Contents x
    Sensitive GraphQL Operations
    • 13 Nov 2023
    • Print
    • Dark
      Light
    Contents

    Sensitive GraphQL Operations

    • Updated on 13 Nov 2023
    • Print
    • Dark
      Light
    Article Summary

    This feature provides the same functionality as sensitive routes on GraphQL endpoints.

    Some routes may be more prone to bot attacks than others. For example, routes that execute payments or handle personal information. You can configure these routes as sensitive to ensure a more stringent protection. The Enforcer will make Risk API calls on such sensitive routes, even if the request contains a valid, unexpired cookie.

    TO configure a sensitive GraphQL operation: 

    1. Open the PX_CUSTOM.vcl file.
    2. Add the required GraphQL operation in the px_custom_check_sensitive_graphql_operation custom subroutine, as shown below.

    EXAMPLE

    sub px_custom_check_sensitive_graphql_operation {
if (req.http.x-px-graphql:operation-type ~ "<sensitive_graphql_operation_types>" || req.http.x-px-graphql:operation-name ~ "<sensitive_graphql_operation_names>") {
set req.http.X-PX-sensitive-route = "1";
return;
}
}

    To learn more about custom subroutines, see Customized subroutines.

    TO enable the feature:

    1. Open the PX_CONFIG.vcl file.
    2. Set the px_sensitive_graphql_operations_enabled value to "true" (enabled). The default is "false" (disabled).
    table px_configs {
"px_sensitive_graphql_operations_enabled": "true",
}





    Was this article helpful?
    What's Next