Installation

Install the dependencies:

1    Debian and Ubuntu
2    apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3

Copy libvmod_px.so file to Varnish VMODS directory (this directory depends on Linux distribution: /usr/lib/varnish/vmods/ or /usr/lib64/varnish/vmods/).
In your configuration .vcl file:
- At the top of the file, add these two lines that will import the Enforcer:
  import px;
  import std;

Add the following lines to the sub vcl_init block to enable the Enforcer and provide the required parameters:

1 new px_module = px.px();
2 
3 px_module.setconf("px_enabled", "true");
4 
5 px_module.setconf("px_appId", "ENTER APP ID HERE");
6 px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE");
7 px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE");
8 
9 if (!px_module.setup()) {
10     std.syslog(9, "Failed to init PX module");
11 }

px_enabled - Set to true to enable the Enforcer.
px_appId - Enter the HUMAN application ID.
To retrieve the ID:
1. Open the HUMAN Console.
2. Go to Platform Settings > Applications.
3. Copy the ID from the Application ID field.
px_cookie_secret - Enter a risk cookie key used by the cookie signing page.
To generate a risk cookie key:
1. Open the HUMAN Console.
2. Go to Product Settings > Security Policy > Policy Information.
3. Click Generate new.
px_auth_token - Enter a JWT authentication token for REST API.
To retrieve the authentication token:
1. Open the HUMAN Console.
2. Go to Platform Settings > Applications > Tokens > Server Tokens.
3. Click Copy token.

Add the following section to the existing sub vcl_recv block. This section enables the Enforcer to process requests.

1 if (px_module.is_first_party(req.url)) {
2     std.cache_req_body(100KB);
3 }
4 
5 px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);
6 
7 if (px_module.get_result() > 0) {
8     return (synth(px_module.get_result()));
9 }

Add a new block named vcl_synth. This block displays a CAPTCHA if a request is blocked.

1 sub vcl_synth {
2     set resp.status = px_module.get_resp_status();
3     px_module.set_resp_headers();
4 
5     if (px_module.get_resp_body_len()) {
6         synthetic(px_module.get_resp_body());
7     }
8 
9     return(deliver);
10 }

Add a new (or edit an existing) block named vcl_deliver. This block is executed when a response is sent back to a client.

1 sub vcl_deliver {
2     px_module.set_resp_headers();
3     return(deliver);
4 }

Install the dependencies:

1    Debian and Ubuntu
2    apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3

Copy libvmod_px.so file to Varnish VMODS directory (this directory depends on Linux distribution: /usr/lib/varnish/vmods/ or /usr/lib64/varnish/vmods/).
In your configuration .vcl file:
- At the top of the file, add these two lines that will import the Enforcer:
  import px;
  import std;

Add the following lines to the sub vcl_init block to enable the Enforcer and provide the required parameters:

1 new px_module = px.px();
2 
3 px_module.setconf("px_enabled", "true");
4 
5 px_module.setconf("px_appId", "ENTER APP ID HERE");
6 px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE");
7 px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE");
8 
9 if (!px_module.setup()) {
10     std.syslog(9, "Failed to init PX module");
11 }

px_enabled - Set to true to enable the Enforcer.
px_appId - Enter the HUMAN application ID.
To retrieve the ID:
1. Open the HUMAN Console.
2. Go to Platform Settings > Applications.
3. Copy the ID from the Application ID field.
px_cookie_secret - Enter a risk cookie key used by the cookie signing page.
To generate a risk cookie key:
1. Open the HUMAN Console.
2. Go to Product Settings > Security Policy > Policy Information.
3. Click Generate new.
px_auth_token - Enter a JWT authentication token for REST API.
To retrieve the authentication token:
1. Open the HUMAN Console.
2. Go to Platform Settings > Applications > Tokens > Server Tokens.
3. Click Copy token.

Add the following section to the existing sub vcl_recv block. This section enables the Enforcer to process requests.

1 if (px_module.is_first_party(req.url)) {
2     std.cache_req_body(100KB);
3 }
4 
5 px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);
6 
7 if (px_module.get_result() > 0) {
8     return (synth(px_module.get_result()));
9 }

Add a new block named vcl_synth. This block displays a CAPTCHA if a request is blocked.

1 sub vcl_synth {
2     set resp.status = px_module.get_resp_status();
3     px_module.set_resp_headers();
4 
5     if (px_module.get_resp_body_len()) {
6         synthetic(px_module.get_resp_body());
7     }
8 
9     return(deliver);
10 }

Add a new (or edit an existing) block named vcl_deliver. This block is executed when a response is sent back to a client.

1 sub vcl_deliver {
2     px_module.set_resp_headers();
3     return(deliver);
4 }

1	Debian and Ubuntu
2	apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3

1	new px_module = px.px();
2
3	px_module.setconf("px_enabled", "true");
4
5	px_module.setconf("px_appId", "ENTER APP ID HERE");
6	px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE");
7	px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE");
8
9	if (!px_module.setup()) {
10	std.syslog(9, "Failed to init PX module");
11	}

1	if (px_module.is_first_party(req.url)) {
2	std.cache_req_body(100KB);
3	}
4
5	px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip, req.http.host);
6
7	if (px_module.get_result() > 0) {
8	return (synth(px_module.get_result()));
9	}

1	sub vcl_synth {
2	set resp.status = px_module.get_resp_status();
3	px_module.set_resp_headers();
4
5	if (px_module.get_resp_body_len()) {
6	synthetic(px_module.get_resp_body());
7	}
8
9	return(deliver);
10	}

1	sub vcl_deliver {
2	px_module.set_resp_headers();
3	return(deliver);
4	}