PerimeterX Python Middleware
Latest stable version: v2.3.2 Table of Contents
PerimeterX Python middleware is installed via PIP:
$ pip install perimeterx-python-wsgi
Contact [PerimeterX Support](mailto: support@perimeterx.com) for details.
To use PerimeterX middleware on a specific route follow this example:
from perimeterx.middleware import PerimeterX
px_config = {
'app_id': 'APP_ID',
'cookie_key': 'COOKIE_KEY',
'auth_token': 'AUTH_TOKEN',
}
application = get_wsgi_application()
application = PerimeterX(application, px_config)
- The PerimeterX Application ID / AppId and PerimeterX Token / Auth Token can be found in the Portal, in Applications.
- PerimeterX Risk Cookie / Cookie Key can be found in the portal, in Policies. The Policy from where the Risk Cookie / Cookie Key is taken must correspond with the Application from where the Application ID / AppId and PerimeterX Token / Auth Token. For details on how to create a custom Captcha page, refer to the documentation
In addition to the basic installation configuration above, the following configurations options are available:
A boolean flag to enable/disable the PerimeterX Enforcer. Default: true
config = {
...
module_enabled: False
...
}
Sets the working mode of the Enforcer. Possible values:
active_blocking
- Blocking Modemonitor
- Monitoring Mode Default:monitor
- Monitor Mode
config = {
...
module_mode: 'active_blocking'
...
}
Sets the minimum blocking score of a request. Possible values:
- Any integer between 0 and 100. Default: 100
config = {
...
blocking_score: 100
...
}
Enable/disable sending activities and metrics to PerimeterX with each request.
Enabling this feature allows data to populate the PerimeterX Portal with valuable information, such as the number of requests blocked and additional API usage statistics.
Default: true
config = {
...
send_page_activities: True
...
}
Enable/disable the debug log messages. Default: False
config = {
...
debug_mode: True
...
}
An array of route prefixes that trigger a server call to PerimeterX servers every time the page is viewed, regardless of viewing history. Default: Empty
config = {
...
sensitive_routes: ['/login', '/user/checkout']
...
}
An array of route prefixes which will bypass enforcement (will never get scored). Default: Empty
config = {
...
whitelist_routes: ['/about-us', '/careers']
...
}
An array of headers that are not sent to PerimeterX servers on API calls. Default: ['cookie', 'cookies']
config = {
...
sensitive_headers: ['cookie', 'cookies', 'x-sensitive-header']
...
}
An array of trusted headers that specify an IP to be extracted. Default: Empty
config = {
...
ip_headers: ['x-user-real-ip']
...
}
Enable/disable First-Party mode. Default: True
config = {
...
first_party_enabled: False
...
}
A Python function that adds a custom response handler to the request.
You must declare the function before using it in the config.
The Custom Request Handler is triggered after PerimeterX's verification.
The custom function should handle the response (most likely it will create a new response)
Default: Empty
config = {
...
custom_request_handler: custom_request_handler_function,
...
}
A Python function that allows interaction with the request data collected by PerimeterX before the data is returned to the PerimeterX servers. Does not alter the response. Default: Empty
config = {
...
additional_activity_handler: additional_activity_handler_function,
...
}
This is a cookie we make available for our costumers, that can provide extra data about the request
context.pxde
context.pxde_verified
This is a property that allows the developer to disable the module for a single request. Its value should be True for disabling, and False for enabling
...
environ['px_disable_request'] = False #The request shall be passed to the enforcer.
or
environ['px_disable_request'] = True #The enforcer shall be disabled for that request.