Configuration Options

The initial PerimeterX configuration is determined during the installation process. All configurations are set as Property Variables in the Akamai Property Editor.


When possible, the Akamai Property rules reference the Akamai Property variables dynamically; however, there may be cases in which changes to the Akamai Property variables necessitate changes in the Akamai Property rules (e.g., PX_APP_ID, PX_FILTER_BY_EXTENSION). Be sure to double-check the Property rules when making variable changes to ensure they are aligned.

Module Enabled

A boolean flag to enable/disable the PerimeterX Enforcer.

Property Variable Name: PX_MODULE_ENABLED

Default: true

Module Mode

By default, the PerimeterX enforcer’s mode is set to monitor. To activate blocking mode, set the PMUSER_PX_MODULE_MODE property variable to active_blocking.

Property Variable Name: PX_MODULE_MODE

Default from v.1.1.0: monitor
Default up to v.1.0.6: 0

First Party

Indicates whether the enforcer is in first party mode or not. Be sure to complete the steps in the Integrate 1st-Party JS Snippet section to make sure your snippet is set up to serve the JavaScript Sensor via First-Party.

Property Variable Name: PX_FIRST_PARTY_ENABLED

Default: true

S2S Timeout

The number of milliseconds to wait for for the server-to-server call, after which a timeout is triggered and the request will pass.

Property Variable Name: PX_S2S_TIMEOUT

Default: 1000

Sensitive Headers

Comma-separated list of sensitive headers. These headers will be removed from all requests to the PerimeterX backend.

Property Variable Name: PX_SENSITIVE_HEADERS

Default: "cookie, cookies"

Filter by Route

Regex (PCRE) for allowed routes. Requests for these routes will pass without being enforced or monitored.

Property Variable Name: PX_FILTER_BY_ROUTE

Example: "^(./allowed_route/?.)|(./filtered_route/?.)$"

Default: Empty

Filter by User Agent

Regex (PCRE) for filtered user agents. Requests with these user agents will pass without being enforced or monitored.

Property Variable Name: PX_FILTER_BY_USER_AGENT

Example: "^(filtered-ua)|(filtered-user-agent)$"

Default: Empty

Filter by Extension

Comma-separated list of extensions.

Note: Must match those configured in the PXWorkerRule and PXStaticContentWorkerRule in the Akamai Property Manager.

Property Variable Name: PX_FILTER_BY_EXTENSION

Default: ".css,.bmp,.tif,.ttf,.docx,.woff2,.js,.pict,.tiff,.eot,.xlsx,.jpg,.csv,.eps,.woff,.xls,.jpeg,.doc,.ejs,.otf,.pptx,.gif,.pdf,.swf,.svg,.ps,.ico,.pls,.midi,.svgz,.class,.png,.ppt,.mid,webp,.jar,.json,.xml"

Enforced Routes

Regex (PCRE) for routes to enforce even when in monitor mode.

Property Variable Name: PX_ENFORCED_ROUTES

Example: "^(./login/?.)|(./sign/?.)$"

Default: Empty

Monitored Routes

Regex (PCRE) for routes to monitor even when in active blocking mode.

Property Variable Name: PX_MONITORED_ROUTES

Example: "^(./category/?.)|(./product/?.)$"

Default: Empty

Bypass Monitor Header

Header name that will force active blocking flow even when the request should be monitored (either in monitor mode or if the route is monitored).

Property Variable Name: PX_BYPASS_MONITOR_HEADER

Default: Empty

Sensitive Routes

Sensitive routes trigger a server call to PerimeterX servers every time the route is called, regardless of viewing history.

Property Variable Name: PX_SENSITIVE_ROUTES

Example: "^(./login/?.)|(./sign/?.)$"

Default: Empty


URL to a custom CSS file for the block page.

Property Variable Name: PX_CSS_REF

Default: Empty

JS Ref

URL to a custom JS file for the block page.

Property Variable Name: PX_JS_REF

Default: Empty

Custom Logo

Custom logo to display at the top of the block page (max-height = 150px, width = auto).

Property Variable Name: PX_CUSTOM_LOGO

Default: Empty

Custom Cookie Header

Specifies a header name that will contain the PerimeterX Cookie.

Property Variable Name: PX_CUSTOM_COOKIE_HEADER

Default: "cookie"

Custom Parameters

With the px_enrich_custom_parameters function you can add up to 10 custom parameters to be sent back to PerimeterX servers. When set, the function is called before setting the payload on every request to PerimeterX servers. The parameters should be passed according to the correct order (1-10) and their format must align as following: custom_param1, custom_param2, ... , custom_param10. The parameters passed along with the px_enrich_custom_parameters function are originalRequest which is the Akamai request object



This function must be set in the custom/pxCustomFunctionsConfig.js file.

Default: Empty

module.exports = {
    export function px_enrich_custom_parameters(originalRequest: IngressClientRequest): CustomParams {
      let customParams: CustomParams = {
       custom_param1: "hardcoded example",

      customParams.custom_param2 = request.method
      // ...
      return customParams;

Send Request Cookie Names

Specifies the cookie names (not values) that will be reported on activities to the PerimeterX backend. This is due to Akamai's header size limits.

Property Variable Name: PX_SEND_REQ_COOKIE_NAMES (From v1.1.0, If upgrading the enforcer from an earlier version, make sure the variable exists in the Property Manager)
Property Variable Name: PX_COOKIE_WHITELIST (Up to v1.0.6)

Default: "_px2,_pxvid, _ga, dwanonymous_*, sid"


CSS Ref, JS Ref, and Custom Logo

Note that the URLs for PX_CSS_REF, PX_JS_REF, and PX_CUSTOM_LOGO should be no longer than 150 characters combined. This is to ensure that the block responses from the edgeworker (especially on mobile) do not exceed Akamai's 2048 KB limit.

Did this page help you?