Advanced Configuration

In some cases, advanced configuration requirements may be discussed with the Netacea Solution Engineering team.

Customising Integration Triggers

In some cases, there may be a requirement to customise which traffic triggers the Netacea integration within a single Fastly service traffic.

This could be for various reasons, including:

  • Multiple domains exist on the same Fastly service, and Netacea protect each domain with a separate set of Datastream models

  • Multiple domains exist on the same Fastly service, but Netacea only protect a subset of those domains

  • The Netacea Integration needs to be limited to trigger and protect a limited set of pathways

  • The Netacea Integration needs to behave differently based on certain criteria

To support customised triggers, follow the steps outlined below.

Do not complete this configuration without discussing the steps with the Netacea team

Update the Netacea Dictionary

Update the Netacea dictionary configured as part of the standard Installation and Configuration Guide. The dictionary must be updated to include the variables and values normally set in the Netacea Module.

The Netacea module fields should be set to blank:

Create & Customise the recv_configure.vcl

Lastly, the recv_configure.vcl will need to be created to include the conditional statements that define how the Netacea integration triggers:

  • Cause the integration to trigger on a subset of requests made on the Fastly service.

  • Define which Datastream credentials are used when traffic triggers the integration on the Fastly Service.

Navigate to Stores → Configuration → Advanced → System → Full Page Cache → Fastly Configuration → Custom VCL Snippets and click "Create".

Selective trigger

The following example will cause the integration to trigger on login specific request pathways.

set req.http.x-netacea:edge_config_key_prefix = "";
declare local var.should_run_netacea BOOL;

set var.should_run_netacea = false;

# Must enable Netacea on the following paths if using captcha:
if (!var.should_run_netacea) {
  if (req.url.path ~ "^/AtaVerifyCaptcha|^\/Mitigations\/") {
    set var.should_run_netacea = true;
  }
}

if (!var.should_run_netacea) {
  if (req.url.path ~ "\/.*\/(login)\/") {
    set var.should_run_netacea = true;
  }
}

if (var.should_run_netacea) {
  call netacea_check_req;
}

Splitting trigger

The following example will cause the integration to use different Datastream credentials based on the request's associated domain.

declare local var.should_run_netacea BOOL;
set var.should_run_netacea = false;

if (req.http.host ~ "example.com") {
  set var.should_run_netacea = true;
  set req.http.x-netacea:edge_config_key_prefix = "dsA_";
}

if (req.http.host ~ "example2.com") {
  set var.should_run_netacea = true;
  set req.http.x-netacea:edge_config_key_prefix = "dsB_";
}

if (var.should_run_netacea) {
  call netacea_check_req;
}

Update Log Shipping

Lastly, you may need to update your Shipping configuration based on requirements defined by the Netacea Team.

PreviousInstallation and ConfigurationNextF5

Last updated