perimeterx / php-sdk
PerimeterX SDK for PHP
Installs: 72 388
Dependents: 0
Suggesters: 0
Security: 0
Stars: 16
Watchers: 15
Forks: 15
Open Issues: 1
Requires
- php: >=5.5
- guzzlehttp/guzzle: ~6.0
- mustache/mustache: ^2.11.1
- psr/log: ^1.0.2
Requires (Dev)
- mockery/mockery: 0.9.*
- overtrue/phplint: ^1.1
- phpunit/phpunit: 5.6.*
- dev-master
- 3.10.2
- 3.10.1
- 3.10.0
- 3.9.1
- 3.9.0
- 3.8.0
- 3.7.8
- 3.7.7
- 3.7.6
- 3.7.5
- 3.7.4
- 3.7.3
- 3.7.2
- 3.7.1
- 3.7.0
- 3.6.0
- 3.5.4
- 3.5.3
- 3.5.2
- 3.5.1
- 3.5.0
- 3.4.0
- 3.3.1
- 3.3.0
- 3.2.1
- 3.2.0
- 3.1.0
- 3.0.3
- 3.0.2
- 3.0.1
- 3.0.0
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.0
- 2.6.2
- 2.6.1
- 2.6.0
- 2.5.1
- 2.5.0
- 2.4.1
- 2.4.0
- 2.3.0
- 2.2.2
- 2.2.1
- 2.2.0
- 2.1.0
- 2.0.0
- 1.3.15
- 1.3.14
- 1.3.13
- 1.3.12
- 1.3.11
- 1.3.10
- 1.3.9
- 1.3.8
- 1.3.7
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.2
- 1.3.0
- 1.2.3
- 1.2.2
- 1.2.0
- 1.1.0
- 1.0.0
- dev-dev
- dev-release/v3.10.2
- dev-fix/custom-params-on-async-activities
- dev-release/v3.10.1
- dev-release/v3.10.0
- dev-SDKNEW-1638/feature
- dev-hotfix/block-page-url-rendering
- dev-release/v3.9.0
- dev-feature/new-block-page
- dev-hotfix/add-creds-to-async-activities
- dev-revert-189-feature/new-block-page
- dev-release/v3.8.0
- dev-feature/new-ci-protocol
- dev-release/v3.7.8
- dev-bugfix/fix-verbosity-error
- dev-feature/px-metadata-update
- dev-release/v3.7.7
- dev-feature/cookie-origin
- dev-feature/graphql-data-on-all-activities
- dev-release/v3.7.6
- dev-bugfix/sensitive-route-mobile
- dev-feature/graphql-mvp
- dev-release/v3.7.5
- dev-hotfix/login-creds-callback
- dev-release/v3.7.4
- dev-feature/login-creds-extraction-callback
- dev-release/v3.7.3
- dev-bugfix/cookie-origin
- dev-ori-test
- dev-bugfix/lowercase-username-cc
- dev-spec/bypass-monitor-header
- dev-feature/compromised-credentials-header
- dev-release/v3.7.2
- dev-bugfix/pxhd-cookie-warning
- dev-feature/align-to-tests
- dev-release/v3.7.1
- dev-feature/module-mode-alignment
- dev-release/v3.7.0
- dev-bugfix/fix-case-insensitive-for-x-block
- dev-bugfix/is-iterable-fix
- dev-release/v3.6.0
- dev-feature/login-creds-extraction
- dev-bugfix/no-pass-reason
- dev-revert-132-bugfix/no-pass-reason
- dev-feature/px_metadata
- dev-documentation/url-delimiters
- dev-bugfix/static-content
- dev-dev-test-moshe
- dev-documentation-upgrade
- dev-dev-block-template
- dev-dev-new_s2s_call_reason
This package is not auto-updated.
Last update: 2024-12-18 15:41:55 UTC
README
PerimeterX PHP SDK
Latest stable version: v3.10.2
Table of Contents
- Blocking Score
- Extracting Recomended Action
- Custom Block Page
- Custom Block Action
- Extracting Real IP Address
- Custom URI
- Filter Sensitive Headers
- Sensitive Route
- API Timeouts
- Activities API Timeouts
- First Party
- First Party for Code Defender
- Send Page Activities
- Additional Page Activity Handler
- Data-Enrichment
- Enrich Custom Params
- Login Credentials Extraction
- Additional S2S Activity
- Logging
- Module Mode
- Debug Mode
- Guzzle Client Handler
- Custom Block URL
- Defer Activities Sending
- Advanced Blocking Response Flag
- Return Response Flag
- Test Block Flow on Monitoring Mode
Dependencies
Installation
Installation can be done using Composer.
$ composer require perimeterx/php-sdk
It can also be done by downloading the sources for this repository, and running composer install
.
Basic Usage Example
use Perimeterx\Perimeterx; $perimeterxConfig = [ 'app_id' => 'APP_ID', 'cookie_key' => 'COOKIE_SECRET', 'auth_token' => 'AUTH_TOKEN', 'blocking_score' => 60, 'module_mode' => Perimeterx::$ACTIVE_MODE ]; /* Obtain PerimeterX SDK instance */ $px = Perimeterx::Instance($perimeterxConfig); /* run verify at the beginning of a page request */ $px->pxVerify();
Upgrading
Download the new version from packagist.
For more information contact PerimeterX Support.
Configuration Options
Configuring Required Parameters
Configuration options are set on the $perimeterxConfig
variable.
Required parameters:
- app_id
- cookie_key
- auth_token
- module_mode
All parameters are obtainable via the PerimeterX Portal. (Applications and Policies pages)
Changing the Minimum Score for Blocking
Default blocking value: 100
$perimeterxConfig = [ .. 'blocking_score' => 75 .. ]
Custom Blocking Actions
In order to customize the action performed on a valid block value, use the 'custom_block_handler' option, and provide a user-defined function.
The custom handler should contain the action to be taken, when a visitor receives a score higher than the 'blocking_score' value. Common customization options are presenting of a reCAPTCHA, or supplying a custom branded block page.
Default block behaviour: return an HTTP status code of 403 and serve the PerimeterX block page.
/** * @param \Perimeterx\PerimeterxContext $pxCtx */ $perimeterxConfig['custom_block_handler'] = function ($pxCtx) { $block_score = $pxCtx->getScore(); $block_uuid = $pxCtx->getUuid(); // user defined logic goes here }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Examples
Serving a Custom HTML Page
/** * @param \Perimeterx\PerimeterxContext $pxCtx */ $perimeterxConfig['custom_block_handler'] = function ($pxCtx) { $block_score = $pxCtx->getScore(); $block_uuid = $pxCtx->getUuid(); $full_url = $pxCtx->getFullUrl(); $html = '<div>Access to ' . $full_url . ' has been blocked.</div> ' + '<div>Block reference - ' . $block_uuid . ' </div> ' + '<div>Block score - ' . $block_score . '</div>'; //echo $html; header("Status: 403"); die(); }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Customizing Default Block Pages
Custom logo insertion
Adding a custom logo to the blocking page is by providing the pxConfig a key custom_logo
, the logo will be displayed at the top div of the the block page
The logo's max-heigh
property would be 150px and width would be set to auto
The key custom_logo
expects a valid URL address such as https://s.perimeterx.net/logo.png
Example below:
$perimeterxConfig = [ 'app_id' => 'APP_ID', 'cookie_key' => 'COOKIE_SECRET', 'auth_token' => 'AUTH_TOKEN', 'blocking_score' => 60, 'custom_logo' => 'LOGO_URL' ];
** Custom JS/CSS **
The block page can be modified with a custom CSS by adding to the pxConfig
the key css_ref
and providing a valid URL to the css
In addition there is also the option to add a custom JS file by adding js_ref
key to the pxConfig
and providing the JS file that will be loaded with the block page, this key also expects a valid URL
On both cases if the URL is not a valid format an exception will be thrown
Example below:
$perimeterxConfig = [ 'app_id' => 'APP_ID', 'cookie_key' => 'COOKIE_SECRET', 'auth_token' => 'AUTH_TOKEN', 'blocking_score' => 60, 'css_ref' => 'CSS_URL', 'js_ref' => 'JS_URL' ];
Side notes: Custom logo/js/css can be added together
No Blocking, Monitor Only
/** * @param \Perimeterx\PerimeterxContext $pxCtx */ $perimeterxConfig['custom_block_handler'] = function ($pxCtx) $block_score = $pxCtx->getScore(); $block_uuid = $pxCtx->getUuid(); $full_url = $pxCtx->getFullUrl(); // user defined logic goes here }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
/** * @param \Perimeterx\PerimeterxContext $pxCtx */ $perimeterxConfig['custom_block_handler'] = function ($pxCtx) { $block_score = $pxCtx->getScore(); $block_uuid = $pxCtx->getUuid(); $action = $pxCtx->getBlockAction(); /* user defined logic comes here */ error_log('px score for user is ' . $block_score); error_log('px recommended action for user is ' . $action); error_log('px page uuid is ' . $block_uuid); switch ($action) { case "block": log("do block"); break; case "captcha": log("do captcha"); break; default: log("unknown action"); } }
Module Mode
Default mode: Perimeterx::$MONITOR_MODE
Possible Values:
Perimeterx::$ACTIVE_MODE
- Module blocks users crossing the predefined block threshold. Server-to-server requests are sent synchronously.Perimeterx::$MONITOR_MODE
- Module does not block users crossing the predefined block threshold. The pxCustomBlockHandler function will be eval'd in case one is supplied, upon crossing the defined block threshold.
$perimeterxConfig = [ .. 'module_mode' => Perimeterx::$ACTIVE_MODE .. ]
Extracting the Real User IP Address
Note: IP extraction, according to your network setup, is very important. It is common to have a load balancer/proxy on top of your applications, in which case the PerimeterX module will send the system's internal IP as the user's. In order to properly perform processing and detection on server-to-server calls, PerimeterX module needs the real user's IP.
The user's IP can be passed to the PerimeterX module using a custom user defined function on the $perimeterxConfig variable, or by passing a list of headers to extract the real IP from, ordered by priority.
Default with no predefined header: $_SERVER['REMOTE_ADDR']
/** * @param \Perimeterx\PerimeterxContext $pxCtx */ $perimeterxConfig['custom_user_ip'] = function ($pxCtx) { $headers = getallheaders(); /* using a socket ip */ $ip = $_SERVER['REMOTE_ADDR']; /* using an ip from a x-forwarded-for header */ $xff = explode(",", $headers['X-Forwarded-For']); $ip = $xff[count($xff)-1]; /* using an ip from a custom header */ $ip = $headers['X-REAL-CLIENT-IP']; return $ip; }; $perimeterxConfig = [ .. 'ip_headers' => ['X-TRUE-IP', 'X-Forwarded-For'] .. ] $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Custom URI
The URI can be returned to the PerimeterX module, using a custom user function, defined on the $perimeterxConfig variable.
Default: $_SERVER['REQUEST_URI']
/** * @param \Perimeterx\PerimeterxContext $pxCtx */ $perimeterxConfig['custom_uri'] = function ($pxCtx) { return $_SERVER['HTTP_X_CUSTOM_URI']; }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Filter sensitive headers
A list of sensitive headers can be configured to prevent specific headers from being sent to PerimeterX servers (lower case header names). Filtering cookie headers for privacy is set by default, and can be overridden on the $perimeterxConfig variable.
Default: cookie, cookies
$perimeterxConfig = [ .. 'sensitive_headers' => ['cookie', 'cookies', 'secret-header'] .. ]
Sensitive Routes
List of routes prefix. The Perimeterx module will always match request uri by this prefix list and if match was found will create a server-to-server call for, even if the cookie score is low and valid.
Default: None
$perimeterxConfig = [ .. 'sensitive_routes' => ['/login', '/user/profile'] .. ]
API Timeouts
Note: Controls the timeouts for PerimeterX requests. The API is called when a Risk Cookie does not exist, or is expired or invalid.
The API Timeout, in seconds (float), to wait for the PerimeterX server API response.
Default: 1
$perimeterxConfig = [ .. 'api_timeout' => 2 .. ]
The API Connection Timeout, in seconds (float), to wait for the connection to the PerimeterX server API.
Default: 1
$perimeterxConfig = [ .. 'api_connect_timeout' => 2 .. ]
Activities API Timeouts
Note: Controls the timeouts for PerimeterX activities requests.
The activities API Timeout, in seconds (float), to wait for the PerimeterX server API response.
Default: 1
$perimeterxConfig = [ .. 'activities_timeout' => 2 .. ]
The activities API Connection Timeout, in seconds (float), to wait for the connection to the PerimeterX server API.
Default: 1
$perimeterxConfig = [ .. 'activities_connect_timeout' => 2 .. ]
First Party
A boolean flag to enable/disable first party mode.
Default: true
$perimeterxConfig = [ .. 'px_first_party_enabled' => false .. ]
First Party for Code Defender
A boolean flag to enable/disable first party mode for Code Defender.
Default: false
$perimeterxConfig = [ .. 'px_cd_first_party_enabled' => true .. ]
Send Page Activities
A boolean flag to enable or disable sending of activities and metrics to PerimeterX on each page request. Enabling this feature will provide data that populates the PerimeterX portal with valuable information, such as the amount of requests blocked and additional API usage statistics.
Default: false
$perimeterxConfig = [ .. 'send_page_activities' => true .. ]
Additional Page Activity Handler
Adding an additional activity handler is done by setting 'additional_activity_handler' with a user defined function on the '$perimeterxConfig' variable. The 'additional_activity_handler' function will be executed before sending the data to the PerimeterX portal.
Default: Only send activity to PerimeterX as controlled by '$perimeterxConfig'.
/** * @param string $activityType * @param PerimeterxContext $pxCtx * @param array $details */ $perimeterxConfig['additional_activity_handler'] = function ($activityType, $pxCtx, $details) { // user defined logic comes here }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Additional Activity Handler Usage Examples
Log Activity
/** * @param string $activityType * @param PerimeterxContext $pxCtx * @param array $details */ $perimeterxConfig['additional_activity_handler'] = function ($activityType, $pxCtx, $details) use ($logger) { if ($activityType === 'block') { $logger->warning('PerimeterX {activityType} details', ['activityType' => $activityType, 'details' => $details]); } else { $logger->info('PerimeterX {activityType} details', ['activityType' => $activityType, 'details' => $details]); } }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Send Activity to statsd
/** * @param string $activityType * @param PerimeterxContext $pxCtx * @param array $details */ $perimeterxConfig['additional_activity_handler'] = function ($activityType, $pxCtx, $details) use ($statsd) { $statsd->increment('perimeterx_activity.' . $activityType); }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Data-Enrichment
User can use the additional activity handler to retrieve information for the request using the data-enrichment object. first, validate the data enrichment object is verified, then you can access it's properties.
Default: false
/** * @param string $activityType * @param PerimeterxContext $pxCtx * @param array $details */ $perimeterxConfig['additional_activity_handler'] = function ($activityType, $pxCtx, $details) use ($logger) { if($pxCtx->getDataEnrichmentVerified()) { $pxde = $pxCtx->getDataEnrichment(); if($pxde->f_type == 'blacklist') { $logger->info('Filtered request with id: {$pxde->f_id} at: {$pxde->timestamp}'); } } }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Enrich Custom Params
With the enrich_custom_params
function you can add up to 10 custom parameters to be sent back to PerimeterX servers.
When set, the function is called before seting the payload on every request to PerimetrX servers. The parameters should be passed according to the correct order (1-10).
Default: not set
/** * @param array $customParamsArray */ $perimeterxConfig['enrich_custom_params'] = function ($customParamsArray) { // user defined logic comes here }; $px = Perimeterx::Instance($perimeterxConfig); $px->pxVerify();
Enrich Custom Params Usage Examples
/** * @param array $customParamsArray */ $perimeterxConfig['enrich_custom_params'] = function ($customParamsArray) { $customParamsArray['custom_param1'] = "UserId"; $customParamsArray['custom_param2'] = "SesionId"; return $customParamsArray; };
Login Credentials Extraction
This feature extracts credentials (hashed username and password) from requests and sends them to PerimeterX as additional info in the risk api call. The feature can be toggled on and off, and may be set for any number of unique paths. The settings are adjusted by modifying the px_login_credentials_extraction_enabled
and px_login_credentials_extraction
properties on the $perimeterxConfig
array.
If credentials are found to be compromised, the field px-compromised-credentials
will be added to the $_REQUEST
object with the value "1"
. You may configure the name of this field with the px_compromised_credentials_header
configuration.
Default:
px_login_credentials_extraction_enabled: false
px_login_credentials_extraction: []
px_compromised_credentials_header: "px-compromised-credentials"
$perimeterxConfig['px_compromised_credentials_header'] = 'px-comp-creds'; $perimeterxConfig['px_login_credentials_extraction_enabled'] = true; $perimeterxConfig['px_login_credentials_extraction'] = [ [ "path" => "/login", // login path, automatically added to sensitive routes "method" => "POST", // supported methods: POST "sent_through" => "body", // supported sent_throughs: body, header, query-param "pass_field" => "password", // name of the password field in the request "user_field" => "username" // name of the username field in the request ], [ ... ], ... ]
It is also possible to define a custom callback to extract the username and password. The function should return an associative
array with the keys user
and pass
. If extraction is unsuccessful, the function should return null
.
$perimeterxConfig['px_enable_login_creds_extraction'] = true; $perimeterxConfig['px_login_creds_extraction'] = [ [ "path" => "/login", // login path "method" => "POST", // supported methods: POST "callback_name" => "extractCreds" // name of custom extraction callback ], ... ]; function extractCreds() { // custom implementation resulting in $username and $password if (empty($username) || empty($password)) { return null; } return [ "user" => $username, "pass" => $password ]; }
Additional S2S Activity
To enhance detection on login credentials extraction endpoints, the following additional information is sent to PerimeterX
via an additional_s2s
activity:
- Response Code - The numerical HTTP status code of the response. This is sent automatically.
- Login Success - A boolean indicating whether the login completed successfully. See the options listed below for how to provide this data.
- Raw Username - The original username used for the login attempt. In order to report this information, make sure the configuration
px_send_raw_username_on_additional_s2s_activity
is set totrue
.
Login Success Reporting
There are a number of different possible ways to report the success or failure of the login attempt. If left empty, the
login successful status will always be reported as false
.
Default: Empty
$perimeterxConfig['px_login_successful_reporting_method'] = 'status';
Status
Provide a status or array of statuses that represent a successful login. If a response's status code matches the provided
value or one of the values in the provided array, the login successful status is set to true
. Otherwise, it's set to false
.
Note: To define a range of statuses, use the
custom
reporting method.
Default Values
px_login_successful_status: 200
$perimeterxConfig['px_login_successful_reporting_method'] = 'status'; $perimeterxConfig['px_login_successful_status'] = [200, 202]; // number or array of numbers
Header
Provide a header name and value. If the header exists on the response (accessed via the headers_list()
function ) and matches the provided value, the login successful status is set to true
. If the header is not found on the response, or if the header value does not match the value in the configuration, the login successful status is set to false
.
Default Values
px_login_successful_header_name: x-px-login-successful
px_login_successful_header_value: 1
$perimeterxConfig['px_login_successful_reporting_method'] = 'header'; $perimeterxConfig['px_login_successful_header_name'] = 'login-successful'; $perimeterxConfig['px_login_successful_header_value'] = 'true';
Custom
Provide a custom callback that returns a boolean indicating if the login was successful. The value of the configuration field can be either an anonymous function or the name of the defined function as a string.
Default Values
px_login_successful_custom_callback: null
$perimeterxConfig['px_login_successful_reporting_method'] = 'custom'; // anonymous callback function $perimeterxConfig['px_login_successful_custom_callback'] = function() { // ... return $isLoginSuccessful; }; // name of defined function as string $perimeterxConfig['px_login_successful_custom_callback'] = 'isLoginSuccessfulCallback'; function isLoginSuccessfulCallback() { // ... return $isLoginSuccessful; }
Raw Username
When enabled, the raw username used for logins on login credentials extraction endpoints will be reported to PerimeterX if (1) the credentials were identified as compromised, and (2) the login was successful as reported via the property above.
Default: false
$perimeterxConfig['px_send_raw_username_on_additional_s2s_activity'] = true;
Manually Sending Additional S2S Activity
By default, this additional_s2s
activity is sent automatically. If it is preferable to send this activity manually,
it's possible to disable automatic sending by configuring the value of px_automatic_additional_s2s_activity_enabled
to false
.
*Default Value: true
$perimeterxConfig['px_automatic_additional_s2s_activity_enabled'] = false;
The activity can then be sent manually by invoking the function $px->pxSendAdditionalS2SActivity()
, which accepts the following parameters:
Example Usage
// $px is an instance of the Perimeterx class function handleLogin() { // login flow resulting in boolean $isLoginSuccessful $px->pxSendAdditionalS2SActivity($isLoginSuccessful ? 200 : 401, $isLoginSuccessful); }
If further flexibility is needed, a JSON representation of the additional_s2s
activity can be added to the $_REQUEST
array. This activity can then be sent to another server if needed, parsed, modified, and sent via XHR POST as a JSON to PerimeterX. To do this, disable automatic sending and enable the additional activity header configuration.
Default Value
px_additional_s2s_activity_header_enabled: false
$perimeterxConfig['px_automatic_additional_s2s_activity_enabled'] = false; $perimeterxConfig['px_additional_s2s_activity_header_enabled'] = true;
The activity payload and URL destination will then be available by accessing $_REQUEST['px-additional-activity']
and $_REQUEST['px-additional-activity-url']
, respectively.
function handleLogin() { // custom flow resulting in boolean $isLoginSuccessful $activity = json_decode($_REQUEST['px-additional-activity'], true); $activity['additional']['http_status_code'] = http_status_code(); $activity['additional']['login_successful'] = $isLoginSuccessful; if ($isLoginSuccessful && $activity['additional']['credentials_compromised']) { $activity['additional']['raw_username'] = $_REQUEST['username']; } $url = $_REQUEST['px-additional-activity-url']; $headers = [ 'Content-Type: application/json', 'Authorization: Bearer ' . $_ENV['PX_AUTH_TOKEN'] ]; $body = json_encode($activity); sendPostRequest($url, $headers, $body); } function sendPostRequest($url, $headers, $body) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_HTTPHEADER, $headers); curl_setopt($curl, CURLOPT_POSTFIELDS, $body); curl_exec($curl); }
Logging
Log messages via an implementation of \Psr\Log\LoggerInterface
(see PSR-3 for full interface specification). By default, an instance of \Perimeterx\PerimeterxLogger
is used which will log all message via PHP's error_log
function.
Default: \Perimeterx\PerimeterxLogger
instance
$perimeterxConfig = [ .. 'logger' => new \My\Psr\Log\ConcreteLogger() .. ]
Debug Mode
Enables debug logging mode.
Default: false
$perimeterxConfig = [ .. 'debug_mode' => true .. ]
Once enabled, debug messages coming out from PerimeterX should be in the following template:
[PerimeterX - DEBUG][APP_ID] - MESSAGE
- for debug messages
[PerimeterX - ERROR][APP_ID] - MESSAGE
- for error messages
An example log for an high score cookie:
[Mon Dec 4 14:03:50 2017] [PerimeterX - DEBUG][APP_ID] -Starting request verification
[Mon Dec 4 14:03:50 2017] [PerimeterX - DEBUG][APP_ID] -Request context created successfully
[Mon Dec 4 14:03:50 2017] [PerimeterX - DEBUG][APP_ID] -No Captcha cookie present on the request
[Mon Dec 4 14:03:50 2017] [PerimeterX - DEBUG][APP_ID] -Cookie V3 found, Evaluating
[Mon Dec 4 14:03:50 2017] [PerimeterX - DEBUG][APP_ID] -Cookie evaluation ended successfully, risk score: 100
[Mon Dec 4 14:03:51 2017] [PerimeterX - DEBUG][APP_ID] -Enforcing action: Captcha page is served
Guzzle Client Handler
Allows setting a handler to the Guzzle client object.
Default: false
$container = []; $history = Middleware::history($container); $handler = HandlerStack::create(); $handler->push($history); $perimeterxConfig = [ .. 'guzzle_handler' => $handler .. ]
Custom Block URL
You can customize the block page to meet branding and message requirements by specifying the URL of the block page HTML file.
The enforcer will redirect to the block page defined in the custom_block_url
variable. The defined block page will display a 307 (Temporary Redirect) HTTP Response Code.
Default: not set
$perimeterxConfig = [ .. 'custom_block_url' => '/block.html' .. ]
Advanced Blocking Response Flag
Enables/disables the Advanced Blocking Response functionality.
Default: false
$perimeterxConfig = [ .. 'enable_json_response' => true .. ]
Return Response Flag
Enables/disables the ability to return the response back (useful for frameworks like Symfony) instead of running die()
.
Default: false
$perimeterxConfig = [ .. 'return_response' => true .. ]
Defer Activities Sending
Specifies if sending page activities should be deferred until shutdown or not.
Default: true
$perimeterxConfig = [ .. 'defer_activities' => false .. ]
Test Block Flow on Monitoring Mode
Allows you to test an enforcer’s blocking flow while you are still in Monitor Mode.
When the header name is set (eg. x-px-block
) and the value is set to 1
, when there is a block response (for example from using a User-Agent header with the value of PhantomJS/1.0
) the Monitor Mode is bypassed and full block mode is applied. If one of the conditions is missing you will stay in Monitor Mode. This is done per request.
To stay in Monitor Mode, set the header value to 0
.
The Header name is configurable using the bypass_monitor_header
property.
Default: not set
$perimeterxConfig = [ .. 'bypass_monitor_header' => 'x-px-block' .. ]
Advanced Blocking Response
In special cases, (such as XHR post requests) a full Captcha page render might not be an option. In such cases, using the Advanced Blocking Response returns a JSON object continaing all the information needed to render your own Captcha challenge implementation, be it a popup modal, a section on the page, etc. The Advanced Blocking Response occurs when a request contains the Accept header with the value of application/json
. A sample JSON response appears as follows:
{ "appId": String, "jsClientSrc": String, "firstPartyEnabled": Boolean, "vid": String, "uuid": String, "hostUrl": String, "blockScript": String }
Once you have the JSON response object, you can pass it to your implementation (with query strings or any other solution) and render the Captcha challenge.
In addition, you can add the _pxOnCaptchaSuccess
callback function on the window object of your Captcha page to react according to the Captcha status. For example when using a modal, you can use this callback to close the modal once the Captcha is successfullt solved.
An example of using the _pxOnCaptchaSuccess
callback is as follows:
window._pxOnCaptchaSuccess = function (isValid) { if (isValid) { alert('yay'); } else { alert('nay'); } };
To enable Advanced Blocking Response see the Advanced Blocking Response Flag section.
For details on how to create a custom Captcha page, refer to the documentation
Additional Information
URI Delimiters
PerimeterX processes URI paths with general- and sub-delimiters according to RFC 3986. General delimiters (e.g., ?
, #
) are used to separate parts of the URI. Sub-delimiters (e.g., $
, &
) are not used to split the URI as they are considered valid characters in the URI path.
Contributing
The following steps are welcome when contributing to our project.
Fork/Clone
First and foremost, Create a fork of the repository, and clone it locally. Create a branch on your fork, preferably using a self descriptive branch name.
Code/Run
Help improve our project by implementing missing features, adding capabilites or fixing bugs.
To run the code, simply follow the steps in the installation guide. Grab the keys from the PerimeterX Portal, and try refreshing your page several times continously. If no default behaviours have been overriden, you should see the PerimeterX block page. Solve the CAPTCHA to clean yourself and start fresh again.
Feel free to check out the Example App, to have a feel of the project.
Test
Tests for this project are written using PHPUnit.
Dont forget to test. The project relies heavily on tests, thus ensuring each user has the same experience, and no new features break the code. Before you create any pull request, make sure your project has passed all tests, and if any new features require it, write your own.
To run any of the tests in the available suite, first open the bootstrap.php.dist
file, and change the values according to the in-file insturctions. Then, rename the bootstrap.php.dist
to bootstrap.php
.
Finally, run the phpunit tests/PerimeterxCookieValidatorTest
command to run all tests, or phpunit <testName>
to execute a specific test (e.g. phpunit PerimeterxCookieTest
)
To run coverage tests, run phpunit --coverage-html tests/coverage
. This will create a directory tests/coverage with an html coverage for inspection.
Pull Request
After you have completed the process, create a pull request to the Upstream repository. Please provide a complete and thorough description, explaining the changes. Remember this code has to be read by our maintainers, so keep it simple, smart and accurate.