Sensitive Routes
Some routes may be more prone to bot attacks than others. For example, routes that execute payments or handle personal information. You can configure these routes as sensitive to ensure a more stringent protection. The Enforcer will make Risk API calls on such sensitive routes, even if the request contains a valid, unexpired cookie.
TO define a sensitive route:
- Open the PX_CUSTOM.vcl file.
- Add the required route in the px_custom_check_sensitive_route custom subroutine, as shown below.
EXAMPLE
sub px_custom_check_sensitive_route {
# if (req.url.path ~ {"/login"}) {
# set req.http.X-PX-sensitive-route = "1";
# }
}
To learn more about custom subroutines, see Customized subroutines.
TO enable the feature:
- Open the PX_CONFIG.vcl file.
- Set the px_sensitive_routes_enabled value to "true" (enabled). The default is "false" (disabled).
table px_configs {
"px_sensitive_routes_enabled": "true",
}
Updated 12 days ago