Monitored Routes
In some cases, you might want to monitor a specific endpoint, and potentially pass traffic that should be blocked, even when the rest of your application is still in the Active Blocking mode. For example, in case of a change in the site topology, to prevent a possible false positive.
This feature allows you to configure specific routes that will go through the full Enforcer workflow. However, these routes will behave as if the Enforcer were in the Monitor mode rather than the Active Blocking mode. These routes will not be blocked, but they will generate risk and async activities. Any block activities will always be simulated blocks.
TO define a monitored route:
- Open the PX_CUSTOM.vcl file.
- Add the required route in the px_custom_monitored_routes custom subroutine, as shown below.
EXAMPLE
sub px_custom_monitored_routes {
if (req.url.path ~ {"^/prefix|^/exact/match$"}) {
set req.http.X-PX-monitored-route = "1";
}
}
To learn more about custom subroutines, see Customized Subroutines.
TO enable the feature:
- Open the PX_CONFIG.vcl file.
- Set the px_monitored_routes_enabled value to "true" (enabled). The default is "false" (disabled).
table px_configs {
"px_monitored_routes_enabled": "true",
}
TEST
- Make sure your application is in the Monitor mode.
- Send a request to one of the newly configured enforced routes, using Python 123 as the browser user-agent.
- if you didn't get a CAPTCHA page, the feature is configured correctly.
Updated 12 days ago