# Installation and Configuration ### Prerequisites To successfully integrate using Netacea, please ensure you have: 1. A Fastly version or 1.2.131+ or higher. 2. Access to the relevant API keys and log shipping endpoints in the [Netacea portal](https://docs.netacea.com/netacea-plugin-information/accessing-your-integration-settings). 3. [Monitoring ](https://docs.netacea.com/netacea-plugin-information/fastly/monitoring-configuration)has been configured. Customers will also need to open a support ticket with Fastly to enable POST within their environment. We need to ensure that there are 2 pragmas enabled on your Fastly account that are not enabled by default. Required Pragmas: ``` Pragma optional_param fix_unsent_body_drain true; Pragma optional_param no_body_if_bereq_is_get_or_head true; ``` To enable the Pragmas raise a support ticket with [Fastly Support](https://support.fastly.com). ### Implementation Steps * Log in to the Fastly web interface. * From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain. * Click the Edit configuration button and then select the option to clone the active version. The Domains page appears. All configuration changes below will be made to the newly cloned version. {% hint style="info" %} Make a note of the currently active version should you need to roll back in the future. {% endhint %} ### Host To allow the Netacea VCL to make calls to the Protector API 2 new hosts must be configured with Netacea's details, to be called in the [VCL snippets](#vcl-snippets). * Click the Origins link. The Origins page appears. * Click the "Create a Host" button. The Host field appears. Populate a new host with the following URL and click "Add": ``` mitigations-lbr.netacea.net ```
Edit the new host by clicking the pencil icon and change the name to: ``` MitSvc ```
In the Override host field, enter the same URL as the original host.
Repeat the process, populate the new host with the following URL and click "Add" : ``` assets.ntcacdn.net ``` Edit the new host by clicking the pencil icon and change the name to: ``` CaptchaAssets ```
### VCL Snippets For Netacea to trigger and offer protection, the solution needs to be added to the Fastly environment in the form of a custom VCL. The Netacea VCL is divided into 7 key snippets, INIT, DELIVER, RECV, ERROR, RECV\_CONFIGURE, PASS and MISS. Each needs to be added to the VCL Snippets configuration within Fastly. {% hint style="info" %} Netacea will provide the VCL separately. {% endhint %} **INIT:** * Navigate to VCL snippets within Fastly. * Click the "Create snippet" button. * Give the snippet a suitable name, such as Netacea\_INIT * Set the type to "init"
* Paste the INIT code into the VCL * On line 4 - 24 you will find a set fields unique to each deployment to define, set integration\_type to the suitable mode.
**Required Fields**
FieldValue
integration_typefastly
integration_version<Integration Version>
integration_mode

BYPASS - Disables the Netacea integration entirely

INGEST - Passive mode to allow Netacea to collect and analyse traffic

MITIGATE - Active mode that will mitigate based on Netacea's Intent Analytics®

INJECT - Active mode for customers who wish to receive Netacea analytics at their backend and decide actions to take.

api_keyProvided by Netacea portal
secret_keyProvided by Netacea portal
encryption_keyProvided by Netacea portal
cookie_name

A suitable name for your mitigation cookie.

For added security, do not include Netacea or Mitigation in this name.

captcha_cookie_name

A suitable name for your Captcha tracking cookie.

For added security, do not include Netacea or Mitigation in this name.

ignore_listComma separated list of subdirectories where mitigation shouldn't be applied. You can set up to 5 subdirectories here. All resources under such directory will be ignored by the integration.
Add /media/,/static/ by default to ensure full integration coverage whilst not triggering on media content.
**Optional Fields - Can be set to blank unless discussed with the Netacea team**
FieldValue
real_ip_header_name

Allows users to customise which header is used for the request's IP.

Leave blank by default to use Fastly standard client.IP field.

use_relative_path_captcha_assetsIf set to true, it ensures Captcha is served without references to the Netacea CDN. Otherwise it will embed full URL to Netacea CDN in Captcha HTML.
Leave blank by default to use HTML sitewide.
captcha_pathAllows users to create an endpoint which always serve Captcha HTML. Useful when implementing captcha challenge for mobile apps.
Leave blank by default to use /ATAverify pathway.
captcha_headerCustom header that indicates if the response is Captcha page. Has to be in format of name={{header name}}&value={{header value}}.
enable_captcha_content_negotiationHandles the format of the Captcha page. when set to true then it's possible to for the integration to return get the Captcha page in form of JSON.
Leave blank by default to use HTML sitewide.

Example of valid configuration

Under advanced options, set the priority to 45.
**RECV**: * Click the "Create snippet" button * Give the snippet a suitable name, such as Netacea\_RECV * Set the type to "within subroutine" & "recv (vcl\_recv)" * Paste the RECV code into the VCL * Set the priority to 45 **DELIVER** * Click the "Create snippet" button * Give the snippet a suitable name, such as Netacea\_DELIVER * Set the type to "within subroutine" & "deliver (vcl\_deliver)" * Paste the DELIVER code into the VCL * Set the priority to 45 **ERROR:** * Click the "Create snippet" button * Give the snippet a suitable name, such as Netacea\_ERROR * Set the type to "within subroutine" & "error (vcl\_error)" * Paste the ERROR code into the VCL * Set the priority to 45 **RECV\_CONFIGURE:** * Click the "Create snippet" button * Give the snippet a suitable name, such as Netacea\_RECV\_CONFIGURE * Set the type to "within subroutine" & "recv (vcl\_recv)" * Paste the RECV\_CONFIGURE code into the VCL * Set the priority to 46 PASS: * Click the "Create snippet" button * Give the snippet a suitable name, such as Netacea\_PASS * Set the type to "within subroutine" & "pass (vcl\_pass)" * Paste the PASS code into the VCL * Set the priority to 45 MISS: * Click the "Create snippet" button * Give the snippet a suitable name, such as Netacea\_MISS * Set the type to "within subroutine" & "miss (vcl\_miss)" * Paste the MISS code into the VCL * Set the priority to 45
### Dictionary * Navigate to Data -> Dictionaries within Fastly. * Click the "Create dictionary" button. * Give the snippet the name "netacea\_edge\_config" * Click Add {% hint style="info" %} The dicitionary should be left blank unless instructed by the Netacea Team {% endhint %}
### Finishing Up Check you have completed the following steps: * Created the new [hosts for the Netacea Protector API endpoint](#host) * Deployed the [Netacea VCL](#vcl-snippets) * Configured [log streaming](https://docs.netacea.com/netacea-plugin-information/monitoring-configuration#log-streaming) to the S3 bucket provided * Ensure no error messages are appearing You are now ready to deploy the version you have been editing by clicking "Activate"
The Netacea plug-in will now be deployed on the service it was configured against. You can test the deployment is active by: * Checking for the presence of the Netacea named cookie on the website * Viewing your reporting dashboard for traffic and mitigation * Requesting Netacea review internal metrics