Upgrading to the Akamai EdgeWorker Enforcer v4
Overview
The HUMAN Akamai EdgeWorker Enforcer requires Property Manager Rules and Variables, the EdgeWorker, and NetStorage to work together. Migrating to version 4 of the Akamai EdgeWorker Enforcer will require changes to all these components. See below for more detailed information about how to upgrade all the different components of the Enforcer.
Updating the NetStorage Files
Follow these instructions to upgrade your NetStorage configuration to work with the Akamai EdgeWorker Enforcer v4.
- Obtain the new static files from the HUMAN Security Akamai EdgeWorker Enforcer NPM package. NetStorage files are located in the
lib/netstorage/pxdirectory of the NPM package. - Navigate to the NetStorage service in the Akamai portal.
- Navigate to the File Manager in NetStorage.
- Click into the
pxfolder. - Upload the provided files into the folder. If necessary, remove the old files.
Updating the Property Manager Rules and Variables
- Navigate to the Akamai Property on which the HUMAN enforcer is installed.
- Since published properties are not editable, create a new version of the property.
- Make the required revisions to the Akamai Property rules and variables. See provided screenshots of the rules required for the Akamai EdgeWorker installation. Save the property.
- When ready, navigate to the activate tab and activate the property on either staging or production.
| Mandatory Property Manager Variables Added in v4.x | Initial Value | Description | Visibility |
|---|---|---|---|
PX_BACKEND_DOMAIN | sapi-<PX_APP_ID>.perimeterx.net | Backend domain used for risk, async and telemetry activities. | Visible |
PX_REQUEST_ID | Leave blank. | Visible | |
PX_BACKEND_REQ | Leave blank. | Visible | |
BYPASS_EW_CLTREQ_EVENT | false | Bypass the onClientRequest function (not bypassed by default) | Visible |
BYPASS_EW_CLTRESP_EVENT | false | Bypass the onClientResponse function (not bypassed by default) | Visible |
| Property Manager Variable Name in Version 3.x | Changes in Version 4.x |
|---|---|
PX_SEND_REQ_COOKIE_NAMES | The variable has been removed. All cookie names (no values) are reported on HUMAN activities. |
PX_CI_VERSION | The variable has been deprecated in favor of the protocol field defined in the PX_CI_EXTRACT_DETAILS variable. |
PX_CI_LS_REPORTING_METHOD | The variable has been deprecated in favor of the login_successful_reporting_method field defined in the PX_CI_EXTRACT_DETAILS variable. |
PX_CI_LS_BODY_REGEX | The variable has been deprecated in favor of the login_successful_body_regex field defined in the PX_CI_EXTRACT_DETAILS variable. |
PX_CI_LS_HEADER_NAME | The variable has been deprecated in favor of the login_successful_header_name field defined in the PX_CI_EXTRACT_DETAILS variable. |
PX_CI_LS_HEADER_VALUE | The variable has been deprecated in favor of the login_successful_header_value field defined in the PX_CI_EXTRACT_DETAILS variable. |
PX_SENSITIVE_ROUTES | The variable now supports regex flags in the form of /<pattern>/<flags>. Use i for case-insensitivity (e.g. /<pattern>/i). |
PX_ENFORCED_ROUTES | The variable now supports regex flags in the form of /<pattern>/<flags>. Use i for case-insensitivity (e.g. /<pattern>/i). |
PX_MONITORED_ROUTES | The variable now supports regex flags in the form of /<pattern>/<flags>. Use i for case-insensitivity (e.g. /<pattern>/i). |
PX_FILTER_BY_ROUTE | The variable now supports regex flags in the form of /<pattern>/<flags>. Use i for case-insensitivity (e.g. /<pattern>/i). |
PX_FILTER_BY_USER_AGENT | The variable now supports regex flags in the form of /<pattern>/<flags>. Use i for case-insensitivity (e.g. /<pattern>/i). |
PX_SENSITIVE_GQL_OP_NAMES | The variable now supports regex flags in the form of /<pattern>/<flags>. Use i for case-insensitivity (e.g. /<pattern>/i). |
Updating the EdgeWorker
- Use the HUMAN Security Akamai EdgeWorker Enforcer Template to create a new EdgeWorker bundle.
- Navigate to the EdgeWorkers service in the Akamai portal.
- Select the relevant EdgeWorker.
- Create a new version of the EdgeWorker. Upload the zipped bundle provided.
- When ready, activate the new version on either staging or production.
Note the following changes in the custom functions:
| Function Name in Version 3.x | Changes in Version 4.x |
|---|---|
px_enrich_custom_parameters | The function signature has changed to accept the configuration and the original request rather than the original request and the HUMAN context. |
px_custom_cors_block_response_headers | The function is now called px_cors_create_custom_block_response_headers. The function signature has changed to accept only the original request. |
px_custom_extract_credentials | The function has been removed in favor of the extract_credentials_callback defined in the px_login_credentials_extraction configuration. |
px_login_successful_custom_callback | The function has been removed in favor of the login_successful_callback defined in the px_login_credentials_extraction configuration. |
Updated 6 days ago