settings to the API path. REPORTS OVERVIEW Similar to Distil s Web Security reports, API Security reports provide integral, real-time information about the traffic and actions protecting your APIs. Traffic Classifications Traffic Classifications reports your entire account traffic, giving you a rundown of the request types accessing your APIs. NOTE: These requests don t include browser-related information, such as browser type or cookies as seen in the Web Security reports. 77

78 API Domain Management Reports Overview Traffic Classification API traffic can be classified as: Neutral: Requests are passing through without violating any rules. Whitelist: Requests are manually allowed via your Access List. Abusive: Requests are violating rules and/or are manually blocked via your Access List. For more information on using your Access List to block specific organizations, check out our blog post on Dissecting the Dynamic Nature of IP Access Control Lists (ACL). Use the top Filter menu to drill down to a specific domain and focus on a specific date range. Abusive Clients Similar to the Trap Analysis report available in Web Security, Abusive Clients provides a summary of all API request violations caught by Distil. Drill down to each violator to review specific IP addresses targeting your APIs, and then add those malicious IPs to your Access List. This blocks any further attempts against your APIs. Organizations The Organizations report lists all organizations flagged with a violation. Use it to review violating organizations and blacklist them via your Access List. Countries Similar to the Organizations report, the Countries report shows those countries flagged with a violation. Token Distribution Report The Token Distribution report shows API tokens and IPs prone to malicious or abusive requests. Use it to isolate and review hashed tokens and IPs. 78

79 Universal Access Control Lists Overview Use access control lists (ACLs) to blacklist and whitelist access to your protected web and API domains. Rather than manually tailoring an ACL for each new domain, simply create a universal ACL, configure the access rule(s), and then add the domain(s) to the list. For all of your APIs, websites, and web apps, this helps to: Block all attempts by malicious users Allow all attempts by approved users In addition to simply tracking by IP address, the Universal ACL lets you globally blacklist or whitelist by: Organization (Amazon, Rackspace, etc.) Country User agent API token Device ID (Distil-generated) HTTP referrer Once configured, tailor a series of ACLs according to your business needs and practices. For example, create an ACL whitelisting your internal tools via API tokens or IP addresses. Apply it to your API-specific URLs (e.g., api.example.com) to ensure that only authorized users have access. Create another ACL that blacklists problematic ISPs via organizations. Apply it to specific paths in your domain (e.g., to block requests coming from suspect or temporary ISPs. 79

80 Universal Access Control Lists Overview Additionally, use Distil published ACLs to apply Distil-curated and -recommended whitelists and blacklists to your domains. The ACL dashboard presents two tabs: My ACLs: ACLs created by you within the Portal. Distil Published ACLs: ACLs created and curated by Distil (e.g., adding file types to Static Content Whitelist). MY ACLs MY ACLS provides all of the tools you ll need to manage the ACLs you create in the Portal, including: Search ACLs: Search across all of your ACLs for a specific data point, such as an ACL name, rule value, or a note. Actions: Delete a single ACL or multiple ACLs directly within the dashboard. NOTE: You must select one or more ACLs from the table to access the Actions dropdown menu. 80

81 Universal Access Control Lists Overview My ACLs Page Select: Browse through the pages of your ACL or jump to a specific page. NOTE: Pagination begins with 11 ACLs. + Create a New ACL: Open a blank ACL to create associated rules and assign them to associated paths. Click an ACL record to manage and update it, including its: Associated Rules: Protective rules associated with the ACL, including the type, name, access, and notes. Associated Paths: Domains and/or specific URLs for pages, content, and API endpoints. CREATING A NEW ACL To create a new ACL: 1) Log in to the Distil Networks Portal. 2) Click Access Control Lists on the banner menu. 81

82 Universal Access Control Lists Overview Creating a New ACL 3) Click + Create a New ACL. 4) Enter a name for your ACL. 5) Click Save Access Control List. 82

83 Universal Access Control Lists Overview Creating a New ACL The Portal displays a confirmation message. Your newly created ACL now appears in the ACL dashboard. You can now tailor your ACL with associated rules to blacklist and whitelist access. You will apply these rules to associated paths. Adding Associated Rules To add associated rules to an ACL: 1) Select an ACL from the ACL dashboard. 2) Click + Create or Upload Rule(s) on the ASSOCIATED RULES tab. 83

84 Universal Access Control Lists Overview Creating a New ACL Adding Associated Rules 3) Select an option from the Rule Type dropdown menu and then enter a value in the subsequent field. NOTE: The option you select from the Rule Type dropdown creates a corresponding value. For example, choosing IP Address creates an IP Addresses field where you can enter any number of addresses. Choosing Country creates a Country field where you can enter a country code. 4) Set Access Rights, either Whitelist or Blacklist. 5) Select an option from the Expires dropdown menu and then enter a value in the subsequent field. 84

85 Universal Access Control Lists Overview Creating a New ACL Adding Associated Rules NOTE: The option you select from the Expires dropdown creates a corresponding value. For example, choosing Custom (ISO 8601 format) (shown below) creates a Date select YYYY-MM-DD field and a Time (UTC) HH:MM field where you can enter a specific date a time the associated rule will expire. 6) Enter any relevant notes about the associate rule in the Notes field. 85

86 Universal Access Control Lists Overview Creating a New ACL Adding Associated Rules 7) Click Save Rule(s). Alternately, you can add associated rules in bulk. Adding Associated Rules in Bulk You can also set multiple rules at one time by uploading a.csv file: 1) Click + Create or Upload Rule(s) on the Associated Rules tab. 2) Drag and drop your.csv file into the upload box, or click Create to select the.csv from your computer. The Portal displays a confirmation message. 86

87 Universal Access Control Lists Overview Creating a New ACL Adding Associated Rules 3) Click Verify the contents of your CSV before uploading to review the rules before saving. 4) Review the parsed rules. Click Save Rule(s) if they are correct. If incorrect, click Cancel, adjust your.csv file, and then repeat steps 1 4 to re-upload and review your.csv file. Adding Associated Paths You can now assign your ACL to specific paths, including entire domains and API endpoints. To add an associated path: 1) Click Add Path on the Associated Paths tab. 2) Enter a domain in the Domain field. 87

88 Universal Access Control Lists Overview Creating a New ACL Adding Associated Paths 3) If adding a specific path, enter it in the Path field. If adding the entire domain, leave the field blank and select the Include ALL paths checkbox instead. NOTE: Setting an associated rule to an associated path overrides those set for an entire domain. 4) Click Save Path. Managing Associated Rules Use the Associated Rules tab to manage protective rules on an ACL, including: Actions - Select one or multiple rules to edit basic rule settings, including Type, Access Rights, and Note, or to delete the rule(s). 88

89 Universal Access Control Lists Overview Creating a New ACL Managing Associated Rules NOTE: You must select one or more rules from the table to enable the Actions dropdown menu. Search this list - Search for specific associated rule name or note. Page Select - Browse through the pages of your associated rules. Export Rules to.csv Page Select - Select this to downloads all associated rules for the ACL. Use the exported.csv to edit and upload associated rules in bulk. Browse through the pages of your associated rules. 89

90 Universal Access Control Lists Overview Creating a New ACL Managing Associated Rules NOTE: Pagination begins at 11 associated rules. The associated rules table provides an overview of the ACL rules, including: Type - The rule category (e.g. IP, organization, country, header, etc). Name - Name of the associated rule. Access - Whitelist or blacklist. Expires - Date and time the associated rule expires. Updated - Date and time the associated rule was last updated. Notes - Notes as to why the rule was created. 90

91 Universal Access Control Lists Overview Creating a New ACL Managing Associated Paths Managing Associated Paths Use the Associated Paths tab to manage protective rules on an ACL, including: Actions: Delete the path(s). NOTE: You must select one or more paths from the table to enable the Actions dropdown menu.` Search this list - Search for specific associated paths by domain, URL, endpoint, or type (Web or API). 91

92 Universal Access Control Lists Overview Managing ACLs Managing Associated Paths Page Select - Browse through the pages of your associated paths. NOTE: Pagination begins at 11 associated paths. The associated paths table provides an overview of the ACL paths, including: Paths - Domain, URL, or endpoint. NOTE: If the path applies to an entire domain, the path ends in a forward slash (/). Type - The category of the path (either web or API). Deleting ACLs There are two ways to delete ACLs. From the ACL dashboard: 1) Select one or more ACLs from the ACL table. 92

93 Universal Access Control Lists Overview Creating a New ACL Deleting ACLs 2) Click the Actions dropdown and then select Delete. Alternately, you can: 1) Click a single ACL from the ACL dashboard. 2) Click the 'Trash' icon to delete the ACL. DISTIL PUBLISHED ACLs Distil Published ACLs provides all of the tools you ll need to manage the ACLs created and curated by Distil (e.g., adding file types to the Static Content Extensions whitelist). You can choose to apply a Distil published ACL to all of your domains. You can also enable or disable automatic updates at any time. 93

94 Universal Access Control Lists Overview Distil Published ACLs The Distil Published ACLs tab includes: Search ACLs - Search across all of your ACLs (including My ACLs and Distil Published ACLs) for a specific data point, such as an ACL name, rule value, or a note. Page Select - Browse through the pages of Distil Published ACLs or jump to a specific page. NOTE: Pagination begins with 11 ACLs. Name - Name of the ACL. The green checkmark icon denotes that the ACL has automatic updates enabled. Updates Enabled Updates Disabled 94

95 Universal Access Control Lists Overview Distil Published ACLs Click an ACL record to manage and update it, including: ACL Settings - Use this dropdown to manage the ACL. Enable Updates by Distil - Enables automatic updates from the Distilcurated ACL. For example, when Distil adds a new extension to the Static Content Extensions whitelist, it is automatically published to the whitelist associated with your domains. NOTE: We recommend using this setting to keep up-to-date. Disable Updates by Distil - Disables automatic updates from the Distil-curated ACL (e.g., adding file types to the Static Content Extensions whitelist). NOTE: We do not recommend using this setting, as your ACL will not be current with Distil s changes. Apply to all Domains - Applies the ACL to all of your protected domains. Remove from all Domains - Removes the ACL from all of your protected domains. Restore List to Default - Restores the ACL to current defaults. This removes any updates, additions, or deletions you ve made to the ACL. 95

96 Universal Access Control Lists Overview Distil Published ACLs Export - Select this to download all associated rules for the ACL. Use the exported.csv to edit and upload associated rules in bulk. Associated Rules - Protective rules associated with the ACL, including the type, name, access, and notes. Use this tab to create, upload, or manage associated rules. Associated Paths - Domains and/or specific URLs for pages, content, and API endpoints. Use this tab to add or manage associated paths. 96

97 Audit Log Use the Audit Log to review actions and updates related to your Distil deployment. This includes those taken by members of your organization and automated ones taken by Distil. Referring the audit logs is especially useful when troubleshooting issues, as well as in researching updates and changes. You can filter log results to show a specific date range, or search for events by any domain affected by an action or user who took that action. You can also select a record from the log results to view additional event-specific information. 97

98 Account Management & User Settings The Distil Portal gives you the ability to view and manage your account details including your company s contact, reporting, billing, and plan information in addition to your own user settings. ACCOUNT MANAGEMENT Click your username in the top-right corner of the banner menu and then select Account Management from the dropdown menu for access. Use this page to review and manage settings related to your actual account with Distil. 98

99 Account Management and User Settings Account Management User Management User Management The Distil Portal offers basic user management. There are two types of users: Account-level access Domain-level access Within each user type, you can specify whether or not the user has administrative access or statistics access. Statistics users may not view configuration information for any domains. Account Admin users can modify all settings within the account. Account Statistics users can view all reports within the account. Domain Admin users can modify all settings for any included domains. Domain Statistics users can view all reports for any included domains. The User Management table provides a high-level view of all users associated with your account, including: Username/ Account-level or Domain-level Access Two-factor Authentication status 99

100 Account Management and User Settings Account Management User Management Account admins are able to select a specific user record from the table to update that user s access or remove the user from your account. To add a new user to your account: 1) Select Add User. 2) Enter the user s address. 3) Set the user s access level (the choices are entire account or a specific domain). 4) Set the user role to either Admin, Statistics, or No Access. NOTE (4): No Access is only available for domain-level access. It blocks the user from accessing domain information in the portal. 5) Select Add User to create the user. A confirmation with login instructions is sent to the user. Password Protection Enable password protection settings to heighten the security level of passwords associated with your Distil account. This tool is especially useful when aligning password settings with your organization s security policies. 100

101 Account Management and User Settings Account Management Password Protection To manage the password protection settings: 1) Toggle Enable Advanced Password Controls to On. 2) Configure additional password settings a. Password Age: Number of days before a password is considered expired. b. Failed Login Attempts Lockout: Number of failed authentication attempts before a user s access is locked. c. Lockout Period for Failed Login Attempts: Number of minutes a user s access remains locked after too many failed attempts. This is conditionally enabled when Failed Login Attempts Lockout is Yes. d. Password History: Number of previously used passwords that cannot be reused. e. Disable Inactive Users: Number of days of no activity before a user s access is locked. 3) Select Save Settings. 101

102 Account Management and User Settings Account Management Notifications Settings Notification Settings For system maintenance and emergency outage notifications, it s critical to route the correct message to the right person without delay. Here is how to add and update unique recipients of such notifications. Once configured, the messages are sent directly to the group alias, or to a specific member of your team who requires the update. 1) Log in to the Distil Networks Portal 2) Select Account Management from the top banner. 102

103 Account Management and User Settings Account Management Notifications Settings Adding an Contact 1) Enter the recipient s address. 2) Select the notification type from the dropdown. Types include: a. All: Emergency and maintenance notifications. b. Emergency: Unplanned notifications, including traffic-impacting events on an inline Distil Networks appliance, DDoS attacks, or any other events resulting in global network bypass. c. Maintenance: Planned notifications, including monthly platform maintenance that potentially requires system downtime. 3) Click [+] to add the contact. Distil Networks automatically sends a confirmation to the contact to verify their information. NOTE: The contact person will not receive Distil Networks notifications until that person confirms their by way of the provided confirmation link. The yellow exclamation mark icon denotes an unconfirmed address. Click resend confirmation to send another confirmation message to the contact. 103

104 Account Management and User Settings Account Management Notifications Settings Removing an Contact 1) Click [-] to remove an contact from your list. The contact is no longer associated with your account. Updating an Contact 1) Click [-] to remove the contact from your list. 2) Re-enter the recipient s address. 3) Select the notification type from the dropdown. 4) Click [+] to add the contact. USER SETTINGS Click your username in the top-right corner of the banner menu and then select User Settings from the dropdown menu for access. From this page you can: Modify user contact information and password settings. Regenerate your Distil authentication token. Configure additional two-factor authentication settings. 104

105 Help Available in the bottom-right corner of every page in the Distil Portal, the Help button provides quick access to Distil s support knowledge base. Additionally, select Contact Us to send a question or support request directly to Distil s support team. 105