Wrestling with Akamai

How to bypass Akamai WAF (Kona)

How to bypass Akamai WAF on WWE.com example


Misconfiguration found on de.wwe.com page. I was unable to find direct access for WWE main page (www.wwe.com). . . yet :)


How to find

Check DNS name for de.www.com:

nslookup de.wwe.com
Server: 127.0.1.1
Address: 127.0.1.1#53

Non-authoritative answer:
de.wwe.com canonical name = de.wwe.com.edgekey.net.
de.wwe.com.edgekey.net canonical name = e5739.g.akamaiedge.net.
Name: e5739.g.akamaiedge.net
Address: 23.59.106.148


Traffic to page is redirected to Akamai CDN using DNS.
When you will find original address you will be able to send traffic direct to web server.

Netcraft Hosting history:



144.76.20.74 was last IP before Akamai. Test if using telnet. If server will respond, just add name and IP to host file.


Viewdns history lookup

52.4.235.80 Ashburn - United States Amazon Technologies Inc. 2016-10-17
54.236.192.188 Ashburn - United States Amazon.com, Inc. 2016-09-17
52.4.235.80 Ashburn - United States Amazon Technologies Inc. 2016-09-15
54.236.192.188 Ashburn - United States Amazon.com, Inc. 2016-08-18
52.4.235.80 Ashburn - United States Amazon Technologies Inc. 2016-08-17
54.236.192.188 Ashburn - United States Amazon.com, Inc. 2016-05-27
64.152.0.21 United States Level 3 Communications, Inc. 2015-08-06


Domain IP address
There is also a little bug/feature. You can't redirect main domain name (here wwe.com)

nslookup www.wwe.com
Non-authoritative answer:
www.wwe.com canonical name = www.wwe.com.edgekey.net.
www.wwe.com.edgekey.net canonical name = e5739.g.akamaiedge.net.
Name: e5739.g.akamaiedge.net
Address: 23.59.106.148


nslookup wwe.com
Non-authoritative answer:
Name: wwe.com
Address: 54.236.192.188

So this could be IP where all pages hides


How to protect

Use firewall. Allow access only from Akamai IP range.
Akamai call this Site Shield - beautyfull name for one firewall rule.