Google Callout Enforcer

This guide describes how to install and configure self-hosted HUMAN Callout Enforcer.

General information

HUMAN Callout Enforcer is a service running on client premises, which communicates with the client's Envoy's "ext_proc" (External Processing) filter.
For every request Envoy sends Request Headers to Callout Enforcer and waits for the Status Response. Status Response could be either "pass" or "block and display Captcha page".

Details about HUMAN Callout Enforcer

by default it uses configuration file named pxconf.json, located in /etc folder
by default it listens on 50051 port
perimeterx/px_callout_enforcer:latest docker image contains HUMAN Callout Enforcer application

Configure steps for Envoy and HUMAN Callout Enforcer

Configure Envoy's ext_proc filter Details
Add a new "callout" cluster to Envoy configuration Details
Configure HUMAN Callout Enforcer (pxconf.json file) Details
Pull and run perimeterx/px_callout_enforcer:latest docker image (mount pxconf.json to /etc/pxconf.json file in the container and expose 50051 port) Details

Optional steps

Enable SSL/TLS certificate Details

Testing

Complete example of both Envoy and HUMAN Callout Enforcer configuration and commands could be found here: Complete Example