Configuration Properties
Directives
| Directive | Description | Default | Value |
|---|---|---|---|
| app_id | HUMAN application id | NONE | String |
| cookie_secret_key | Cookie hashing secret (salt) | NONE | String |
| auth_token | JWT used to authenticate with px servers | NONE | String |
| enable_module | Sets the module on/off | 1 | int |
| module_mode | Sets the module working mode, 2 - blocking, 1 - sync monitor, 0 - async monitor | 2 - blocking | int |
| whitelisted_routes_class | Name of the class for Allowlist routes, please read additional information | px_<APP_ID>_whitelisted_routes | String |
| specific_routes_class | Name of the class for specific routes, please read additional information | px_APP_ID_specific_routes | String |
| sensitive_routes_class | Name of the class for sensitive routes, please read additional information | px_APP_ID_sensitive_routes | String |
| send_page_activities | Toggles send page requested activity | 0 | int |
| send_block_activities | Toggles send block activities | 1 | int |
| excluded_extensions | Flags which extensions the module will skip | regex String | String |
| risk_vs | Correlates with the virtual server for making risk api calls | px_backend_APP_ID_vip | String |
| risk_timeout | Sets the timeout for api calls (in milliseconds | 2500 | int |
| debug | Toggles debug mode on/off, see troubleshooting for more information | 0 | int |
| ip_header | Custom user header that contains real user ip | NONE | String |
| sensitive_headers | List of sensitive headers not to send in risk api calls | ["cookie"] | list |
| custom_logo | Path to url that contains a logo to be displayed on default block page | NONE | String |
| jf_ref | Path to url that contains a custom js file to inject into the default block page | NONE | String |
| css_ref | Path to url that contains a custom css file to inject into the default block page | NONE | String |
| allowed_domains | A list of domain names on which the enforcer will run on. Run on all if blank | [""] | list |
| enable_module_header_name | The header name that should be used to enable the module (The header's value should be True) | None | String |
| whitelist_ips | A list of ips/CIDRs to allow. If empty all the requests will be processed. | [""] | list |
| bypass_monitor_header | The header name that can be used to bypass monitor mode on blocking activities. | NONE | String |
| enable_advanced_blocking_response | Toggles the use of advanced blocking response | 1 | int |
| custom_cookie_header | A header name which will be used to extract the HUMANÂ cookie from. | NONE | String |
| enable_first_party | Toggles first-party mode on/off. | 1 | int |
Directives containing app_id
Some directives in the configuration may require a specific name which contains the appID of the application taken from the portal.
The name in the configuration must be identical to the name configured in the data group/virtual server/pool.
A mismatch in the name may lead to errors on the module
Updated 12 days ago