Sensitive GraphQL Operations
This feature provides the same functionality as sensitive routes on GraphQL endpoints.
Some routes may be more prone to bot attacks than others. For example, routes that execute payments or handle personal information. You can configure these routes as sensitive to ensure a more stringent protection. The Enforcer will make Risk API calls on such sensitive routes, even if the request contains a valid, unexpired cookie.
TO configure a sensitive GraphQL operation:Â
- Open the PX_CUSTOM.vcl file.
- Add the required GraphQL operation in the px_custom_check_sensitive_graphql_operation custom subroutine, as shown below.
EXAMPLE
sub px_custom_check_sensitive_graphql_operation {
if (req.http.x-px-graphql:operation-type ~ "<sensitive_graphql_operation_types>" || req.http.x-px-graphql:operation-name ~ "<sensitive_graphql_operation_names>") {
set req.http.X-PX-sensitive-route = "1";
return;
}
}
To learn more about custom subroutines, see Customized subroutines.
TO enable the feature:
- Open the PX_CONFIG.vcl file.
- Set the px_sensitive_graphql_operations_enabled value to "true" (enabled). The default is "false" (disabled).
table px_configs {
"px_sensitive_graphql_operations_enabled": "true",
}
Updated 12 days ago