HUMAN Website
Console
Blog
Request a Demo
Contents
x
Getting Started
Account Defender
Bot Defender
Credential Intelligence
Code Defender
Page Defender
Platform
Client-Side Integration
Server-Side Integration
Third Party Integrations
Configuration Options
23 Articles
in this category
Share this
Print
Share
Dark
Light
Contents
Configuration Options
23 Articles
in this category
Share
Dark
Light
GraphQL Support
Our GraphQL support provides the following features to enhance detection for customers who use GraphQL: Sensitive GraphQL operations
Updated on : 29 May 2023
Basic Configuration
Application ID / AppId and HUMAN Token / Auth Token can be found in the Portal, under Applications section. Cookie Encryption Key can be found in the portal, under Policies section. The Policy from where the Cookie Encryption Key is taken must c...
Updated on : 11 May 2023
Customized Subroutines
To complete the configuration of some of the additional features, it is required to modify a customized subroutines that are called as part of the feature flow. All customized subroutines are available in px_custom.vcl file, with instructions for h...
Updated on : 11 May 2023
Additional Activity Handler
The Additional Activity Handler is a callback function passed to the Enforcer. The Enforcer runs this callback after sending the page_requested or block activity to the Collector, and before forwarding the request to the next step in the pipelin...
Updated on : 11 May 2023
Advanced Blocking Response
In special cases, (such as XHR post requests) a full Captcha page render might not be an option. In such cases, using the Advanced Blocking Response returns a JSON object containing all the information needed to render your own Captcha challenge imp...
Updated on : 11 May 2023
Creating and Configuring the Edge-Dictionary
Creating and Configuring the Edge-Dictionary In order to support Code Defender CSP Capability in Fastly Enforcer the following configurations are required: The Fastly Enforcer module should be upgraded to v6.0.0 or higher. Create an edge-dict...
Updated on : 11 May 2023
Custom CSS
Allows you to set a custom CSS on the Block page. The function directs to an URL with the CSS file. Default: empty Example: v8.0.0 and up v7.2.0 and below table px_configs { px_css_ref: 'https://maxcdn.bootstrapcdn.com/bootstrap/3....
Updated on : 11 May 2023
Custom First Party Sensor Endpoint
The default first party endpoint to retrieve the HUMAN sensor is /<app_id_without_PX>/init.js . In certain cases (adblockers, etc.) it may be beneficial to change this endpoint name to a different value. You can do this by configuring a custom endp...
Updated on : 11 May 2023
Custom Logo
Adds a custom logo to the block page that will be shown to users. The configuration directs to an URL with the logo file. Use a .png file with a max height of 150px. Default: empty Example: v8.0.0 and up v7.2.0 and below table px_con...
Updated on : 11 May 2023
Custom JS Script
Allows you to add a custom JS script to the Block page. This script will run after the default JS scripts. Default: empty Example: v8.0.0 and up v7.2.0 and below table px_configs { px_js_ref: 'https://maxcdn.bootstrapcdn.com/bootst...
Updated on : 11 May 2023
Custom Parameters
Custom Parameters The Custom Parameters function allows you to enrich activities sent from your Enforcer with additional data. This may include user ID, session ID, or other parameters that you think HUMAN should have access to. The number ...
Updated on : 11 May 2023
Filter Requests
This set of features allows you to filter out specific requests from the Enforcer verification flow. Defining a filter that is based on one of our several filtering options, will assist you to avoid unnecessary traffic in the HUMAN verification ...
Updated on : 11 May 2023
Data Enrichment
The HUMAN Fastly Enforcer provides a hook function where processing is performed on the data enrichment payload px_custom.vcl contains the custom hook function px_custom_data_enrichment_handler . The function receives the following headers: ...
Updated on : 11 May 2023
First Party
To prevent suspicious or unwanted behavior on the client side, some browsers or extensions (such as an Adblock extension) may deny the frontend JavaScript code from making requests to other domains. This prevents the HUMAN Sensor from making request...
Updated on : 26 May 2023
First Party Snippet
TO deploy the HUMAN First-Party JS Snippet : Generate the First-Party Snippet Go to Applications >> Snippet . Select First-Party . Select Use Default Routes . Click Copy Snippet to generate the JS Snippet. Deploy the First-Party Sni...
Updated on : 11 May 2023
Enforced Routes
You may want certain requests to be enforced by HUMAN, even when the Enforcer is in the Monitor mode. These are enforced routes. Enforced routes will go through the full Enforcer workflow, including blocking requests when necessary. That is, even wh...
Updated on : 16 May 2023
Login Credentials Extraction
Login Credentials Extraction This feature extracts credentials (hashed username and password) from requests and sends them to HUMAN as additional info in the risk api call. If credentials are found to be compromised, the request passed to the or...
Updated on : 11 May 2023
Modify First Party Response
This feature executes on vcl_deliver only for first party requests (Sensor, CAPTCHA, XHR). You can use it to edit response headers, like CORS or other security features. The code in vcl_deliver after px_deliver is still executed even if this featu...
Updated on : 11 Jul 2023
Module Context Object
X-PX-risk-rtt - The time (in ms) it took to make server-to-server call (if one occurred). X-PX-uuid - The unique identifier of the request. X-PX-data-enrichment - The HUMAN data enrichment object see the data enrichment documentation for ...
Updated on : 11 May 2023
Module Enabled
This feature enables/disables the Enforcer. v8.0.0 and up Name: px_module_enabled Values: true - Enabled (default) false - Disabled v7.2.0 and below Name: ENABLE_MODULE Values: 1 - Enabled (default) 0 - Disabled v8.0.0 ...
Updated on : 11 May 2023
Module Mode
This feature sets the working mode of the Enforcer. Monitor mode - Use this mode to fine-tune and test your system. When in the Monitor mode, the Enforcer will pass through requests that would otherwise be blocked. Active Blocking mode - Switch...
Updated on : 22 Aug 2023
Monitored Routes
In some cases, you might want to monitor a specific endpoint, and potentially pass traffic that should be blocked, even when the rest of your application is still in the Active Blocking mode. For example, in case of a change in the site topology...
Updated on : 26 May 2023
Returning A Custom Block Page
It is possible to return a customized block page instead of PX default one. The block page returned by Fastly Enforcer is defined in the subroutine px_custom_create_block_page in px_custom.vcl file. To set your own block page, set the req.ht...
Updated on : 11 May 2023
Sensitive Routes
Some routes may be more prone to bot attacks than others. For example, routes that execute payments or handle personal information. You can configure these routes as sensitive to ensure a more stringent protection. The Enforcer will make Risk API c...
Updated on : 13 Nov 2023
Test Block Flow on Monitoring Mode - Bypass Monitor Header
Allows you to test the Enforcer’s blocking flow while you are still in Monitor Mode. When the px_custom_check_bypass_monitor_header subroutine is implemented and the configured request header ( my-custom-header in the example) has the value set ...
Updated on : 11 May 2023