Installation and Configuration
The Netacea Fastly integration detects bot activity and performs mitigating actions in line with the client blocking strategy.
Prerequisites
To successfully integrate using Netacea, please ensure you have:
A Fastly version or 1.2.131+ or higher.
Access to the relevant API keys and log shipping endpoints in the Netacea portal.
Monitoring has been configured.
Customers will also need to open a support ticket with Fastly to enable POST within their environment. We need to ensure that there are 2 pragmas enabled on your Fastly account that are not enabled by default.
Required Pragmas:
To enable the Pragmas raise a support ticket with Fastly Support.
Implementation Steps
Log in to the Fastly web interface.
From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
All configuration changes below will be made to the newly cloned version.
Make a note of the currently active version should you need to roll back in the future.
Host
To allow the Netacea VCL to make calls to the Protector API 2 new hosts must be configured with Netacea's details, to be called in the VCL snippets.
Click the Origins link. The Origins page appears.
Click the "Create a Host" button. The Host field appears.
Populate a new host with the following URL and click "Add":
Edit the new host by clicking the pencil icon and change the name to:
Repeat the process, populate the new host with the following URL and click "Add" :
Edit the new host by clicking the pencil icon and change the name to:
VCL Snippets
For Netacea to trigger and offer protection, the solution needs to be added to the Fastly environment in the form of a custom VCL.
The Netacea VCL is divided into 5 key snippets, INIT, DELIVER, RECV, ERROR and RECV_CONFIGURE. Each needs to be added to the VCL Snippets configuration within Fastly.
Netacea will provide the VCL separately.
INIT:
Navigate to VCL snippets within Fastly.
Click the "Create snippet" button.
Give the snippet a suitable name, such as Netacea_INIT
Set the type to "init"
Paste the INIT code into the VCL
On line 4 - 24 you will find a set fields unique to each deployment to define, set integration_type to the suitable mode.
Required Fields
integration_type
fastly
integration_version
<Integration Version>
integration_mode
BYPASS - Disables the Netacea integration entirely
INGEST - Passive mode to allow Netacea to collect and analyse traffic
MITIGATE - Active mode that will mitigate based on Netacea's Intent Analytics®
INJECT - Active mode for customers who wish to receive Netacea analytics at their backend and decide actions to take.
api_key
secret_key
encryption_key
cookie_name
A suitable name for your mitigation cookie.
For added security, do not include Netacea or Mitigation in this name.
captcha_cookie_name
A suitable name for your Captcha tracking cookie.
For added security, do not include Netacea or Mitigation in this name.
ignore_list
Comma separated list of subdirectories where mitigation shouldn't be applied. You can set up to 5 subdirectories here. All resources under such directory will be ignored by the integration.
Add /media/,/static/ by default to ensure full integration coverage whilst not triggering on media content.
Optional Fields - Can be set to blank unless discussed with the Netacea team
real_ip_header_name
Allows users to customise which header is used for the request's IP.
Leave blank by default to use Fastly standard client.IP field.
use_relative_path_captcha_assets
If set to true, it ensures Captcha is served without references to the Netacea CDN. Otherwise it will embed full URL to Netacea CDN in Captcha HTML.
Leave blank by default to use HTML sitewide.
captcha_path
Allows users to create an endpoint which always serve Captcha HTML. Useful when implementing captcha challenge for mobile apps. Leave blank by default to use /ATAverify pathway.
captcha_header
Custom header that indicates if the response is Captcha page. Has to be in format of name={{header name}}&value={{header value}}.
enable_captcha_content_negotiation
Handles the format of the Captcha page. when set to true then it's possible to for the integration to return get the Captcha page in form of JSON.
Leave blank by default to use HTML sitewide.
Under advanced options, set the priority to 45.
RECV:
Click the "Create snippet" button
Give the snippet a suitable name, such as Netacea_RECV
Set the type to "within subroutine" & "recv (vcl_recv)"
Paste the RECV code into the VCL
Set the priority to 45
DELIVER
Click the "Create snippet" button
Give the snippet a suitable name, such as Netacea_DELIVER
Set the type to "within subroutine" & "deliver (vcl_deliver)"
Paste the DELIVER code into the VCL
Set the priority to 45
ERROR:
Click the "Create snippet" button
Give the snippet a suitable name, such as Netacea_ERROR
Set the type to "within subroutine" & "error (vcl_error)"
Paste the ERROR code into the VCL
Set the priority to 45
RECV_CONFIGURE:
Click the "Create snippet" button
Give the snippet a suitable name, such as Netacea_RECV_CONFIGURE
Set the type to "within subroutine" & "recv (vcl_recv)"
Paste the RECV_CONFIGURE code into the VCL
Set the priority to 46
Dictionary
Navigate to Data -> Dictionaries within Fastly.
Click the "Create dictionary" button.
Give the snippet the name "netacea_edge_config"
Click Add
The dicitionary should be left blank unless instructed by the Netacea Team
Finishing Up
Check you have completed the following steps:
Created the new hosts for the Netacea Protector API endpoint
Deployed the Netacea VCL
Configured log streaming to the S3 bucket provided
Ensure no error messages are appearing
You are now ready to deploy the version you have been editing by clicking "Activate"
The Netacea plug-in will now be deployed on the service it was configured against. You can test the deployment is active by:
Checking for the presence of the Netacea named cookie on the website
Viewing your reporting dashboard for traffic and mitigation
Requesting Netacea review internal metrics
Last updated
