Product guides

Installation

Suggest Edits
  1. Install the dependencies:
   Debian and Ubuntu
   apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3

CentOS and RHEL
yum install -y jansson apr apr-util pcre libcurl pcre

  1. Copy libvmod_px.so file to Varnish VMODS directory (this directory depends on Linux distribution: /usr/lib/varnish/vmods/ or /usr/lib64/varnish/vmods/).

  2. In your configuration .vcl file:

    • At the top of the file, add these two lines that will import the Enforcer:
      import px;
      import std;

  3. Add the following lines to the sub vcl_init block to enable the Enforcer and provide the required parameters:

    new px_module = px.px();

px_module.setconf("px_enabled", "true");

px_module.setconf("px_appId", "ENTER APP ID HERE");
px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE");
px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE");

if (!px_module.setup()) {
    std.syslog(9, "Failed to init PX module");
}
    • px_enabled - Set to true to enable the Enforcer.
    • px_appId - Enter the HUMAN application ID.
      To retrieve the ID:
      1. Open the HUMAN Console.
      2. Go to Platform Settings > Applications.
      3. Copy the ID from the Application ID field.
    • px_cookie_secret - Enter a risk cookie key used by the cookie signing page.
      To generate a risk cookie key:
      1. Open the HUMAN Console.
      2. Go to Product Settings > Security Policy > Policy Information.
      3. Click Generate new.
    • px_auth_token - Enter a JWT authentication token for REST API.
      To retrieve the authentication token:
      1. Open the HUMAN Console.
      2. Go to Platform Settings > Applications > Tokens > Server Tokens.
      3. Click Copy token.

  4. Add the following section to the existing sub vcl_recv block. This section enables the Enforcer to process requests.

    if (px_module.is_first_party(req.url)) {
    std.cache_req_body(100KB);
}

px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);

if (px_module.get_result() > 0) {
    return (synth(px_module.get_result()));
}

  5. Add a new block named vcl_synth. This block displays a CAPTCHA if a request is blocked.

    sub vcl_synth {
    set resp.status = px_module.get_resp_status();
    px_module.set_resp_headers();

    if (px_module.get_resp_body_len()) {
        synthetic(px_module.get_resp_body());
    }

    return(deliver);
}

  6. Add a new (or edit an existing) block named vcl_deliver. This block is executed when a response is sent back to a client.

    sub vcl_deliver {
    px_module.set_resp_headers();
    return(deliver);
}

Updated 12 days ago