Akamai Diversity

The Akamai Blog

What's New in Web Application Protector

Web Application Protector (WAP) is adding some exciting new capabilities in the October 2019 Release.

Akamai designed WAP to provide automated protection for your websites and APIs from DDoS and web application attacks. As such, one of the primary objectives (besides providing best-in-class protections) has always been operational simplicity. We continuously improve our products, working closely with our customers that use them every day. This release introduces a redesigned and improved user interface that makes navigating security protections and settings easier and more intuitive to use. The new look-and-feel also provides easy access to the new and advanced capabilities.

wap one.png

Configuration management

Some organizations want to test their applications on new security configurations before deploying them. WAP now supports functional testing of new security configurations on the Akamai staging network, allowing you to find errors more easily and quickly and minimize the risk of impacting live customers. This translates into higher availability and better quality of service.

Expanded header-logging options

Privacy and compliance are growing concerns in many industries, and extra care must be taken on the types of information that end up in log files and can be shared on a broader basis. WAP's expanded header-logging options give you the control to customize the HTTP headers and cookie information written to your security event logs. You can select from all, none or customer individual information to address your specific privacy and compliance needs.

Security protections

Today's businesses operate in a constantly changing environment with respect to, among other things, applications, customers, and partners. While WAP provides automated protection with a high degree of accuracy, sometimes you have to make exceptions. With the October Release, WAP introduces additional and easy-to-use exception handling capabilities. The IP/GEO firewall now allows you to override IP and Geo blacklists with a network list to permit specific IPs from

wap two.png

You can also fine tune WAF protection by leveraging enhanced exception criteria for attack groups with support for wildcards in the match criteria, and we have expanded the set of headers you can exclude from inspection. This feature further enhances your ability to set exceptions when a false positive blocks a legitimate request.

wap three.png

Finally, WAP introduces the ability to set the Penalty Box to Alert. The Penalty Box has proven to be a highly effective tool to disrupt the web attack kill chain, such as by blocking vulnerability scanning of targeted networks. With Penalty Box set to Alert, you can choose to monitor attacker activity, after they have been detected, while they explore your network, using Web Security Analytics. This can help you learn more about what types of information an attacker is looking for, if they are trying new techniques, and to get more information about who they are. This information can be used to tighten your security settings and mitigate new attacks before they start.

At Akamai, we are constantly working on improving Web Application Protector and updating the built in detection logic to offer you the most accurate and easy to operate WAF on the market.

More information on Web Application Protector can be found here. More in depth descriptions of the new features are covered in this blog.

Stay protected!