Contents x
    Sensitive Routes
    • 13 Nov 2023
    • Print
    • Dark
      Light
    Contents

    Sensitive Routes

    • Updated on 13 Nov 2023
    • Print
    • Dark
      Light
    Article Summary

    Some routes may be more prone to bot attacks than others. For example, routes that execute payments or handle personal information. You can configure these routes as sensitive to ensure a more stringent protection. The Enforcer will make Risk API calls on such sensitive routes, even if the request contains a valid, unexpired cookie.

    TO define a sensitive route:

    1. Open the PX_CUSTOM.vcl file.
    2. Add the required route in the px_custom_check_sensitive_route custom subroutine, as shown below.

    EXAMPLE

    sub px_custom_check_sensitive_route {
#  if (req.url.path ~ {"/login"}) {
#    set req.http.X-PX-sensitive-route = "1";
#  }
}

    To learn more about custom subroutines, see Customized subroutines.

    TO enable the feature:

    1. Open the PX_CONFIG.vcl file.
    2. Set the px_sensitive_routes_enabled value to "true" (enabled). The default is "false" (disabled).
    table px_configs {
  "px_sensitive_routes_enabled": "true",
}



    Was this article helpful?
    What's Next