Installing the Enforcer

Enforcer Installation

Creating the Lambda Function on AWS

  1. In the AWS console, click Services > Compute > Lambda.
  2. Click Create function.
  3. Set the Name field to PXEnforcer, set Runtime to Node.js 12.x, and select an existing role or create a new role.
  4. Click Create function.

Uploading the PerimeterX Lambda Function and Required Configuration

  1. Under Code entry type select Upload a .ZIP file.
  2. Click Upload, navigate to the PXEnforcer.zip file provided to you by PerimeterX, and click Save.
  3. If you haven't already, add the following mandatory parameters to the pxConfig object in the custom/config.js file:
const pxConfig = {
    px_app_id: '<your app ID>',
    px_cookie_secret: '<your cookie key>',
    px_auth_token: '<your auth token>',
    px_first_party_enabled: false,
}

Where:

Parameter

Description

px_app_id

The PerimeterX custom application id in the format of PX__

px_cookie_secret

The key used by the cookie signing page. The cookie key is generated in the PerimeterX portal policy page

px_auth_token

The JWT token for REST API. The Authentication Token is generated in the PerimeterX portal application page

px_first_party_enabled

first-party mode must be set to false

  1. Click Save.
  2. Click Actions and select Publish New Version. Fill in a description for the version and click Publish.

📘

Where Can I Find the App ID, the Cookie Secret, and the Auth Token?

The PerimeterX Application ID / AppId and PerimeterX Token / Auth Token can be found in the Portal, under Platform Settings -> Applications.

PerimeterX Risk Cookie / Cookie Key can be found in the Portal, under Platform Settings -> Policies.

The Policy from where the Risk Cookie / Cookie Key is taken must correspond with the Application from where the Application ID / AppId and PerimeterX Token / Auth Token are taken.

Adding the PerimeterX Lambda Function Trigger

  1. Select CloudFront from the menu on the left side of the screen.
  2. Set CloudFront event to Viewer request.
  3. Ensure the box under Enable trigger and replicate is checked.
  4. Click Add and then Save.

First Party Installation

First party mode enables the module to send/receive data to/from the sensor, acting as a reverse-proxy for client requests and sensor activities. To setup First party mode for the PerimeterX AWS [email protected] Function, follow the steps below.

📘

Please Note

Installing First Party is highly recommended but not mandatory to get the enforcer deployed successfully. The following steps are required only for first party mode configurations where the PXEnforcer Lambda function is triggered on the viewer-request event. If the PXEnforcer Lambda is triggered on the origin-request event or if your setup is in third party mode, the following steps are not required.

Configuring Cloudfront Cache Behavior

  1. In the AWS console Click Services > Networking & Content Delivery > Cloudfront.
  2. Click on your Web Delivery method ID.
  3. Click the Behaviors tab and then Create Behavior.
  4. Set behavior as follows:

Field

Value

Path Pattern

/<PerimeterX app id without the first 2 letters>/* (e.g., if your AppID is PX1234567 the path would be /1234567/*)

Allowed HTTP Methods

GET, HEAD, OPTIONS, PUT, POST, PATCH, DELETE

Cache Based on Selected Request Headers

Whitelist

Whitelist Headers

Add Host and User-Agent to the whitelisted headers list.

Object Caching

Customize

Minimum TTL

0

Maximum TTL

10

Default TTL

5

Forward Cookies

Whitelist

Whitelist Cookies

*_px* and px**

Query String Forwarding and Caching

Forward all, cache based on all

  1. Click Yes, Edit.

Creating the First-Party Lambda Function on AWS

  1. In the AWS console Click Services > Compute > Lambda.
  2. Click Create function.
  3. set the Name field to PXFirstParty, set Runtime to Node.js 12.x, and select an existing role or create a new role.
  4. Click Create function.

Uploading and Configuring the First-Party Lambda Function

  1. Under Code entry type select Upload a .ZIP file.
  2. Click Upload, navigate to the PXFirstParty.zip file provided to you by PerimeterX, and click Save.
  3. If you haven't already, add the px_app_id field to the pxConfig object in the custom/config.js file. (Only the px_app_id is used for this function, so it is not necessary to add your other configurations.)
  4. Click Save.
  5. Click Actions and select Publish new version. Fill in a description for the version and click Publish.

Adding the First-Party Lambda Function Trigger

  1. Select CloudFront from the menu on the left side of the screen.
  2. Set CloudFront event to Origin Request.
  3. Check the Include body checkbox.
  4. Check the Confirm deploy to [email protected] checkbox.
  5. Click Add and then Save.

PXActivities Installation

As part of Credentials Intelligence, the PerimeterX AWS Lambda module can send the additional_s2s activity to PerimeterX on the origin-response event, allowing PerimeterX to analyze data related to the origin response and not just the request. This includes information about the returned HTTP status code and whether an attempted login was successful.

📘

Please Note

The following steps are required only for configurations where credentials intelligence is enabled and the additional_s2s activity should be sent automatically to PerimeterX. If credentials intelligence is not enabled or if the additional_s2s activity will be sent manually, the following steps are not required.

Creating the PXActivities Lambda Function on AWS

  1. In the AWS console Click Services > Compute > Lambda.
  2. Click Create function.
  3. Set the Name field to PXActivities, set Runtime to Node.js 12.x, and select an existing role or create a new role.
  4. Click Create function.

Uploading and Configuring the PXActivities Lambda Function

  1. Under Code entry type select Upload a .ZIP file.
  2. Click Upload, navigate to the PXActivities.zip file provided to you by PerimeterX, and click Save.
  3. If you haven't already, add the px_app_id field to the pxConfig object in the custom/config.js file. (Only the px_app_id is used for this function, so it is not necessary to add your other configurations.)
  4. Click Save.
  5. Click Actions and select Publish new version. Fill in a description for the version and click Publish.

Adding the PXActivities Lambda Function Trigger

  1. Select CloudFront from the menu on the left side of the screen.
  2. Set CloudFront event to Origin Response.
  3. Check the Confirm deploy to [email protected] checkbox.
  4. Click Add and then Save.

Did this page help you?