Integration Flow

Enforcer SDKs are managed as open source projects. The sources and documentation are posted on GitHub. Please access the relevant framework to begin with the integration.

📘

Note

Before starting the integration you need access to the PerimeterX Portal. See Create your first application for more info.

Dependencies

PerimeterX Enforcer integration starts with a dependencies check and any necessary installations or updates. You need to validate and install any necessary packages and software services before starting PerimeterX Enforcer installation.

Installation

Due to significant differences in framework architectures, installation and configuration process highly depends on the framework you choose. Please proceed with relevant framework documentation to install the PerimeterX Enforcer.

Configuration

The following are the most frequently use settings relevant to all frameworks.

Application ID

(Required)
Upon creating an Application on PerimeterX Portal this ID can be found under Application settings.

Authentication Token

(Required)
You should generate an authentication token under Application settings.

Cookie Encryption Key

(Required)
The cookie encryption key is attached to the Application Policy settings. The Policy from where the Cookie Encryption Key is taken must correspond with the Application from where the Application ID / AppId and PerimeterX Token / Auth Token

Blocking Score [1-100]

Sets the minimum blocking score of a request.

Monitoring/Blocking Mode

In Blocking mode, requests equal and above Blocking Score are blocked. In Monitoring mode requests are fully analyzed but not blocked.

True IP / Real User IP

It is common to have a load balancer/proxy on top of your applications. In this case Enforcer will use the system’s internal IP instead of the real user IP. Using this directive you can define the HTTP Header that contains the real user’s IP.

Sensitive HTTP Headers

The Enforcer sends a full HTTP request, including headers, to the PerimeterX Detector. Using this directive you can exclude sensitive headers from being sent to PerimeterX Detector.

API Timeout

In case that Risk Cookie is not or not yet embedded into the request by the PerimeterX Sensor, Enforcer will send in synchronous mode information to be evaluated by PerimeterX Detector. Using this directive you can set the timeout of such API call. If timeout has been reached, the request will be passed to the Web Server.

Send Page Activities

(Recommended)
When enabled, the Enforcer reports all requests to the PerimeterX Detector. This allows full statistics and valuable information to be displayed in the PerimeterX Portal.

Block/Captcha Page Customization

By default PerimeterX serves default Captcha and Block pages. These pages can be fully customized using the attached CSS files. In addition, you can configure custom Captcha and Block pages and even custom Captcha. For further implementation details please refer to the relevant Enforcer SDK documentation.

Custom Captcha Section

When using the Advanced Blocking Response feature, you must create a custom Captcha section to display the Captcha challenge.


Did this page help you?