Classifying Your API Traffic with Distil

By | December 16, 2019

The Traffic Classifications Report shows your
entire account traffic, giving you a rundown of the request types accessing your APIs.
This is the first step in understanding the nature of requests utilizing your APIs, be
it good, bad, or neutral. API traffic can be classified as:
Abusive – Requests are violating rules and/or are manually blocked via your Access List.
Neutral – Requests are passing through without violating any rules.
Whitelist – Requests are manually allowed via your Access List. Keep in mind, these requests are not made
through internet browsers and therefore don’t include browser-related information, such
as browser type or cookies, as seen in the Web Security reports.
The Traffic Classifications report includes: Filter by domain – Search for and show traffic
classification data for a specific domain associated with your account.
Date Filter – Specific date range highlighted by the Traffic Classifications report.
Breakdown of Classifications – Number of requests associated with each classification,
including abusive clients, neutral clients, and whitelist clients.
Daily API Requests – Visual breakdown of the requests to your APIs. Click the Abusive Clients classification to
view the Summary of Violations table, showing a breakdown of all malicious IP addresses
targeting your API, including: Date Filter – Specific date range highlighted
by the Summary of Violations. Violation Filter – Drill down to specific
violation categories, including all types, blacklisted, token management, and rate limiting.
Violation – Violation that triggered with abusive requests.
Category – Violation category associated with the violation.
Total Requests – Total number of requests associated with the violation.
Top 5 Violations by No. of Requests – Graphical breakdown showing the top violations associated
with abusive requests. Top 10 IPs by Abusive Requests – Table view
of most abusive IP addresses targeting your APIs. Having identified a troublesome IP address(es)
from the Traffic Classifications report, you can use Access Controls to blacklist them,
thereby stopping future attempts: Select an IP to open the Access Controls dialog
box. Optionally, select a Domain and Security Setting
Rule to target the settings to a specific domain. Do not make a selection if you wish
to blacklist the IP from all of your protected API domains.
Click Blacklist. Click Select Above to save the settings and
blacklist the IP address from future attempts. For more information on Distil, check out

Leave a Reply

Your email address will not be published. Required fields are marked *