Server-Side IntegrationF5 BIGIP

Basic Configuration

Basic Configuration Example

By default, the iRule contains the following configuration options:

1when HTTP_REQUEST {
2    set module_version "F5 BIG-IP 2.3.0"
3    set app_id "APP_ID"
4    set cookie_secret_key "COOKIE_SECRET"
5    set auth_token "AUTH_TOKEN"
6    set enable_module 1
7    set module_mode 2
8    set whitelisted_routes_class "px_APP_ID_whitelisted_routes"
9    set specific_routes_class "px_APP_ID_specific_routes"
10    set sensitive_routes_class "px_APP_ID_sensitive_routes"
11    set send_page_activities 1
12    set send_block_activities 1
13    set excluded_extensions "\.(css|bmp|tif|ttf|docx|woff2|js|pict|tiff|eot|xlsx|csv|eps|woff|xls|jpeg|jpg|doc|ejs|otf|pptx|gif|pdf|swf|svg|ps|ico|pls|midi|svgz|class|png|ppt|mid|webp|jar)$"
14    set risk_vs "px_backend_APP_ID_vip"
15    set risk_timeout 2500
16    set debug 0
17    set ip_header ""
18    set sensitive_headers [list "cookie"]
19    set custom_logo ""
20    set js_ref ""
21    set css_ref ""
22    set collector_url "https://collector-${app_id}.perimeterx.net"
23    set allowed_domains [list ""]
24    set whitelist_ips [list ""]
25    set enable_module_header_name ""
26    set bypass_monitor_header ""
27    set enable_advanced_blocking_response 1
28    set custom_cookie_header ""
29    set enable_first_party 1
30}

Update the following required properties:

  • app_id - The HUMAN application id in the format of PX**__**. The application id can be found in the Applications section on the HUMAN Portal.
  • cookie_secret_key - The key used by the cookie signing page. The Cookie Key is generated in the Policies section on the HUMAN Portal.
  • auth_token - The JWT token for REST API. The Authentication Token is generated in the Applications section on the HUMAN Portal.
Make sure to replace APP_ID in risk_vs with the same application_id you set for app_id.

Block Score Configuration.

Configuring the block score is done in the HUMAN Portal.

BIGIP F5 Enforcer uses a binary cookie. The binary cookie does not store the score value on the cookie on the parsed jSON.

In order to set a blocking threshold for the binary cookie:

  1. Log into theĀ HUMAN Portal.
  2. On Admin tab select POLICIES
  3. Select Risk Cookie drop-down menu
  4. Select ā€œAdvanced Modeā€ and press Continue
  5. Unselect v1/v3 if selected and select v2, the binary score should be un-greyed
  6. Set a value and apply changes.
HUMAN recommendation is to set the blocking threshold to 100.