Server-Side IntegrationNGINX - LUA Module

Enrichment

Data Enrichment

The HUMAN NGINX plugin stores the data enrichment payload on the request context. The data enrichment payload can also be processed with additional_activity_handler.

Only requests that are not blocked will reach the backend server, so specific logic must be applied to the processing function.

The following example includes the pre-condition checks required to process the data enrichment payload and enrich the request headers.

1...
2_M.additional_activity_handler = function(event_type, ctx, details)
3    -- verify that the request is passed to the backend
4    if event_type == 'page_requested' then
5      -- pxde - contains a parsed json of the data enrichment object
6      -- pxde_verified - makes sure that this payload is trusted and signed by PerimeterX
7      local pxde = ngx.ctx.pxde
8      local pxde_verified = ngx.ctx.pxde_verified
9      if pxde and pxde_verified then
10          -- apply the data enrichment logic here
11          -- the example below will set the f_type on the request header
12          local f_type = ngx.ctx.pxde.f_type
13          ngx.req.set_header("x-px-de-f-type", f_type)
14      end
15    end
16end
17...

For more information and the available fields in the JSON, refer to the Data Enrichment documentation.

Log Enrichment

Access logs can be enriched with the HUMAN bot information by creating an NGINX variable with the proper name. To configure this variable, use the NGINX map directive in the HTTP section of your NGINX configuration file. This should be added before additional configuration files are added.

The following variables are enabled:

  • Request UUID: pxuuid
  • Request VID: pxvid
  • Risk Round Trip: pxrtt
  • Risk Score: pxscore
  • Pass Reason: pxpass
  • Block Reason: pxblock
  • Cookie Validity: pxcookiets
  • Risk Call Reason: pxcall
1....
2http {
3    map score $pxscore  { default 'none'; }
4    map pass $pxpass  { default 'none'; }
5    map uuid $pxuuid  { default 'none'; }
6    map rtt $pxrtt { default '0'; }
7    map block $pxblock { default 'none'; }
8    map vid $pxvid { default 'none'; }
9    map cookiets $pxcookiets { default 'none'; }
10    map px_call $pxcall { default 'none'; }
11
12    log_format enriched '$remote_addr - $remote_user [$time_local] '
13                    '"$request" $status $body_bytes_sent '
14                    '"$http_referer" "$http_user_agent" '
15                    '| perimeterx uuid[$pxuuid] vid[$pxvid] '
16                    'score[$pxscore] rtt[$pxrtt] block[$pxblock] '
17                    'pass[$pxpass] cookie_ts[$pxcookiets] risk_call[$pxcall]';
18
19    access_log /var/log/nginx/access_log enriched;
20  }
21  ...