LogoLogo
  • Overview
    • Overview
    • Integration Modes
    • Minimum Required Dataset
    • Customer Service Desk
  • Netacea Plugin Information
    • Accessing Your Integration Settings
    • Akamai
      • Akamai Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
        • Proxy Property Configuration
        • EdgeWorker Installation
        • Property Configuration
          • Optional Integration Configuration
    • Cloudflare
      • Cloudflare Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
        • Installation via Wrangler (CLI)
        • Installation via Cloudflare UI
    • CloudFront
      • CloudFront Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
    • Fastly
      • Fastly Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
        • Advanced Configuration
        • Deployment via Terraform
    • Fastly Magento
      • Fastly/Magento Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
        • Advanced Configuration
    • F5
      • F5 Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
    • Vercel
      • Vercel Plugin Logic
      • Monitoring Configuration
      • Installation and Configuration
    • API Direct Integration
      • How to Build a Netacea Plugin
  • Netacea Data Sync
    • Data Sync
    • Recommendations
  • Captcha
    • reCAPTCHA User Journey
    • hCaptcha User Journey
    • Custom reCAPTCHA Page Guide
    • Custom hCaptcha Page Guide
Powered by GitBook

Copyright Netacea 2023

On this page
  • Netacea CloudFront Plugin
  • Request Flow
  1. Netacea Plugin Information

CloudFront

The Netacea CloudFront integration detects bot activity and performs mitigating actions in line with the client blocking strategy.

PreviousInstallation via Cloudflare UINextCloudFront Plugin Logic

Last updated 8 months ago

Netacea CloudFront Plugin

The Netacea Cloudfront integration allows customers that benefit from the power of Amazon CloudFront's CDN, DDoS protection and WAF services to seamlessly integrate Netacea’s advanced capabilities into their estate.

CloudFront can trigger Lambda functions that allow for the execution of lightweight rules on the CloudFront Edge. Netacea’s pre-built Lambda functions utilize Lambda@Edge to perform mitigating actions and stream log data.

Request Flow

When a visitor first hits a site protected by Netacea/CloudFront, the plugin will query the Netacea Protector API service. If the visitor is known to be malicious, the plugin will perform the appropriate mitigation action.

A cookie containing information about the validity of a user is placed on the client’s device for further identification and checked periodically for validity. The plugin will stream log data on the visitor and session to the Netacea Monitor Ingest service where Netacea’s Detection Engine will perform further analysis to confirm if they are a good actor. This action is done asynchronously so adds no latency to the request. If at any point the visitor’s activity becomes malicious the Netacea Protector API service will be updated and the plugin will perform the appropriate mitigation.

The diagram below and supporting notes explains how traffic flows in this implementation (at a high level).

  1. Incoming web requests are routed to the existing CloudFront distribution.

  2. The Netacea Cloudfront plugin will query the Netacea Protector API service to check if the visitor is known to be malicious or safe.

  3. A copy of the web request is sent as log data for analysis using our collective threat intelligence, machine learning and behavioral analysis to determine if the request is safe.

  4. Analysis results are published for the Netacea CloudFront plugin to read and determine what mitigation strategy should be used for this traffic.

  5. If the requests are benign, they are passed to the origin as normal.

  6. If the requests require a mitigation to take place, the appropriate action is taken and served to the client.

bot management
CloudFront Integration Traffic Flow