Installing the Enforcer

Installing the Worker Manually

PerimeterX Cloudflare Worker is a unified script designed to be installed on Cloudflare's workers feature.

Bundling the Worker Source Files
If you already have the bundled JavaScript file, skip to the Installing the Cloudflare Worker section.
To bundle the worker source files into a unified javascript file that can be hosted on Cloudflare:

  1. Open the custom/pxConfig.json file in a text editor of your choice. Update the following required properties:
  • px_app_id
  • px_cookie_secret
  • px_auth_token



These parameters are available in the Platform Settings within the PerimeterX portal.

  1. Run the npm install command to install the dependencies.
  2. The PerimeterX Cloudflare Enforcer can be built to conform to Cloudflare's service worker or modules API. Run the command npm run build:worker or npm run build:module inside of the PerimeterX Cloudflare Worker folder to build the enforcer in the preferred format.
  3. A dist folder containing a the required file(s) is created. In the service worker build, only the workerBundle.js needs to be uploaded. In the module build, all generated files need to be uploaded.

Installing the Cloudflare Worker

  1. Open the Cloudflare dashboard of your domain. Click Workers > Manage Workers > Create a Worker.
  2. Copy the content of the workerBundle.js file to the editor in the Script tab and click Save and Deploy.

Note: Cloudflare does not currently support uploading and editing of module workers in on their website. Module workers must be uploaded via Cloudflare's Wrangler CLI. See below on how to to do this.

Configuring the Cloudflare Worker Routes

  1. Open the Cloudflare dashboard of your domain. Click Workers > Add route
  2. Configure the route and assign the created worker to it. you can configure two kinds of routes:
  • The entire site - Define ** as the route.
  • On specific routes - Define each route on which to run the worker.
  1. Click Save. The configuration is saved.

Installing the Worker via Wrangler

Wrangler is a CLI tool designed to build and deploy Cloudflare Workers. It allows you to develop modern ES6 applications with module support and using webpack to build your project. The PerimeterX Cloudflare Worker project is integrated with the Wrangler mechanism. Your project needs some configuration before you can publish your Worker. The configuration values are stored in a wrangler.toml file. You need to manually edit this file to add these values before you can publish.

In order to deploy the PerimeterX Worker to your Cloudflare account:

  1. In your Cloudflare environment create a new KV Namespace and name it PXKV.
  2. Clone the repository to your local environment.
  3. Go to perimeterx-cloudflare-worker/wrangler_templates and copy the file for whichever format is preferred into the main project directory (i.e perimeterx-cloudflare-worker) and name it wrangler.toml.
  4. Edit the file with your account values:
    WORKER_NAME - The worker name as it will appear in the Cloudflare dashboard.
    ACCOUNT_ID - Cloudflare's account ID.
    ZONE_ID - Cloudflare's zone ID.
    WORKER_ROUTE - The route (or routes prefix) on the customer's domain to apply the worker on.
    NAMESPACE_ID - The namespace id of the one created in step 1.
  5. Run npm install and wrangler publish from the project's main directory.
  6. The worker should be deployed and active on the given route.

Installing CSP Enforcement


Important Notice

The following feature (CSP enforcement) is optional and is intended for Code Defender customers.

The following steps are required in order to enable PerimeterX Cloudflare worker CSP support. You need to create a new cron trigger scheduler and a KV namespace, named PXKV, and bind it to your worker as follow:

  1. In your worker dashboard, go to Manage KV namespaces.
  2. Name the new namespace PXKV and click Add.
  3. Add binding from your worker to the namespace, go to Manage Workers-> your_worker-> Settings-> KV Namespace Bindings, click Edit variables, and add a record for
  • Variable name - PXKV
  • KV namespace - PXKV
  1. Add cron trigger. In the same screen go to Triggers and select Add Cron Trigger
  2. Enter the cron expression to select the refresh interval for getting CSP policy updates from PerimeterX (recommended 5 minutes - cron expression */5 * * * *)