Enforcer SDKs are managed as open source projects. The sources and documentation are posted on GitHub. Please access the relevant framework to begin with the integration.
Before starting the integration you need access to the PerimeterX Portal. See Create your first application for more info.
PerimeterX Enforcer integration starts with a dependencies check and any necessary installations or updates. You need to validate and install any necessary packages and software services before starting PerimeterX Enforcer installation.
Due to significant differences in framework architectures, installation and configuration process highly depends on the framework you choose. Please proceed with relevant framework documentation to install the PerimeterX Enforcer.
The following are the most frequently use settings relevant to all frameworks.
Upon creating an Application on PerimeterX Portal this ID can be found under Application settings.
You should generate an authentication token under Application settings.
The cookie encryption key is attached to the Application Policy settings. The Policy from where the Cookie Encryption Key is taken must correspond with the Application from where the Application ID / AppId and PerimeterX Token / Auth Token
Sets the minimum blocking score of a request.
In Blocking mode, requests equal and above Blocking Score are blocked. In Monitoring mode requests are fully analyzed but not blocked.
It is common to have a load balancer/proxy on top of your applications. In this case Enforcer will use the system’s internal IP instead of the real user IP. Using this directive you can define the HTTP Header that contains the real user’s IP.
The Enforcer sends a full HTTP request, including headers, to the PerimeterX Detector. Using this directive you can exclude sensitive headers from being sent to PerimeterX Detector.
In case that Risk Cookie is not or not yet embedded into the request by the PerimeterX Sensor, Enforcer will send in synchronous mode information to be evaluated by PerimeterX Detector. Using this directive you can set the timeout of such API call. If timeout has been reached, the request will be passed to the Web Server.
When enabled, the Enforcer reports all requests to the PerimeterX Detector. This allows full statistics and valuable information to be displayed in the PerimeterX Portal.
By default PerimeterX serves default Captcha and Block pages. These pages can be fully customized using the attached CSS files. In addition, you can configure custom Captcha and Block pages and even custom Captcha. For further implementation details please refer to the relevant Enforcer SDK documentation.
When using the Advanced Blocking Response feature, you must create a custom Captcha section to display the Captcha challenge.
Updated about 1 year ago