Contents x
    Installation
    • 11 Apr 2024
    • Print
    • Dark
      Light
    Contents

    Installation

    • Updated on 11 Apr 2024
    • Print
    • Dark
      Light
    Article Summary

    1. Install the dependencies:

      apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3
      yum install -y jansson apr apr-util pcre libcurl pcre

    2. Copy libvmod_px.so file to Varnish VMODS directory (this directory depends on Linux distribution: /usr/lib/varnish/vmods/ or /usr/lib64/varnish/vmods/ ).


      In your configuration .vcl file

    3. At the top of the file, add these two lines that will import the Enforcer:
      import px;
      import std;

    4. Add the following lines to the sub vcl_init block to enable the Enforcer and provide the required parameters:

      JavaScript

          new px_module = px.px();
  
    px_module.setconf("px_enabled", "true");

    px_module.setconf("px_appId", "ENTER APP ID HERE");
    px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE");
    px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE");
 
    if (!px_module.setup()) {
        std.syslog(9, "Failed to init PX module");
    }

      • px_enabled - Set to true to enable the Enforcer.

      • px_appId - Enter the HUMAN application ID.
        TO retrieve the ID:
        a. Open the HUMAN Console.
        b. Go to Platform Settings > Applications.
        c. Copy the ID from the Application ID field.

      • px_cookie_secret - Enter a risk cookie key used by the cookie signing page.
        TO generate a risk cookie key:
        a. Open the HUMAN Console.
        b. Go to Product Settings > Security Policy > Policy Information.
        c. Click Generate new.

      • px_auth_token - Enter a JWT authentication token for REST API.
        TO retrieve the authentication token:
        a. Open the HUMAN Console .
        b. Go to Platform Settings > Applications > Tokens > Server Tokens.
        c. Click Copy token.

    5. Add the following section to the existing sub vcl_recv block. This section enables the Enforcer to process requests.

      JavaScript

           if (px_module.is_first_party(req.url)) {
        std.cache_req_body(100KB);
    }

    px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);

    if (px_module.get_result() > 0) {
        return (synth(px_module.get_result()));
    }

    6. Add new block named vcl_synth. This block displays a CAPTCHA, if a request is blocked.

      JavaScript

      sub vcl_synth {
    set resp.status = px_module.get_resp_status();
    px_module.set_resp_headers();

    if (px_module.get_resp_body_len()) {
        synthetic(px_module.get_resp_body());
    }

    return(deliver);
}

    Was this article helpful?
    What's Next