Enrichment

Log Enrichment

Access logs can be enriched with the PerimeterX bot information by enabling the px_variables_enabled property and creating NGINX variables with the proper names. To configure this variable use the NGINX map directive in the HTTP section of your NGINX configuration file. This should be added before additional configuration files are added.

The following variables are enabled:

  • Request UUID: pxuuid
  • Request VID: pxvid
  • Risk Round Trip: pxrtt
  • Risk Score: pxscore
  • Pass Reason: pxpass
  • Block Reason: pxblock
  • Cookie Validity: pxcookiets
  • Risk Call Reason: pxcall
....
http {
  ...
      log_format enriched '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" '
                    '| perimeterx $pxuuid $pxvid '
                    '$pxscore $pxscore $pxrtt $pxblock '
                    '$pxpass $pxcookiets $pxcall';

      access_log /var/log/nginx/access_log enriched;
  ...
}

Data Enrichment

See the Data Enrichment documentation for a full description of how PerimeterX allows you to add enrichment data to each request.

Retrieving Enriched Data From the Enriched Data Cookie (_pxde)

The PerimeterX NGNIX module receives the PXDE value either as a _pxde cookie or as a RiskAPI response.
When PXDE extraction is enabled and the _pxde value is successfully extracted and verified, the module will send the PXDE value to the origin server in a header (as base64 encoded string).

The new NGINX variable $pxde (used as "log enrichment" and accessible by LUA scripts) contains a base64 encoded PXDE value

Configuration options:
px_enable_pxde - enables PXDE cookie extraction.
px_pxde_header_name - sets the name of PXDE header that is sent to the origin server. The header value will contain a base64 encoded PXDE value.


Did this page help you?