- 11 Apr 2024
- Print
- DarkLight
Installation
- Updated on 11 Apr 2024
- Print
- DarkLight
Install the dependencies:
apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3
yum install -y jansson apr apr-util pcre libcurl pcre
Copy
libvmod_px.so
file to Varnish VMODS directory (this directory depends on Linux distribution:/usr/lib/varnish/vmods/
or/usr/lib64/varnish/vmods/
).
In your configuration .vcl fileAt the top of the file, add these two lines that will import the Enforcer:
import px;
import std;
Add the following lines to the
sub vcl_init
block to enable the Enforcer and provide the required parameters:JavaScript
new px_module = px.px(); px_module.setconf("px_enabled", "true"); px_module.setconf("px_appId", "ENTER APP ID HERE"); px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE"); px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE"); if (!px_module.setup()) { std.syslog(9, "Failed to init PX module"); }
px_enabled - Set to
true
to enable the Enforcer.px_appId - Enter the HUMAN application ID.
TO retrieve the ID:
a. Open the HUMAN Console.
b. Go to Platform Settings > Applications.
c. Copy the ID from the Application ID field.px_cookie_secret - Enter a risk cookie key used by the cookie signing page.
TO generate a risk cookie key:
a. Open the HUMAN Console.
b. Go to Product Settings > Security Policy > Policy Information.
c. Click Generate new.px_auth_token - Enter a JWT authentication token for REST API.
TO retrieve the authentication token:
a. Open the HUMAN Console .
b. Go to Platform Settings > Applications > Tokens > Server Tokens.
c. Click Copy token.
Add the following section to the existing
sub vcl_recv
block. This section enables the Enforcer to process requests.JavaScript
if (px_module.is_first_party(req.url)) { std.cache_req_body(100KB); } px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host); if (px_module.get_result() > 0) { return (synth(px_module.get_result())); }
Add new block named
vcl_synth
. This block displays a CAPTCHA, if a request is blocked.JavaScript
sub vcl_synth { set resp.status = px_module.get_resp_status(); px_module.set_resp_headers(); if (px_module.get_resp_body_len()) { synthetic(px_module.get_resp_body()); } return(deliver); }