Enforcer frameworksVarnish Enforcer

Example configuration

This is the complete Varnish configuration (user.vcl):

1vcl 4.1;
2
3backend default {
4    .host = "neverssl.com";
5    .port = "80";
6}
7
8import px;
9import std;
10
11sub vcl_init {
12    # initialize PX Varnish module
13    new px_module = px.px();
14
15
16# ==== PerimeterX Varnish Enforcer Configuration start ===
17
18    # module enabled: "true" or "false"
19    px_module.setconf("px_enabled", "true");
20
21    px_module.setconf("px_appId", "== REPLACE ==");
22    px_module.setconf("px_cookie_secret", "== REPLACE ==");
23    px_module.setconf("px_auth_token", "== REPLACE ==");
24
25
26    # debug: "true" or "false"
27    px_module.setconf("px_debug", "true");
28
29    # blocking mode: "true" or "false"
30    px_module.setconf("px_block_enabled", "true");
31
32    px_module.setconf("px_s2s_timeout", 3000);
33    px_module.setconf("px_client_timeout", 3000);
34
35    # set multiple array items
36    # px_module.setconf("px_whitelist_uri_full", "/a");
37    # px_module.setconf("px_whitelist_uri_full", "/b");
38    # px_module.setconf("px_whitelist_uri_full", "/c");
39
40# ==== PerimeterX Varnish Enforcer Configuration end ===
41
42
43    # must be called at the end of configuration setup
44    if (!px_module.setup()) {
45        std.syslog(9, "Failed to init PX module");
46    }
47}
48
49sub vcl_recv {
50
51    # if PX FirstParty request - cache body
52    if (px_module.is_first_party(req.url)) {
53        std.cache_req_body(100KB);
54    }
55
56    # let PX module to verify request
57    px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);
58
59    # PX module returns OK(0) if the request is not blocked
60    if (px_module.get_result() > 0) {
61        return (synth(px_module.get_result()));
62    }
63}
64
65
66sub vcl_deliver {
67    px_module.set_resp_headers();
68    return(deliver);
69}
70
71# A synthetic object is generated in VCL, not fetched from the backend
72# display PX captcha page
73sub vcl_synth {
74    set resp.status = px_module.get_resp_status();
75    px_module.set_resp_headers();
76
77    if (px_module.get_resp_body_len()) {
78        synthetic(px_module.get_resp_body());
79    }
80
81    return(deliver);
82}