Skip to main content

cheq middlewares for wsgi application

Project description

cheq-rti-wsgi-middleware

CHEQ Real Time Interception middleware for Python 3 wsgi application

Features

Installation

$ pip install cheq-rti-wsgi-middleware

Real time interception

Real-Time Interception (RTI) supports API calls to provide detection of invalid traffic (IVT) to your site, in absolute real-time. RTI will intercept IVT to prevent invalid visitors from harming your conversion efforts.

Configuration

Required configuration

API key

Available on the Paradome platform under “Management -> RTI”

options = {
    ...
    'api_key': '11abc111-aa11-11aa-1111-11a11a11111'
    ...
}
Tag hash

Appears in your CHEQ tag.

options = {
    ...
    'tag_hash': 'c99651e7936e27743ce51c728492aac9'
    ...
}
API endpoint

The nearest API endpoint to your server. Must be the same region as your tag domain.
Select the appropriate endpoint:

options = {
    ...
    'api_endpoint': 'https://rti-eu-west1.cheqzone.com'
    ...
}

Optional configuration

Mode
  • monitoring - Will not perform any action

  • blocking - Will block Invalid traffic or redirect them to a different url (defind in Redirect URL).

The default value will be monitoring.

options = {
    ...
    'mode': 'blocking'
    ...
}
Event type
  • route_to_event_type - A dictionary of routes as keys and cheq event type as value.
    Default page_load will be used as event type
options = {
    ...
    'route_to_event_type': {
        '/': 'page_load',
        '/subscribe': 'subscribe',
        .....
        .....
    }
    ...
}
Threat type codes

Threat types are devided to two groups:

  1. Block/Redirect - traffic detected as threat types in this group would be blocked or redirected to a different page (defind in Redirect URL.
    Default threat type codes for this group: 2,3,6,7,10,11,16,18.

  2. Captcha - threat type codes in this group would be reffered to Callback function.
    Default threat type codes for this group: 4,5,13,14,15,17. Threat type must be unique for each list.

options = {
    ...
    'invalid_block_redirect_codes': [2, 3, 6, 7, 10, 11, 16, 18],
    'invalid_captcha_codes': [4, 5, 13, 14, 15, 17]
    ...
};
Redirect URL

A URL you would like to redirect invalid users to.

If it is empty the response will be status code 403 and the user will be blocked.

options = {
    ...
     'redirect_url': 'https://invalid-user.com'
    ...
}
Callback function

A custom callback option, for instance to redirect to captcha page. If it is empty, will use start_response to route.

def callback(app, environ, start_response):
     #do somthing or call app(environ, start_response)
     
options = {
    ...
     'callback': callback 
    ...
}
Ja3

Recommended - A function that extracts ja3 fingerprint from the request.
SSL/TLS client fingerprints

from urllib.parse import urlparse
from urllib.parse import parse_qs

def get_ja3(request):
        parsed_url = urlparse(reuest.url)
        captured_value = parse_qs(parsed_url.query)['ja3'][0] 
options = {
    ... 
    'get_ja3': get_ja3
    ...
}
Resource type

A function to get the response content-type header.

This is recommended to improve detection.

def get_resource_type(request):
    if request.headers.environ['REQUEST_METHOD'] == 'POST'):
        return 'application/json'
    elif request.pth == '/':
        return 'text/html'

options = {
  ...
  'get_resource_type': get_resource_type
  ...
}
IP header

Specify a trusted IP header to be used as client IP

options = {
  ...
  'trusted_ip_header': 'client-ip'
  ...
};
URI Exclusion

An array of regular expressions or path that will be excluded

options = {
  ...
  'uri_exclusion': ['/about', '/careers']
  ...
};
Timeout

Optional timeout in milliseconds, if absent value will be set to 100 milliseconds.

options = {
    ...
     'timeout': 1000 // one second
    ...
}
Custom event name

In case a custom event name is used, this function extracts the name of the custom event.

from urllib.parse import urlparse
from urllib.parse import parse_qs

def get_channel(request):
        parsed_url = urlparse(reuest.url)
        captured_value = parse_qs(parsed_url.query)['channel'][0] 
options = {
    ...
     'get_channel': get_channel
    ...
}

Usage example

Flask
from flask import Flask
from cheq_wsgi_middlewares.RtiWsgiMiddleware import RtiMiddleware

api_key = "62fdc812-be58-492f-9417-66a1f22b4da1"
tag_hash = "5f863bea211c957865e067b148f2471b"
app = Flask(__name__)


options = {
    'app': app.wsgi_app,
    'api_key': "62fdc812-be58-492f-9417-66a1f22b4da1",
    'tag_hash': "5f863bea211c957865e067b148f2471b",
    'api_endpoint': 'https://rti-us-east-1.cheqzone.com',
    'route_to_event_type': dict(),
    'mode': 'blocking',
    'uri_exclusion': [],
    'invalid_block_redirect_codes': [],
    'invalid_captcha_codes': [],
    'trusted_ip_header': 'Client-Ip'

}


app.wsgi_app = RtiMiddleware(options)


@app.route("/")
def index():
    return "Hello World"


if __name__ == '__main__':
    app.run('0.0.0.0', 8080)
Django
from django.core.wsgi import get_wsgi_application
from cheq_wsgi_middlewares.RtiWsgiMiddleware import RtiMiddleware
import os

os.environ.setdefault("DJANGO_SETTINGS_MODULE", "hellodjango.settings")
application = get_wsgi_application()

options = {
    'app': application,
    'api_key': "62fdc812-be58-492f-9417-66a1f22b4da1",
    'tag_hash': "5f863bea211c957865e067b148f2471b",
    'api_endpoint': 'https://rti-us-east-1.cheqzone.com',
    'route_to_event_type': dict(),
    'mode': 'blocking',
    'uri_exclusion': [],
    'invalid_block_redirect_codes': [],
    'invalid_captcha_codes': [],
    'trusted_ip_header': 'Client-Ip'

}


application = RtiMiddleware(options)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cheq_rti_wsgi_middleware-0.0.2.tar.gz (10.2 kB view details)

Uploaded Source

Built Distribution

cheq_rti_wsgi_middleware-0.0.2-py3-none-any.whl (12.8 kB view details)

Uploaded Python 3

File details

Details for the file cheq_rti_wsgi_middleware-0.0.2.tar.gz.

File metadata

File hashes

Hashes for cheq_rti_wsgi_middleware-0.0.2.tar.gz
Algorithm Hash digest
SHA256 540d1faf55c845e47215bfc772a8f5c37e86a6050ab9d4519aa4de4424532631
MD5 08202716fbbf0a3f4d0a9c61f427ec72
BLAKE2b-256 dac429f577e3c70828cc46d9f7d995d644810933870e6a0666ce7d7121918d78

See more details on using hashes here.

File details

Details for the file cheq_rti_wsgi_middleware-0.0.2-py3-none-any.whl.

File metadata

File hashes

Hashes for cheq_rti_wsgi_middleware-0.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 445256f89ad370a881ab829e6f30a3ade3a42d5582949996a82ad150d5a30114
MD5 cf951000cc7de220262c50b13fdf7326
BLAKE2b-256 b1391797a681b45a0290ff5928b8f2f89c9efb25bf500e8a5506c2d7fc75c23b

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page