Install the Fastly VCL v12 Enforcer
If your organization uses Fastly, you can use HUMAN's Fastly VCL Enforcer to protect against malicious behavior. The Enforcer is deployed to your content delivery network (CDN) and dictates how traffic should be handled per your organization's standards.
You can learn how to install the Fastly VCL Enforcer with this article.
Warning
This process only works if you do not have an existing Enforcer integrated with your application. If you do, see our article on manual installation.
Prerequisites
- Fastly account with engineer or higher permissions
- Depending on your preferred deployment method, the following tools:
- Docker method:
- Docker. See how to install Docker with their documentation.
- Script method:
- Node.js 18.x or later and npm 10.x or later. See how to install both with npm’s documentation.
- Git CLI. You can download it directly from Git.
- GNU Wget. See how to install with their documentation.
- Docker method:
- Your unique HUMAN information:
- Your Application ID. You can find this under Platform Settings > Applications > Overview in the HUMAN console. If you have multiple environments, you will also have multiple Application IDs, so be sure to choose the correct ID for the environment you want to install on.
- Your Server Token. You can find this under Platform Settings > Applications, then selecting an application and navigating to Application settings > Server token.
- Your Risk Cookie Key. You can find this under Bot Defender > Policies > Policy Settings > Policy Information.
- Other HUMAN information provided by your Solutions Engineer:
- Your logger authentication token.
- Your remote configuration authentication token.
- Your remote configuration ID.
- An Enforcer configuration file,
enforcerConfig.json. Be sure to save it in a directory you’ll remember (like/deploy).
Create a Fastly API token
- Log in to your Fastly account.
- Navigate to Account > API Tokens > Personal tokens.
- Click Create token.
- Enter a name for your token, then fill out the remaining fields according to the following:
- Type: User token. Only available for Fastly Superusers. If you don't see this field, you can skip this step.
- Scope: Global API access (
global) . Be sure to also deselect Read-only access (global:read), which is selected by default. - Access: All services or the specific services you want to deploy the Enforcer on
- Click Create Token.
- Copy and save the token in a secure location.
Warning
This will be the only time you’ll see your token, so be sure to save it before closing the page!
Update the configuration file
- Update the Enforcer configuration file,
enforcerConfig.json, with your unique HUMAN information if it hasn’t been already.
{
"px_app_id": "<APP_ID>",
"px_auth_token": "<AUTH_TOKEN>",
"px_cookie_secret": "<COOKIE_SECRET>",
"px_logger_auth_token": "<LOGGER_AUTH_TOKEN>",
"px_remote_config_auth_token": "<REMOTE_CONFIG_AUTH_TOKEN>",
"px_remote_config_id": "<REMOTE_CONFIG_ID>"
}
- Save your file and continue with your preferred deployment method.
- Docker method
- Script method
Run the Deploy Tool
Docker method
Note for Windows users
Windows users also need to complete additional setup for Docker:
- In your Windows search bar, search for and open “Turn Windows features on or off”.
- Find the Windows Hypervisor Platform feature and enable it.
- Click OK to save your changes.
- Open Windows PowerShell as an Administrator.
- Copy and paste in
C:\Windows\System32\wsl.exe --update --web-download, then hit Enter.
- Pull the Docker Image by running:
docker pull us-docker.pkg.dev/hmn-registry/docker-public/cdn-enforcer-deploy-tool
- Navigate to the directory where you created
enforcerConfig.json. Based on our example from above, this would be the/deploydirectory. - Run the deploy tool with the following:
docker run --rm -v $PWD:/app/local -it us-docker.pkg.dev/hmn-registry/docker-public/cdn-enforcer-deploy-tool
Script method
- Navigate to the directory where you created
enforcerConfig.json. Based on our example from above, this would be the/deploydirectory. - Pull the HUMAN Deploy Tool zip from Google Artifact Registry using:
wget https://artifactregistry.googleapis.com/v1/projects/hmn-registry/locations/us/repositories/enforcers-public/files/cdn-enforcer-deploy-tool_win:1.0.1:cdn-enforcer-deploy-tool_win.zip:download?alt=media -O cdn-enforcer-deploy-tool.zip
wget https://artifactregistry.googleapis.com/v1/projects/hmn-registry/locations/us/repositories/enforcers-public/files/cdn-enforcer-deploy-tool_unix:1.0.1:cdn-enforcer-deploy-tool_unix.zip:download?alt=media -O cdn-enforcer-deploy-tool.zip
- Unzip
cdn-enforcer-deploy-tool.zipto the same directory you savedenforcerConfig.jsonin. - Run the tool by opening the appropriate script for your system:
- Windows:
cdn-enforcer-deploy-tool.bat - Mac or Linux:
cdn-enforcer-deploy-tool.command
Deploy the Enforcer
- When prompted, select Fastly VCL and hit Enter.
🚀 HUMAN CDN Enforcer Deploy Tool 🚀
? Which platform do you want to deploy to? (Use arrow keys)
❯ Fastly VCL
Cloudflare Workers
...
- Continue to follow the steps that appear to complete your deployment.
- When you finish the setup, confirm that the displayed details are correct, then enter
yto deploy the Enforcer.
Updated 2 days ago