Installing the Enforcer
Installing the Worker Manually
PerimeterX Cloudflare Worker is a unified script designed to be installed on Cloudflare's workers feature.
Bundling the Worker Source Files
If you already have the bundled JavaScript file, skip to the Installing the Cloudflare Worker section.
To bundle the worker source files into a unified javascript file that can be hosted on Cloudflare:
- Open the
custom/pxConfig.json
file in a text editor of your choice. Update the following required properties:
- px_app_id
- px_cookie_secret
- px_auth_token
Note
These parameters are available in the Platform Settings within the PerimeterX portal.
- Run the
npm install
command to install the dependencies. - The PerimeterX Cloudflare Enforcer can be built to conform to Cloudflare's service worker or modules API. Run the command
npm run build:worker
ornpm run build:module
inside of the PerimeterX Cloudflare Worker folder to build the enforcer in the preferred format. - A
dist
folder containing a the required file(s) is created. In the service worker build, only theworkerBundle.js
needs to be uploaded. In the module build, all generated files need to be uploaded.
Installing the Cloudflare Worker
- Open the Cloudflare dashboard of your domain. Click
Workers
>Manage Workers
>Create a Worker
. - Copy the content of the
workerBundle.js
file to the editor in theScript
tab and clickSave and Deploy
.
Note: Cloudflare does not currently support uploading and editing of module workers in on their website. Module workers must be uploaded via Cloudflare's Wrangler CLI. See below on how to to do this.
Configuring the Cloudflare Worker Routes
- Open the Cloudflare dashboard of your domain. Click
Workers
>Add route
- Configure the route and assign the created worker to it. you can configure two kinds of routes:
- The entire site - Define
*.yourdomain.com/*
as the route. - On specific routes - Define each route on which to run the worker.
- Click
Save
. The configuration is saved.
Installing the Worker via Wrangler
Wrangler is a CLI tool designed to build and deploy Cloudflare Workers. It allows you to develop modern ES6 applications with module support and using webpack to build your project. The PerimeterX Cloudflare Worker project is integrated with the Wrangler mechanism. Your project needs some configuration before you can publish your Worker. The configuration values are stored in a wrangler.toml
file. You need to manually edit this file to add these values before you can publish.
In order to deploy the PerimeterX Worker to your Cloudflare account:
- In your Cloudflare environment create a new KV Namespace and name it
PXKV
. - Clone the repository to your local environment.
- Go to
perimeterx-cloudflare-worker/wrangler_templates
and copy the file for whichever format is preferred into the main project directory (i.eperimeterx-cloudflare-worker
) and name itwrangler.toml
. - Edit the file with your account values:
WORKER_NAME - The worker name as it will appear in the Cloudflare dashboard.
ACCOUNT_ID - Cloudflare's account ID.
ZONE_ID - Cloudflare's zone ID.
WORKER_ROUTE - The route (or routes prefix) on the customer's domain to apply the worker on.
NAMESPACE_ID - The namespace id of the one created in step 1. - Run
npm install
andwrangler publish
from the project's main directory. - The worker should be deployed and active on the given route.
Installing CSP Enforcement
Important Notice
The following feature (CSP enforcement) is optional and is intended for Code Defender customers.
The following steps are required in order to enable PerimeterX Cloudflare worker CSP support. You need to create a new cron trigger scheduler and a KV namespace, named PXKV
, and bind it to your worker as follow:
- In your worker dashboard, go to Manage KV namespaces.
- Name the new namespace PXKV and click Add.
- Add binding from your worker to the namespace, go to Manage Workers-> your_worker-> Settings-> KV Namespace Bindings, click Edit variables, and add a record for
- Variable name - PXKV
- KV namespace - PXKV
- Add cron trigger. In the same screen go to Triggers and select Add Cron Trigger
- Enter the cron expression to select the refresh interval for getting CSP policy updates from PerimeterX (recommended 5 minutes - cron expression
*/5 * * * *
)
Updated 6 months ago