General

Support first-party HUMAN calls on a CDN

In some cases, you may handle first-party requests outside of the HUMAN Enforcer. If so, you need to configure three separate reverse proxy routes or rules.

While this document focuses on generic CDN configurations, you can apply these same rules within a load balancer, reverse proxy, web server, or anything that sits in front of the HUMAN Enforcer. Keep in mind that:

  • If required, the proper corresponding cert pinning should be set up on the CDN.
  • You can define specific rules to tell the CDN to expire cached content on their servers, or your origin server can add headers to the content that contains expire information and the CDN can be configured to honor that instead. The cache TTL should be set to 10 minutes or to honor the origin cache header as received from the origin.
  • If caching at the CDN (recommended), the cache key should be set to the incoming host name instead of origin to avoid the HUMAN domain name in the cache key.
1

Sensor Call: Deliver the HUMAN Sensor

Requests to the HUMAN Sensor are sent to different places depending on the Sensor’s mode. To support this request, create a rule that handles incoming requests to the first-party location and that makes an origin call to the third-party location shown below.

https://www.customerdomain/{{app_id_no_px}}/init.js
2

Handle the first-party captcha.js call

This request facilitate HUMAN CAPTCHAs. To support this request, create a rule that handles incoming requests to the first-party location and that makes an origin call to the third-party location shown below.

https://www.customerdomain/{{app_id_no_px}}/captcha/*
3

Handle XHR calls at the CDN

If required, the proper corresponding cert pinning should be set up on the CDN. These calls should not be cached

This request facilitates your feedback to HUMAN. To support this request, create a rule that handles incoming requests to the first-party location and that makes an origin call to the third-party location shown below.

https://www.customerdomain.com/{{app_id_no_px}}/xhr/{{path}}

For example, for a request on the path https://www.customerdomain.com/1234567/xhr/api/v1/collector, the requested rule on CDN should route it to https://collector-px1234567.px-cloud.net/api/v1/collector.