Example configuration

vcl 4.1;

backend default {
    .host = "neverssl.com";
    .port = "80";
}

import px;
import std;

sub vcl_init {
    # initialize PX Varnish module
    new px_module = px.px();


# ==== PerimeterX Varnish Enforcer Configuration start ===

    # module enabled: "true" or "false"
    px_module.setconf("px_enabled", "true");

    px_module.setconf("px_appId", "== REPLACE ==");
    px_module.setconf("px_cookie_secret", "== REPLACE ==");
    px_module.setconf("px_auth_token", "== REPLACE ==");


    # debug: "true" or "false"
    px_module.setconf("px_debug", "true");

    # blocking mode: "true" or "false"
    px_module.setconf("px_block_enabled", "true");

    px_module.setconf("px_s2s_timeout", 3000);
    px_module.setconf("px_client_timeout", 3000);

    # set multiple array items
    # px_module.setconf("px_whitelist_uri_full", "/a");
    # px_module.setconf("px_whitelist_uri_full", "/b");
    # px_module.setconf("px_whitelist_uri_full", "/c");

# ==== PerimeterX Varnish Enforcer Configuration end ===


    # must be called at the end of configuration setup
    if (!px_module.setup()) {
        std.syslog(9, "Failed to init PX module");
    }
}

sub vcl_recv {

    # if PX FirstParty request - cache body
    if (px_module.is_first_party(req.url)) {
        std.cache_req_body(100KB);
    }

    # let PX module to verify request
    px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);

    # PX module returns OK(0) if the request is not blocked
    if (px_module.get_result() > 0) {
        return (synth(px_module.get_result()));
    }
}


sub vcl_deliver {
    px_module.set_resp_headers();
    return(deliver);
}

# A synthetic object is generated in VCL, not fetched from the backend
# display PX captcha page
sub vcl_synth {
    set resp.status = px_module.get_resp_status();
    px_module.set_resp_headers();

    if (px_module.get_resp_body_len()) {
        synthetic(px_module.get_resp_body());
    }

    return(deliver);
}