For AI agents: a documentation index is available at the root level at /llms.txt and /llms-full.txt. Append /llms.txt to any URL for a page-level index, or .md for the markdown version of any page.
HUMAN DashboardHUMAN WebsiteRequest a Demo
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
Product GuidesEnforcer GuidesMobile SDKAPI ReferenceCustomer support
  • General
    • About Enforcers
    • Support first-party HUMAN calls
    • Troubleshoot Enforcer configurations
  • Enforcer frameworks
    • Akamai ESI
    • Apache - C Module
    • ASP.NET
    • Callout Enforcer
    • Envoy Proxy
    • F5 BIGIP
    • Fastly JavaScript Compute@Edge
      • Fastly VCL changelog
        • Installing the Enforcer
        • GraphQL Support
        • Sensitive GraphQL Operations
        • Basic Configuration
        • Customized Subroutines
        • Additional Activity Handler
        • Advanced Blocking Response
        • Creating and Configuring the Edge-Dictionary
        • Custom CSS
        • Custom First Party Sensor Endpoint
        • Custom Logo
        • Custom JS Script
        • Custom Parameters
        • Filter Requests
        • Filter by HTTP Method
        • Filter by Route
        • Filter by Extension
        • Filter by IP
        • Filter by User Agent
        • Data Enrichment
        • First Party
        • First Party Snippet
        • Enforced Routes
        • Login Credentials Extraction
        • Modify First Party Response
        • Module Context Object
        • Module Enabled
        • Module Mode
        • Monitored Routes
        • Returning A Custom Block Page
        • Sensitive Routes
        • Test Block Flow on Monitoring Mode - Bypass Monitor Header
        • Upgrading the Enforcer
    • Google Cloud Platform (GCP) Callout Enforcer
    • Kong Plugin
    • NGINX - C Module
    • NGINX - LUA Module
    • PHP
    • Python
    • Ruby
    • Salesforce Commerce Cloud Cartridge
LogoLogo
Login
Login
HUMAN DashboardHUMAN WebsiteRequest a Demo
Enforcer frameworksFastly VCLV9 and Below

Sensitive GraphQL Operations

Was this page helpful?
Previous

Basic Configuration

Next
Built with

This feature provides the same functionality as sensitive routes on GraphQL endpoints.

Some routes may be more prone to bot attacks than others. For example, routes that execute payments or handle personal information. You can configure these routes as sensitive to ensure a more stringent protection. The Enforcer will make Risk API calls on such sensitive routes, even if the request contains a valid, unexpired cookie.

TO configure a sensitive GraphQL operation: 

  1. Open the PX_CUSTOM.vcl file.
  2. Add the required GraphQL operation in the px_custom_check_sensitive_graphql_operation custom subroutine, as shown below.

EXAMPLE

1sub px_custom_check_sensitive_graphql_operation {
2if (req.http.x-px-graphql:operation-type ~ "<sensitive_graphql_operation_types>" || req.http.x-px-graphql:operation-name ~ "<sensitive_graphql_operation_names>") {
3set req.http.X-PX-sensitive-route = "1";
4return;
5}
6}

To learn more about custom subroutines, see Customized subroutines.

TO enable the feature:

  1. Open the PX_CONFIG.vcl file.
  2. Set the px_sensitive_graphql_operations_enabled value to “true” (enabled). The default is “false” (disabled).
1table px_configs {
2"px_sensitive_graphql_operations_enabled": "true",
3}