Managing Policies

How to manage PerimeterX policies in Platform Settings section

Introduction

A policy is a set of rules that determine the behavior of PerimeterX’s protection scheme.

By selecting Access Control, Volume Based Rules, JS Sensor Settings, Risk Cookie, and Data Classification Enrichment, different levels and types of site protection can be configured.

You can create and configure policies for different parts of your site if you have more than one application.
You set policy parameters on the Policy tab.

See below an explanation on how to use Regular Expressions in the PerimeterX Console and further information on the different Policy tab sections:

Regular Expressions

Regular expressions are patterns used to match character combinations in strings. In JavaScript, regular expressions are also objects. PerimeterX uses JavaScript regular expressions, eliminating the need to escape all characters, except for 12 characters with special functions in the regex (,, ^, $, ., |, ?, *, +, (, ), [, {)

A regular expression pattern is composed of simple characters, such as abc, or a combination of simple and special characters, such as ab*c (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions)

Important tips for building a safe regex

  • Escaping a special character (,, ^, $, ., |, ?, *, +, (, ), [, {) is necessary when one of the characters is used literally. To escape a special character, use \ before the character. For example, to search for a followed by * followed by b, you'd use a\*b
  • When writing the regex, try to be as explicit as possible. Catastrophic backtracking or exponential time regexes are not recommended, as they are extremely computationally heavy, and impacts effective detection by PerimeterX.
  • Avoid using wildcards characters (or use sparingly), such as * or +,
  • Avoid using nested capturing groups.
  • When writing a regex for a User Agent, we recommend using a very specific User Agent that will not accidentally appear in the attacker’s User Agents.
  • Use the | to separate between User Agents.

For more information on building a regex, see:

Examples of how to build a safe regex

To create a Custom Rule to block traffic from User Agent:

PerimeterX/4.16.1 (iPhone; iOS 13.3; Scale/2.00), Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 OPR/64.0.3417.167

All special characters must be escaped with \:

PerimeterX/4\.16\.1 \(iPhone; iOS 13\.3; Scale/2\.00\), Mozilla/5\.0 \(Windows NT 10\.0; Win64; x64\) AppleWebKit/537\.36 \(KHTML, like Gecko\) Chrome/77\.0\.3865\.120 Safari/537\.36 OPR/64\.0\.3417\.167

To create an Allowlist rule to allow any User Agent containing automation use:

.*automation.*

If you built a regex that you think is safe, and PerimeterX is still not allowing it, contact PerimeterX Support

Access Control

Access Control allows you to customize Allowlist and Denylist rules, and allow and/or deny specific bots, IP addresses and access methods.

Custom Rules

Custom Rules allows you to configure custom Allowlist or Denylist rules. Custom Rules can also be configured with the Custom Rules API

Custom Rules can contain multiple conditions and categories. Only when all of the rules conditions match (using the AND operator) the action (allow/deny/hard block) is executed.

Categories include:

📘

Note

Multiple values can be including for the following categories. The values must be comma-separated:

  • Client IP
  • Client IP Ranges
  • True IPs
  • True IP Ranges
  • HTTP Methods

Category

Description

User Agent

User Agent - written as a regex.

Full UA regex example:
AdoreMe/4\.16\.1 \(iPhone; iOS 13\.3; Scale/2\.00\), Mozilla/5\.0 \(Windows NT 10\.0; Win64; x64\) AppleWebKit/537\.36 \(KHTML, like Gecko\) Chrome/77\.0\.3865\.120 Safari/537\.36 OPR/64\.0\.3417\.167

Partial UA regex example:
.*automation.*

See Regular Expressions for details on regex syntax.

IPs

Also known as "client IP". The reported client IP address, as deducted by special forwarding headers used by proxy services (such as x-forwarded-for). This IP in general is less reliable as it is easily manipulated.

IP Ranges

Client IP addresses included within the specified range

Domain

The domain of the website you want to block

True IPs

The true IP address that connected to the PerimeterX service. This is the IP address on the other side of the socket. This IP is extremely hard to fake. When the client is using some proxy service to access the internet the IP address will be of the forwarding proxy service and not of the actual user.

True IP Ranges

True IP addresses included within the specified range

Path

URL’s path part. Can be set according to one of the following options.

prefix/suffix/exact/contains/regex match

See Regular Expressions for details on regex syntax.

Custom Param

Custom parameter(s) - written as a regex
See Regular Expressions for details on regex syntax.

Header

Exact header name and expected header value(s)

  • The header name should be written in lower-case letters only.
  • The expected header value(s) should be written as a regex.

See Regular Expressions for details on regex syntax.

HTTP Method

The HTTP request method(s) to allow or deny.
Multiple HTTP request methods can be added to a condition, separated by commas

Actions include:

Action

Description

Allow

Allows access in any case

Deny

Blocked and presenting Captcha

Hard Block

Blocking with no Captcha or option for exoneration.
Note: Hard block is currently not supported on Fastly, Citrix and F5 Enforcers

See here for more information.

To add a Custom Rule:

  1. Navigate to Platform Settings > Policy and open the Access Control tab. There are no default custom rules.

  2. Click Add Rule. A new line is added to the Custom Rules list.

  3. Click Description and enter a descriptive name for the new rule. Under Type, click No Action, and select the filter rule: Allowlist or Denylist or No Action.

  4. Click the down-arrow to expand the rule parameters.

  5. Add a new rule. Click +Add AND Condition, select the category from the drop-down list and enter the value(s) for that category.

You can add as many filters to the rule as you want.

  1. Click Add. A new filter is added to the list.

  2. Click Choose Category to select a category, then enter a value for Config Value.

  3. Click Apply Changes at the bottom of the page.

PerimeterX Configurations lists the default Allowlist and Denylist items configured by PerimeterX. You can change these items to suit your website needs.

📘

Note

Please note that Custom Rules apply before Known bots & crawlers and IP classifications. In addition, within your custom rules, higher rules take precedence.

Custom Rules API

The Custom Rules API allows you to configure Allowlist and Denylist rules via API calls.

For more information on configuring Access Control and Custom Rules, see Access Control.

Requests

Requests must be sent over HTTPS using a content type of application/json and include the Authorization header that is used for authentication.

Header

Description

Authorization

Token to provide authentication

Content-Type

Value is always application/json

All requests are made to the base URL of https://console.perimeterx.com/api/v1/custom_rules

Authentication

In order to access the PerimeterX Custom Rules API, you are required to present an authentication token in the HTTP Authorization header.

The following is an example:

Authorization: Bearer <TOKEN>

Authentication tokens can be generated in the PerimeterX Portal (https://console.perimeterx.com/). For more information see Managing Applications .

Endpoints

Create custom rule

Parameters

Parameter

Description

description

rule description

type

["none", "blacklist", "whitelist", "hardblock"]

conditions

list of conditions

Request Schema

{
    "type": "object",
    "properties": {
      "description": {
        "type": "string",
        "minLength": 1,
        "maxLength": 1024
      },
      "type": {
        "enum": ["none", "blacklist", "whitelist", "hardblock"]
      },
      "conditions": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "category": {
              "enum": ["ua", "ips", "ipRanges", "domain", "trueIps", "trueIpRanges", "url", "custom_param1", "custom_param2", "custom_param3", "custom_param4", "custom_param5", "custom_param6", "custom_param7", "custom_param8", "custom_param9", "custom_param10"]
            },
            "value": {
              "type": [
                "string",
                "object"
              ],
              "properties": {
                "option": {
                  "enum": ["prefix", "exact", "suffix", "contains", "regex"]
                },
                "value": {
                  "type": "string"
                }
              },
              "required": [
                "option",
                "value"
              ]
            }
          }
        }
      }
    },
    "required": [
      "description",
      "type",
      "conditions"
    ]
  }

Request Example

curl -X POST
       -H "Authorization: Bearer <JWT>"
       -H "Content-Type: application/json"
       -d '{
        "description": "custom rule description",
        "type": "blacklist",
        "conditions": [{"category":"ips","value":"1.1.1.1"},{"category":"domain","value":{"option":"exact","value":"example.com"}}]
        }'
        "https://console.perimeterx.com/api/v1/custom_rules"

Response Schema

{
    "type": "object",
    "properties": {
      "result": {
        "type": "boolean"
      },
      "content": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string"
          },
          "description": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "conditions": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "category": {
                  "type": "string"
                },
                "value": {
                  "type": [
                    "string",
                    "object"
                  ],
                  "properties": {
                    "option": {
                      "type": "string"
                    },
                    "value": {
                      "type": "string"
                    }
                  },
                  "required": [
                    "option",
                    "value"
                  ]
                }
              }
            }
          }
        },
        "required": [
          "id",
          "description",
          "type",
          "conditions"
        ]
      },
      "message": {
        "type": "string"
      }
    }
  }

Response Example

{
    "result": true,
    "content": {
      "id": "a596bc02-1189-48b1-9cf2-12001495754e",
      "description": "custom rule description",
      "type": "blacklist",
      "conditions": [
        {
          "category": "ips",
          "value": "1.1.1.1"
        },
        {
          "category": "domain",
          "value": {
            "option": "exact",
            "value": "example.com"
          }
        }
      ]
    },
    "message": "success"
  }
Update custom rule by rule id

Parameters

Parameter

Description

rule_id
(query)

Rule ID.
This can be obtained from the Portal Policy section

description

rule description

type

["none", "blacklist", "whitelist", "hardblock"]

conditions

list of conditions

Request Schema

{
    "type": "object",
    "properties": {
      "description": {
        "type": "string",
        "minLength": 1,
        "maxLength": 1024
      },
      "type": {
        "enum": ["none", "blacklist", "whitelist", "hardblock"]
      },
      "conditions": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "category": {
              "enum": ["ua", "ips", "ipRanges", "domain", "socketIps", "socketIpRanges", "url", "custom_param1", "custom_param2", "custom_param3", "custom_param4", "custom_param5", "custom_param6", "custom_param7", "custom_param8", "custom_param9", "custom_param10"]
            },
            "value": {
              "type": [
                "string",
                "object"
              ],
              "properties": {
                "option": {
                  "enum": ["prefix", "exact", "suffix", "contains", "regex"]
                },
                "value": {
                  "type": "string"
                }
              },
              "required": [
                "option",
                "value"
              ]
            }
          }
        }
      }
    },
    "required": [
      "description",
      "type",
      "conditions"
    ]
  }

Request Example

curl -X PUT
      -H "Authorization: Bearer <JWT>"
       -H "Content-Type: application/json"
       -d '{
        "description": "updated custom rule description",
        "type": "blacklist",
        "conditions": [{"category":"ips","value":"1.1.1.1"},{"category":"domain","value":{"option":"exact","value":"example.com"}}]
        }'
        "https://console.perimeterx.com/api/v1/custom_rules/a596bc02-1189-48b1-9cf2-12001495754e"

Response Schema

{
    "type": "object",
    "properties": {
      "result": {
        "type": "boolean"
      },
      "content": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string"
          },
          "description": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "conditions": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "category": {
                  "type": "string"
                },
                "value": {
                  "type": [
                    "string",
                    "object"
                  ],
                  "properties": {
                    "option": {
                      "type": "string"
                    },
                    "value": {
                      "type": "string"
                    }
                  },
                  "required": [
                    "option",
                    "value"
                  ]
                }
              }
            }
          }
        },
        "required": [
          "id",
          "description",
          "type",
          "conditions"
        ]
      },
      "message": {
        "type": "string"
      }
    }
  }

Response Example

{
    "result": true,
    "content": {
      "id": "a596bc02-1189-48b1-9cf2-12001495754e",
      "description": "updated custom rule description",
      "type": "blacklist",
      "conditions": [
        {
          "category": "ips",
          "value": "1.1.1.1"
        },
        {
          "category": "domain",
          "value": {
            "option": "exact",
            "value": "example.com"
          }
        }
      ]
    },
    "message": "success"
  }
Delete custom rule by rule id

Parameters

Parameter

Description

rule_id

Rule ID. It can be obtained from portal policy view

Request Example

curl -X DELETE
       -H "Authorization: Bearer <JWT>"
       -H "Content-Type: application/json"
       "https://console.perimeterx.com/api/v1/custom_rules/a596bc02-1189-48b1-9cf2-12001495754e"

Response Schema

{
    "type": "object",
    "properties": {
      "result": {
        "type": "boolean"
      },
      "content": {
        "type": "string"
      },
      "message": {
        "type": "string"
      }
    }
  }

Response Example

{
    "result": true,
    "content": "success",
    "message": "success"
  }
Get custom rule by rule id

Parameters

Parameter

Description

rule_id

Rule ID. It can be obtained from portal policy view

Request Example

curl -X GET
       -H "Authorization: Bearer <JWT>"
       -H "Content-Type: application/json"
       "https://console.perimeterx.com/api/v1/custom_rules/a596bc02-1189-48b1-9cf2-12001495754e"

Response Schema

{
    "type": "object",
    "properties": {
      "result": {
        "type": "boolean"
      },
      "content": {
        "type": "object",
        "properties": {
          "id": {
            "type": "string"
          },
          "description": {
            "type": "string"
          },
          "type": {
            "type": "string"
          },
          "conditions": {
            "type": "array",
            "items": {
              "type": "object",
              "properties": {
                "category": {
                  "type": "string"
                },
                "value": {
                  "type": [
                    "string",
                    "object"
                  ],
                  "properties": {
                    "option": {
                      "type": "string"
                    },
                    "value": {
                      "type": "string"
                    }
                  },
                  "required": [
                    "option",
                    "value"
                  ]
                }
              }
            }
          }
        },
        "required": [
          "id",
          "description",
          "type",
          "conditions"
        ]
      },
      "message": {
        "type": "string"
      }
    }
  }

Response Example

{
    "result": true,
    "content": {
      "id": "a596bc02-1189-48b1-9cf2-12001495754e",
      "description": "custom rule 1",
      "type": "blacklist",
      "conditions": [
        {
          "category": "ua",
          "value": "PhantomJS"
        },
        {
          "category": "ips",
          "value": "1.1.1.1"
        },
        {
          "category": "domain",
          "value": {
            "option": "exact",
            "value": "example.com"
          }
        },
        {
          "category": "custom_param1",
          "value": "test"
        }
      ]
    },
    "message": "success"
  }
Get all custom rules

Request Example

curl -X GET
       -H "Authorization: Bearer <JWT>"
       -H "Content-Type: application/json"
       "https://console.perimeterx.com/api/v1/custom_rules"

Response Schema

{
    "type": "object",
    "properties": {
      "result": {
        "type": "boolean"
      },
      "content": {
        "type": "array",
        "items": {
          "type": "object",
          "properties": {
            "id": {
              "type": "string"
            },
            "description": {
              "type": "string"
            },
            "type": {
              "type": "string"
            },
            "conditions": {
              "type": "array",
              "items": {
                "type": "object",
                "properties": {
                  "category": {
                    "type": "string"
                  },
                  "value": {
                    "type": [
                      "string",
                      "object"
                    ],
                    "properties": {
                      "option": {
                        "type": "string"
                      },
                      "value": {
                        "type": "string"
                      }
                    },
                    "required": [
                      "option",
                      "value"
                    ]
                  }
                }
              }
            }
          },
          "required": [
            "id",
            "description",
            "type",
            "conditions"
          ]
        }
      },
      "message": {
        "type": "string"
      }
    }
  }

Response Example

{
    "result": true,
    "content": [
      {
        "id": "a596bc02-1189-48b1-9cf2-12001495754e",
        "description": "custom rule 1",
        "type": "blacklist",
        "conditions": [
          {
            "category": "ua",
            "value": "PhantomJS"
          },
          {
            "category": "ips",
            "value": "1.1.1.1"
          },
          {
            "category": "domain",
            "value": {
              "option": "exact",
              "value": "example.com"
            }
          }
        ]
      },
      {
        "id": "46a49376-042d-4ccd-96e4-4f753a6d0930",
        "description": "custom rule 2",
        "type": "none",
        "conditions": [
          {
            "category": "ips",
            "value": "2.2.2.2"
          }
        ]
      }
    ],
    "message": "success"
  }

Error Messages and Codes

The Custom rules API returns error messages in JSON format.

Example

{
    "result": false,
    "content": "Invalid authorization token"
  }

The following table describes the codes which may appear when working with the API.

Status Code

Text

Description

400

Request object not valid

The request structure may be invalid

400

Invalid request

The request structure may be invalid

400

Invalid authorization Token

The Authorization header : Bearer is missing or invalid

400

Custom rule id does not exist

Custom rule id does not exist

400

Custom rule has invalid value

Custom rule id is not a valid UUID

400

Description field value is missing

Description has no value (mandatory field)

400

Type field value is missing

Type has no value (mandatory field)

Authorized Services Rate Limiting Rules

Rate Limiting Authorized (allowed) services allow you to limit the rate that authorized services send requests to your server. Once the limit is reached an HTTP 429 response (request rate limit exceeded) is served.

In the main Access Control section, you must first define which services to authorize, either as a custom rule, or as part of the Known Bots and Crawlers. All authorized services that have been added to the Allowlist are available for rate limiting. (apply your changes after adding an allowed service for the dropdown list in the rule creation process to be updated).

To add a rule:

  1. Navigate to Platform Settings > Policy and open the Access Control tab. There are no default custom rules.
  2. Click Add Rule. A new line is added to the Rate Limiting Rules list.
  3. Select the service you wish to rate limit from the dropdown list (based on name/description or ID).
    If you cannot locate your service, you must save the changes after adding the new service to the custom list or to the PerimeterX configuration and try again.
  4. Select the rate limit of the service and the time window that the service will be limited for (in seconds). You can also apply a specific lifetime duration (unlimited by default). During this time the rule will be enforced, and will be expired after the defined end time.
  5. Click Apply Changes.

📘

Note

You can add multiple rules for the same service name/id for different time windows.

Known Bots & Crawlers

During the tuning process and in PerimeterX's ongoing tuning of the algorithms, bots and crawlers are identified in your application traffic. You are prompted to classify these bots & crawlers both during the initial tuning process and as part of the ongoing tuning process.

The list of known bots & crawlers is maintained by PerimeterX. Of these, some are Allowed or Denied by default. Traffic from known bots & crawlers that are not Allowed or Denied by default is put through to the PerimeterX default detection process. You can select whether to allow or to deny these bots & crawlers, depending on your organization's needs.

Once a week, we will notify you via email in case traffic started coming in from a known bot or crawler which has not yet been classified. Clicking the notification opens the policy's page, and you are directed to take action (Allow or Deny) on the bot. Until action is taken on a known bot or crawler, they will continue to be put through the PerimeterX default detection process.

Known bots & crawlers that generate traffic appear at the top of the Known Bots & Crawlers section. Known bots & crawlers that generate traffic and are not allowed or denied appear in a list above the main Known Bots & Crawlers list with a red dot next to them. These bots & crawlers will remain in this top section until you change policies, or until you refresh the page.

📘

Note

When the traffic detection on an application is below the detection threshold set by PerimeterX, the application’s Volume will be N/A. Once the detection threshold is reached, the application’s Volume is displayed. When no traffic is detected, the Volume is displayed as 0.

Known bots & crawlers that have not been allowed or denied can be classified as follows:

  • Click Allow, using this service to add the specific known bot or crawler to your Allowlist. Changes take effect immediately. (Recommended)

  • Click Block, not using this service to add the specific known bot or crawler to your Denylist. Changes take effect immediately.

  • To revert the selected rule, click Undo. Changes take effect immediately.

Known bots & crawlers that have not generated any traffic can also be classified by selecting which action should be taken from the Action drop-down for the specific bot or crawler.

To include an automation tool service in the Known Bots & Crawlers list, please contact PerimeterX Support, who will determine whether the tool can safely added to the Known Bots & Crawlers list.

Volume Based Rules

Volume Based Rules allow you to define the volume of activity considered questionable by PerimeterX.

The panel is divided into two sub-panels:

Page Views – Intended for regular pages in your web application. Page Views are calculated against a user’s access to full pages, not including individual requests, such as XHRs.

Available Categories:

  • Page Views per Visitor - Defines the threshold for the number of page views from a single visitor.

  • Page Views per Visitor per Tab - Defines the threshold for the number of page views from a single visitor and a single browser tab.

  • Page Views per Client IP - Defines the threshold for the number of page views from a single client IP.

  • Requests per Custom Parameter - Defines the threshold for the number of requests per single custom parameter.

Requests – Intended for any type of request, but specifically useful for APIs. Requests are measured against any individual HTTP request from your application.

Available Categories:

  • Requests per Client IP - Defines the threshold for the number of server requests from a single client IP.

  • Requests per User-Agent per Client IP - Defines the threshold for the number of server requests from a single client (Client IP + User-agent).

Available Actions:

  • Click on any blue text with a dashed underline to edit it in place.

  • Click Add Rule to add another rule. Each rule is evaluated independently of the others.

    1. Choose a category from the dropdown list.
  1. Enter the threshold of page views or requests
  2. Enter the time range for the rule. Volume Based Rules have a time range of 10 seconds to 86400 seconds (1 day).
  3. Click Apply changes to add the new rule.

Website Sections

Website Sections is an additional option for defining a "website section" is available in the request panel. Website sections split your app into parts, allowing you to define different rate-limiting rules for each part.

📘

Note

Each rate-limiting rule is evaluated separately. This makes it possible to have part of the website included in two or more sections. When a request is sent to that part of the website, it will count against all relevant rules simultaneously. The “entire app” section is counted against all requests coming to the app.

  • To add a new section, Click the “+” in the sections column.

  • To edit a section click the pencil icon next to its name.

  • To assign a different section to a rule, click the section name and select a different one.

When adding or editing a section, the pop-up dialog allows you to choose a name and a list of URLs. Separate the URLs with commas or line breaks. Each URL must begin with a forward slash (“/”).

Deleting a section completely removes it, as well as all of the rules referencing that section.

JS Sensor Settings

The JS Sensor Settings section displays the applied version of the PerimeterX Javascript snippet. The JS Sensor will hold the latest available version including improved detection of bot behavior, ongoing infrastructure improvements, performance enhancements, and First-Party support.

Risk Cookie

The Risk Cookie is an HTTP cookie set by PerimeterX on each request of a client session. The information contained in the Risk Cookie can be used to determine what actions should be taken; this includes blocking the session, issuing a challenge page, or changing the application behavior.

📘

Note

The default PerimeterX policy does not apply the Risk Cookie. To use the Risk Cookie, with or without encryption, you must create a new policy other than the default policy provided by PerimeterX.

Configuring the Risk Cookie

To enable the Risk Cookie:

  • Navigate to Platform Settings > Policies and open Enable Risk Cookie.
  • Select Enable Risk Cookie. A set of options is revealed.
  • Select the options you want in each section.
  • Click Apply Changes at the bottom of the page to save the changes and apply them.

Configuration options available when enabling the Risk Cookie:

  • Enable Risk Cookie - Enable the Risk Cookie and generate a cookie key. The cookie key is used by your server to validate the Risk Cookie. When this option is selected, the Risk Cookie is enabled and the remaining cookie configuration options are displayed.
  • Cookie Key - The cookie key is an identifier used by PerimeterX. To generate a new cookie key, click Generate Cookie Key.

📘

Note

If you generate a new cookie key, and are using the old cookie key in your application or infrastructure to perform cookie validation, the incorrect HMAC will be computed for the cookie signature. This can yield undesirable results. Take extra precautions when generating a new cookie key.

  • Injection Method - Select the domain into which the cookie will be injected.
    • Inject cookie into hosting domain - Injects the cookie into the current sub-domain only. For example, for http://users.example.com, the cookie is only injected into the subdomain users.example.com.
    • Inject cookie into parent domain - Injects the cookie into all sub-domains under the parent domain. For example, for http://users.example.com, the cookie is valid for the entire domain xxx.example.com.
  • Score Reporting - Enable/Disable the Hashed Score (or Policy-based binary decision) reporting in the client. For more details on the configuration once enabled see :ref:Advanced_Client_Integration section.
  • Validity - Set the time period during which the validation key and the cookie are valid (in seconds). The default is 600 seconds (10 minutes). When the time period expires, the cookie or validation key are no longer valid and a new one is needed.
  • Signing - Select an encryption algorithm for the cookie key and the Custom Parameters included in the key. These are the same Custom Parameters defined in the Risk Statistics section of the Dashboard.
    Custom Parameters increase the effectiveness of user identification. Custom parameters are defined in Platform Settings > Applications > Custom Parameters.
  • Encryption - Select whether to encrypt the cookie with AES-256-CDC encryption. This encrypts the score and the key within the cookie. When not enabled, the score is visible to attackers but the key is still encrypted. When not encrypted, any tampering with either the score or key will still be detected. It is recommended to enable encryption.
  • Signing Fields - Displays the list of fields used to create the Cookie key.
  • Optional Data - Available options are:
    • Client UUID
    • Visitor ID

To enable the Risk Cookie:

  • Navigate to Platform Settings > Policies and open Enable Risk Cookie.
  • Select Enable Risk Cookie. A set of options is revealed.
  • Select the options you want in each section.
  • Click Apply Changes at the bottom of the page to save the changes and apply them.

Duplicating a Policy

Duplicating a policy makes it easier to create a new policy similar to an existing policy, with minor changes. You can also start with the default policy. While editing the default policy is not allowed, you can duplicate it and edit the clone.

To duplicate a policy:

  1. In the Policies dashboard, select the policy you want to duplicate from the list of available policies on the left hand side of the screen.
  2. Click Duplicate Policy. A new policy is created with the same name as the existing policy + copy.
  3. To use the new policy, navigate to the application that will use the new policy and select the duplicate policy in the Policy list.

Editing a Policy

To edit an existing policy.

  • In the Policies dashboard, click on the policy name.
  • Give the policy a relevant name, and click outside the box to save the name. The name is changed in the policy title and in the policy list to the left.
  • Update any applications that use that policy.

Did this page help you?