Integration Flow

Enforcer SDKs are managed as open source projects. The sources and documentation are posted on GitHub. Please access the relevant framework to begin with the integration.

Dependencies

HUMAN Enforcer integration starts with a dependencies check and any necessary installations or updates. You need to validate and install any necessary packages and software services before starting HUMAN Enforcer installation.

Installation

Due to significant differences in framework architectures, installation and configuration process highly depends on the framework you choose. Please proceed with relevant framework documentation to install the HUMAN Enforcer.

Configuration

The following are the most frequently use settings relevant to all frameworks.

Application ID

(Required)
Upon creating an Application on HUMAN Portal this ID can be found under Application settings.

Authentication Token

(Required)
You should generate an authentication token under Application settings.

Cookie Encryption Key

(Required)
The cookie encryption key is attached to the Application Policy settings. The Policy from where the Cookie Encryption Key is taken must correspond with the Application from where the Application ID / AppId and HUMAN Token / Auth Token

Blocking Score [1-100]

Sets the minimum blocking score of a request.

Monitoring/Blocking Mode

In Blocking mode, requests equal and above Blocking Score are blocked. In Monitoring mode requests are fully analyzed but not blocked.

True IP / Real User IP

It is common to have a load balancer/proxy on top of your applications. In this case Enforcer will use the system’s internal IP instead of the real user IP. Using this directive you can define the HTTP Header that contains the real user’s IP.

Sensitive HTTP Headers

The Enforcer sends a full HTTP request, including headers, to the HUMAN Detector. Using this directive you can exclude sensitive headers from being sent to HUMAN Detector.

API Timeout

In case the Risk Score cookie is not, or not yet, embedded into the request by the HUMAN Sensor, the Enforcer will send a request, in synchronous mode, to be evaluated by HUMAN Detector. Using this directive you can set the timeout of such API call. If timeout has been reached, the request will be passed to the Web Server.

Send Page Activities

(Recommended)
When enabled, the Enforcer reports all requests to the HUMAN Detector. This allows full statistics and valuable information to be displayed in the HUMAN Portal.

Block/Captcha Page Customization

By default HUMAN serves default Captcha and Block pages. These pages can be fully customized using the attached CSS files. In addition, you can configure custom Captcha and Block pages and even custom Captcha. For further implementation details please refer to the relevant Enforcer SDK documentation.

Custom Captcha Section

When using the Advanced Blocking Response (ABR) feature, you must create a custom Captcha section to display the Captcha challenge.