- 25 Jun 2023
- Updated on 25 Jun 2023
Enforcer SDKs are managed as open source projects. The sources and documentation are posted on GitHub. Please access the relevant framework to begin with the integration.
HUMAN Enforcer integration starts with a dependencies check and any necessary installations or updates. You need to validate and install any necessary packages and software services before starting HUMAN Enforcer installation.
Due to significant differences in framework architectures, installation and configuration process highly depends on the framework you choose. Please proceed with relevant framework documentation to install the HUMAN Enforcer.
The following are the most frequently use settings relevant to all frameworks.
Upon creating an Application on HUMAN Portal this ID can be found under Application settings.
You should generate an authentication token under Application settings.
The cookie encryption key is attached to the Application Policy settings. The Policy from where the Cookie Encryption Key is taken must correspond with the Application from where the Application ID / AppId and HUMAN Token / Auth Token
Sets the minimum blocking score of a request.
In Blocking mode, requests equal and above Blocking Score are blocked. In Monitoring mode requests are fully analyzed but not blocked.
It is common to have a load balancer/proxy on top of your applications. In this case Enforcer will use the system’s internal IP instead of the real user IP. Using this directive you can define the HTTP Header that contains the real user’s IP.
The Enforcer sends a full HTTP request, including headers, to the HUMAN Detector. Using this directive you can exclude sensitive headers from being sent to HUMAN Detector.
In case the Risk Score cookie is not, or not yet, embedded into the request by the HUMAN Sensor, the Enforcer will send a request, in synchronous mode, to be evaluated by HUMAN Detector. Using this directive you can set the timeout of such API call. If timeout has been reached, the request will be passed to the Web Server.
When enabled, the Enforcer reports all requests to the HUMAN Detector. This allows full statistics and valuable information to be displayed in the HUMAN Portal.
By default HUMAN serves default Captcha and Block pages. These pages can be fully customized using the attached CSS files. In addition, you can configure custom Captcha and Block pages and even custom Captcha. For further implementation details please refer to the relevant Enforcer SDK documentation.
When using the Advanced Blocking Response (ABR) feature, you must create a custom Captcha section to display the Captcha challenge.