Install the Cloudflare Enforcer
If your organization uses Cloudflare, you can use HUMAN's Cloudflare Enforcer to protect against malicious behavior. The Cloudflare Enforcer is installed using a Cloudflare Worker, or a snippet of code, and is deployed to your content delivery network (CDN). The Enforcer dictates how traffic should be handled per your organization's standards.
You can learn how to install the Cloudflare Enforcer with this article.
Warning
This process only works if you do not have an existing Enforcer integrated with your application. If you do, see our article on manual installation.
Prerequisites
- A Cloudflare account with permissions to create API tokens
- Depending on your preferred deployment method, the following tools:
- Docker method:
- Docker. See how to install Docker with their documentation.
- Script method:
- Node.js 18.x or later and npm 10.x or later. See how to install both with npm’s documentation.
- Git CLI. You can download it directly from Git.
- GNU Wget. See how to install with their documentation.
- Docker method:
- Your unique HUMAN information:
- Your Application ID. You can find this under Platform Settings > Applications > Overview in the HUMAN console. If you have multiple environments, you will also have multiple Application IDs, so be sure to choose the correct ID for the environment you want to install on.
- Your Server Token. You can find this under Platform Settings > Applications, then selecting an application and navigating to Application settings > Server token.
- Your Risk Cookie Key. You can find this under Bot Defender > Policies > Policy Settings > Policy Information.
- Other HUMAN information provided by your Solutions Engineer:
- Your logger authentication token.
- Your remote configuration authentication token.
- Your remote configuration ID.
- An Enforcer configuration file,
enforcerConfig.json. Be sure to save it in a directory you’ll remember (like/deploy).
Create a Cloudflare API token
- Log in to your Cloudflare account.
- Navigate to My Profile > API Tokens > Create Token.
- Under Create custom token, click Get started.
- Enter a name for your token. Then, fill out the remaining fields according to the following:
Permissions
| Permissions group | Resources | Access |
|---|---|---|
| Account | Workers KV Storage | Edit |
| Account | Workers Scripts | Edit |
| Account | Accounts Settings | Read |
| Account | Access: Apps and Policies | Read |
| Zone | Workers Routes | Edit |
Account Resources
| Inclusion | Accounts |
|---|---|
| Include | All accounts (you may restrict access to the accounts you are deploying the Enforcer on) |
Zone Resources
| Inclusion | Zones |
|---|---|
| Include | All zones (you may restrict access to the zones you are deploying the Enforcer on) |
- Click Continue to summary.
- Click Create token.
- Copy and save the token in a secure location.
Warning
This will be the only time you’ll see your token, so be sure to save it before closing the page!
Update the configuration file
- Update the Enforcer configuration file,
enforcerConfig.json, with your unique HUMAN information if it hasn’t been already.
{
"px_app_id": "<APP_ID>",
"px_auth_token": "<AUTH_TOKEN>",
"px_cookie_secret": "<COOKIE_SECRET>",
"px_logger_auth_token": "<LOGGER_AUTH_TOKEN>",
"px_remote_config_auth_token": "<REMOTE_CONFIG_AUTH_TOKEN>",
"px_remote_config_id": "<REMOTE_CONFIG_ID>"
}
- Save your file and continue with your preferred method to run the Deploy Tool.
- Docker method
- Script method
Run the Deploy Tool
Docker method
Note for Windows users
Windows users also need to complete additional setup for Docker:
- In your Windows search bar, search for and open “Turn Windows features on or off”.
- Find the Windows Hypervisor Platform feature and enable it.
- Click OK to save your changes.
- Open Windows PowerShell as an Administrator.
- Copy and paste in
C:\Windows\System32\wsl.exe --update --web-download, then hit Enter.
- Pull the Docker Image by running:
docker pull us-docker.pkg.dev/hmn-registry/docker-public/cdn-enforcer-deploy-tool
- Navigate to the directory where you created
enforcerConfig.json. Based on our example from above, this would be the/deploydirectory. - Run the deploy tool with the following:
docker run --rm -v $PWD:/app/local -it us-docker.pkg.dev/hmn-registry/docker-public/cdn-enforcer-deploy-tool
Script method
- Navigate to the directory where you created
enforcerConfig.json. Based on our example from above, this would be the/deploydirectory. - Pull the HUMAN Deploy Tool zip from Google Artifact Registry using:
wget https://artifactregistry.googleapis.com/v1/projects/hmn-registry/locations/us/repositories/enforcers-public/files/cdn-enforcer-deploy-tool_win:1.0.1:cdn-enforcer-deploy-tool_win.zip:download?alt=media -O cdn-enforcer-deploy-tool.zip
wget https://artifactregistry.googleapis.com/v1/projects/hmn-registry/locations/us/repositories/enforcers-public/files/cdn-enforcer-deploy-tool_unix:1.0.1:cdn-enforcer-deploy-tool_unix.zip:download?alt=media -O cdn-enforcer-deploy-tool.zip
- Unzip
cdn-enforcer-deploy-tool.zipto the same directory you savedenforcerConfig.jsonin. - Run the tool by opening the appropriate script for your system:
- Windows:
cdn-enforcer-deploy-tool.bat - Mac or Linux:
cdn-enforcer-deploy-tool.command
Deploy the Enforcer
- When prompted, select the Cloudflare Workers platform and hit Enter.
🚀 HUMAN CDN Enforcer Deploy Tool 🚀
? Which platform do you want to deploy to? (Use arrow keys)
Fastly VCL
❯ Cloudflare Workers
...
- Continue to follow the steps that appear to complete your deployment.
- When you finish the setup, confirm that the displayed details are correct, then enter
yto deploy the Enforcer.
Updated 24 days ago