• 11 Apr 2024
  • Dark


  • Dark

Article Summary

  1. Install the dependencies:

    apt install -y libcurl4 libapr1 libjansson4 libaprutil1 libpcre3
    yum install -y jansson apr apr-util pcre libcurl pcre
  2. Copy file to Varnish VMODS directory (this directory depends on Linux distribution: /usr/lib/varnish/vmods/ or /usr/lib64/varnish/vmods/ ).

    In your configuration .vcl file

  3. At the top of the file, add these two lines that will import the Enforcer:
    import px;
    import std;

  4. Add the following lines to the sub vcl_init block to enable the Enforcer and provide the required parameters:


        new px_module = px.px();
        px_module.setconf("px_enabled", "true");
        px_module.setconf("px_appId", "ENTER APP ID HERE");
        px_module.setconf("px_cookie_secret", "ENTER RISK COOKIE KEY HERE");
        px_module.setconf("px_auth_token", "ENTER AUTHENTICATION TOKEN HERE");
        if (!px_module.setup()) {
            std.syslog(9, "Failed to init PX module");
    • px_enabled - Set to true to enable the Enforcer.

    • px_appId - Enter the HUMAN application ID.
      TO retrieve the ID:
      a. Open the HUMAN Console.
      b. Go to Platform Settings > Applications.
      c. Copy the ID from the Application ID field.

    • px_cookie_secret - Enter a risk cookie key used by the cookie signing page.
      TO generate a risk cookie key:
      a. Open the HUMAN Console.
      b. Go to Product Settings > Security Policy > Policy Information.
      c. Click Generate new.

    • px_auth_token - Enter a JWT authentication token for REST API.
      TO retrieve the authentication token:
      a. Open the HUMAN Console .
      b. Go to Platform Settings > Applications > Tokens > Server Tokens.
      c. Click Copy token.

  5. Add the following section to the existing sub vcl_recv block. This section enables the Enforcer to process requests.


         if (px_module.is_first_party(req.url)) {
        px_module.process_request(req.url, req.method, regsub(req.proto, "^.*/", ""), client.ip,;
        if (px_module.get_result() > 0) {
            return (synth(px_module.get_result()));
  6. Add new block named vcl_synth. This block displays a CAPTCHA, if a request is blocked.


    sub vcl_synth {
        set resp.status = px_module.get_resp_status();
        if (px_module.get_resp_body_len()) {

Was this article helpful?