Optional Configuration

🚧

PII (Personally Identifiable Information) Anonymization

Personally Identifiable Information (PII) is information that can be used on its own or with other information to identify a single person, or to identify an individual in context.

It is important for us to keep personal private information out of our servers. Therefore, by default, we do not send the request body and cookies to PerimeterX backend servers, the entire communication is based on headers data.

PII is not a recommended setting. If PII is essential for your organization, contact PerimeterX Support.

When PII is enabled, PerimeterX does not store a client’s full IP information (Client IP, HTTP Headers). In IPv4 this is done by zeroing 4th IP octet (for example, the IP 1.2.3.4 will be stored as 1.2.3.0). In IPv6 this is done by zeroing the last four (4) octets (for example, the IP 1:2:3:4:1:2:3:4 will be stored as 1:2:3:4:1:2:3:0).
Removing the IP's last octet can result small reduction of detection capability, usually for the models and signatures that are based on IPs.

In addition to the basic installation configuration, the following configurations options are available:

Module Enabled

A boolean flag to enable/disable the PerimeterX Enforcer.

Default: true

config = {
  ...
  module_enabled: False
  ...
}

Module Mode

Sets the working mode of the Enforcer.

Possible values:

  • active_blocking - Blocking Mode
  • monitor - Monitoring Mode

Default: monitor - Monitor Mode

config = {
  ...
  module_mode: 'active_blocking'
  ...
}

Blocking Score

Sets the minimum blocking score of a request.

Possible values:

  • Any integer between 0 and 100.

Default: 100

config = {
  ...
  blocking_score: 100
  ...
}

Send Page Activities

Enable/disable sending activities and metrics to PerimeterX with each request.

Enabling this feature allows data to populate the PerimeterX Portal with valuable information, such as the number of requests blocked and additional API usage statistics.

Default: true

config = {
  ...
  send_page_activities: True
  ...
}

Debug Mode

Enable/disable the debug log messages.

Default: False

config = {
  ...
  debug_mode: True
  ...
}

Sensitive Routes

An array of route prefixes that trigger a server call to PerimeterX servers every time the page is viewed, regardless of viewing history.

Default: Empty

config = {
  ...
  sensitive_routes: ['/login', '/user/checkout']
  ...
}

Allowlist Routes

An array of route prefixes which will bypass enforcement (will never get scored).

Default: Empty

config = {
  ...
  whitelist_routes: ['/about-us', '/careers']
  ...
}

Sensitive Headers

An array of headers that are not sent to PerimeterX servers on API calls.

Default: ['cookie', 'cookies']

config = {
  ...
  sensitive_headers: ['cookie', 'cookies', 'x-sensitive-header']
  ...
}

IP Headers

An array of trusted headers that specify an IP to be extracted.

Default: Empty

config = {
  ...
  ip_headers: ['x-user-real-ip']
  ...
}

First-Party Enabled

Enable/disable First-Party mode.

Default: True

config = {
  ...
  first_party: False
  ...
}

Custom Request Handler

A Python function that adds a custom response handler to the request.

You must declare the function before using it in the config.

The Custom Request Handler is triggered after PerimeterX's verification.
The custom function should handle the response (most likely it will create a new response)

Default: Empty

config = {
  ...
  custom_request_handler: custom_request_handler_function,
  ...
}

Additional Activity Handler

A Python function that allows interaction with the request data collected by PerimeterX before the data is returned to the PerimeterX servers. Does not alter the response.

Default: Empty

config = {
  ...
  additional_activity_handler: additional_activity_handler_function,
  ...
}

PerimeterX Data Enrichment

This is a cookie we make available for our costumers, that can provide extra data about the request

context.pxde
context.pxde_verified

Px Disable Request

This is a property that allows the developer to disable the module for a single request. Its value should be True for disabling, and False for enabling

...
environ['px_disable_request'] = False #The request shall be passed to the enforcer.

or

environ['px_disable_request'] = True #The enforcer shall be disabled for that request.

Test Block Flow on Monitoring Mode

Allows you to test an enforcer’s blocking flow while you are still in Monitor Mode.

When the header name is set(eg. x-px-block) and the value is set to 1, when there is a block response (for example from using a User-Agent header with the value of PhantomJS/1.0) the Monitor Mode is bypassed and full block mode is applied. If one of the conditions is missing you will stay in Monitor Mode. This is done per request.
To stay in Monitor Mode, set the header value to 0.

The Header Name is configurable using the bypass_monitor_header property.

Default: Empty

config = {
  ...
  bypass_monitor_header: 'x-px-block',
  ...
}

Enforced Specific Routes

An array of route prefixes that are always validated by the PerimeterX Worker (as opposed to allowed routes).
When this property is set, any route which is not added - will be allowed.

Default: Empty

config = {
 ...
 enforced_specific_routes: ['/profile']
 ...
};

Did this page help you?