Enforcer frameworksNetlify Edge Function

Install the Netlify Edge Function Enforcer

If your organization uses Netlify, you can use HUMAN’s Netlify Edge Function Enforcer to protect against malicious behavior. The Netlify Edge Function is deployed to your content delivery network (CDN) and dictates how traffic should be handled per your organization’s standards.

You can learn how to install the Netlify Edge Function Enforcer with this article.

Prerequisites

  • A Netlify account with permissions to edit an existing Edge Function and function file. Learn more with Netlify’s article Get started with Edge Functions.
  • A command-line interface (CLI).
  • A text editor.
  • Node Version Manager (nvm) installed on your device. See nvm’s GitHub repository to learn how to install it.
  • The latest version of Node.js. After installing nvm, enter nvm install stable in your CLI to install it.
  • Your unique HUMAN information:
    • Your Application ID. You can find this under Platform Settings > Applications > Select an application > Application Settings > Application ID in the HUMAN console. If you have multiple environments, you will also have multiple Application IDs, so be sure to choose the correct ID for the environment you want to install on.
    • Your Server Token. You can find this under Platform Settings > Applications > Status & Settings > Server Token.
    • Your Risk Cookie Key. You can find this under Bot Defender > Policies > Policy Settings > Policy Information.

Install the Enforcer

There are two parts to the integration. Be sure to complete each part in order.

  1. Install dependencies: Install the Enforcer package from HUMAN.
  2. Use the package: Import the package into your Edge Function and deploy.

Install dependencies

  1. Navigate to your directory that has the Edge Function project you want to integrate the Enforcer on.
  2. Enter npm install perimeterx-node-core-ts to install the Enforcer package.

Do not import the package using the npm: prefix in an import statement. Netlify does not support this syntax, and it will not install the package properly if you use it.

Your Netlify Edge Function project directory should now have the package installed. Next, move on to Use the package to complete your integration.

Use the package

  1. Open the project’s function file.
  2. At the top of your function file, add the following import statements:
1import { PXEnforcer, PXRawConfig } from "perimeterx-node-core-ts";
2import type { Config, Context } from "@netlify/edge-functions";

  1. At the beginning of your function, add the HUMAN configurations using the PXRawConfig object as shown.

    • PX_APP_ID corresponds to your Application ID.
    • PX_COOKIE_SECRET corresponds to your Risk Cookie Key.
    • PX_AUTH_TOKEN corresponds to your Server Token.

While you can add PX_APP_ID, PX_COOKIE_SECRET, and PX_AUTH_TOKEN directly, we recommend using Netlify environment variables so your configuration is more flexible and secure. See Netlify’s help documentation for more information.

1const config: PXRawConfig = {
2        px_app_id: Netlify.env.get("PX_APP_ID"),
3        px_cookie_secret: Netlify.env.get("PX_COOKIE_SECRET"),
4        px_auth_token: Netlify.env.get("PX_AUTH_TOKEN"),
5        px_extract_user_ip: (request) => {
6            return context.ip;
7        },
8    };
  1. Add any additional custom configurations your organization wants to include in the PXRawConfig object. You can find all available configurations in our help article.

While all other custom configurations are optional, you must include the px_extract_user_ip property as shown in Step 3. This lets HUMAN extract the correct end user IP.

  1. After the PXRawConfig object, add the following lines of code. These let HUMAN evaluate the request as soon as it hits the function.
1const config: PXRawConfig = {
2   // HUMAN configurations
3   ...
4   };
5const px = new PXEnforcer(config);
6const resp = await px.enforce(request); // verifies the response from HUMAN
7if (resp.pxResponse) { // if the request is suspicious, return the Challenge page
8    return new Response(resp.pxResponse.body, {
9        headers: resp.pxResponse.headers as HeadersInit,
10        status: resp.pxResponse.status,
11    });
12} else { // if the request is valid, continue the execution flow
13    return await context.next();
14}

  1. If you would like to exclude Enforcer monitoring on specific paths, then you must configure the function to do so using either the TOML file or Netlify’s Config object. Otherwise, move on to Step 7. By default, the Enforcer will run on all requests.
1[[edge_functions]]
2pattern = "/(.*)"
3excludedPattern = [
4  "/api/(.*)",
5  "/fapi/(.*)",
6  "(.*).(png|svg|map|woff2|ico|css)"
7]
8function = "human-enforcer"

  1. Save your changes and deploy the function to Netlify.

Your Netlify Edge Function has now been integrated with the HUMAN Enforcer. Once you complete your installation, be sure to contact HUMAN to complete your Tuning process.