From 401b4fa87d1c3d1a81b233ecd9a38c3c154639d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl?= <108686236+MickaelDatadome@users.noreply.github.com> Date: Thu, 24 Oct 2024 15:19:18 +0200 Subject: [PATCH 1/2] Datadome 2.22.0 (#6) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update datacenters.json * Added basename sanitize to original snippet name, preventing path traversal * Bump to 1.2.208 * Update datacenters.json * wp * Update datacenters.json * Bump to 1.2.209 * netacea integration v5.7.0 * Update datacenters.json * Bump to 1.2.210 * Release notes update for 1.2.210 * Update datacenters.json * php 8.3 * added opensearch * fix for #682 * fix for #682 * Bump to 1.2.211 * fix #682 * updating to DataDome Fastly Module 2.19.4 Signed-off-by: Mickaël Guichard * Bump to 1.2.212 * ci: Use GITHUB_OUTPUT envvar instead of set-output command `save-state` and `set-output` commands used in GitHub Actions are deprecated and [GitHub recommends using environment files](https://github.blog/changelog/2023-07-24-github-actions-update-on-save-state-and-set-output-commands/). This PR updates the usage of `::set-output` to `"$GITHUB_OUTPUT"` Instructions for envvar usage from GitHub docs: https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#setting-an-output-parameter * Module and documentation updates * Documenation wording change * Spelling fix * Add support for Brotli static compression * Add testing for 2.4.6 and PHP 8.3 * Bump to 1.2.213 * Rate limiting improvement * fix code quality * Bump to 1.2.214 * Netacea Magento module updated with additional logging * Fix for checking if current IP is in maintenance IP list * Bump to 1.2.215 * fix GEOIP redirection causes 404 #693 * Bump to 1.2.216 * Bump to 1.2.217 * Netacea Magento module updated with PURGE requests handling * Fixing deprecated usage - adding cast to string and tags size check * Bump to 1.2.218 * Removing trailing comma in WAF constructor to be compatible with PHP 7.2 * Bump to 1.2.219 * Update datacenters.json * Don't display API keys and tokens on endpoint update - they shouldn't be visible after configuration * In 2.4 path is /pub/errors * Bump to 1.2.220 * updating to DataDome Fastly Module 2.22.0 --------- Signed-off-by: Mickaël Guichard Co-authored-by: github-actions Co-authored-by: ivanviduka Co-authored-by: Vladimir Vuksan Co-authored-by: Vladimir Vuksan Co-authored-by: Domagoj Potkoc Co-authored-by: Richard Walkden <38424593+rswalkden@users.noreply.github.com> Co-authored-by: Arun Sathiya Co-authored-by: mizdebski-netacea Co-authored-by: Vladimir Vuksan <44271-vvuksan-fastly@users.noreply.drupalcode.org> Co-authored-by: Marek Izdebski <103107299+mizdebski-netacea@users.noreply.github.com> --- .github/workflows/code_quality.yml | 33 +++++--- .../shielding-check-cron-manual.yaml | 6 +- .github/workflows/shielding-check-cron.yaml | 6 +- Block/GeoIp/GetAction.php | 20 ++--- .../FastlyCdn/Advanced/CheckTlsSetting.php | 2 + .../Adminhtml/FastlyCdn/Advanced/ForceTls.php | 2 + .../FastlyCdn/Backend/ConfigureBackend.php | 2 + .../FastlyCdn/Backend/CreateBackend.php | 2 + .../FastlyCdn/Backend/DeleteBackend.php | 2 + .../FastlyCdn/Backend/GetBackends.php | 2 + .../CheckAuthDictionary.php | 2 + .../BasicAuthentication/CheckAuthSetting.php | 2 + .../CheckAuthUsersAvailable.php | 2 + .../FastlyCdn/BasicAuthentication/Create.php | 2 + .../FastlyCdn/BasicAuthentication/Delete.php | 2 + .../BasicAuthentication/EnableAuth.php | 2 + .../BasicAuthentication/Item/Create.php | 2 + .../BasicAuthentication/Item/Delete.php | 2 + .../BasicAuthentication/Item/ListAll.php | 2 + .../FastlyCdn/Blocking/AbstractBlocking.php | 2 + .../Blocking/CheckBlockingSetting.php | 2 + .../FastlyCdn/Configuration/CustomerInfo.php | 2 + .../Configuration/GetFastlyServiceInfo.php | 2 + .../Configuration/IsAlreadyConfigured.php | 2 + .../FastlyCdn/Configuration/ServiceInfo.php | 2 + .../Configuration/TestConnection.php | 2 + .../CustomSnippet/ChangeUpdateFlag.php | 2 + .../CustomSnippet/CheckCustomSnippet.php | 6 +- .../CustomSnippet/CreateCustomSnippet.php | 8 +- .../CustomSnippet/DeleteCustomSnippet.php | 6 +- .../CustomSnippet/EditCustomSnippet.php | 6 +- .../CustomSnippet/GetCustomSnippet.php | 6 +- .../CustomSnippet/GetCustomSnippets.php | 6 +- .../FastlyCdn/Domains/GetDomains.php | 2 + .../FastlyCdn/Domains/PushDomains.php | 2 + .../Adminhtml/FastlyCdn/Edge/Acl/Create.php | 2 + .../Adminhtml/FastlyCdn/Edge/Acl/Delete.php | 2 + .../Adminhtml/FastlyCdn/Edge/Acl/GetAcl.php | 2 + .../FastlyCdn/Edge/Acl/Item/Create.php | 2 + .../FastlyCdn/Edge/Acl/Item/Delete.php | 2 + .../FastlyCdn/Edge/Acl/Item/ListAll.php | 2 + .../FastlyCdn/Edge/Acl/Item/Update.php | 2 + .../Adminhtml/FastlyCdn/Edge/Acl/ListAll.php | 2 + .../FastlyCdn/Edge/Dictionary/Create.php | 2 + .../FastlyCdn/Edge/Dictionary/Delete.php | 2 + .../FastlyCdn/Edge/Dictionary/Item/Create.php | 2 + .../FastlyCdn/Edge/Dictionary/Item/Delete.php | 2 + .../Edge/Dictionary/Item/ListAll.php | 2 + .../FastlyCdn/Edge/Dictionary/ListAll.php | 2 + .../CheckFastlyIoSetting.php | 2 + .../ImageOptimization/CheckImageSetting.php | 2 + .../IoDefaultConfigOptions.php | 2 + .../FastlyCdn/ImageOptimization/ListAll.php | 2 + .../ImageOptimization/PushImageSettings.php | 2 + .../ImportExport/DownloadExportData.php | 2 + .../FastlyCdn/ImportExport/GetExportData.php | 2 + .../FastlyCdn/ImportExport/GetImportData.php | 2 + .../FastlyCdn/ImportExport/SaveExportData.php | 2 + .../FastlyCdn/ImportExport/SaveImportData.php | 2 + .../FastlyCdn/Logging/CreateEndpoint.php | 43 +++++----- .../FastlyCdn/Logging/GetAllEndpoints.php | 2 + .../FastlyCdn/Logging/GetEndpoint.php | 2 + .../FastlyCdn/Logging/GetEndpoints.php | 2 + .../FastlyCdn/Logging/UpdateEndpoint.php | 51 ++++++------ .../FastlyCdn/Maintenance/CheckSuSetting.php | 2 + .../FastlyCdn/Maintenance/ToggleSuSetting.php | 5 +- .../FastlyCdn/Maintenance/UpdateSuIps.php | 4 +- .../Adminhtml/FastlyCdn/Manifest/Create.php | 6 +- .../FastlyCdn/Manifest/GetActiveModules.php | 2 + .../FastlyCdn/Manifest/GetAllConditions.php | 1 + .../FastlyCdn/Manifest/GetAllDomains.php | 2 + .../FastlyCdn/Manifest/GetAllModules.php | 2 + .../FastlyCdn/Manifest/GetCountries.php | 2 + .../FastlyCdn/Manifest/GetModuleData.php | 2 + .../Manifest/GetResponseConditions.php | 2 + .../Adminhtml/FastlyCdn/Manifest/Save.php | 2 + .../FastlyCdn/Manifest/ToggleModules.php | 2 + .../Adminhtml/FastlyCdn/Manifest/Upload.php | 2 + Controller/Adminhtml/FastlyCdn/Purge/All.php | 2 + .../Adminhtml/FastlyCdn/Purge/ContentType.php | 2 + .../Adminhtml/FastlyCdn/Purge/Quick.php | 2 + .../Adminhtml/FastlyCdn/Purge/Store.php | 2 + .../RateLimiting/CheckRateLimitingSetting.php | 2 + .../RateLimiting/DisableRateLimiting.php | 2 + .../FastlyCdn/RateLimiting/GetPaths.php | 2 + .../RateLimiting/ToggleRateLimiting.php | 2 + .../FastlyCdn/RateLimiting/UpdatePaths.php | 2 + .../SyntheticPages/GetErrorPageRespObj.php | 2 + .../SyntheticPages/GetWafPageRespObj.php | 2 + .../SyntheticPages/RemoveErrorPageHtml.php | 2 + .../SyntheticPages/SaveErrorPageHtml.php | 2 + .../FastlyCdn/SyntheticPages/SaveWafPage.php | 2 + .../Adminhtml/FastlyCdn/Vcl/Comparison.php | 2 + .../FastlyCdn/Vcl/DismissWarning.php | 2 + .../Adminhtml/FastlyCdn/Vcl/GetUpdateFlag.php | 2 + .../FastlyCdn/Vcl/IsWarningDismissed.php | 2 + Controller/Adminhtml/FastlyCdn/Vcl/Upload.php | 2 + .../FastlyCdn/VersionHistory/Activate.php | 2 + .../FastlyCdn/VersionHistory/ListVersions.php | 1 + .../FastlyCdn/VersionHistory/Reference.php | 2 + .../FastlyCdn/Waf/AbstractWafUpdate.php | 2 + .../FastlyCdn/Waf/CheckWafBypassSetting.php | 2 + .../FastlyCdn/Waf/GetWafSettings.php | 2 + .../Adminhtml/FastlyCdn/Waf/WafAllowlist.php | 2 +- .../EDGE-MODULE-NETACEA-INTEGRATION.md | 21 +---- Model/Api.php | 2 +- Model/FrontControllerPlugin.php | 27 ++++--- Model/Layout/LayoutPlugin.php | 2 +- Model/ResponsePlugin.php | 5 +- Release-Notes.md | 56 +++++++++++++ VERSION | 2 +- composer.json | 4 +- .../datadome_integration.json | 26 +++++-- .../netacea_integration.json | 19 +++-- etc/shielding/datacenters.json | 78 ++++--------------- etc/vcl_snippets/deliver.vcl | 2 +- etc/vcl_snippets/fetch.vcl | 4 +- etc/vcl_snippets/miss.vcl | 2 +- etc/vcl_snippets/pass.vcl | 2 +- etc/vcl_snippets/recv.vcl | 9 ++- view/adminhtml/web/js/log-endpoints.js | 23 ++++-- 121 files changed, 459 insertions(+), 213 deletions(-) diff --git a/.github/workflows/code_quality.yml b/.github/workflows/code_quality.yml index 55b82f32..be0d3fa9 100644 --- a/.github/workflows/code_quality.yml +++ b/.github/workflows/code_quality.yml @@ -5,7 +5,7 @@ on: branches: [master] env: - MAGENTO_CODING_STANDARD: "v25" + MAGENTO_CODING_STANDARD: "v30" jobs: static_code_check: @@ -47,16 +47,17 @@ jobs: --health-interval=10s --health-timeout=5s --health-retries=3 - es: - image: docker.elastic.co/elasticsearch/elasticsearch:${{ matrix.elasticsearch }} + os: + image: opensearchproject/opensearch:${{ matrix.opensearch }} env: - ES_JAVA_OPTS: "-Xms512m -Xmx512m" + OPENSEARCH_JAVA_OPTS: "-Xms512m -Xmx512m" ports: - 9200:9200 options: >- -e "discovery.type=single-node" - -e "xpack.security.enabled=false" + -e "plugins.security.disabled=true" + --name "opensearch-node" --health-cmd="curl --silent --fail localhost:9200/_cluster/health || exit 1" --health-interval=30s --health-timeout=30s @@ -66,21 +67,28 @@ jobs: matrix: # https://experienceleague.adobe.com/docs/commerce-operations/installation-guide/system-requirements.html include: - - magento: "2.4.3" - php: "7.4" - composer: "v1" - elasticsearch: "7.10.2" + # Higher matching version 4.6.1 of magento/magento2-functional-testing-framework was found in public repository packagist.org + # than 4.4.2 in private https://mirror.mage-os.org. Public package might've been taken over by a malicious entity, + # please investigate and update package requirement to match the version from the private repository + #- magento: "2.4.3-p3" + # php: "7.4" + # composer: "v1" + # elasticsearch: "7.10.2" - magento: "2.4.4" php: "8.1" composer: "v2" - elasticsearch: "7.16.3" + opensearch: "1.2.0" - magento: "2.4.5" php: "8.1" composer: "v2" - elasticsearch: "7.17.5" + opensearch: "1.2.0" + - magento: "2.4.6" + php: "8.2" + composer: "v2" + opensearch: "2.5.0" steps: - name: Setup PHP uses: shivammathur/setup-php@v2 @@ -144,4 +152,5 @@ jobs: run: echo "::add-matcher::${{ github.workspace }}/app/code/Fastly/Cdn/.github/tests/phpunit_matcher.json" - name: Run tests - run: vendor/bin/phpunit -c dev/tests/unit/phpunit.xml.dist --teamcity app/code/Fastly/Cdn/ + run: ../../../vendor/bin/phpunit -c ../unit/phpunit.xml.dist --teamcity ../../../app/code/Fastly/Cdn/ + working-directory: dev/tests/integration diff --git a/.github/workflows/shielding-check-cron-manual.yaml b/.github/workflows/shielding-check-cron-manual.yaml index 0a5ea642..2f314dbc 100644 --- a/.github/workflows/shielding-check-cron-manual.yaml +++ b/.github/workflows/shielding-check-cron-manual.yaml @@ -17,10 +17,10 @@ jobs: run: | cat ./temp.json | jq . > etc/shielding/datacenters.json rm -f ./temp.json - echo "::set-output name=diff-count::$(git diff --name-only | wc -l)" + echo "diff-count=$(git diff --name-only | wc -l)" >> "$GITHUB_OUTPUT" SHA1=`sha1sum etc/shielding/datacenters.json | awk '{print $1}'` - echo "::set-output name=sha1::$SHA1" - echo "::set-output name=pr-count::$(gh pr list --search "${SHA1} in:title is:open" --json title -q '.[] | .title' | wc -l)" + echo "sha1=$SHA1" >> "$GITHUB_OUTPUT" + echo "pr-count=$(gh pr list --search "${SHA1} in:title is:open" --json title -q '.[] | .title' | wc -l)" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check diff and create PR diff --git a/.github/workflows/shielding-check-cron.yaml b/.github/workflows/shielding-check-cron.yaml index 6e307601..00eda98c 100644 --- a/.github/workflows/shielding-check-cron.yaml +++ b/.github/workflows/shielding-check-cron.yaml @@ -20,10 +20,10 @@ jobs: run: | cat ./temp.json | jq . > etc/shielding/datacenters.json rm -f ./temp.json - echo "::set-output name=diff-count::$(git diff --name-only | wc -l)" + echo "diff-count=$(git diff --name-only | wc -l)" >> "$GITHUB_OUTPUT" SHA1=`sha1sum etc/shielding/datacenters.json | awk '{print $1}'` - echo "::set-output name=sha1::$SHA1" - echo "::set-output name=pr-count::$(gh pr list --search "${SHA1} in:title is:open" --json title -q '.[] | .title' | wc -l)" + echo "sha1=$SHA1" >> "$GITHUB_OUTPUT" + echo "pr-count=$(gh pr list --search "${SHA1} in:title is:open" --json title -q '.[] | .title' | wc -l)" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check diff and create PR diff --git a/Block/GeoIp/GetAction.php b/Block/GeoIp/GetAction.php index 23b4f3d8..80b51ddb 100644 --- a/Block/GeoIp/GetAction.php +++ b/Block/GeoIp/GetAction.php @@ -18,6 +18,7 @@ * @copyright Copyright (c) 2016 Fastly, Inc. (http://www.fastly.com) * @license BSD, see LICENSE_FASTLY_CDN.txt */ + namespace Fastly\Cdn\Block\GeoIp; use Fastly\Cdn\Model\Config; @@ -60,13 +61,14 @@ class GetAction extends AbstractBlock * @param EncoderInterface $urlEncoder */ public function __construct( - Config $config, - Context $context, - Response $response, - Url $url, + Config $config, + Context $context, + Response $response, + Url $url, EncoderInterface $urlEncoder, - array $data = [] - ) { + array $data = [] + ) + { $this->config = $config; $this->response = $response; $this->url = $url; @@ -92,8 +94,8 @@ protected function _toHtml() // @codingStandardsIgnoreLine - required by parent $currentUrl = $this->url->getCurrentUrl(); $baseUrl = $this->url->getBaseUrl(); $webTypeUrl = $this->url->getBaseUrl(['_type' => Url::URL_TYPE_WEB]); - - if (strpos($currentUrl, $baseUrl) !== false) { + + if (strpos($currentUrl, rtrim($baseUrl, "/")) !== false) { $targetUrl = $currentUrl; } else { $targetUrl = str_replace($webTypeUrl, $baseUrl, $currentUrl); @@ -109,7 +111,7 @@ protected function _toHtml() // @codingStandardsIgnoreLine - required by parent $this->response->setHeader("x-esi", "1"); } // Due to Varnish parser limitations HTTPS ESIs are not supported so we need to turn them into HTTP URLs - // This does not mean that request will go over HTTP. ESI subrequest will go out to the backend that is + // This does not mean that request will go over HTTP. ESI subrequest will go out to the backend that is // currently specified so if it's HTTPS it will go over HTTPS return sprintf( '', diff --git a/Controller/Adminhtml/FastlyCdn/Advanced/CheckTlsSetting.php b/Controller/Adminhtml/FastlyCdn/Advanced/CheckTlsSetting.php index 6e1c8a61..03f7581e 100644 --- a/Controller/Adminhtml/FastlyCdn/Advanced/CheckTlsSetting.php +++ b/Controller/Adminhtml/FastlyCdn/Advanced/CheckTlsSetting.php @@ -34,6 +34,8 @@ */ class CheckTlsSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Advanced/ForceTls.php b/Controller/Adminhtml/FastlyCdn/Advanced/ForceTls.php index c720d8e0..516588ab 100644 --- a/Controller/Adminhtml/FastlyCdn/Advanced/ForceTls.php +++ b/Controller/Adminhtml/FastlyCdn/Advanced/ForceTls.php @@ -35,6 +35,8 @@ */ class ForceTls extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Backend/ConfigureBackend.php b/Controller/Adminhtml/FastlyCdn/Backend/ConfigureBackend.php index 56ad099c..53753b86 100644 --- a/Controller/Adminhtml/FastlyCdn/Backend/ConfigureBackend.php +++ b/Controller/Adminhtml/FastlyCdn/Backend/ConfigureBackend.php @@ -35,6 +35,8 @@ */ class ConfigureBackend extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + use ValidationTrait; /** diff --git a/Controller/Adminhtml/FastlyCdn/Backend/CreateBackend.php b/Controller/Adminhtml/FastlyCdn/Backend/CreateBackend.php index a5f9bed1..0f8a8b70 100644 --- a/Controller/Adminhtml/FastlyCdn/Backend/CreateBackend.php +++ b/Controller/Adminhtml/FastlyCdn/Backend/CreateBackend.php @@ -39,6 +39,8 @@ */ class CreateBackend extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + use ValidationTrait; /** diff --git a/Controller/Adminhtml/FastlyCdn/Backend/DeleteBackend.php b/Controller/Adminhtml/FastlyCdn/Backend/DeleteBackend.php index e9a92a8e..118dd711 100644 --- a/Controller/Adminhtml/FastlyCdn/Backend/DeleteBackend.php +++ b/Controller/Adminhtml/FastlyCdn/Backend/DeleteBackend.php @@ -34,6 +34,8 @@ */ class DeleteBackend extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Backend/GetBackends.php b/Controller/Adminhtml/FastlyCdn/Backend/GetBackends.php index 0be16f02..19d10ec1 100644 --- a/Controller/Adminhtml/FastlyCdn/Backend/GetBackends.php +++ b/Controller/Adminhtml/FastlyCdn/Backend/GetBackends.php @@ -37,6 +37,8 @@ */ class GetBackends extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthDictionary.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthDictionary.php index 2b5bf2c7..2a9dd5c6 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthDictionary.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthDictionary.php @@ -33,6 +33,8 @@ */ class CheckAuthDictionary extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthSetting.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthSetting.php index e7a78aaa..ecc5210f 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthSetting.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthSetting.php @@ -33,6 +33,8 @@ */ class CheckAuthSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthUsersAvailable.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthUsersAvailable.php index 89117368..ca75b67c 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthUsersAvailable.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/CheckAuthUsersAvailable.php @@ -33,6 +33,8 @@ */ class CheckAuthUsersAvailable extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Create.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Create.php index 4edc6c4c..f4e052c8 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Create.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Create.php @@ -35,6 +35,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Delete.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Delete.php index 282177fa..f61a477f 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Delete.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Delete.php @@ -36,6 +36,8 @@ */ class Delete extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/EnableAuth.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/EnableAuth.php index a8910345..f92dd0ae 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/EnableAuth.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/EnableAuth.php @@ -37,6 +37,8 @@ */ class EnableAuth extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Create.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Create.php index 2358ae74..fbcfe8f5 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Create.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Create.php @@ -35,6 +35,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Delete.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Delete.php index 5cfdad6f..11d76be3 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Delete.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/Delete.php @@ -35,6 +35,8 @@ */ class Delete extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/ListAll.php b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/ListAll.php index 79654216..72006b00 100644 --- a/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/ListAll.php +++ b/Controller/Adminhtml/FastlyCdn/BasicAuthentication/Item/ListAll.php @@ -35,6 +35,8 @@ */ class ListAll extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Blocking/AbstractBlocking.php b/Controller/Adminhtml/FastlyCdn/Blocking/AbstractBlocking.php index d7a3f85b..91cc9fef 100644 --- a/Controller/Adminhtml/FastlyCdn/Blocking/AbstractBlocking.php +++ b/Controller/Adminhtml/FastlyCdn/Blocking/AbstractBlocking.php @@ -8,6 +8,8 @@ abstract class AbstractBlocking extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + protected $configWriter; public function __construct( diff --git a/Controller/Adminhtml/FastlyCdn/Blocking/CheckBlockingSetting.php b/Controller/Adminhtml/FastlyCdn/Blocking/CheckBlockingSetting.php index 0cd73330..dd9e8309 100644 --- a/Controller/Adminhtml/FastlyCdn/Blocking/CheckBlockingSetting.php +++ b/Controller/Adminhtml/FastlyCdn/Blocking/CheckBlockingSetting.php @@ -34,6 +34,8 @@ */ class CheckBlockingSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Configuration/CustomerInfo.php b/Controller/Adminhtml/FastlyCdn/Configuration/CustomerInfo.php index 69c6bc28..6963d496 100644 --- a/Controller/Adminhtml/FastlyCdn/Configuration/CustomerInfo.php +++ b/Controller/Adminhtml/FastlyCdn/Configuration/CustomerInfo.php @@ -34,6 +34,8 @@ */ class CustomerInfo extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Configuration/GetFastlyServiceInfo.php b/Controller/Adminhtml/FastlyCdn/Configuration/GetFastlyServiceInfo.php index affe710a..29eecba7 100644 --- a/Controller/Adminhtml/FastlyCdn/Configuration/GetFastlyServiceInfo.php +++ b/Controller/Adminhtml/FastlyCdn/Configuration/GetFastlyServiceInfo.php @@ -34,6 +34,8 @@ */ class GetFastlyServiceInfo extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Configuration/IsAlreadyConfigured.php b/Controller/Adminhtml/FastlyCdn/Configuration/IsAlreadyConfigured.php index 7b1c7ce3..6469e40d 100644 --- a/Controller/Adminhtml/FastlyCdn/Configuration/IsAlreadyConfigured.php +++ b/Controller/Adminhtml/FastlyCdn/Configuration/IsAlreadyConfigured.php @@ -35,6 +35,8 @@ */ class IsAlreadyConfigured extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Configuration/ServiceInfo.php b/Controller/Adminhtml/FastlyCdn/Configuration/ServiceInfo.php index 2470c98f..87d2fae2 100644 --- a/Controller/Adminhtml/FastlyCdn/Configuration/ServiceInfo.php +++ b/Controller/Adminhtml/FastlyCdn/Configuration/ServiceInfo.php @@ -34,6 +34,8 @@ */ class ServiceInfo extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Configuration/TestConnection.php b/Controller/Adminhtml/FastlyCdn/Configuration/TestConnection.php index 1f0567b0..94e3fa74 100644 --- a/Controller/Adminhtml/FastlyCdn/Configuration/TestConnection.php +++ b/Controller/Adminhtml/FastlyCdn/Configuration/TestConnection.php @@ -36,6 +36,8 @@ */ class TestConnection extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/ChangeUpdateFlag.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/ChangeUpdateFlag.php index a0ce4389..5e86b57f 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/ChangeUpdateFlag.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/ChangeUpdateFlag.php @@ -16,6 +16,8 @@ */ class ChangeUpdateFlag extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var JsonFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/CheckCustomSnippet.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/CheckCustomSnippet.php index 079978cd..618dbbe1 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/CheckCustomSnippet.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/CheckCustomSnippet.php @@ -20,8 +20,8 @@ */ namespace Fastly\Cdn\Controller\Adminhtml\FastlyCdn\CustomSnippet; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; use Magento\Framework\App\Response\Http\FileFactory; use Magento\Framework\App\Filesystem\DirectoryList; use Magento\Framework\Filesystem\Directory\WriteFactory; @@ -37,6 +37,8 @@ */ class CheckCustomSnippet extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var FileFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/CreateCustomSnippet.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/CreateCustomSnippet.php index 73baf9ff..84096f49 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/CreateCustomSnippet.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/CreateCustomSnippet.php @@ -23,8 +23,8 @@ use Fastly\Cdn\Helper\Vcl; use Fastly\Cdn\Model\Api; use Fastly\Cdn\Model\Config; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; use Magento\Framework\App\Filesystem\DirectoryList; use Magento\Framework\App\Response\Http\FileFactory; use Magento\Framework\Controller\Result\JsonFactory; @@ -41,6 +41,8 @@ */ class CreateCustomSnippet extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var RawFactory */ @@ -146,7 +148,7 @@ public function execute() $priority = $this->getRequest()->getParam('priority'); $vcl = $this->getRequest()->getParam('vcl'); $edit = $this->getRequest()->getParam('edit'); - $original = $this->getRequest()->getParam('original'); + $original = basename($this->getRequest()->getParam('original') ?? ""); $validation = $this->config->validateCustomSnippet($name, $type, $priority); $error = $validation['error']; if ($error != null) { diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/DeleteCustomSnippet.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/DeleteCustomSnippet.php index ea60689e..8e899721 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/DeleteCustomSnippet.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/DeleteCustomSnippet.php @@ -20,8 +20,8 @@ */ namespace Fastly\Cdn\Controller\Adminhtml\FastlyCdn\CustomSnippet; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; use Magento\Framework\App\Response\Http\FileFactory; use Magento\Framework\App\Filesystem\DirectoryList; use Magento\Framework\Filesystem\Directory\WriteFactory; @@ -38,6 +38,8 @@ */ class DeleteCustomSnippet extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var FileFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/EditCustomSnippet.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/EditCustomSnippet.php index f98ca14f..85f499bc 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/EditCustomSnippet.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/EditCustomSnippet.php @@ -20,8 +20,8 @@ */ namespace Fastly\Cdn\Controller\Adminhtml\FastlyCdn\CustomSnippet; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; use Magento\Framework\Controller\Result\RawFactory; use Magento\Framework\App\Response\Http\FileFactory; use Magento\Framework\App\Filesystem\DirectoryList; @@ -38,6 +38,8 @@ */ class EditCustomSnippet extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var RawFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippet.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippet.php index c8323289..3820f916 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippet.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippet.php @@ -21,8 +21,8 @@ namespace Fastly\Cdn\Controller\Adminhtml\FastlyCdn\CustomSnippet; use Fastly\Cdn\Model\Config; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; use Magento\Framework\Controller\Result\RawFactory; use Magento\Framework\App\Response\Http\FileFactory; use Magento\Framework\App\Filesystem\DirectoryList; @@ -38,6 +38,8 @@ */ class GetCustomSnippet extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var RawFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippets.php b/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippets.php index 114f5750..ee755ad3 100644 --- a/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippets.php +++ b/Controller/Adminhtml/FastlyCdn/CustomSnippet/GetCustomSnippets.php @@ -20,8 +20,8 @@ */ namespace Fastly\Cdn\Controller\Adminhtml\FastlyCdn\CustomSnippet; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; use Magento\Framework\Controller\Result\RawFactory; use Magento\Framework\App\Response\Http\FileFactory; use Magento\Framework\App\Filesystem\DirectoryList; @@ -36,6 +36,8 @@ */ class GetCustomSnippets extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var RawFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/Domains/GetDomains.php b/Controller/Adminhtml/FastlyCdn/Domains/GetDomains.php index 93d4ea7f..9ae29519 100644 --- a/Controller/Adminhtml/FastlyCdn/Domains/GetDomains.php +++ b/Controller/Adminhtml/FastlyCdn/Domains/GetDomains.php @@ -36,6 +36,8 @@ */ class GetDomains extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Domains/PushDomains.php b/Controller/Adminhtml/FastlyCdn/Domains/PushDomains.php index 0886fa62..19e456d6 100644 --- a/Controller/Adminhtml/FastlyCdn/Domains/PushDomains.php +++ b/Controller/Adminhtml/FastlyCdn/Domains/PushDomains.php @@ -37,6 +37,8 @@ */ class PushDomains extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Create.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Create.php index 04bfb890..9aba55c3 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Create.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Create.php @@ -35,6 +35,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Delete.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Delete.php index 5527985a..d3aae97c 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Delete.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Delete.php @@ -36,6 +36,8 @@ */ class Delete extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/GetAcl.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/GetAcl.php index f46157a7..f30ed039 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/GetAcl.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/GetAcl.php @@ -33,6 +33,8 @@ */ class GetAcl extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var JsonFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Create.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Create.php index 3c25d137..6edc32ed 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Create.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Create.php @@ -35,6 +35,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Delete.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Delete.php index 646f3615..94c36e19 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Delete.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Delete.php @@ -35,6 +35,8 @@ */ class Delete extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/ListAll.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/ListAll.php index 4653955e..f483f13a 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/ListAll.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/ListAll.php @@ -33,6 +33,8 @@ */ class ListAll extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Update.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Update.php index f333a51d..e2a72b9e 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Update.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/Item/Update.php @@ -35,6 +35,8 @@ */ class Update extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Acl/ListAll.php b/Controller/Adminhtml/FastlyCdn/Edge/Acl/ListAll.php index 21261286..22483cce 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Acl/ListAll.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Acl/ListAll.php @@ -33,6 +33,8 @@ */ class ListAll extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Create.php b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Create.php index f70c2c18..b8fbdd9f 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Create.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Create.php @@ -35,6 +35,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Delete.php b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Delete.php index b2fb2282..168de8f8 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Delete.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Delete.php @@ -36,6 +36,8 @@ */ class Delete extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Create.php b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Create.php index b1ba7426..9204c926 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Create.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Create.php @@ -35,6 +35,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Delete.php b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Delete.php index e92ac7d2..43a74183 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Delete.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/Delete.php @@ -35,6 +35,8 @@ */ class Delete extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/ListAll.php b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/ListAll.php index 682cd498..adba751d 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/ListAll.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/Item/ListAll.php @@ -33,6 +33,8 @@ */ class ListAll extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/ListAll.php b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/ListAll.php index 4c7b8462..e65ddc07 100644 --- a/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/ListAll.php +++ b/Controller/Adminhtml/FastlyCdn/Edge/Dictionary/ListAll.php @@ -33,6 +33,8 @@ */ class ListAll extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckFastlyIoSetting.php b/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckFastlyIoSetting.php index 8cfa2863..f46a9599 100644 --- a/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckFastlyIoSetting.php +++ b/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckFastlyIoSetting.php @@ -35,6 +35,8 @@ */ class CheckFastlyIoSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckImageSetting.php b/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckImageSetting.php index e0fb79bc..1b9df745 100644 --- a/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckImageSetting.php +++ b/Controller/Adminhtml/FastlyCdn/ImageOptimization/CheckImageSetting.php @@ -34,6 +34,8 @@ */ class CheckImageSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/ImageOptimization/IoDefaultConfigOptions.php b/Controller/Adminhtml/FastlyCdn/ImageOptimization/IoDefaultConfigOptions.php index 37055c23..d443a058 100644 --- a/Controller/Adminhtml/FastlyCdn/ImageOptimization/IoDefaultConfigOptions.php +++ b/Controller/Adminhtml/FastlyCdn/ImageOptimization/IoDefaultConfigOptions.php @@ -35,6 +35,8 @@ */ class IoDefaultConfigOptions extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImageOptimization/ListAll.php b/Controller/Adminhtml/FastlyCdn/ImageOptimization/ListAll.php index 5a8d6fcd..2efb2727 100644 --- a/Controller/Adminhtml/FastlyCdn/ImageOptimization/ListAll.php +++ b/Controller/Adminhtml/FastlyCdn/ImageOptimization/ListAll.php @@ -33,6 +33,8 @@ */ class ListAll extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImageOptimization/PushImageSettings.php b/Controller/Adminhtml/FastlyCdn/ImageOptimization/PushImageSettings.php index a50bf218..34a62f11 100644 --- a/Controller/Adminhtml/FastlyCdn/ImageOptimization/PushImageSettings.php +++ b/Controller/Adminhtml/FastlyCdn/ImageOptimization/PushImageSettings.php @@ -37,6 +37,8 @@ */ class PushImageSettings extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImportExport/DownloadExportData.php b/Controller/Adminhtml/FastlyCdn/ImportExport/DownloadExportData.php index ab1e82a1..77e805d5 100644 --- a/Controller/Adminhtml/FastlyCdn/ImportExport/DownloadExportData.php +++ b/Controller/Adminhtml/FastlyCdn/ImportExport/DownloadExportData.php @@ -14,6 +14,8 @@ */ class DownloadExportData extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var FileFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/ImportExport/GetExportData.php b/Controller/Adminhtml/FastlyCdn/ImportExport/GetExportData.php index 5d179577..b8372213 100644 --- a/Controller/Adminhtml/FastlyCdn/ImportExport/GetExportData.php +++ b/Controller/Adminhtml/FastlyCdn/ImportExport/GetExportData.php @@ -19,6 +19,8 @@ */ class GetExportData extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImportExport/GetImportData.php b/Controller/Adminhtml/FastlyCdn/ImportExport/GetImportData.php index f55b3f1e..31820b10 100644 --- a/Controller/Adminhtml/FastlyCdn/ImportExport/GetImportData.php +++ b/Controller/Adminhtml/FastlyCdn/ImportExport/GetImportData.php @@ -20,6 +20,8 @@ */ class GetImportData extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImportExport/SaveExportData.php b/Controller/Adminhtml/FastlyCdn/ImportExport/SaveExportData.php index 20b1b170..13a0c79e 100644 --- a/Controller/Adminhtml/FastlyCdn/ImportExport/SaveExportData.php +++ b/Controller/Adminhtml/FastlyCdn/ImportExport/SaveExportData.php @@ -23,6 +23,8 @@ */ class SaveExportData extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/ImportExport/SaveImportData.php b/Controller/Adminhtml/FastlyCdn/ImportExport/SaveImportData.php index b6d043cb..12918158 100644 --- a/Controller/Adminhtml/FastlyCdn/ImportExport/SaveImportData.php +++ b/Controller/Adminhtml/FastlyCdn/ImportExport/SaveImportData.php @@ -24,6 +24,8 @@ */ class SaveImportData extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Logging/CreateEndpoint.php b/Controller/Adminhtml/FastlyCdn/Logging/CreateEndpoint.php index d2bd07ce..aa7af25d 100644 --- a/Controller/Adminhtml/FastlyCdn/Logging/CreateEndpoint.php +++ b/Controller/Adminhtml/FastlyCdn/Logging/CreateEndpoint.php @@ -29,11 +29,12 @@ use Magento\Framework\Controller\Result\JsonFactory; /** - * Class CreateEndpoint - * @package Fastly\Cdn\Controller\Adminhtml\FastlyCdn\Logging + * Class CreateEndpoint for Logging */ class CreateEndpoint extends Action { + public const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ @@ -108,16 +109,21 @@ public function execute() $clone, $this->getRequest()->getParam('condition_name'), $this->getRequest()->getParam('apply_if'), - $this->getRequest()->getParam('condition_priority'), - $this->getRequest()->getParam('response_condition') + $this->getRequest()->getParam('condition_priority') ); + $selectedConditions = $this->getRequest()->getParam('conditions', ''); + if (!$condition) { + $condition = $selectedConditions; + } + $params = array_merge( $this->getRequest()->getParam('log_endpoint'), ['response_condition' => $condition] ); + $params = array_filter($params); - $endpoint = $this->api->createLogEndpoint($clone->number, $endpointType, array_filter($params)); + $endpoint = $this->api->createLogEndpoint($clone->number, $endpointType, $params); if (!$endpoint) { return $result->setData([ @@ -150,27 +156,26 @@ public function execute() } /** + * * @param $clone * @param $conditionName * @param $applyIf * @param $conditionPriority - * @param $selCondition - * @return mixed + * @return string * @throws \Magento\Framework\Exception\LocalizedException */ - private function createCondition($clone, $conditionName, $applyIf, $conditionPriority, $selCondition) + private function createCondition($clone, $conditionName, $applyIf, $conditionPriority) { - if ($conditionName == $selCondition && !empty($selCondition) && - !$this->api->getCondition($clone->number, $conditionName)) { - $condition = [ - 'name' => $conditionName, - 'statement' => $applyIf, - 'type' => 'RESPONSE', - 'priority' => $conditionPriority - ]; - $createCondition = $this->api->createCondition($clone->number, $condition); - return $createCondition->name; + if (!$conditionName || !$applyIf || !$conditionPriority) { + return ''; } - return $selCondition; + $condition = [ + 'name' => $conditionName, + 'statement' => $applyIf, + 'type' => 'RESPONSE', + 'priority' => $conditionPriority + ]; + $createCondition = $this->api->createCondition($clone->number, $condition); + return $createCondition->name; } } diff --git a/Controller/Adminhtml/FastlyCdn/Logging/GetAllEndpoints.php b/Controller/Adminhtml/FastlyCdn/Logging/GetAllEndpoints.php index b3475693..c1889dfa 100644 --- a/Controller/Adminhtml/FastlyCdn/Logging/GetAllEndpoints.php +++ b/Controller/Adminhtml/FastlyCdn/Logging/GetAllEndpoints.php @@ -34,6 +34,8 @@ */ class GetAllEndpoints extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoint.php b/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoint.php index 819a0474..41a2706a 100644 --- a/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoint.php +++ b/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoint.php @@ -34,6 +34,8 @@ */ class GetEndpoint extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoints.php b/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoints.php index ece75bab..b0d5d331 100644 --- a/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoints.php +++ b/Controller/Adminhtml/FastlyCdn/Logging/GetEndpoints.php @@ -34,6 +34,8 @@ */ class GetEndpoints extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Logging/UpdateEndpoint.php b/Controller/Adminhtml/FastlyCdn/Logging/UpdateEndpoint.php index 6177b199..4beffd38 100644 --- a/Controller/Adminhtml/FastlyCdn/Logging/UpdateEndpoint.php +++ b/Controller/Adminhtml/FastlyCdn/Logging/UpdateEndpoint.php @@ -29,11 +29,12 @@ use Magento\Framework\Controller\Result\JsonFactory; /** - * Class UpdateEndpoint - * @package Fastly\Cdn\Controller\Adminhtml\FastlyCdn\Logging + * Class UpdateEndpoint for Logging */ class UpdateEndpoint extends Action { + public const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ @@ -82,6 +83,7 @@ public function __construct( } /** + * * @return \Magento\Framework\App\ResponseInterface|\Magento\Framework\Controller\Result\Json|\Magento\Framework\Controller\ResultInterface */ public function execute() @@ -109,18 +111,18 @@ public function execute() $clone, $this->getRequest()->getParam('condition_name'), $this->getRequest()->getParam('apply_if'), - $this->getRequest()->getParam('condition_priority'), - $this->getRequest()->getParam('response_condition') - ); - - $params = array_merge( - $this->getRequest()->getParam('log_endpoint'), - ['response_condition' => $condition] + $this->getRequest()->getParam('condition_priority') ); + $selectedConditions = $this->getRequest()->getParam('conditions', ''); + if (!$condition) { + $condition = $selectedConditions; + } + $params = $this->getRequest()->getParam('log_endpoint'); $params = array_filter($params); - //Array filter removes empty strings, but empty compression_codec param turns off compression formats - if (!isset($params['compression_codec'])){ + $params['response_condition'] = $condition; + + if (!isset($params['compression_codec'])) { $params['compression_codec'] = ""; } $endpoint = $this->api->updateLogEndpoint($clone->number, $endpointType, $params, $oldName); @@ -156,27 +158,26 @@ public function execute() } /** + * * @param $clone * @param $conditionName * @param $applyIf * @param $conditionPriority - * @param $selCondition - * @return mixed + * @return string * @throws \Magento\Framework\Exception\LocalizedException */ - private function createCondition($clone, $conditionName, $applyIf, $conditionPriority, $selCondition) + private function createCondition($clone, $conditionName, $applyIf, $conditionPriority) { - if ($conditionName == $selCondition && !empty($selCondition) && - !$this->api->getCondition($clone->number, $conditionName)) { - $condition = [ - 'name' => $conditionName, - 'statement' => $applyIf, - 'type' => 'RESPONSE', - 'priority' => $conditionPriority - ]; - $createCondition = $this->api->createCondition($clone->number, $condition); - return $createCondition->name; + if (!$conditionName || !$applyIf || !$conditionPriority) { + return ''; } - return $selCondition; + $condition = [ + 'name' => $conditionName, + 'statement' => $applyIf, + 'type' => 'RESPONSE', + 'priority' => $conditionPriority + ]; + $createCondition = $this->api->createCondition($clone->number, $condition); + return $createCondition->name; } } diff --git a/Controller/Adminhtml/FastlyCdn/Maintenance/CheckSuSetting.php b/Controller/Adminhtml/FastlyCdn/Maintenance/CheckSuSetting.php index b9612870..a6346f66 100644 --- a/Controller/Adminhtml/FastlyCdn/Maintenance/CheckSuSetting.php +++ b/Controller/Adminhtml/FastlyCdn/Maintenance/CheckSuSetting.php @@ -33,6 +33,8 @@ */ class CheckSuSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Maintenance/ToggleSuSetting.php b/Controller/Adminhtml/FastlyCdn/Maintenance/ToggleSuSetting.php index 64fdfadc..a1c55b15 100644 --- a/Controller/Adminhtml/FastlyCdn/Maintenance/ToggleSuSetting.php +++ b/Controller/Adminhtml/FastlyCdn/Maintenance/ToggleSuSetting.php @@ -34,6 +34,7 @@ */ class ToggleSuSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; /** * @var Http */ @@ -117,7 +118,7 @@ public function execute() if (!$hasIps) { return $result->setData([ 'status' => false, - 'msg' => 'Please update Admin IPs list with at least one IP address before enabling + 'msg' => 'Please update Admin IPs list with at least one IP address before enabling Maintenance Mode.' ]); } @@ -189,7 +190,7 @@ private function processDictionaryItems($dictionary, $dictionaryItems, $acl, $ha if (!$hasIps) { return [ 'status' => false, - 'msg' => 'Please update Admin IPs list with at least one IP address before enabling + 'msg' => 'Please update Admin IPs list with at least one IP address before enabling Maintenance Mode.' ]; } diff --git a/Controller/Adminhtml/FastlyCdn/Maintenance/UpdateSuIps.php b/Controller/Adminhtml/FastlyCdn/Maintenance/UpdateSuIps.php index 398df7bf..a8ef447b 100644 --- a/Controller/Adminhtml/FastlyCdn/Maintenance/UpdateSuIps.php +++ b/Controller/Adminhtml/FastlyCdn/Maintenance/UpdateSuIps.php @@ -37,6 +37,8 @@ */ class UpdateSuIps extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ @@ -140,7 +142,7 @@ public function execute() if (!filter_var($ipParts[0], FILTER_VALIDATE_IP)) { throw new LocalizedException(__( - 'IP validation failed, please make sure that the provided IP values are comma-separated + 'IP validation failed, please make sure that the provided IP values are comma-separated and valid' )); } diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/Create.php b/Controller/Adminhtml/FastlyCdn/Manifest/Create.php index af15f501..33de94b5 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/Create.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/Create.php @@ -7,8 +7,8 @@ use Fastly\Cdn\Model\Manifest; use Fastly\Cdn\Model\Modly\Manifest as Modly; use Magento\Framework\Controller\Result\JsonFactory; -use Magento\Framework\App\Action\Action; -use Magento\Framework\App\Action\Context; +use Magento\Backend\App\Action; +use Magento\Backend\App\Action\Context; /** * Class Create @@ -17,6 +17,8 @@ */ class Create extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var ManifestFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetActiveModules.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetActiveModules.php index 3833cf78..56c4cec8 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetActiveModules.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetActiveModules.php @@ -17,6 +17,8 @@ */ class GetActiveModules extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetAllConditions.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetAllConditions.php index 5e26df50..780c8656 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetAllConditions.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetAllConditions.php @@ -13,6 +13,7 @@ class GetAllConditions extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetAllDomains.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetAllDomains.php index 1c52c45b..169d20e5 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetAllDomains.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetAllDomains.php @@ -13,6 +13,8 @@ class GetAllDomains extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetAllModules.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetAllModules.php index 605240a8..f33f104c 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetAllModules.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetAllModules.php @@ -17,6 +17,8 @@ */ class GetAllModules extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetCountries.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetCountries.php index 4997cf3f..e2c9a844 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetCountries.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetCountries.php @@ -19,6 +19,8 @@ */ class GetCountries extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetModuleData.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetModuleData.php index 5ed4553c..ae10ca32 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetModuleData.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetModuleData.php @@ -17,6 +17,8 @@ */ class GetModuleData extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/GetResponseConditions.php b/Controller/Adminhtml/FastlyCdn/Manifest/GetResponseConditions.php index fcf36968..fd2d5266 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/GetResponseConditions.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/GetResponseConditions.php @@ -13,6 +13,8 @@ class GetResponseConditions extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/Save.php b/Controller/Adminhtml/FastlyCdn/Manifest/Save.php index 7988eef8..372b330e 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/Save.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/Save.php @@ -19,6 +19,8 @@ */ class Save extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var ManifestFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/ToggleModules.php b/Controller/Adminhtml/FastlyCdn/Manifest/ToggleModules.php index 8f77deea..2064fdd9 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/ToggleModules.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/ToggleModules.php @@ -23,6 +23,8 @@ */ class ToggleModules extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var ManifestFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/Manifest/Upload.php b/Controller/Adminhtml/FastlyCdn/Manifest/Upload.php index b99a9fde..ce855e02 100644 --- a/Controller/Adminhtml/FastlyCdn/Manifest/Upload.php +++ b/Controller/Adminhtml/FastlyCdn/Manifest/Upload.php @@ -17,6 +17,8 @@ class Upload extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Purge/All.php b/Controller/Adminhtml/FastlyCdn/Purge/All.php index ed4a5aba..eaf5bc5c 100644 --- a/Controller/Adminhtml/FastlyCdn/Purge/All.php +++ b/Controller/Adminhtml/FastlyCdn/Purge/All.php @@ -31,6 +31,8 @@ */ class All extends Action { + const ADMIN_RESOURCE = 'Magento_Backend::cache'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Purge/ContentType.php b/Controller/Adminhtml/FastlyCdn/Purge/ContentType.php index 65d58cea..f48875df 100644 --- a/Controller/Adminhtml/FastlyCdn/Purge/ContentType.php +++ b/Controller/Adminhtml/FastlyCdn/Purge/ContentType.php @@ -33,6 +33,8 @@ */ class ContentType extends Action { + const ADMIN_RESOURCE = 'Magento_Backend::cache'; + /** * @var PurgeCache */ diff --git a/Controller/Adminhtml/FastlyCdn/Purge/Quick.php b/Controller/Adminhtml/FastlyCdn/Purge/Quick.php index 5d3f9f07..c9dea15b 100644 --- a/Controller/Adminhtml/FastlyCdn/Purge/Quick.php +++ b/Controller/Adminhtml/FastlyCdn/Purge/Quick.php @@ -34,6 +34,8 @@ */ class Quick extends Action { + const ADMIN_RESOURCE = 'Magento_Backend::cache'; + /** * @var PurgeCache */ diff --git a/Controller/Adminhtml/FastlyCdn/Purge/Store.php b/Controller/Adminhtml/FastlyCdn/Purge/Store.php index 190f73d7..7d658973 100644 --- a/Controller/Adminhtml/FastlyCdn/Purge/Store.php +++ b/Controller/Adminhtml/FastlyCdn/Purge/Store.php @@ -34,6 +34,8 @@ */ class Store extends Action { + const ADMIN_RESOURCE = 'Magento_Backend::cache'; + /** * @var PurgeCache */ diff --git a/Controller/Adminhtml/FastlyCdn/RateLimiting/CheckRateLimitingSetting.php b/Controller/Adminhtml/FastlyCdn/RateLimiting/CheckRateLimitingSetting.php index 1cb50e9e..66a84d43 100644 --- a/Controller/Adminhtml/FastlyCdn/RateLimiting/CheckRateLimitingSetting.php +++ b/Controller/Adminhtml/FastlyCdn/RateLimiting/CheckRateLimitingSetting.php @@ -29,6 +29,8 @@ class CheckRateLimitingSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/RateLimiting/DisableRateLimiting.php b/Controller/Adminhtml/FastlyCdn/RateLimiting/DisableRateLimiting.php index f9d1da37..99f9f33a 100644 --- a/Controller/Adminhtml/FastlyCdn/RateLimiting/DisableRateLimiting.php +++ b/Controller/Adminhtml/FastlyCdn/RateLimiting/DisableRateLimiting.php @@ -38,6 +38,8 @@ */ class DisableRateLimiting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/RateLimiting/GetPaths.php b/Controller/Adminhtml/FastlyCdn/RateLimiting/GetPaths.php index 90c8dd49..088bb0a9 100644 --- a/Controller/Adminhtml/FastlyCdn/RateLimiting/GetPaths.php +++ b/Controller/Adminhtml/FastlyCdn/RateLimiting/GetPaths.php @@ -16,6 +16,8 @@ */ class GetPaths extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/RateLimiting/ToggleRateLimiting.php b/Controller/Adminhtml/FastlyCdn/RateLimiting/ToggleRateLimiting.php index 14142a1d..20786985 100644 --- a/Controller/Adminhtml/FastlyCdn/RateLimiting/ToggleRateLimiting.php +++ b/Controller/Adminhtml/FastlyCdn/RateLimiting/ToggleRateLimiting.php @@ -38,6 +38,8 @@ */ class ToggleRateLimiting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/RateLimiting/UpdatePaths.php b/Controller/Adminhtml/FastlyCdn/RateLimiting/UpdatePaths.php index 7678fb51..a8f6b52e 100644 --- a/Controller/Adminhtml/FastlyCdn/RateLimiting/UpdatePaths.php +++ b/Controller/Adminhtml/FastlyCdn/RateLimiting/UpdatePaths.php @@ -33,6 +33,8 @@ class UpdatePaths extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetErrorPageRespObj.php b/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetErrorPageRespObj.php index 6f073ae1..72a8fd21 100644 --- a/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetErrorPageRespObj.php +++ b/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetErrorPageRespObj.php @@ -34,6 +34,8 @@ */ class GetErrorPageRespObj extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetWafPageRespObj.php b/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetWafPageRespObj.php index 7855b930..380edc65 100644 --- a/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetWafPageRespObj.php +++ b/Controller/Adminhtml/FastlyCdn/SyntheticPages/GetWafPageRespObj.php @@ -34,6 +34,8 @@ */ class GetWafPageRespObj extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/SyntheticPages/RemoveErrorPageHtml.php b/Controller/Adminhtml/FastlyCdn/SyntheticPages/RemoveErrorPageHtml.php index 30ad1dad..c0ecc6b1 100644 --- a/Controller/Adminhtml/FastlyCdn/SyntheticPages/RemoveErrorPageHtml.php +++ b/Controller/Adminhtml/FastlyCdn/SyntheticPages/RemoveErrorPageHtml.php @@ -35,6 +35,8 @@ */ class RemoveErrorPageHtml extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveErrorPageHtml.php b/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveErrorPageHtml.php index b9cb1108..d3d58af1 100644 --- a/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveErrorPageHtml.php +++ b/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveErrorPageHtml.php @@ -35,6 +35,8 @@ */ class SaveErrorPageHtml extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveWafPage.php b/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveWafPage.php index 0e904c0b..0f2c5c09 100644 --- a/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveWafPage.php +++ b/Controller/Adminhtml/FastlyCdn/SyntheticPages/SaveWafPage.php @@ -36,6 +36,8 @@ */ class SaveWafPage extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/Vcl/Comparison.php b/Controller/Adminhtml/FastlyCdn/Vcl/Comparison.php index 48245336..3528427a 100644 --- a/Controller/Adminhtml/FastlyCdn/Vcl/Comparison.php +++ b/Controller/Adminhtml/FastlyCdn/Vcl/Comparison.php @@ -16,6 +16,8 @@ class Comparison extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var JsonFactory */ diff --git a/Controller/Adminhtml/FastlyCdn/Vcl/DismissWarning.php b/Controller/Adminhtml/FastlyCdn/Vcl/DismissWarning.php index 9e4aeaaa..442db11d 100644 --- a/Controller/Adminhtml/FastlyCdn/Vcl/DismissWarning.php +++ b/Controller/Adminhtml/FastlyCdn/Vcl/DismissWarning.php @@ -13,6 +13,8 @@ class DismissWarning extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var ScopeConfigInterface */ diff --git a/Controller/Adminhtml/FastlyCdn/Vcl/GetUpdateFlag.php b/Controller/Adminhtml/FastlyCdn/Vcl/GetUpdateFlag.php index a13cea75..a15bc278 100644 --- a/Controller/Adminhtml/FastlyCdn/Vcl/GetUpdateFlag.php +++ b/Controller/Adminhtml/FastlyCdn/Vcl/GetUpdateFlag.php @@ -14,6 +14,8 @@ */ class GetUpdateFlag extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var ScopeConfigInterface */ diff --git a/Controller/Adminhtml/FastlyCdn/Vcl/IsWarningDismissed.php b/Controller/Adminhtml/FastlyCdn/Vcl/IsWarningDismissed.php index dfeadbc9..85d600d1 100644 --- a/Controller/Adminhtml/FastlyCdn/Vcl/IsWarningDismissed.php +++ b/Controller/Adminhtml/FastlyCdn/Vcl/IsWarningDismissed.php @@ -16,6 +16,8 @@ */ class IsWarningDismissed extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var ScopeConfigInterface */ diff --git a/Controller/Adminhtml/FastlyCdn/Vcl/Upload.php b/Controller/Adminhtml/FastlyCdn/Vcl/Upload.php index af0a5828..a719d4c1 100644 --- a/Controller/Adminhtml/FastlyCdn/Vcl/Upload.php +++ b/Controller/Adminhtml/FastlyCdn/Vcl/Upload.php @@ -46,6 +46,8 @@ */ class Upload extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Http */ diff --git a/Controller/Adminhtml/FastlyCdn/VersionHistory/Activate.php b/Controller/Adminhtml/FastlyCdn/VersionHistory/Activate.php index 1d2f9684..51d4a659 100644 --- a/Controller/Adminhtml/FastlyCdn/VersionHistory/Activate.php +++ b/Controller/Adminhtml/FastlyCdn/VersionHistory/Activate.php @@ -15,6 +15,8 @@ */ class Activate extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/VersionHistory/ListVersions.php b/Controller/Adminhtml/FastlyCdn/VersionHistory/ListVersions.php index e0637711..9f73b1cb 100644 --- a/Controller/Adminhtml/FastlyCdn/VersionHistory/ListVersions.php +++ b/Controller/Adminhtml/FastlyCdn/VersionHistory/ListVersions.php @@ -14,6 +14,7 @@ */ class ListVersions extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; /** * @var JsonFactory diff --git a/Controller/Adminhtml/FastlyCdn/VersionHistory/Reference.php b/Controller/Adminhtml/FastlyCdn/VersionHistory/Reference.php index de418883..f23a698e 100644 --- a/Controller/Adminhtml/FastlyCdn/VersionHistory/Reference.php +++ b/Controller/Adminhtml/FastlyCdn/VersionHistory/Reference.php @@ -13,6 +13,8 @@ */ class Reference extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Waf/AbstractWafUpdate.php b/Controller/Adminhtml/FastlyCdn/Waf/AbstractWafUpdate.php index 1b95ab46..1835d318 100644 --- a/Controller/Adminhtml/FastlyCdn/Waf/AbstractWafUpdate.php +++ b/Controller/Adminhtml/FastlyCdn/Waf/AbstractWafUpdate.php @@ -6,6 +6,8 @@ abstract class AbstractWafUpdate extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @param string[] $acls * @return string diff --git a/Controller/Adminhtml/FastlyCdn/Waf/CheckWafBypassSetting.php b/Controller/Adminhtml/FastlyCdn/Waf/CheckWafBypassSetting.php index 4eda5320..6c19077e 100644 --- a/Controller/Adminhtml/FastlyCdn/Waf/CheckWafBypassSetting.php +++ b/Controller/Adminhtml/FastlyCdn/Waf/CheckWafBypassSetting.php @@ -34,6 +34,8 @@ */ class CheckWafBypassSetting extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Waf/GetWafSettings.php b/Controller/Adminhtml/FastlyCdn/Waf/GetWafSettings.php index 039ac17f..96a7788a 100644 --- a/Controller/Adminhtml/FastlyCdn/Waf/GetWafSettings.php +++ b/Controller/Adminhtml/FastlyCdn/Waf/GetWafSettings.php @@ -34,6 +34,8 @@ */ class GetWafSettings extends Action { + const ADMIN_RESOURCE = 'Magento_Config::config'; + /** * @var Api */ diff --git a/Controller/Adminhtml/FastlyCdn/Waf/WafAllowlist.php b/Controller/Adminhtml/FastlyCdn/Waf/WafAllowlist.php index ce6b056e..b30a196e 100644 --- a/Controller/Adminhtml/FastlyCdn/Waf/WafAllowlist.php +++ b/Controller/Adminhtml/FastlyCdn/Waf/WafAllowlist.php @@ -78,7 +78,7 @@ public function __construct( $this->config = $config; $this->api = $api; $this->vcl = $vcl; - parent::__construct($context, ); + parent::__construct($context); } /** diff --git a/Documentation/Guides/Edge-Modules/EDGE-MODULE-NETACEA-INTEGRATION.md b/Documentation/Guides/Edge-Modules/EDGE-MODULE-NETACEA-INTEGRATION.md index 1a8c961e..a1b91466 100644 --- a/Documentation/Guides/Edge-Modules/EDGE-MODULE-NETACEA-INTEGRATION.md +++ b/Documentation/Guides/Edge-Modules/EDGE-MODULE-NETACEA-INTEGRATION.md @@ -12,25 +12,8 @@ After you have enabled the module it's time to configure. You will be prompted w ## Configurable options -### Netacea API Key - -This is the API key provided to you by Netacea. - -### Netacea Secret - -This is the Secret provided to you by Netacea. - -### Netacea Ignore List - -This is the list of URL paths which integration will skip and won't apply any action to requests.
-Please note that the integration will check if a request's URL path starts with a value from the list and will decide if it should be skipped.
-Example: - - Path `/skipthis` is added to the ignore list - - Integration will skip requests which paths are starting from the `/skipthis` - - This means that requests for such websites would be skipped by the integration: - - `www.domain.com/skipthis` - - `www.domain.com/skipthisalso` - - `www.domain.com/skipthis/andthistoo` +In order to configure Netacea module please see the following documentation.
+[Netacea - Fastly/Magento](https://docs.netacea.com/netacea-plugin-information/fastly-magento/installation-and-configuration) ## Enabling diff --git a/Model/Api.php b/Model/Api.php index 37322dad..42986f17 100644 --- a/Model/Api.php +++ b/Model/Api.php @@ -534,7 +534,7 @@ public function uploadSnippet($version, array $snippet) if (isset($snippet['content'])) { $adminUrl = $this->vcl->getAdminFrontName(); $adminPathTimeout = $this->config->getAdminPathTimeout(); - $ignoredUrlParameters = $this->config->getIgnoredUrlParameters(); + $ignoredUrlParameters = (string)$this->config->getIgnoredUrlParameters(); if ($ignoredUrlParameters === "") { $queryParameters = '&'; diff --git a/Model/FrontControllerPlugin.php b/Model/FrontControllerPlugin.php index 769973f1..ae3f1aba 100644 --- a/Model/FrontControllerPlugin.php +++ b/Model/FrontControllerPlugin.php @@ -135,7 +135,7 @@ public function aroundDispatch(FrontControllerInterface $subject, callable $proc return $proceed(...$args); } - $path = strtolower($this->request->getPathInfo()); + $path = strtolower($this->request->getRequestUri()); if ($isRateLimitingEnabled && $this->sensitivePathProtection($path)) { return $this->response; @@ -167,7 +167,8 @@ private function sensitivePathProtection($path) $limit = false; foreach ($limitedPaths as $key => $value) { - if (preg_match('{' . $value->path . '}i', $path) == 1) { + $value->path = str_replace("#", "\#", $value->path); + if (preg_match('#' . $value->path . '#i', $path)) { $limit = true; break; } @@ -333,26 +334,24 @@ private function verifyBots($ip) return false; } - private function readMaintenanceIp($ip) + private function readMaintenanceIp($clientIps) { $tag = self::FASTLY_CACHE_MAINTENANCE_IP_FILE_TAG; - $data = json_decode($this->cache->load($tag)); - if (empty($data)) { - $data = []; + $allowedIps = json_decode($this->cache->load($tag)); + if (empty($allowedIps)) { + $allowedIps = []; $flagDir = $this->filesystem->getDirectoryWrite(DirectoryList::VAR_DIR); if ($flagDir->isExist('.maintenance.ip')) { $temp = $flagDir->readFile('.maintenance.ip'); - $data = explode(',', trim($temp)); - $this->cache->save(json_encode($data), $tag, []); + $allowedIps = explode(',', trim($temp)); + $this->cache->save(json_encode($allowedIps), $tag, []); } } - foreach ($data as $key => $value) { - if (!empty($value) && trim($value) == $ip) { - return true; - } - } - return false; + $ips = array_map("trim", explode(",", $clientIps)); + $isAllowed = array_intersect($allowedIps, $ips); + + return !empty($isAllowed); } private function log($message) diff --git a/Model/Layout/LayoutPlugin.php b/Model/Layout/LayoutPlugin.php index ffcfd7a8..2325ab0f 100644 --- a/Model/Layout/LayoutPlugin.php +++ b/Model/Layout/LayoutPlugin.php @@ -98,7 +98,7 @@ public function afterGenerateElements(\Magento\Framework\View\Layout $subject): public function afterGetOutput(\Magento\Framework\View\Layout $subject, $result) // @codingStandardsIgnoreLine - unused parameter { if ($this->config->getType() === Config::FASTLY) { - $this->response->setHeader("Fastly-Module-Enabled", "1.2.207", true); + $this->response->setHeader("Fastly-Module-Enabled", "1.2.220", true); } return $result; diff --git a/Model/ResponsePlugin.php b/Model/ResponsePlugin.php index 7c62b1a4..61256b22 100644 --- a/Model/ResponsePlugin.php +++ b/Model/ResponsePlugin.php @@ -79,7 +79,10 @@ public function aroundSetHeader(Http $subject, callable $proceed, $name, $value, // Make the necessary adjustment $value = $this->cacheTags->convertCacheTags(str_replace(',', ' ', $value)); $tagsSize = $this->config->getXMagentoTagsSize(); - if (strlen($value) > $tagsSize) { + + if ($tagsSize === 0) { + $value = ""; + } else if (strlen($value) > $tagsSize) { $trimmedArgs = substr($value, 0, $tagsSize); $value = substr($trimmedArgs, 0, strrpos($trimmedArgs, ' ', -1)); } diff --git a/Release-Notes.md b/Release-Notes.md index 3195b1b4..8db716d9 100644 --- a/Release-Notes.md +++ b/Release-Notes.md @@ -1,5 +1,61 @@ # Fastly_Cdn Release Notes +## 1.2.220 + +- Logging endpoints changes https://github.com/fastly/fastly-magento2/pull/701 + +## 1.2.219 + +- Removing trailing comma in WAF constructor to be compatible with PHP 7.2 https://github.com/fastly/fastly-magento2/pull/698 + +## 1.2.218 + +- Update to Netacea module https://github.com/fastly/fastly-magento2/pull/696 +- Fixing deprecated usage https://github.com/fastly/fastly-magento2/pull/697 + +## 1.2.217 + +- Update to Netacea module https://github.com/fastly/fastly-magento2/pull/690 + +## 1.2.216 + +- Fix for GEOIP redirection causes 404 in specific cases https://github.com/fastly/fastly-magento2/pull/694 + +## 1.2.215 + +- Fix for checking if current IP is in maintenance IP list https://github.com/fastly/fastly-magento2/pull/692 + +## 1.2.214 + +- Rate limiting doesn't work correctly when store codes are involved https://github.com/fastly/fastly-magento2/pull/689 + +## 1.2.213 + +- Update Netacea Edge Module to 5.9.0 https://github.com/fastly/fastly-magento2/pull/687 +- Add support for Brotli static compression https://github.com/fastly/fastly-magento2/pull/688 + +## 1.2.212 + +- Additional fixes to log shipping menu https://github.com/fastly/fastly-magento2/pull/684 +- Updating to DataDome Fastly Module 2.19.4 https://github.com/fastly/fastly-magento2/pull/685 + +## 1.2.211 + +- Fix for not being able to add log shipping jobs due to bug in Fastly Magento UI https://github.com/fastly/fastly-magento2/pull/683 + +## 1.2.210 + +- Update to Netacea module to 5.7.0 https://github.com/fastly/fastly-magento2/pull/675 + +## 1.2.209 + +- Improve admin acl privileges https://github.com/fastly/fastly-magento2/pull/673 + +## 1.2.208 + +- Update Datadome module to 2.19.1 https://github.com/fastly/fastly-magento2/pull/669 +- Snippet path traversal fix https://github.com/fastly/fastly-magento2/pull/671 + ## 1.2.207 - Update Netcea module to 5.6.1 https://github.com/fastly/fastly-magento2/pull/664 diff --git a/VERSION b/VERSION index d4a4e629..f0cff28a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.2.207 +1.2.220 diff --git a/composer.json b/composer.json index 651e3c39..542b0aac 100644 --- a/composer.json +++ b/composer.json @@ -2,7 +2,7 @@ "name": "fastly/magento2", "description": "Fastly CDN Module for Magento 2.4.x", "require": { - "php": "~7.3.0|~7.4.0|~8.0.0|~8.1.0|~8.2.0", + "php": "~7.3.0|~7.4.0|~8.0.0|~8.1.0|~8.2.0|~8.3.0", "magento/module-config": ">=101.2.0", "magento/module-store": ">=101.1.0", "magento/module-page-cache": ">=100.4.0", @@ -12,7 +12,7 @@ "zordius/lightncandy": "^1.2" }, "type": "magento2-module", - "version": "1.2.207", + "version": "1.2.220", "license": "BSD-3-Clause", "autoload": { "files": [ "registration.php" ], diff --git a/etc/fastly_edge_modules/datadome_integration.json b/etc/fastly_edge_modules/datadome_integration.json index 79175026..f5003a94 100644 --- a/etc/fastly_edge_modules/datadome_integration.json +++ b/etc/fastly_edge_modules/datadome_integration.json @@ -43,6 +43,20 @@ "type": "string", "description": "Name of a logging endpoint that has been already set up in Fastly.", "required": false + }, { + "label": "Enable referrer restoration", + "name": "restore_referrer", + "type": "boolean", + "description": "True to restore original referrer when a challenge is passed.", + "default": false, + "required": false + }, { + "label": "Enable GraphQL support for POST requests", + "name": "graphql_support", + "type": "boolean", + "description": "True to retrieve GraphQL information and improve detection.", + "default": false, + "required": false } ], "test": { @@ -54,17 +68,17 @@ "vcl": [ { "priority": 7, - "template": "sub set_origin_header {\n if (req.backend.is_origin) {\n if (req.backend == datadome) {\n # Remove all unexpected headers\n header.filter_except(bereq, \"x-datadome-params\", \"accept-charset\", \"accept-language\", \"x-requested-with\", \"x-fl-productid\", \"x-flapi-session-id\", \"fastly-orig-accept-encoding\", \"cache-control\", \"client-id\", \"connection\", \"pragma\", \"accept\", \"headers-list\", \"host\", \"origin\", \"server-hostname\", \"server-name\", \"x-forwarded-for\", \"user-agent\", \"referer\", \"request\", \"content-type\", \"from\", \"true-client-ip\", \"via\", \"x-real-ip\", \"sec-ch-device-memory\", \"sec-ch-ua\", \"sec-ch-ua-arch\", \"sec-ch-ua-full-version-list\", \"sec-ch-ua-mobile\", \"sec-ch-ua-model\", \"sec-ch-ua-platform\", \"sec-fetch-dest\", \"sec-fetch-mode\", \"sec-fetch-site\", \"sec-fetch-user\");\n set bereq.http.x-datadome-params:key = \"{{datadome_api_key}}\";\n set bereq.http.x-datadome-params:requestmodulename = \"FastlyMagento\";\n set bereq.http.x-datadome-params:moduleversion = \"2.19.1\";\n set bereq.http.x-datadome-params:timerequest = time.start.usec;\n set bereq.http.x-datadome-params:servername = server.identity;\n set bereq.http.x-datadome-params:serverregion = server.region;\n set bereq.http.x-datadome-params:ip = urlencode(client.ip);\n set bereq.http.x-forwarded-proto = urlencode(req.protocol);\n set bereq.http.x-datadome-params:authorizationlen = std.strlen(req.http.authorization);\n # Truncating Headers - Start\n set bereq.http.accept-charset = substr(req.http.accept-charset, 0, 128);\n set bereq.http.accept-language = substr(req.http.accept-language, 0, 256);\n set bereq.http.x-requested-with = substr(req.http.x-requested-with, 0, 128);\n set bereq.http.x-fl-productid = substr(req.http.x-fl-productid, 0, 64);\n set bereq.http.x-flapi-session-id = substr(req.http.x-flapi-session-id, 0, 64);\n set bereq.http.fastly-orig-accept-encoding = substr(req.http.fastly-orig-accept-encoding, 0, 128);\n set bereq.http.cache-control = substr(req.http.cache-control, 0, 128);\n set bereq.http.client-id = substr(req.http.client-id, 0, 128);\n set bereq.http.connection = substr(req.http.connection, 0, 128);\n set bereq.http.pragma = substr(req.http.pragma, 0, 128);\n set bereq.http.accept = substr(req.http.accept, 0, 512);\n set bereq.http.headers-list = substr(req.http.headers-list, 0, 512);\n set bereq.http.host = substr(req.http.host, 0, 512);\n set bereq.http.origin = substr(req.http.origin, 0, 512);\n set bereq.http.server-hostname = substr(req.http.server-hostname, 0, 512);\n set bereq.http.server-name = substr(req.http.server-name, 0, 512);\n if( std.strlen(req.http.x-forwarded-for) \u003e 512 ) {\n # Truncate from the end\n set bereq.http.x-forwarded-for = substr(req.http.x-forwarded-for, -512);\n } else {\n set bereq.http.x-forwarded-for = req.http.x-forwarded-for;\n }\n set bereq.http.user-agent = substr(req.http.user-agent, 0, 768);\n set bereq.http.referer = substr(req.http.referer, 0, 1024);\n set bereq.http.request = substr(req.http.request, 0, 2048);\n set bereq.http.content-type = substr(req.http.content-type, 0, 128);\n set bereq.http.from = substr(req.http.from, 0, 128);\n set bereq.http.true-client-ip = substr(req.http.true-client-ip, 0, 128);\n set bereq.http.via = substr(req.http.via, 0, 256);\n set bereq.http.x-real-ip = substr(req.http.x-real-ip, 0, 128);\n set bereq.http.sec-ch-device-memory = substr(req.http.sec-ch-device-memory, 0, 8);\n set bereq.http.sec-ch-ua = substr(req.http.sec-ch-ua, 0, 128);\n set bereq.http.sec-ch-ua-arch = substr(req.http.sec-ch-ua-arch, 0, 16);\n set bereq.http.sec-ch-ua-full-version-list = substr(req.http.sec-ch-ua-full-version-list, 0, 256);\n set bereq.http.sec-ch-ua-mobile = substr(req.http.sec-ch-ua-mobile, 0, 8);\n set bereq.http.sec-ch-ua-model = substr(req.http.sec-ch-ua-model, 0, 128);\n set bereq.http.sec-ch-ua-platform = substr(req.http.sec-ch-ua-platform, 0, 32);\n set bereq.http.sec-fetch-dest = substr(req.http.sec-fetch-dest, 0, 32);\n set bereq.http.sec-fetch-mode = substr(req.http.sec-fetch-mode, 0, 32);\n set bereq.http.sec-fetch-site = substr(req.http.sec-fetch-site, 0, 64);\n set bereq.http.sec-fetch-user = substr(req.http.sec-fetch-user, 0, 8);\n # Truncating Headers - End\n if (req.http.x-datadome-clientid) {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.x-datadome-clientid, 0, 128));\n set bereq.http.x-datadome-x-set-cookie = \"true\";\n } else {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.cookie:datadome, 0, 128));\n }\n set bereq.http.x-datadome-params:cookieslen = std.strlen(req.http.cookie);\n # enforce gzip encoding between Fastly and DataDome\n set bereq.http.accept-encoding = \"gzip\";\n } else {\n # prevent leak of the key\n unset bereq.http.x-datadome-params;\n }\n }\n}\n\nbackend datadome {\n .host = \"api-fastly.datadome.co\";\n .port = \"8443\";\n .connect_timeout = {{datadome_connect_timeout}}ms;\n .first_byte_timeout = {{datadome_between_bytes_timeout}}ms;\n .between_bytes_timeout = {{datadome_between_bytes_timeout}}ms;\n .max_connections = 200;\n .ssl = true;\n .dynamic = true;\n .probe = {\n .request = \"HEAD /.well-known/healthcheck-datadome HTTP/1.1\" \"Host: api-fastly.datadome.co\" \"Connection: close\" \"User-Agent: Varnish/fastly (healthcheck)\";\n .expected_response = 200;\n .initial = 5;\n .interval = 2s;\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n }\n}", + "template": "sub set_origin_header {\n if (req.backend.is_origin) {\n if (req.backend == datadome) {\n # Remove all unexpected headers\n header.filter_except(bereq, \"x-datadome-params\", \"accept-charset\", \"accept-language\", \"x-requested-with\", \"x-fl-productid\", \"x-flapi-session-id\", \"fastly-orig-accept-encoding\", \"cache-control\", \"client-id\", \"connection\", \"pragma\", \"accept\", \"headers-list\", \"host\", \"origin\", \"server-hostname\", \"server-name\", \"x-forwarded-for\", \"user-agent\", \"referer\", \"request\", \"content-type\", \"from\", \"true-client-ip\", \"via\", \"x-real-ip\", \"sec-ch-device-memory\", \"sec-ch-ua\", \"sec-ch-ua-arch\", \"sec-ch-ua-full-version-list\", \"sec-ch-ua-mobile\", \"sec-ch-ua-model\", \"sec-ch-ua-platform\", \"sec-fetch-dest\", \"sec-fetch-mode\", \"sec-fetch-site\", \"sec-fetch-user\");\n set bereq.http.x-datadome-params:key = \"{{datadome_api_key}}\";\n set bereq.http.x-datadome-params:requestmodulename = \"FastlyMagento\";\n set bereq.http.x-datadome-params:moduleversion = \"2.22.0\";\n set bereq.http.x-datadome-params:timerequest = time.start.usec;\n set bereq.http.x-datadome-params:servername = server.identity;\n set bereq.http.x-datadome-params:serverregion = server.region;\n set bereq.http.x-datadome-params:ip = urlencode(client.ip);\n set bereq.http.x-forwarded-proto = urlencode(req.protocol);\n set bereq.http.x-datadome-params:authorizationlen = std.strlen(req.http.authorization);\n # Truncating Headers - Start\n set bereq.http.accept-charset = substr(req.http.accept-charset, 0, 128);\n set bereq.http.accept-language = substr(req.http.accept-language, 0, 256);\n set bereq.http.x-requested-with = substr(req.http.x-requested-with, 0, 128);\n set bereq.http.x-fl-productid = substr(req.http.x-fl-productid, 0, 64);\n set bereq.http.x-flapi-session-id = substr(req.http.x-flapi-session-id, 0, 64);\n set bereq.http.fastly-orig-accept-encoding = substr(req.http.fastly-orig-accept-encoding, 0, 128);\n set bereq.http.cache-control = substr(req.http.cache-control, 0, 128);\n set bereq.http.client-id = substr(req.http.client-id, 0, 128);\n set bereq.http.connection = substr(req.http.connection, 0, 128);\n set bereq.http.pragma = substr(req.http.pragma, 0, 128);\n set bereq.http.accept = substr(req.http.accept, 0, 512);\n set bereq.http.headers-list = substr(req.http.headers-list, 0, 512);\n set bereq.http.host = substr(req.http.host, 0, 512);\n set bereq.http.origin = substr(req.http.origin, 0, 512);\n set bereq.http.server-hostname = substr(req.http.server-hostname, 0, 512);\n set bereq.http.server-name = substr(req.http.server-name, 0, 512);\n if( std.strlen(req.http.x-forwarded-for) \u003e 512 ) {\n # Truncate from the end\n set bereq.http.x-forwarded-for = substr(req.http.x-forwarded-for, -512);\n } else {\n set bereq.http.x-forwarded-for = req.http.x-forwarded-for;\n }\n set bereq.http.user-agent = substr(req.http.user-agent, 0, 768);\n set bereq.http.referer = substr(req.http.referer, 0, 1024);\n set bereq.http.request = substr(req.http.request, 0, 2048);\n set bereq.http.content-type = substr(req.http.content-type, 0, 64);\n set bereq.http.from = substr(req.http.from, 0, 128);\n set bereq.http.true-client-ip = substr(req.http.true-client-ip, 0, 128);\n set bereq.http.via = substr(req.http.via, 0, 256);\n set bereq.http.x-real-ip = substr(req.http.x-real-ip, 0, 128);\n set bereq.http.sec-ch-device-memory = substr(req.http.sec-ch-device-memory, 0, 8);\n set bereq.http.sec-ch-ua = substr(req.http.sec-ch-ua, 0, 128);\n set bereq.http.sec-ch-ua-arch = substr(req.http.sec-ch-ua-arch, 0, 16);\n set bereq.http.sec-ch-ua-full-version-list = substr(req.http.sec-ch-ua-full-version-list, 0, 256);\n set bereq.http.sec-ch-ua-mobile = substr(req.http.sec-ch-ua-mobile, 0, 8);\n set bereq.http.sec-ch-ua-model = substr(req.http.sec-ch-ua-model, 0, 128);\n set bereq.http.sec-ch-ua-platform = substr(req.http.sec-ch-ua-platform, 0, 32);\n set bereq.http.sec-fetch-dest = substr(req.http.sec-fetch-dest, 0, 32);\n set bereq.http.sec-fetch-mode = substr(req.http.sec-fetch-mode, 0, 32);\n set bereq.http.sec-fetch-site = substr(req.http.sec-fetch-site, 0, 64);\n set bereq.http.sec-fetch-user = substr(req.http.sec-fetch-user, 0, 8);\n # Truncating Headers - End\n if (req.http.x-datadome-clientid) {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.x-datadome-clientid, 0, 128));\n set bereq.http.x-datadome-x-set-cookie = \"true\";\n } else {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.cookie:datadome, 0, 128));\n }\n set bereq.http.x-datadome-params:cookieslen = std.strlen(req.http.cookie);\n # enforce gzip encoding between Fastly and DataDome\n set bereq.http.accept-encoding = \"gzip\";\n } else {\n # prevent leak of the key\n unset bereq.http.x-datadome-params;\n }\n }\n}\n\nbackend datadome {\n .host = \"api-fastly.datadome.co\";\n .port = \"8443\";\n .max_tls_version = \"1.3\";\n .min_tls_version = \"1.2\";\n .connect_timeout = {{datadome_connect_timeout}}ms;\n .first_byte_timeout = {{datadome_between_bytes_timeout}}ms;\n .between_bytes_timeout = {{datadome_between_bytes_timeout}}ms;\n .max_connections = 200;\n .ssl = true;\n .dynamic = true;\n .probe = {\n .request = \"HEAD /.well-known/healthcheck-datadome HTTP/1.1\" \"Host: api-fastly.datadome.co\" \"Connection: close\" \"User-Agent: Varnish/fastly (healthcheck)\";\n .expected_response = 200;\n .initial = 5;\n .interval = 2s;\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n }\n}", "type": "init" }, { "priority": 7, - "template": "if (req.backend == datadome) {\n declare local var.status STRING;\n set var.status = beresp.status;\n # check that it is real ApiServer response\n if (var.status != beresp.http.x-datadomeresponse) {\n restart;\n }\n unset beresp.http.x-datadomeresponse;\n # copy datadome headers\n set req.http.x-datadome-headers-pairs:x-datadome-headers = urlencode(beresp.http.x-datadome-headers);\n\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-set-cookie( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-set-cookie = urlencode(beresp.http.x-set-cookie);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-datadome-server( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-datadome-server = urlencode(beresp.http.x-datadome-server);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-datadome( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-datadome = urlencode(beresp.http.x-datadome);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+content-type( |$)+\") {\n set req.http.x-datadome-headers-pairs:content-type = urlencode(beresp.http.content-type);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+charset( |$)+\") {\n set req.http.x-datadome-headers-pairs:charset = urlencode(beresp.http.charset);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+cache-control( |$)+\") {\n set req.http.x-datadome-headers-pairs:cache-control = urlencode(beresp.http.cache-control);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+pragma( |$)+\") {\n set req.http.x-datadome-headers-pairs:pragma = urlencode(beresp.http.pragma);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+access-control-allow-credentials( |$)+\") {\n set req.http.x-datadome-headers-pairs:access-control-allow-credentials = urlencode(beresp.http.access-control-allow-credentials);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+access-control-expose-headers( |$)+\") {\n set req.http.x-datadome-headers-pairs:access-control-expose-headers = urlencode(beresp.http.access-control-expose-headers);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+access-control-allow-origin( |$)+\") {\n set req.http.x-datadome-headers-pairs:access-control-allow-origin = urlencode(beresp.http.access-control-allow-origin);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-datadome-cid( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-datadome-cid = urlencode(beresp.http.x-datadome-cid);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-dd-b( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-dd-b = urlencode(beresp.http.x-dd-b);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-dd-type( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-dd-type = urlencode(beresp.http.x-dd-type);\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-dd-type( |$)+\") {\n set req.http.x-dd-type = beresp.http.x-dd-type;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botname( |$)+\") {\n set req.http.x-datadome-botname = beresp.http.x-datadome-botname;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botfamily( |$)+\") {\n set req.http.x-datadome-botfamily = beresp.http.x-datadome-botfamily;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-isbot( |$)+\") {\n set req.http.x-datadome-isbot = beresp.http.x-datadome-isbot;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchapassed( |$)+\") {\n set req.http.x-datadome-captchapassed = beresp.http.x-datadome-captchapassed;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-traffic-rule-response( |$)+\") {\n set req.http.x-datadome-traffic-rule-response = beresp.http.x-datadome-traffic-rule-response;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchaurl( |$)+\") {\n set req.http.x-datadome-captchaurl = beresp.http.x-datadome-captchaurl;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-requestid( |$)+\") {\n set req.http.x-datadome-requestid = beresp.http.x-datadome-requestid;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-score( |$)+\") {\n set req.http.x-datadome-score = beresp.http.x-datadome-score;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-ruletype( |$)+\") {\n set req.http.x-datadome-ruletype = beresp.http.x-datadome-ruletype;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-matchedmodels( |$)+\") {\n set req.http.x-datadome-matchedmodels = beresp.http.x-datadome-matchedmodels;\n }\n # don\u0027t forget about ApiServer\u0027s cookies\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+set-cookie( |$)+\") {\n set req.http.x-datadome-headers-pairs:set-cookie = urlencode(beresp.http.set-cookie);\n }\n\n # Continue only if ApiServer returns expected blocked status\n if (beresp.status != 403 \u0026\u0026 beresp.status != 401 \u0026\u0026 beresp.status != 301 \u0026\u0026 beresp.status != 302) {\n unset beresp.http.x-datadome-headers;\n unset beresp.http.x-datadome-request-headers;\n set req.http.x-datadome-cookie = beresp.http.x-datadome-cookie; # Allow Session Feature\n restart;\n }\n\n # ok, it is banned request, cleanup it a bit\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-dd-type( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-dd-type( |$)+\") {\n unset beresp.http.x-dd-type;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botname( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-botname( |$)+\") {\n unset beresp.http.x-datadome-botname;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botfamily( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-botfamily( |$)+\") {\n unset beresp.http.x-datadome-botfamily;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-isbot( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-isbot( |$)+\") {\n unset beresp.http.x-datadome-isbot;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchapassed( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-captchapassed( |$)+\") {\n unset beresp.http.x-datadome-captchapassed;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-traffic-rule-response( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-traffic-rule-response( |$)+\") {\n unset beresp.http.x-datadome-traffic-rule-response;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchaurl( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-captchaurl( |$)+\") {\n unset beresp.http.x-datadome-captchaurl;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-requestid( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-requestid( |$)+\") {\n unset beresp.http.x-datadome-requestid;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-score( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-score( |$)+\") {\n unset beresp.http.x-datadome-score;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-ruletype( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-ruletype( |$)+\") {\n unset beresp.http.x-datadome-ruletype;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-matchedmodels( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-matchedmodels( |$)+\") {\n unset beresp.http.x-datadome-matchedmodels;\n }\n }\n unset beresp.http.x-datadome-headers;\n unset beresp.http.x-datadome-request-headers;\n}", + "template": "if (req.backend == datadome) {\n declare local var.status STRING;\n set var.status = beresp.status;\n # check that it is real ApiServer response\n if (var.status != beresp.http.x-datadomeresponse) {\n restart;\n }\n unset beresp.http.x-datadomeresponse;\n # copy datadome headers\n set req.http.x-datadome-headers-pairs:x-datadome-headers = urlencode(beresp.http.x-datadome-headers);\n\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-set-cookie( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-set-cookie = urlencode(beresp.http.x-set-cookie);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-datadome-server( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-datadome-server = urlencode(beresp.http.x-datadome-server);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-datadome( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-datadome = urlencode(beresp.http.x-datadome);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+content-type( |$)+\") {\n set req.http.x-datadome-headers-pairs:content-type = urlencode(beresp.http.content-type);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+charset( |$)+\") {\n set req.http.x-datadome-headers-pairs:charset = urlencode(beresp.http.charset);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+cache-control( |$)+\") {\n set req.http.x-datadome-headers-pairs:cache-control = urlencode(beresp.http.cache-control);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+pragma( |$)+\") {\n set req.http.x-datadome-headers-pairs:pragma = urlencode(beresp.http.pragma);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+access-control-allow-credentials( |$)+\") {\n set req.http.x-datadome-headers-pairs:access-control-allow-credentials = urlencode(beresp.http.access-control-allow-credentials);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+access-control-expose-headers( |$)+\") {\n set req.http.x-datadome-headers-pairs:access-control-expose-headers = urlencode(beresp.http.access-control-expose-headers);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+access-control-allow-origin( |$)+\") {\n set req.http.x-datadome-headers-pairs:access-control-allow-origin = urlencode(beresp.http.access-control-allow-origin);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-datadome-cid( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-datadome-cid = urlencode(beresp.http.x-datadome-cid);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-dd-b( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-dd-b = urlencode(beresp.http.x-dd-b);\n }\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+x-dd-type( |$)+\") {\n set req.http.x-datadome-headers-pairs:x-dd-type = urlencode(beresp.http.x-dd-type);\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-dd-type( |$)+\") {\n set req.http.x-dd-type = beresp.http.x-dd-type;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botname( |$)+\") {\n set req.http.x-datadome-botname = beresp.http.x-datadome-botname;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botfamily( |$)+\") {\n set req.http.x-datadome-botfamily = beresp.http.x-datadome-botfamily;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-isbot( |$)+\") {\n set req.http.x-datadome-isbot = beresp.http.x-datadome-isbot;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchapassed( |$)+\") {\n set req.http.x-datadome-captchapassed = beresp.http.x-datadome-captchapassed;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-devicecheckpassed( |$)+\") {\n set req.http.x-datadome-devicecheckpassed = beresp.http.x-datadome-devicecheckpassed;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-traffic-rule-response( |$)+\") {\n set req.http.x-datadome-traffic-rule-response = beresp.http.x-datadome-traffic-rule-response;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchaurl( |$)+\") {\n set req.http.x-datadome-captchaurl = beresp.http.x-datadome-captchaurl;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-requestid( |$)+\") {\n set req.http.x-datadome-requestid = beresp.http.x-datadome-requestid;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-score( |$)+\") {\n set req.http.x-datadome-score = beresp.http.x-datadome-score;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-ruletype( |$)+\") {\n set req.http.x-datadome-ruletype = beresp.http.x-datadome-ruletype;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-matchedmodels( |$)+\") {\n set req.http.x-datadome-matchedmodels = beresp.http.x-datadome-matchedmodels;\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-sessionid( |$)+\") {\n set req.http.x-datadome-sessionid = beresp.http.x-datadome-sessionid;\n }\n # don\u0027t forget about ApiServer\u0027s cookies\n if (beresp.http.x-datadome-headers ~ \"(?i)(^| )+set-cookie( |$)+\") {\n set req.http.x-datadome-headers-pairs:set-cookie = urlencode(beresp.http.set-cookie);\n }\n\n # Continue only if ApiServer returns expected blocked status\n if (beresp.status != 403 \u0026\u0026 beresp.status != 401 \u0026\u0026 beresp.status != 301 \u0026\u0026 beresp.status != 302) {\n unset beresp.http.x-datadome-headers;\n unset beresp.http.x-datadome-request-headers;\n set req.http.x-datadome-cookie = beresp.http.x-datadome-cookie; # Allow Session Feature\n restart;\n }\n\n # ok, it is banned request, cleanup it a bit\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-dd-type( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-dd-type( |$)+\") {\n unset beresp.http.x-dd-type;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botname( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-botname( |$)+\") {\n unset beresp.http.x-datadome-botname;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-botfamily( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-botfamily( |$)+\") {\n unset beresp.http.x-datadome-botfamily;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-isbot( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-isbot( |$)+\") {\n unset beresp.http.x-datadome-isbot;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchapassed( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-captchapassed( |$)+\") {\n unset beresp.http.x-datadome-captchapassed;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-devicecheckpassed( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-devicecheckpassed( |$)+\") {\n unset beresp.http.x-datadome-devicecheckpassed;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-traffic-rule-response( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-traffic-rule-response( |$)+\") {\n unset beresp.http.x-datadome-traffic-rule-response;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-captchaurl( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-captchaurl( |$)+\") {\n unset beresp.http.x-datadome-captchaurl;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-requestid( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-requestid( |$)+\") {\n unset beresp.http.x-datadome-requestid;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-score( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-score( |$)+\") {\n unset beresp.http.x-datadome-score;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-ruletype( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-ruletype( |$)+\") {\n unset beresp.http.x-datadome-ruletype;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-matchedmodels( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-matchedmodels( |$)+\") {\n unset beresp.http.x-datadome-matchedmodels;\n }\n }\n if (beresp.http.x-datadome-request-headers ~ \"(?i)(^| )+x-datadome-sessionid( |$)+\") {\n if (beresp.http.x-datadome-headers !~ \"(?i)(^| )+x-datadome-sessionid( |$)+\") {\n unset beresp.http.x-datadome-sessionid;\n }\n }\n unset beresp.http.x-datadome-headers;\n unset beresp.http.x-datadome-request-headers;\n # restore method\n if (req.http.x-datadome-params:method) {\n set req.method = urldecode(req.http.x-datadome-params:method);\n }\n}", "type": "fetch" }, { "priority": 7, - "template": "if (req.backend == datadome) {\n restart;\n}", + "template": "if (req.backend == datadome \u0026\u0026 req.http.x-datadome-params) {\n # the backend is set to \u0027DataDome\u0027 and\n # the presence of a header confirms it\u0027s an error during DataDome process\n restart;\n}", "type": "error" }, { @@ -74,7 +88,7 @@ }, { "priority": 7, - "template": "\n {{#if logging_endpoint}}\n ## Debug DataDome\n log {\"syslog \"} req.service_id {\" {{logging_endpoint}} :: \"}\n \" timestamp=%22\" now\n \"%22 client_ip=\" req.http.Fastly-Client-IP\n \" request=\" req.method\n \" url=%22\" cstr_escape(req.url.path)\n \"%22 restarts=\" req.restarts\n \" DataDomeDebug=\" \"Before_DataDome\"\n \" fastlyFF=\" fastly.ff.visits_this_service;\n ##\n {{/if}}# Configure the regular expression below to match URLs that\n# should be checked by DataDome\nif (fastly.ff.visits_this_service == 0 \u0026\u0026 req.restarts == 0 \u0026\u0026 req.method != \"FASTLYPURGE\" \u0026\u0026 !(req.url.path ~ \"{{datadome_exclusion_ext}}\" \u0026\u0026 (req.method == \"GET\" || req.method == \"HEAD\"))) {\n\n set req.backend = datadome;\n unset req.http.x-datadome-params;\n # Configure the string below to include your DataDome API key\n set req.http.x-datadome-params:method = urlencode(req.method);\n set req.http.x-datadome-params:postparamlen = urlencode(req.http.content-length);\n set req.method = \"GET\";\n set req.http.x-datadome-params:tlsprotocol = urlencode(tls.client.protocol);\n set req.http.x-datadome-params:tlscipherslist = urlencode(tls.client.ciphers_list);\n set req.http.x-datadome-params:tlsextensionslist = urlencode(tls.client.tlsexts_list);\n set req.http.x-datadome-params:ja3 = urlencode(tls.client.ja3_md5);\n {{#if logging_endpoint}}\n ## Debug DataDome\n log {\"syslog \"} req.service_id {\" {{logging_endpoint}} :: \"}\n \" timestamp=%22\" now\n \"%22 client_ip=\" req.http.Fastly-Client-IP\n \" request=\" req.method\n \" host=\" req.http.host\n \" url=%22\" cstr_escape(req.url)\n \"%22 request_referer=%22\" cstr_escape(req.http.Referer)\n \"%22 request_user_agent=%22\" cstr_escape(req.http.User-Agent)\n \"%22 request_accept_language=%22\" cstr_escape(req.http.Accept-Language)\n \"%22 request_accept_charset=%22\" cstr_escape(req.http.Accept-Charset)\n \"%22 contentLength=\" req.http.Content-Length\n \" restarts=\" req.restarts\n \" DataDomeDebug=\" \"To_DataDome\"\n \" fastlyFF=\" fastly.ff.visits_this_service;\n ##\n {{/if}}\n return (pass);\n} else {\n if (req.http.x-datadome-params:method) {\n set req.method = urldecode(req.http.x-datadome-params:method);\n # After a restart, clustering is disabled. This re-enables it.\n set req.http.fastly-force-shield = \"1\";\n }\n unset req.http.x-datadome-params;\n {{#if logging_endpoint}}\n ## Debug DataDome\n log {\"syslog \"} req.service_id {\" {{logging_endpoint}} :: \"}\n \" timestamp=%22\" now\n \"%22 client_ip=\" req.http.Fastly-Client-IP\n \" request=\" req.method\n \" host=\" req.http.host\n \" url=%22\" cstr_escape(req.url)\n \"%22 request_referer=%22\" cstr_escape(req.http.Referer)\n \"%22 request_user_agent=%22\" cstr_escape(req.http.User-Agent)\n \"%22 request_accept_language=%22\" cstr_escape(req.http.Accept-Language)\n \"%22 request_accept_charset=%22\" cstr_escape(req.http.Accept-Charset)\n \"%22 contentLength=\" req.http.Content-Length\n \" restarts=\" req.restarts\n \" DataDomeDebug=\" \"Bypass_DataDome\"\n \" fastlyFF=\" fastly.ff.visits_this_service;\n ##\n {{/if}}\n}\n\n# we\u0027re using the first restart for datadome, update a part of fastly code\n# we can\u0027t replace whole macros because we haven\u0027t got any idea about backends\nif (req.restarts == 1) {\n if (!req.http.x-timer) {\n set req.http.x-timer = \"S\" time.start.sec \".\" time.start.usec_frac;\n }\n set req.http.x-timer = req.http.x-timer \",VS0\";\n}\n\nset var.fastly_req_do_shield = (req.restarts \u003c= 1);", + "template": "\n {{#if logging_endpoint}}\n ## Debug DataDome\n log {\"syslog \"} req.service_id {\" {{logging_endpoint}} :: \"}\n \" timestamp=%22\" now\n \"%22 client_ip=\" req.http.Fastly-Client-IP\n \" request=\" req.method\n \" url=%22\" cstr_escape(req.url.path)\n \"%22 restarts=\" req.restarts\n \" DataDomeDebug=\" \"Before_DataDome\"\n \" fastlyFF=\" fastly.ff.visits_this_service;\n ##\n {{/if}}# Configure the regular expression below to match URLs that\n# should be checked by DataDome\nif (fastly.ff.visits_this_service == 0 \u0026\u0026 req.restarts == 0 \u0026\u0026 req.method != \"FASTLYPURGE\" \u0026\u0026 !(req.url.path ~ \"{{datadome_exclusion_ext}}\" \u0026\u0026 (req.method == \"GET\" || req.method == \"HEAD\"))) {\n\n set req.backend = datadome;\n unset req.http.x-datadome-params;\n set req.http.x-datadome-params:method = urlencode(req.method);\n set req.http.x-datadome-params:postparamlen = urlencode(req.http.content-length);\n set req.method = \"GET\";\n set req.http.x-datadome-params:tlsprotocol = urlencode(tls.client.protocol);\n set req.http.x-datadome-params:tlscipherslist = urlencode(tls.client.ciphers_list);\n set req.http.x-datadome-params:tlsextensionslist = urlencode(tls.client.tlsexts_list);\n set req.http.x-datadome-params:ja3 = urlencode(tls.client.ja3_md5);\n set req.http.x-datadome-params:ja4 = urlencode(tls.client.ja4);\n\n if (var.datadome_enable_graphql_support == true \u0026\u0026 req.http.x-datadome-params:method == \"POST\" \u0026\u0026 req.http.content-type ~ \"(?i)application\\/json\" \u0026\u0026 req.url.path ~ \"(?i)graphql\") {\n declare local var.graphQLQuery STRING;\n set var.graphQLQuery = std.strstr(req.body, \"%22query%22\");\n if (var.graphQLQuery ~ \"(?m)(query|mutation|subscription)?\\s*([A-Za-z_][A-Za-z0-9_]*)?\\s*[\\({@]\") {\n set req.http.x-datadome-params:graphqlOperationType = if(re.group.1, re.group.1, \"query\");\n if (re.group.2) {\n set req.http.x-datadome-params:graphqlOperationName = substr(re.group.2, 0, 128);\n }\n }\n }\n\n if (var.datadome_restore_referrer == true \u0026\u0026 req.url ~ \"dd_referrer=\") {\n \n declare local var.decoded_url STRING;\n declare local var.complete_request_url STRING;\n set var.decoded_url = urldecode(req.url);\n set var.complete_request_url = req.protocol \"://\" req.http.host querystring.filter(var.decoded_url, \"dd_referrer\");\n \n if (urldecode(querystring.clean(req.http.referer)) == querystring.clean(var.complete_request_url)) {\n # Referer header is the same as the current URL\n\n if (std.strlen(querystring.get(req.url, \"dd_referrer\")) \u003e 0) {\n # Not empty `dd_referrer`, restore header `referer` with param value\n set req.http.referer = urldecode(querystring.get(req.url, \"dd_referrer\"));\n } else if (querystring.get(req.url, \"dd_referrer\") == \"\") {\n # Empty `dd_referrer` param, remove header `referer`\n unset req.http.referer;\n } # Not set `dd_referrer`, do nothing\n \n # Remove `dd_referrer` query param from URL\n set req.url = querystring.filter(req.url, \"dd_referrer\");\n }\n }\n {{#if logging_endpoint}}\n ## Debug DataDome\n log {\"syslog \"} req.service_id {\" {{logging_endpoint}} :: \"}\n \" timestamp=%22\" now\n \"%22 client_ip=\" req.http.Fastly-Client-IP\n \" request=\" req.method\n \" host=\" req.http.host\n \" url=%22\" cstr_escape(req.url)\n \"%22 request_referer=%22\" cstr_escape(req.http.Referer)\n \"%22 request_user_agent=%22\" cstr_escape(req.http.User-Agent)\n \"%22 request_accept_language=%22\" cstr_escape(req.http.Accept-Language)\n \"%22 request_accept_charset=%22\" cstr_escape(req.http.Accept-Charset)\n \"%22 contentLength=\" req.http.Content-Length\n \" restarts=\" req.restarts\n \" DataDomeDebug=\" \"To_DataDome\"\n \" fastlyFF=\" fastly.ff.visits_this_service;\n ##\n {{/if}}\n return (pass);\n} else {\n if (req.http.x-datadome-params:method) {\n set req.method = urldecode(req.http.x-datadome-params:method);\n # After a restart, clustering is disabled. This re-enables it.\n set req.http.fastly-force-shield = \"1\";\n }\n unset req.http.x-datadome-params;\n {{#if logging_endpoint}}\n ## Debug DataDome\n log {\"syslog \"} req.service_id {\" {{logging_endpoint}} :: \"}\n \" timestamp=%22\" now\n \"%22 client_ip=\" req.http.Fastly-Client-IP\n \" request=\" req.method\n \" host=\" req.http.host\n \" url=%22\" cstr_escape(req.url)\n \"%22 request_referer=%22\" cstr_escape(req.http.Referer)\n \"%22 request_user_agent=%22\" cstr_escape(req.http.User-Agent)\n \"%22 request_accept_language=%22\" cstr_escape(req.http.Accept-Language)\n \"%22 request_accept_charset=%22\" cstr_escape(req.http.Accept-Charset)\n \"%22 contentLength=\" req.http.Content-Length\n \" restarts=\" req.restarts\n \" DataDomeDebug=\" \"Bypass_DataDome\"\n \" fastlyFF=\" fastly.ff.visits_this_service;\n ##\n {{/if}}\n}\n\n# we\u0027re using the first restart for datadome, update a part of fastly code\n# we can\u0027t replace whole macros because we haven\u0027t got any idea about backends\nif (req.restarts == 1) {\n if (!req.http.x-timer) {\n set req.http.x-timer = \"S\" time.start.sec \".\" time.start.usec_frac;\n }\n set req.http.x-timer = req.http.x-timer \",VS0\";\n}\n\nset var.fastly_req_do_shield = (req.restarts \u003c= 1);", "type": "recv" }, { @@ -88,5 +102,5 @@ "type": "pass" } ], - "version": "2.19.1" -} + "version": "2.22.0" +} \ No newline at end of file diff --git a/etc/fastly_edge_modules/netacea_integration.json b/etc/fastly_edge_modules/netacea_integration.json index f3412871..b4d2cc19 100644 --- a/etc/fastly_edge_modules/netacea_integration.json +++ b/etc/fastly_edge_modules/netacea_integration.json @@ -1,8 +1,15 @@ { - "description": "Set of VCLs required to integrate Netacea services. Please note for full functionality Fastly support needs to enable proper handling of POST requests. Do not enable unless this has been done.", + "description": "Set of VCLs required to integrate Netacea services. Please note for full functionality Fastly support needs to enable proper handling of POST requests. Additionally, an edge dictionary named netacea_edge_config must be created. Use of this dictionary is optional and requires advanced configuration. A Netacea Engineer can assist you with this setup. Do not enable this module unless the prerequisite steps have been completed.", "id": "netacea_integration", "name": "Netacea Bot Detection integration", "properties": [ + { + "description": "Integration Mode. Must be one of BYPASS, INGEST, INJECT, MITIGATE.", + "label": "Integration Mode", + "name": "netacea_integration_mode", + "required": true, + "type": "string" + }, { "description": "API Key", "label": "Netacea API Key", @@ -84,24 +91,24 @@ "vcl": [ { "priority": 45, - "template": "# Change the shielding condition to account for restarts due to bot detection\nset var.fastly_req_do_shield = (req.restarts <= 1);\n# Reenable clustering. It gets turned off on restarts\nset req.http.Fastly-Force-Shield = \"1\";\n# Invoke Netacea Bot Detection checking\ncall netacea_recv;\n", + "template": "set var.fastly_req_do_shield = (req.restarts <= 1);\nset req.http.Fastly-Force-Shield = \"1\";\nif (req.restarts == 0) {\n call cleanup_netacea_variables;\n}\ncall netacea_check_req;\n", "type": "recv" }, { "priority": 45, - "template": "call netacea_deliver;", + "template": "if (!is_path_ignored() && !req.is_purge) {\n declare local var.netacea_use_relative_path_captcha_assets STRING;\n declare local var.integration_mode STRING;\n declare local var.mit_svc_latency INTEGER;\n if (req.http.x-netacea:mit_svc_start_time) {\n set var.mit_svc_latency = std.strtol(time.elapsed.msec, 10);\n set var.mit_svc_latency -= std.strtol(req.http.x-netacea:mit_svc_start_time, 10);\n set req.http.x-netacea:mit_svc_latency = var.mit_svc_latency;\n }\n set var.netacea_use_relative_path_captcha_assets = get_netacea_config_use_relative_path_captcha_assets();\n if (var.netacea_use_relative_path_captcha_assets == \"true\") {\n if (std.prefixof(req.url.path, \"/Mitigations/\") && req.method == \"GET\") {\n if (std.suffixof(req.url.path, \".css\") || std.suffixof(req.url.path, \".js\")) {\n return(deliver);\n }\n }\n }\n if (req.http.netacea_captcha_path == \"1\") {\n call netacea_hide_response_headers;\n call set_netacea_captcha_header;\n return(deliver);\n }\n call netacea_calculate_best_mitigation;\n if (req.http.netacea_processed == \"1\") {\n set var.integration_mode = get_netacea_config_integration_mode();\n set req.http.x-netacea:mit_status = resp.status;\n if (resp.status != 200 && req.http.X-Netacea-Compile-JSON != \"done\") {\n set req.http.netacea_best_mitigation = \"\";\n set req.http.netacea_bctype_string = \"\";\n if(req.url == \"/AtaVerifyCaptcha\") {\n unset resp.http.Set-Cookie;\n set req.http.netacea_set_cookies = \"0\";\n }\n }\n if (var.integration_mode == \"MITIGATE\" && req.http.X-Netacea-Compile-JSON != \"done\" && netacea_should_return_json()) { \n if (req.url != \"/AtaVerifyCaptcha\" && resp.http.X-Netacea-Mitigate == \"1\") { \n if (resp.http.X-Netacea-Captcha == \"1\" || resp.http.X-Netacea-Captcha == \"5\") { \n set req.http.X-Netacea-Event-ID = resp.http.X-Netacea-Event-ID;\n set req.http.X-Netacea-Compile-JSON = \"requested\";\n }\n }\n }\n if (var.integration_mode == \"INJECT\" || req.http.X-Netacea-Compile-JSON == \"requested\") {\n set req.http.X-Netacea-Match = \"\" resp.http.X-Netacea-Match;\n set req.http.X-Netacea-Mitigate = \"\" resp.http.X-Netacea-Mitigate;\n set req.http.X-Netacea-Captcha = \"\" resp.http.X-Netacea-Captcha;\n }\n set req.http.netacea_mitata_captcha_cookie_value = resp.http.x-netacea-mitatacaptcha-value;\n set req.http.netacea_mitata_captcha_cookie_expiry = resp.http.x-netacea-mitatacaptcha-expiry;\n call set_netacea_cookies;\n call netacea_hide_response_headers;\n if(req.url == \"/AtaVerifyCaptcha\") {\n return(deliver);\n }\n set req.http.host = req.http.netacea_origin_host;\n set req.url = req.http.netacea_origin_url;\n set req.method = req.http.netacea_origin_method;\n unset req.http.netacea_origin_url;\n unset req.http.netacea_origin_host;\n unset req.http.netacea_origin_method;\n unset req.http.X-Netacea-Api-Key;\n if (\n req.http.netacea_best_mitigation != \"captcha\"\n || var.integration_mode == \"INJECT\"\n || req.http.X-Netacea-Compile-JSON == \"requested\"\n ) {\n unset req.http.x-netacea:netacea_check_req_called;\n restart;\n }\n set resp.status = 403;\n set resp.response = \"Forbidden\";\n unset req.http.X-Netacea-Compile-JSON;\n call set_netacea_captcha_header;\n return(deliver);\n }\n if (fastly.ff.visits_this_service == 0) {\n call set_netacea_cookies;\n }\n}\n", "type": "deliver" }, { "priority": 45, - "template": "call netacea_error;", + "template": "declare local var.captcha_url STRING;\ndeclare local var.response STRING;\nif (obj.status == 601 && req.http.X-Netacea-Compile-JSON == \"processing\") {\n set var.captcha_url = get_netacea_captcha_path();\n set var.captcha_url = var.captcha_url \"?trackingId=\" req.http.X-Netacea-Event-ID;\n set var.response = \"{\" LF\n \" %22captchaRelativeURL%22:%22\" var.captcha_url \"%22,\" LF\n \" %22captchaAbsoluteURL%22:%22\" req.protocol \"://\" fastly_info.host_header var.captcha_url \"%22\" LF\n \"}\";\n set obj.status = 200;\n set obj.response = \"Forbidden\";\n set obj.http.Content-Type = \"application/json\";\n set obj.http.X-Netacea-Match = req.http.X-Netacea-Match;\n set obj.http.X-Netacea-Mitigate = req.http.X-Netacea-Mitigate;\n set obj.http.X-Netacea-Captcha = req.http.X-Netacea-Captcha;\n synthetic var.response;\n unset req.http.X-Netacea-Event-ID;\n unset req.http.X-Netacea-Match;\n unset req.http.X-Netacea-Mitigate;\n unset req.http.X-Netacea-Captcha;\n set req.http.X-Netacea-Compile-JSON = \"done\";\n return(deliver);\n}", "type": "error" }, { "priority": 45, - "template": "backend F_MitSvc {\n .between_bytes_timeout = 100ms;\n .connect_timeout = 500ms;\n .dynamic = true;\n .first_byte_timeout = 500ms;\n .host = \"geo-mitigations.netacea.net\";\n .max_connections = 200;\n .port = \"443\";\n .share_key = \"NetaceaGeoMitigations\";\n .host_header = \"geo-mitigations.netacea.net\";\n .always_use_host_header = true;\n .ssl = true;\n .ssl_cert_hostname = \"geo-mitigations.netacea.net\";\n .ssl_check_cert = always;\n .ssl_sni_hostname = \"geo-mitigations.netacea.net\";\n .probe = {\n .dummy = false;\n .initial = 5;\n .request = \"GET /_health HTTP/1.1\" \"Host: geo-mitigations.netacea.net\" \"Connection: close\" \"User-Agent: Varnish/fastly (healthcheck)\";\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n .expected_response = 200;\n }\n}\nbackend F_CaptchaAssets {\n .between_bytes_timeout = 10s;\n .connect_timeout = 1s;\n .dynamic = true;\n .first_byte_timeout = 15s;\n .host = \"assets.ntcacdn.net\";\n .max_connections = 200;\n .port = \"443\";\n .share_key = \"4nxXnE6VkrJiVuGz4G1VbJ\";\n .host_header = \"assets.ntcacdn.net\";\n .always_use_host_header = true;\n .ssl = true;\n .ssl_cert_hostname = \"assets.ntcacdn.net\";\n .ssl_check_cert = always;\n .ssl_sni_hostname = \"assets.ntcacdn.net\";\n .probe = {\n .dummy = true;\n .initial = 5;\n .request = \"HEAD / HTTP/1.1\" \"Host: assets.ntcacdn.net\" \"Connection: close\";\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n }\n}\ntable Netacea_Config {\n \"integration_type\": \"fastly/magento\",\n \"integration_version\": \"5.6.1\",\n \"integration_mode\": \"MITIGATE\",\n \"api_key\": \"{{netacea_api_key}}\",\n \"secret_key\": \"{{netacea_secret}}\",\n \"encryption_key\": \"{{netacea_encryption_key}}\",\n \"ignore_list\": \"{{netacea_ignore_list}}\",\n \"cookie_name\": \"{{netacea_cookie_name}}\",\n \"captcha_cookie_name\": \"{{netacea_captcha_cookie_name}}\",\n \"use_relative_path_captcha_assets\": \"{{netacea_use_relative_path_captcha_assets}}\",\n \"real_ip_header_name\": \"{{netacea_real_ip_header_name}}\",\n \"captcha_path\": \"{{netacea_captcha_path}}\",\n \"captcha_header\": \"{{netacea_captcha_header}}\",\n \"enable_captcha_content_negotiation\": \"{{netacea_enable_ccn}}\"\n}\nsub get_netacea_cookie_name STRING {\n if (table.lookup(Netacea_Config, \"cookie_name\") ~ \"^\\s*(.*?)\\s*$\") {\n if (re.group.1 != \"\") {\n return re.group.1;\n }\n }\n return \"_mitata\";\n}\nsub get_netacea_captcha_cookie_name STRING {\n if (table.lookup(Netacea_Config, \"captcha_cookie_name\") ~ \"^\\s*(.*?)\\s*$\") {\n if (re.group.1 != \"\") {\n return re.group.1;\n }\n }\n return \"_mitatacaptcha\";\n}\nsub get_netacea_captcha_path STRING {\n declare local var.path STRING;\n set var.path = table.lookup(Netacea_Config, \"captcha_path\");\n set var.path = regsub(var.path, \"^\\s*/*\", \"/\");\n set var.path = regsub(var.path, \"\\s*$\", \"\");\n return urldecode(var.path);\n}\nsub get_netacea_captcha_header STRING {\n declare local var.config STRING;\n set var.config = urldecode(regsuball(table.lookup(Netacea_Config, \"captcha_header\"), \"&#x(.{2});\", \"%25\\1\"));\n set var.config = std.replaceall(var.config, \""\", \"%22\");\n set var.config = std.replaceall(var.config, \"<\", \"<\");\n set var.config = std.replaceall(var.config, \">\", \">\");\n set var.config = std.replaceall(var.config, \"&\", \"&\");\n return var.config;\n}\nsub get_netacea_captcha_header_name STRING {\n declare local var.config STRING;\n set var.config = get_netacea_captcha_header();\n if (var.config ~ \"(?i)(?:^|&)\\s*name\\s*=\\s*(.*?)\\s*(?:&|$)\") {\n return re.group.1;\n }\n return \"\";\n}\nsub get_netacea_captcha_header_value STRING {\n declare local var.config STRING;\n set var.config = get_netacea_captcha_header();\n if (var.config ~ \"(?i)(?:^|&)\\s*value\\s*=\\s*(.*?)\\s*(?:&|$)\") {\n return re.group.1;\n }\n return \"\";\n}\nsub is_path_ignored BOOL {\n declare local var.netacea_ignore_list STRING;\n declare local var.req_path STRING;\n set var.netacea_ignore_list = table.lookup(Netacea_Config, \"ignore_list\");\n set var.req_path = urldecode(req.url.path);\n set var.netacea_ignore_list = regsuball(var.netacea_ignore_list, \"\\s*(,\\s*)+\", \",\");\n set var.netacea_ignore_list = regsuball(var.netacea_ignore_list, \"(^|,)\\s*/*\", \"\\1/\");\n set var.netacea_ignore_list = regsuball(var.netacea_ignore_list, \"/*\\s*(,|$)\", \"\\1\");\n if (var.netacea_ignore_list ~ \"^([^,]+),*([^,]+)?,*([^,]+)?,*([^,]+)?,*([^,]+)?\") {\n if (re.group.1 && (var.req_path == urldecode(re.group.1) || std.prefixof(var.req_path, urldecode(re.group.1) + \"/\"))) {\n return true;\n }\n if (re.group.2 && (var.req_path == urldecode(re.group.2) || std.prefixof(var.req_path, urldecode(re.group.2) + \"/\"))) {\n return true;\n }\n if (re.group.3 && (var.req_path == urldecode(re.group.3) || std.prefixof(var.req_path, urldecode(re.group.3) + \"/\"))) {\n return true;\n }\n if (re.group.4 && (var.req_path == urldecode(re.group.4) || std.prefixof(var.req_path, urldecode(re.group.4) + \"/\"))) {\n return true;\n }\n if (re.group.5 && (var.req_path == urldecode(re.group.5) || std.prefixof(var.req_path, urldecode(re.group.5) + \"/\"))) {\n return true;\n }\n }\n return false;\n}\nsub netacea_should_return_json BOOL {\n if (table.lookup(Netacea_Config, \"enable_captcha_content_negotiation\") != \"true\") {\n return false;\n }\n declare local var.html_weight FLOAT;\n declare local var.json_weight FLOAT;\n set var.html_weight = 0.0;\n set var.json_weight = 0.0;\n if (req.http.Accept ~ \"(?i)(^|,)\\s*application/json\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.json_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n } elseif (req.http.Accept ~ \"(?i)(^|,)\\s*application/\\*\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.json_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n }\n if (req.http.Accept ~ \"(?i)(^|,)\\s*text/html\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.html_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n } elseif (req.http.Accept ~ \"(^|,)\\s*text/\\*\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.html_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n }\n return var.json_weight > var.html_weight;\n}\nsub netacea_recv {\n if (!is_path_ignored()) {\n declare local var.netacea_mitSvc_authenticate BOOL;\n declare local var.netacea_mitSvc_apiKey STRING;\n declare local var.netacea_integration_mode STRING;\n declare local var.netacea_use_relative_path_captcha_assets STRING;\n declare local var.captcha_path STRING;\n set var.netacea_mitSvc_apiKey = table.lookup(Netacea_Config, \"api_key\");\n set var.netacea_integration_mode = table.lookup(Netacea_Config, \"integration_mode\");\n set var.netacea_use_relative_path_captcha_assets = table.lookup(Netacea_Config, \"use_relative_path_captcha_assets\");\n set var.captcha_path = get_netacea_captcha_path();\n if (var.netacea_use_relative_path_captcha_assets == \"true\") {\n if (std.prefixof(req.url.path, \"/Mitigations/\") && req.method == \"GET\") {\n if (std.suffixof(req.url.path, \".css\") || std.suffixof(req.url.path, \".js\")) {\n set req.backend = F_CaptchaAssets;\n return(lookup);\n }\n }\n }\n if (var.captcha_path != \"\" && urldecode(req.url.path) == var.captcha_path) {\n set req.backend = F_MitSvc;\n if (req.backend.healthy) {\n set req.http.netacea_origin_method = \"GET\";\n set req.http.netacea_processed = \"1\";\n set req.http.netacea_captcha_path = \"1\";\n set req.http.netacea_origin_host = req.http.host;\n set req.http.netacea_origin_url = req.url;\n set req.url = \"/captcha?\" + req.url.qs;\n set req.http.X-Netacea-Api-Key = var.netacea_mitSvc_apiKey;\n return(lookup);\n }\n }\n unset req.http.netacea_processed;\n if (req.restarts == 0 && fastly.ff.visits_this_service == 0) {\n set req.http.netacea_best_mitigation_code = \"000\";\n set req.http.netacea_match = \"0\";\n set req.http.netacea_mitigate = \"0\";\n set req.http.netacea_captcha = \"0\";\n call set_netacea_ip_header;\n unset req.http.mit_status;\n unset req.http.netacea_bctype_string;\n unset req.http.netacea_best_mitigation;\n unset req.http.netacea_cookies;\n unset req.http.netacea_mitata_captcha_cookie_expiry;\n unset req.http.netacea_mitata_captcha_cookie_value;\n unset req.http.netacea_mitata_must_reauthenticate;\n unset req.http.netacea_require_revalidation;\n unset req.http.netacea_set_cookies;\n unset req.http.X-Netacea-Match;\n unset req.http.X-Netacea-Mitigate;\n unset req.http.X-Netacea-Captcha;\n unset req.http.X-Netacea-Event-ID;\n unset req.http.X-Netacea-Api-Key;\n unset req.http.X-Netacea-Captcha-Status;\n unset req.http.X-Netacea-UserId;\n unset req.http.X-Netacea-Compile-JSON;\n if (var.netacea_integration_mode != \"BYPASS\") {\n set var.netacea_mitSvc_authenticate = true;\n call normalise_netacea_cookie_names;\n call decrypt_netacea_cookies_values;\n call process_netacea_mitata_cookie;\n }\n } else {\n if (req.http.X-Netacea-Compile-JSON == \"requested\") {\n set req.http.netacea_processed = \"1\";\n set req.http.X-Netacea-Compile-JSON = \"processing\";\n error 601;\n }\n if (var.netacea_integration_mode == \"MITIGATE\" && req.http.netacea_best_mitigation == \"block\") {\n error 403;\n }\n }\n if (req.http.Cookie:_mitata && !req.http.netacea_mitata_must_reauthenticate) {\n set var.netacea_mitSvc_authenticate = false;\n }\n set req.http.mitigation_user_id = req.http.X-Netacea-UserId;\n set req.http.integration_type = table.lookup(Netacea_Config, \"integration_type\");\n set req.http.integration_version = table.lookup(Netacea_Config, \"integration_version\");\n if (var.netacea_mitSvc_authenticate) {\n set req.http.netacea_set_cookies = \"1\";\n } else {\n if (var.netacea_integration_mode == \"INJECT\" && req.restarts == 0 && fastly.ff.visits_this_service == 0) {\n set req.http.X-Netacea-Match = req.http.netacea_match;\n set req.http.X-Netacea-Mitigate = req.http.netacea_mitigate;\n set req.http.X-Netacea-Captcha = req.http.netacea_captcha;\n }\n }\n if (var.netacea_integration_mode ~ \"(MITIGATE|INJECT)\" && var.netacea_mitSvc_authenticate) {\n set req.backend = F_MitSvc;\n if (req.backend.healthy) {\n unset req.http.netacea_match;\n unset req.http.netacea_mitigate;\n unset req.http.netacea_captcha;\n unset req.http.Cookie:_mitata;\n set req.http.netacea_origin_method = req.method;\n set req.http.netacea_processed = \"1\";\n set req.http.netacea_origin_host = req.http.host;\n set req.http.netacea_origin_url = req.url;\n if (req.url != \"/AtaVerifyCaptcha\") {\n set req.method = \"GET\";\n set req.url = \"/\";\n }\n set req.http.X-Netacea-Api-Key = var.netacea_mitSvc_apiKey;\n return(pass);\n }\n }\n }\n}\nsub netacea_hide_response_headers {\n unset resp.http.X-Netacea-Captcha;\n unset resp.http.X-Netacea-Event-ID;\n unset resp.http.X-Netacea-Match;\n unset resp.http.X-Netacea-MitATA-Expiry;\n unset resp.http.X-Netacea-MitATA-Value;\n unset resp.http.X-Netacea-Mitigate;\n}\nsub set_netacea_captcha_header {\n declare local var.captcha_header_name STRING;\n declare local var.captcha_header_value STRING;\n set var.captcha_header_name = get_netacea_captcha_header_name();\n set var.captcha_header_value = get_netacea_captcha_header_value();\n if (var.captcha_header_name != \"\") {\n header.set(resp, var.captcha_header_name, var.captcha_header_value);\n }\n}\nsub netacea_error {\n declare local var.captcha_url STRING;\n declare local var.response STRING;\n if (obj.status == 601 && req.http.X-Netacea-Compile-JSON == \"processing\") {\n set var.captcha_url = get_netacea_captcha_path();\n set var.captcha_url = var.captcha_url \"?trackingId=\" req.http.X-Netacea-Event-ID;\n set var.response = \"{\" LF\n \" %22captchaRelativeURL%22:%22\" var.captcha_url \"%22,\" LF\n \" %22captchaAbsoluteURL%22:%22\" req.protocol \"://\" fastly_info.host_header var.captcha_url \"%22\" LF\n \"}\";\n set obj.status = 200;\n set obj.response = \"Forbidden\";\n set obj.http.Content-Type = \"application/json\";\n set obj.http.X-Netacea-Match = req.http.X-Netacea-Match;\n set obj.http.X-Netacea-Mitigate = req.http.X-Netacea-Mitigate;\n set obj.http.X-Netacea-Captcha = req.http.X-Netacea-Captcha;\n synthetic var.response;\n unset req.http.X-Netacea-Event-ID;\n unset req.http.X-Netacea-Match;\n unset req.http.X-Netacea-Mitigate;\n unset req.http.X-Netacea-Captcha;\n set req.http.X-Netacea-Compile-JSON = \"done\";\n return(deliver);\n }\n}\nsub netacea_deliver {\n if (!is_path_ignored()) {\n declare local var.netacea_use_relative_path_captcha_assets STRING;\n declare local var.integration_mode STRING;\n set var.netacea_use_relative_path_captcha_assets = table.lookup(Netacea_Config, \"use_relative_path_captcha_assets\");\n if (var.netacea_use_relative_path_captcha_assets == \"true\") {\n if (std.prefixof(req.url.path, \"/Mitigations/\") && req.method == \"GET\") {\n if (std.suffixof(req.url.path, \".css\") || std.suffixof(req.url.path, \".js\")) {\n return(deliver);\n }\n }\n }\n if (req.http.netacea_captcha_path == \"1\") {\n call netacea_hide_response_headers;\n call set_netacea_captcha_header;\n return(deliver);\n }\n call netacea_calculate_best_mitigation;\n if (req.http.netacea_processed == \"1\") {\n set var.integration_mode = table.lookup(Netacea_Config, \"integration_mode\");\n set req.http.mit_status = resp.status;\n if (resp.status != 200 && req.http.X-Netacea-Compile-JSON != \"done\") {\n set req.http.netacea_best_mitigation = \"\";\n set req.http.netacea_bctype_string = \"\";\n if(req.url == \"/AtaVerifyCaptcha\") {\n unset resp.http.Set-Cookie;\n set req.http.netacea_set_cookies = \"0\";\n }\n }\n if (var.integration_mode == \"MITIGATE\" && req.http.X-Netacea-Compile-JSON != \"done\" && netacea_should_return_json()) { \n if (req.url != \"/AtaVerifyCaptcha\" && resp.http.X-Netacea-Mitigate == \"1\") { \n if (resp.http.X-Netacea-Captcha == \"1\" || resp.http.X-Netacea-Captcha == \"5\") { \n set req.http.X-Netacea-Event-ID = resp.http.X-Netacea-Event-ID;\n set req.http.X-Netacea-Compile-JSON = \"requested\";\n }\n }\n }\n if (var.integration_mode == \"INJECT\" || req.http.X-Netacea-Compile-JSON == \"requested\") {\n set req.http.X-Netacea-Match = \"\" resp.http.X-Netacea-Match;\n set req.http.X-Netacea-Mitigate = \"\" resp.http.X-Netacea-Mitigate;\n set req.http.X-Netacea-Captcha = \"\" resp.http.X-Netacea-Captcha;\n }\n set req.http.netacea_mitata_captcha_cookie_value = resp.http.x-netacea-mitatacaptcha-value;\n set req.http.netacea_mitata_captcha_cookie_expiry = resp.http.x-netacea-mitatacaptcha-expiry;\n call set_netacea_cookies;\n call netacea_hide_response_headers;\n if(req.url == \"/AtaVerifyCaptcha\") {\n return(deliver);\n }\n set req.http.host = req.http.netacea_origin_host;\n set req.url = req.http.netacea_origin_url;\n set req.method = req.http.netacea_origin_method;\n unset req.http.netacea_origin_url;\n unset req.http.netacea_origin_host;\n unset req.http.netacea_origin_method;\n unset req.http.X-Netacea-Api-Key;\n if (\n req.http.netacea_best_mitigation != \"captcha\"\n || var.integration_mode == \"INJECT\"\n || req.http.X-Netacea-Compile-JSON == \"requested\"\n ) {\n restart;\n }\n set resp.status = 403;\n set resp.response = \"Forbidden\";\n unset req.http.X-Netacea-Compile-JSON;\n call set_netacea_captcha_header;\n return(deliver);\n }\n call set_netacea_cookies;\n }\n}\nsub set_netacea_ip_header {\n declare local var.ip_header_name STRING;\n set var.ip_header_name = table.lookup(Netacea_Config, \"real_ip_header_name\");\n declare local var.ip_header_value STRING;\n set var.ip_header_value = if (std.strlen(var.ip_header_name) > 0, header.get(req, var.ip_header_name), \"\");\n set req.http.X-Netacea-Client-IP = if (std.strlen(var.ip_header_value) > 0, var.ip_header_value, client.ip);\n}\nsub set_netacea_cookies {\n if (req.http.netacea_set_cookies == \"1\") {\n declare local var.ignored BOOL;\n declare local var.netacea_mitSvc_secret STRING;\n set var.ignored = setcookie.delete_by_name(resp, \"_mitata\");\n set var.ignored = setcookie.delete_by_name(resp, \"_mitatacaptcha\");\n declare local var.netacea_captcha_cookie_name STRING;\n set var.netacea_captcha_cookie_name = get_netacea_captcha_cookie_name();\n set var.netacea_mitSvc_secret = table.lookup(Netacea_Config, \"secret_key\");\n call set_mitata_cookie;\n if (req.http.netacea_mitata_captcha_cookie_value && req.http.netacea_mitata_captcha_cookie_expiry) {\n if (table.lookup(Netacea_Config, \"encryption_key\") ~ \".\") {\n declare local var.netacea_encryption_key STRING;\n declare local var.netacea_iv STRING;\n declare local var.netacea_iv_trimmed STRING;\n declare local var.netacea_sig STRING;\n declare local var.netacea_mitata_captcha_cookie_value_base64 STRING;\n declare local var.netacea_mitata_captcha_cookie_value_hex STRING;\n declare local var.netacea_mitata_captcha_cookie_value_encrypted STRING;\n declare local var.netacea_mitata_captcha_cookie_final_value STRING;\n set var.netacea_encryption_key = table.lookup(Netacea_Config, \"encryption_key\");\n set var.netacea_mitata_captcha_cookie_value_base64 = digest.base64(req.http.netacea_mitata_captcha_cookie_value);\n set var.netacea_mitata_captcha_cookie_value_hex = bin.base64_to_hex(var.netacea_mitata_captcha_cookie_value_base64);\n set var.netacea_iv = uuid.version4();\n set var.netacea_iv_trimmed = std.replaceall(var.netacea_iv, \"-\", \"\");\n set var.netacea_mitata_captcha_cookie_value_encrypted = crypto.encrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_iv_trimmed, var.netacea_mitata_captcha_cookie_value_hex);\n set var.netacea_sig = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_captcha_cookie_value_encrypted);\n set var.netacea_mitata_captcha_cookie_final_value = var.netacea_iv_trimmed + \".\" + var.netacea_mitata_captcha_cookie_value_encrypted + \".\" + var.netacea_sig;\n add resp.http.Set-Cookie = var.netacea_captcha_cookie_name + \"=\" + var.netacea_mitata_captcha_cookie_final_value + \"; Max-Age=\" + req.http.netacea_mitata_captcha_cookie_expiry + \"; Path=/;\";\n }\n if (table.lookup(Netacea_Config, \"encryption_key\") !~ \".\") {\n add resp.http.Set-Cookie = var.netacea_captcha_cookie_name + \"=\" + req.http.netacea_mitata_captcha_cookie_value + \"; Max-Age=\" + req.http.netacea_mitata_captcha_cookie_expiry + \"; Path=/;\";\n }\n }\n }\n}\ntable Netacea_Match_Dict {\n \"0\": \"\",\n \"1\": \"ua\",\n \"2\": \"ip\",\n \"3\": \"visitor\",\n \"4\": \"datacenter\",\n \"5\": \"customer_session\",\n \"6\": \"organisation\",\n \"7\": \"asn\",\n \"8\": \"country\",\n \"9\": \"combination\"\n}\ntable Netacea_Mitigate_Dict {\n \"0\": \"\",\n \"1\": \"blocked\",\n \"2\": \"allow\",\n \"3\": \"hardblocked\"\n}\ntable Netacea_Best_Mitigations_Dict {\n \"0\": \"\",\n \"1\": \"block\",\n \"2\": \"allow\",\n \"3\": \"block\"\n}\ntable Netacea_Best_Mitigations_Captcha_Dict {\n \"1\": \"captcha\",\n \"2\": \"\",\n \"3\": \"captcha\",\n \"4\": \"\",\n \"5\": \"captcha\"\n}\ntable Netacea_Captcha_Dict {\n \"0\": \"\",\n \"1\": \"captcha_serve\",\n \"2\": \"captcha_pass\",\n \"3\": \"captcha_fail\",\n \"4\": \"captcha_cookiepass\",\n \"5\": \"captcha_cookiefail\",\n}\nsub netacea_calculate_best_mitigation {\n if (!req.http.netacea_bctype_string) {\n declare local var.netacea_match STRING;\n declare local var.netacea_mitigate STRING;\n declare local var.netacea_captcha STRING;\n declare local var.netacea_match_string STRING;\n declare local var.netacea_mitigate_string STRING;\n declare local var.netacea_captcha_string STRING;\n declare local var.netacea_captcha_mitigate_string STRING;\n declare local var.netacea_best_mitigation STRING;\n declare local var.netacea_bctype_string STRING;\n if (resp.http.x-netacea-match) { \n set var.netacea_match = resp.http.x-netacea-match;\n } elseif (req.http.netacea_match) { \n set var.netacea_match = req.http.netacea_match;\n } else {\n set var.netacea_match = \"0\";\n }\n if (resp.http.x-netacea-mitigate) { \n set var.netacea_mitigate = resp.http.x-netacea-mitigate;\n } elseif (req.http.netacea_mitigate) { \n set var.netacea_mitigate = req.http.netacea_mitigate;\n } else {\n set var.netacea_mitigate = \"0\";\n }\n if (resp.http.x-netacea-captcha) { \n set var.netacea_captcha = resp.http.x-netacea-captcha;\n } elseif (req.http.netacea_captcha) { \n set var.netacea_captcha = req.http.netacea_captcha;\n } else {\n set var.netacea_captcha = \"0\";\n }\n if (var.netacea_match) {\n set var.netacea_match_string = table.lookup(Netacea_Match_Dict, var.netacea_match, \"unknown\");\n if (var.netacea_match_string != \"\") {\n set var.netacea_bctype_string = var.netacea_match_string + \"_\";\n }\n }\n if (var.netacea_mitigate) {\n set var.netacea_mitigate_string = table.lookup(Netacea_Mitigate_Dict, var.netacea_mitigate, \"unknown\");\n if (var.netacea_mitigate_string != \"\") {\n set var.netacea_bctype_string = var.netacea_bctype_string + var.netacea_mitigate_string;\n }\n set var.netacea_best_mitigation = table.lookup(Netacea_Best_Mitigations_Dict, var.netacea_mitigate, \"no-best-mitigation\");\n if (var.netacea_best_mitigation == \"no-best-mitigation\") {\n set var.netacea_best_mitigation = \"\";\n }\n }\n if (var.netacea_captcha) {\n if (req.url != \"/AtaVerifyCaptcha\") {\n if (var.netacea_captcha == \"2\") {\n set var.netacea_captcha = \"4\";\n } elseif (var.netacea_captcha == \"3\") {\n set var.netacea_captcha = \"5\";\n }\n }\n set var.netacea_captcha_string = table.lookup(Netacea_Captcha_Dict, var.netacea_captcha, \"unknown\");\n if (var.netacea_captcha_string != \"\") {\n set var.netacea_bctype_string = var.netacea_bctype_string + \",\" + var.netacea_captcha_string;\n }\n set var.netacea_captcha_mitigate_string = table.lookup(Netacea_Best_Mitigations_Captcha_Dict, var.netacea_captcha, \"no-best-captcha-mitigation\");\n if (var.netacea_captcha_mitigate_string != \"no-best-captcha-mitigation\") {\n set var.netacea_best_mitigation = var.netacea_captcha_mitigate_string;\n }\n }\n set req.http.netacea_bctype_string = var.netacea_bctype_string;\n set req.http.netacea_best_mitigation = var.netacea_best_mitigation;\n set req.http.netacea_best_mitigation_code = var.netacea_match + var.netacea_mitigate + var.netacea_captcha;\n if (var.netacea_mitigate == \"3\") {\n set req.http.netacea_require_revalidation = \"1\";\n }\n if (var.netacea_mitigate == \"1\" && var.netacea_captcha != \"2\" && var.netacea_captcha != \"4\") {\n set req.http.netacea_require_revalidation = \"1\";\n }\n }\n}\nsub set_mitata_cookie {\n declare local var.netacea_mitSvc_secret STRING;\n set var.netacea_mitSvc_secret = table.lookup(Netacea_Config, \"secret_key\");\n if (!req.http.X-Netacea-UserId) {\n set req.http.X-Netacea-UserId = \"c\" + randomstr(15, \"1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\");\n }\n declare local var.netacea_encryption_key STRING;\n declare local var.netacea_iv STRING;\n declare local var.netacea_iv_trimmed STRING;\n declare local var.netacea_sig STRING;\n declare local var.netacea_mitata_cookie_full_value_base64 STRING;\n declare local var.netacea_mitata_cookie_full_value_hex STRING;\n declare local var.netacea_mitata_cookie_full_value_encrypted STRING;\n declare local var.netacea_mitata_cookie_final_value STRING;\n declare local var.netacea_mitata_cookie_full_value STRING;\n declare local var.netacea_ataCookie_stringValue STRING;\n declare local var.netacea_ataCookie_HMAC STRING;\n declare local var.netacea_mitSvc_exp STRING;\n declare local var.netacea_mitSvc_sig STRING;\n declare local var.netacea_mitSvc_userId STRING;\n declare local var.netacea_mitigation_code STRING;\n declare local var.netacea_client_ip_time STRING;\n declare local var.netacea_client_ip_time_hash STRING;\n declare local var.netacea_cookie_name STRING;\n set var.netacea_mitigation_code = req.http.netacea_best_mitigation_code;\n set var.netacea_mitSvc_userId = req.http.X-Netacea-UserId;\n set var.netacea_cookie_name = get_netacea_cookie_name();\n if (req.http.netacea_require_revalidation == \"1\") {\n set var.netacea_mitSvc_exp = time.units(\"s\", time.sub(now, 1m));\n } else {\n set var.netacea_mitSvc_exp = time.units(\"s\", time.add(now, 1m));\n }\n set var.netacea_client_ip_time = req.http.X-Netacea-Client-IP + var.netacea_mitSvc_exp;\n set var.netacea_client_ip_time_hash = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_client_ip_time);\n if (var.netacea_client_ip_time_hash ~ \"0x(.*)\") {\n set var.netacea_client_ip_time_hash = re.group.1;\n }\n set var.netacea_ataCookie_stringValue = var.netacea_mitSvc_exp + \"_/@#/\" + var.netacea_mitSvc_userId + \"_/@#/\" + digest.base64(var.netacea_client_ip_time_hash) + \"_/@#/\" + var.netacea_mitigation_code;\n set var.netacea_ataCookie_HMAC = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_ataCookie_stringValue);\n if (var.netacea_ataCookie_HMAC ~ \"0x(.*)\") {\n set var.netacea_ataCookie_HMAC = re.group.1;\n }\n set var.netacea_mitSvc_sig = digest.base64(var.netacea_ataCookie_HMAC);\n set var.netacea_mitata_cookie_full_value = var.netacea_mitSvc_sig + \"_/@#/\" + var.netacea_ataCookie_stringValue;\n if (table.lookup(Netacea_Config, \"encryption_key\") ~ \".\") {\n set var.netacea_encryption_key = table.lookup(Netacea_Config, \"encryption_key\");\n set var.netacea_mitata_cookie_full_value_base64 = digest.base64(var.netacea_mitata_cookie_full_value);\n set var.netacea_mitata_cookie_full_value_hex = bin.base64_to_hex(var.netacea_mitata_cookie_full_value_base64);\n set var.netacea_iv = uuid.version4();\n set var.netacea_iv_trimmed = std.replaceall(var.netacea_iv, \"-\", \"\");\n set var.netacea_mitata_cookie_full_value_encrypted = crypto.encrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_iv_trimmed, var.netacea_mitata_cookie_full_value_hex);\n set var.netacea_sig = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_cookie_full_value_encrypted);\n set var.netacea_mitata_cookie_final_value = var.netacea_iv_trimmed + \".\" + var.netacea_mitata_cookie_full_value_encrypted + \".\" + var.netacea_sig;\n add resp.http.Set-Cookie = var.netacea_cookie_name + \"=\" + var.netacea_mitata_cookie_final_value + \"; Max-Age=\" + time.units(\"s\", 1d) + \"; Path=/;\";\n }\n if (table.lookup(Netacea_Config, \"encryption_key\") !~ \".\") {\n add resp.http.Set-Cookie = var.netacea_cookie_name + \"=\" + var.netacea_mitata_cookie_full_value+ \"; Max-Age=\" + time.units(\"s\", 1d) + \"; Path=/;\";\n }\n set req.http.mitigation_user_id = var.netacea_mitSvc_userId;\n}\nsub process_netacea_mitata_cookie {\n declare local var.netacea_mitSvc_secret STRING;\n set var.netacea_mitSvc_secret = table.lookup(Netacea_Config, \"secret_key\");\n declare local var.netacea_cookie_sig STRING;\n declare local var.netacea_cookie_payload STRING;\n declare local var.netacea_cookie_expiry STRING;\n declare local var.netacea_client_ip_time_hash STRING;\n declare local var.netacea_real_client_ip_time STRING;\n declare local var.netacea_real_client_ip_time_hash STRING;\n declare local var.netacea_cookie_HMAC STRING;\n declare local var.netacea_cookie_real_value STRING;\n if (req.http.Cookie:_mitata) {\n if (req.http.Cookie:_mitata ~ \"^(.*)_\\/@#\\/((\\d+)_\\/@#\\/(.+)_\\/@#\\/(.+)_\\/@#\\/((\\d)(\\d)(\\d)))$\") {\n set var.netacea_cookie_sig = re.group.1;\n set var.netacea_cookie_payload = re.group.2;\n set var.netacea_cookie_expiry = re.group.3;\n set req.http.X-Netacea-UserId = re.group.4;\n set var.netacea_client_ip_time_hash = re.group.5;\n set req.http.netacea_match = re.group.7;\n set req.http.netacea_mitigate = re.group.8;\n set req.http.netacea_captcha = re.group.9;\n set var.netacea_cookie_real_value = var.netacea_cookie_expiry + \"_/@#/\" + req.http.X-Netacea-UserId + \"_/@#/\" + var.netacea_client_ip_time_hash + \"_/@#/\" + req.http.netacea_match + req.http.netacea_mitigate + req.http.netacea_captcha;\n set var.netacea_cookie_HMAC = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_cookie_real_value);\n if (var.netacea_cookie_HMAC ~ \"0x(.*)\") {\n set var.netacea_cookie_HMAC = re.group.1;\n }\n set var.netacea_real_client_ip_time = req.http.X-Netacea-Client-IP + var.netacea_cookie_expiry;\n set var.netacea_real_client_ip_time_hash = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_real_client_ip_time);\n if (var.netacea_real_client_ip_time_hash ~ \"0x(.*)\") {\n set var.netacea_real_client_ip_time_hash = re.group.1;\n }\n if (var.netacea_cookie_sig != digest.base64(var.netacea_cookie_HMAC)) {\n unset req.http.Cookie:_mitata;\n unset req.http.X-Netacea-UserId;\n unset req.http.netacea_match;\n unset req.http.netacea_mitigate;\n unset req.http.netacea_captcha;\n } else {\n if (time.is_after(now, std.time(var.netacea_cookie_expiry, now)) || digest.base64(var.netacea_real_client_ip_time_hash) != var.netacea_client_ip_time_hash ) {\n set req.http.netacea_mitata_must_reauthenticate = \"1\";\n }\n }\n } else {\n unset req.http.Cookie:_mitata;\n }\n }\n if (!req.http.Cookie:_mitata) {\n unset req.http.Cookie:_mitatacaptcha;\n }\n}\nsub normalise_netacea_cookie_names {\n declare local var.netacea_custom_cookie_name STRING;\n declare local var.netacea_custom_captcha_cookie_name STRING;\n set var.netacea_custom_cookie_name = get_netacea_cookie_name();\n set var.netacea_custom_captcha_cookie_name = get_netacea_captcha_cookie_name();\n set req.http.Cookie = regsuball(req.http.Cookie, \";\\s*+\", \"; \");\n if (var.netacea_custom_cookie_name !~ \"^_mitata$\") {\n unset req.http.Cookie:_mitata;\n set req.http.Cookie = std.replace_prefix(req.http.Cookie, var.netacea_custom_cookie_name + \"=\", \"_mitata=\");\n set req.http.Cookie = std.replace(req.http.Cookie, \"; \" + var.netacea_custom_cookie_name + \"=\", \"; _mitata=\");\n }\n if (var.netacea_custom_captcha_cookie_name !~ \"^_mitatacaptcha$\") {\n unset req.http.Cookie:_mitatacaptcha;\n set req.http.Cookie = std.replace_prefix(req.http.Cookie, var.netacea_custom_captcha_cookie_name + \"=\", \"_mitatacaptcha=\");\n set req.http.Cookie = std.replace(req.http.Cookie, \"; \" + var.netacea_custom_captcha_cookie_name + \"=\", \"; _mitatacaptcha=\");\n }\n}\nsub decrypt_netacea_cookies_values {\n declare local var.netacea_mitSvc_secret STRING;\n declare local var.netacea_mitata_cookie_encrypted STRING;\n declare local var.netacea_encryption_key STRING;\n declare local var.netacea_iv STRING;\n declare local var.netacea_mitata_cookie_base64 STRING;\n declare local var.netacea_mitata_cookie_hex STRING;\n declare local var.netacea_mitata_cookie_value STRING;\n declare local var.netacea_mitata_cookie_sig STRING;\n declare local var.netacea_mitata_captcha_cookie_encrypted STRING;\n declare local var.netacea_captcha_iv STRING;\n declare local var.netacea_mitata_captcha_cookie_base64 STRING;\n declare local var.netacea_mitata_captcha_cookie_hex STRING;\n declare local var.netacea_mitata_captcha_cookie_value STRING;\n declare local var.netacea_mitata_captcha_cookie_sig STRING;\n if (table.lookup(Netacea_Config, \"encryption_key\") ~ \".\") {\n set var.netacea_encryption_key = table.lookup(Netacea_Config, \"encryption_key\");\n set var.netacea_mitSvc_secret = table.lookup(Netacea_Config, \"secret_key\");\n if (req.http.Cookie:_mitata ~ \".\") {\n if (req.http.Cookie:_mitata ~ \"^(.*?)\\.\") {\n set var.netacea_iv = re.group.1;\n }\n if (req.http.Cookie:_mitata ~ \"\\.(.*?)\\.\") {\n set var.netacea_mitata_cookie_encrypted = re.group.1;\n }\n if (req.http.Cookie:_mitata ~ \"([^\\.]+$)\") {\n set var.netacea_mitata_cookie_sig = re.group.1;\n }\n set var.netacea_mitata_cookie_hex = crypto.decrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_iv, var.netacea_mitata_cookie_encrypted);\n set var.netacea_mitata_cookie_base64 = bin.hex_to_base64(var.netacea_mitata_cookie_hex);\n set var.netacea_mitata_cookie_value = digest.base64_decode(var.netacea_mitata_cookie_base64);\n set req.http.Cookie:_mitata = var.netacea_mitata_cookie_value;\n if(var.netacea_mitata_cookie_sig != digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_cookie_encrypted)) {\n unset req.http.Cookie:_mitata;\n }\n }\n if (req.http.Cookie:_mitatacaptcha ~ \"^(.*?)\\.\") {\n if (req.http.Cookie:_mitatacaptcha ~ \"^(.*?)\\.\") {\n set var.netacea_captcha_iv = re.group.1;\n }\n if (req.http.Cookie:_mitatacaptcha ~ \"\\.(.*?)\\.\") {\n set var.netacea_mitata_captcha_cookie_encrypted = re.group.1;\n }\n if (req.http.Cookie:_mitatacaptcha ~ \"([^\\.]+$)\") {\n set var.netacea_mitata_captcha_cookie_sig = re.group.1;\n }\n set var.netacea_mitata_captcha_cookie_hex = crypto.decrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_captcha_iv, var.netacea_mitata_captcha_cookie_encrypted);\n set var.netacea_mitata_captcha_cookie_base64 = bin.hex_to_base64(var.netacea_mitata_captcha_cookie_hex);\n set var.netacea_mitata_captcha_cookie_value = digest.base64_decode(var.netacea_mitata_captcha_cookie_base64);\n set req.http.Cookie:_mitatacaptcha = var.netacea_mitata_captcha_cookie_value;\n if(var.netacea_mitata_captcha_cookie_sig != digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_captcha_cookie_encrypted)) {\n unset req.http.Cookie:_mitatacaptcha;\n }\n }\n }\n}\n", + "template": "backend F_MitSvc {\n .between_bytes_timeout = 100ms;\n .connect_timeout = 500ms;\n .dynamic = true;\n .first_byte_timeout = 500ms;\n .host = \"geo-mitigations.netacea.net\";\n .max_connections = 200;\n .port = \"443\";\n .share_key = \"NetaceaGeoMitigations\";\n .host_header = \"geo-mitigations.netacea.net\";\n .always_use_host_header = true;\n .ssl = true;\n .ssl_cert_hostname = \"geo-mitigations.netacea.net\";\n .ssl_check_cert = always;\n .ssl_sni_hostname = \"geo-mitigations.netacea.net\";\n .probe = {\n .dummy = false;\n .initial = 5;\n .request = \"GET /_health HTTP/1.1\" \"Host: geo-mitigations.netacea.net\" \"Connection: close\" \"User-Agent: Varnish/fastly (healthcheck)\";\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n .expected_response = 200;\n }\n}\nbackend F_CaptchaAssets {\n .between_bytes_timeout = 10s;\n .connect_timeout = 1s;\n .dynamic = true;\n .first_byte_timeout = 15s;\n .host = \"assets.ntcacdn.net\";\n .max_connections = 200;\n .port = \"443\";\n .share_key = \"4nxXnE6VkrJiVuGz4G1VbJ\";\n .host_header = \"assets.ntcacdn.net\";\n .always_use_host_header = true;\n .ssl = true;\n .ssl_cert_hostname = \"assets.ntcacdn.net\";\n .ssl_check_cert = always;\n .ssl_sni_hostname = \"assets.ntcacdn.net\";\n .probe = {\n .dummy = true;\n .initial = 5;\n .request = \"HEAD / HTTP/1.1\" \"Host: assets.ntcacdn.net\" \"Connection: close\";\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n }\n}\ntable Netacea_Config {\n \"integration_type\": \"fastly/magento\",\n \"integration_version\": \"5.10.1\",\n \"integration_mode\": \"{{netacea_integration_mode}}\",\n \"api_key\": \"{{netacea_api_key}}\",\n \"secret_key\": \"{{netacea_secret}}\",\n \"encryption_key\": \"{{netacea_encryption_key}}\",\n \"cookie_name\": \"{{netacea_cookie_name}}\",\n \"captcha_cookie_name\": \"{{netacea_captcha_cookie_name}}\",\n \"ignore_list\": \"{{netacea_ignore_list}}\",\n \"use_relative_path_captcha_assets\": \"{{netacea_use_relative_path_captcha_assets}}\",\n \"real_ip_header_name\": \"{{netacea_real_ip_header_name}}\",\n \"captcha_path\": \"{{netacea_captcha_path}}\",\n \"captcha_header\": \"{{netacea_captcha_header}}\",\n \"enable_captcha_content_negotiation\": \"{{netacea_enable_ccn}}\"\n}\nsub get_netacea_config_integration_type STRING {\n return table.lookup(Netacea_Config, \"integration_type\", \"\");\n}\nsub get_netacea_config_integration_version STRING {\n return table.lookup(Netacea_Config, \"integration_version\", \"\");\n}\nsub get_netacea_config_api_key STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"api_key\");\n }\n return table.lookup(Netacea_Config, \"api_key\", \"\");\n}\nsub get_netacea_config_secret_key STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"secret_key\");\n }\n return table.lookup(Netacea_Config, \"secret_key\", \"\");\n}\nsub get_netacea_config_encryption_key STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"encryption_key\");\n }\n return table.lookup(Netacea_Config, \"encryption_key\", \"\");\n}\nsub get_netacea_config_integration_mode STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"integration_mode\");\n }\n return table.lookup(Netacea_Config, \"integration_mode\", \"\");\n}\nsub get_netacea_config_ignore_list STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"ignore_list\");\n }\n return table.lookup(Netacea_Config, \"ignore_list\", \"\");\n}\nsub get_netacea_config_cookie_name STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"cookie_name\");\n }\n return table.lookup(Netacea_Config, \"cookie_name\", \"\");\n}\nsub get_netacea_config_captcha_cookie_name STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"captcha_cookie_name\");\n }\n return table.lookup(Netacea_Config, \"captcha_cookie_name\", \"\");\n}\nsub get_netacea_config_use_relative_path_captcha_assets STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"use_relative_path_captcha_assets\");\n }\n return table.lookup(Netacea_Config, \"use_relative_path_captcha_assets\", \"\");\n}\nsub get_netacea_config_real_ip_header_name STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"real_ip_header_name\");\n }\n return table.lookup(Netacea_Config, \"real_ip_header_name\", \"\");\n}\nsub get_netacea_config_captcha_path STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"captcha_path\");\n }\n return table.lookup(Netacea_Config, \"captcha_path\", \"\");\n}\nsub get_netacea_config_captcha_header STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"captcha_header\");\n }\n return table.lookup(Netacea_Config, \"captcha_header\", \"\");\n}\nsub get_netacea_config_enable_captcha_content_negotiation STRING {\n if (req.http.x-netacea:edge_config_key_prefix) {\n return table.lookup(netacea_edge_config, req.http.x-netacea:edge_config_key_prefix + \"enable_captcha_content_negotiation\");\n }\n return table.lookup(Netacea_Config, \"enable_captcha_content_negotiation\", \"\");\n}\nsub get_sanitised_netacea_config_cookie_name STRING {\n declare local var.name STRING;\n set var.name = get_netacea_config_cookie_name();\n if (var.name ~ \"^\\s*(.*?)\\s*$\") {\n if (re.group.1 != \"\") {\n return re.group.1;\n }\n }\n return \"_mitata\";\n}\nsub get_sanitised_netacea_config_captcha_cookie_name STRING {\n declare local var.name STRING;\n set var.name = get_netacea_config_captcha_cookie_name();\n if (var.name ~ \"^\\s*(.*?)\\s*$\") {\n if (re.group.1 != \"\") {\n return re.group.1;\n }\n }\n return \"_mitatacaptcha\";\n}\ntable Netacea_Match_Dict {\n \"0\": \"\",\n \"1\": \"ua\",\n \"2\": \"ip\",\n \"3\": \"visitor\",\n \"4\": \"datacenter\",\n \"5\": \"customer_session\",\n \"6\": \"organisation\",\n \"7\": \"asn\",\n \"8\": \"country\",\n \"9\": \"combination\"\n}\ntable Netacea_Mitigate_Dict {\n \"0\": \"\",\n \"1\": \"blocked\",\n \"2\": \"allow\",\n \"3\": \"hardblocked\"\n}\ntable Netacea_Best_Mitigations_Dict {\n \"0\": \"\",\n \"1\": \"block\",\n \"2\": \"allow\",\n \"3\": \"block\"\n}\ntable Netacea_Best_Mitigations_Captcha_Dict {\n \"1\": \"captcha\",\n \"2\": \"\",\n \"3\": \"captcha\",\n \"4\": \"\",\n \"5\": \"captcha\"\n}\ntable Netacea_Captcha_Dict {\n \"0\": \"\",\n \"1\": \"captcha_serve\",\n \"2\": \"captcha_pass\",\n \"3\": \"captcha_fail\",\n \"4\": \"captcha_cookiepass\",\n \"5\": \"captcha_cookiefail\",\n}\nsub get_netacea_captcha_path STRING {\n declare local var.path STRING;\n set var.path = get_netacea_config_captcha_path();\n set var.path = regsub(var.path, \"^\\s*/*\", \"/\");\n set var.path = regsub(var.path, \"\\s*$\", \"\");\n return urldecode(var.path);\n}\nsub get_sanitised_netacea_config_captcha_header STRING {\n declare local var.value STRING;\n set var.value = get_netacea_config_captcha_header();\n set var.value = urldecode(regsuball(var.value, \"&#x(.{2});\", \"%25\\1\"));\n set var.value = std.replaceall(var.value, \""\", \"%22\");\n set var.value = std.replaceall(var.value, \"<\", \"<\");\n set var.value = std.replaceall(var.value, \">\", \">\");\n set var.value = std.replaceall(var.value, \"&\", \"&\");\n return var.value;\n}\nsub get_netacea_captcha_header_name STRING {\n declare local var.config STRING;\n set var.config = get_sanitised_netacea_config_captcha_header();\n if (var.config ~ \"(?i)(?:^|&)\\s*name\\s*=\\s*(.*?)\\s*(?:&|$)\") {\n return re.group.1;\n }\n return \"\";\n}\nsub get_netacea_captcha_header_value STRING {\n declare local var.config STRING;\n set var.config = get_sanitised_netacea_config_captcha_header();\n if (var.config ~ \"(?i)(?:^|&)\\s*value\\s*=\\s*(.*?)\\s*(?:&|$)\") {\n return re.group.1;\n }\n return \"\";\n}\nsub is_path_ignored BOOL {\n declare local var.netacea_ignore_list STRING;\n declare local var.req_path STRING;\n set var.netacea_ignore_list = get_netacea_config_ignore_list();\n set var.req_path = urldecode(req.url.path);\n set var.netacea_ignore_list = regsuball(var.netacea_ignore_list, \"\\s*(,\\s*)+\", \",\");\n set var.netacea_ignore_list = regsuball(var.netacea_ignore_list, \"(^|,)\\s*/*\", \"\\1/\");\n set var.netacea_ignore_list = regsuball(var.netacea_ignore_list, \"/*\\s*(,|$)\", \"\\1\");\n if (var.netacea_ignore_list ~ \"^([^,]+),*([^,]+)?,*([^,]+)?,*([^,]+)?,*([^,]+)?\") {\n if (re.group.1 && (var.req_path == urldecode(re.group.1) || std.prefixof(var.req_path, urldecode(re.group.1) + \"/\"))) {\n return true;\n }\n if (re.group.2 && (var.req_path == urldecode(re.group.2) || std.prefixof(var.req_path, urldecode(re.group.2) + \"/\"))) {\n return true;\n }\n if (re.group.3 && (var.req_path == urldecode(re.group.3) || std.prefixof(var.req_path, urldecode(re.group.3) + \"/\"))) {\n return true;\n }\n if (re.group.4 && (var.req_path == urldecode(re.group.4) || std.prefixof(var.req_path, urldecode(re.group.4) + \"/\"))) {\n return true;\n }\n if (re.group.5 && (var.req_path == urldecode(re.group.5) || std.prefixof(var.req_path, urldecode(re.group.5) + \"/\"))) {\n return true;\n }\n }\n return false;\n}\nsub netacea_should_return_json BOOL {\n declare local var.enable_captcha_content_negotiation STRING;\n set var.enable_captcha_content_negotiation = get_netacea_config_enable_captcha_content_negotiation();\n if (var.enable_captcha_content_negotiation != \"true\") {\n return false;\n }\n declare local var.html_weight FLOAT;\n declare local var.json_weight FLOAT;\n set var.html_weight = 0.0;\n set var.json_weight = 0.0;\n if (req.http.Accept ~ \"(?i)(^|,)\\s*application/json\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.json_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n } elseif (req.http.Accept ~ \"(?i)(^|,)\\s*application/\\*\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.json_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n }\n if (req.http.Accept ~ \"(?i)(^|,)\\s*text/html\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.html_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n } elseif (req.http.Accept ~ \"(^|,)\\s*text/\\*\\s*(;\\s*q\\s*=\\s*(\\d*(\\.\\d+)?|\\d+\\.)\\s*)?(,|$)\") {\n set var.html_weight = std.atof(if(re.group.3, re.group.3, \"1.0\"));\n }\n return var.json_weight > var.html_weight;\n}\nsub netacea_hide_response_headers {\n unset resp.http.X-Netacea-Captcha;\n unset resp.http.X-Netacea-Event-ID;\n unset resp.http.X-Netacea-Match;\n unset resp.http.X-Netacea-MitATA-Expiry;\n unset resp.http.X-Netacea-MitATA-Value;\n unset resp.http.X-Netacea-Mitigate;\n}\nsub set_netacea_captcha_header {\n declare local var.captcha_header_name STRING;\n declare local var.captcha_header_value STRING;\n set var.captcha_header_name = get_netacea_captcha_header_name();\n set var.captcha_header_value = get_netacea_captcha_header_value();\n if (var.captcha_header_name != \"\") {\n header.set(resp, var.captcha_header_name, var.captcha_header_value);\n }\n}\nsub set_netacea_ip_header {\n declare local var.ip_header_name STRING;\n set var.ip_header_name = get_netacea_config_real_ip_header_name();\n declare local var.ip_header_value STRING;\n set var.ip_header_value = if (std.strlen(var.ip_header_name) > 0, header.get(req, var.ip_header_name), \"\");\n set req.http.X-Netacea-Client-IP = if (std.strlen(var.ip_header_value) > 0, var.ip_header_value, client.ip);\n}\nsub set_netacea_cookies {\n if (req.http.netacea_set_cookies == \"1\") {\n declare local var.ignored BOOL;\n declare local var.netacea_mitSvc_secret STRING;\n declare local var.netacea_encryption_key STRING;\n set var.ignored = setcookie.delete_by_name(resp, \"_mitata\");\n set var.ignored = setcookie.delete_by_name(resp, \"_mitatacaptcha\");\n declare local var.netacea_captcha_cookie_name STRING;\n set var.netacea_captcha_cookie_name = get_sanitised_netacea_config_captcha_cookie_name();\n set var.netacea_mitSvc_secret = get_netacea_config_secret_key();\n set var.netacea_encryption_key = get_netacea_config_encryption_key();\n call set_mitata_cookie;\n if (req.http.netacea_mitata_captcha_cookie_value && req.http.netacea_mitata_captcha_cookie_expiry) {\n if (var.netacea_encryption_key ~ \".\") {\n declare local var.netacea_iv STRING;\n declare local var.netacea_iv_trimmed STRING;\n declare local var.netacea_sig STRING;\n declare local var.netacea_mitata_captcha_cookie_value_base64 STRING;\n declare local var.netacea_mitata_captcha_cookie_value_hex STRING;\n declare local var.netacea_mitata_captcha_cookie_value_encrypted STRING;\n declare local var.netacea_mitata_captcha_cookie_final_value STRING;\n set var.netacea_mitata_captcha_cookie_value_base64 = digest.base64(req.http.netacea_mitata_captcha_cookie_value);\n set var.netacea_mitata_captcha_cookie_value_hex = bin.base64_to_hex(var.netacea_mitata_captcha_cookie_value_base64);\n set var.netacea_iv = uuid.version4();\n set var.netacea_iv_trimmed = std.replaceall(var.netacea_iv, \"-\", \"\");\n set var.netacea_mitata_captcha_cookie_value_encrypted = crypto.encrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_iv_trimmed, var.netacea_mitata_captcha_cookie_value_hex);\n set var.netacea_sig = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_captcha_cookie_value_encrypted);\n set var.netacea_mitata_captcha_cookie_final_value = var.netacea_iv_trimmed + \".\" + var.netacea_mitata_captcha_cookie_value_encrypted + \".\" + var.netacea_sig;\n add resp.http.Set-Cookie = var.netacea_captcha_cookie_name + \"=\" + var.netacea_mitata_captcha_cookie_final_value + \"; Max-Age=\" + req.http.netacea_mitata_captcha_cookie_expiry + \"; Path=/;\";\n }\n if (var.netacea_encryption_key !~ \".\") {\n add resp.http.Set-Cookie = var.netacea_captcha_cookie_name + \"=\" + req.http.netacea_mitata_captcha_cookie_value + \"; Max-Age=\" + req.http.netacea_mitata_captcha_cookie_expiry + \"; Path=/;\";\n }\n }\n }\n}\nsub netacea_calculate_best_mitigation {\n if (!req.http.netacea_bctype_string) {\n declare local var.netacea_match STRING;\n declare local var.netacea_mitigate STRING;\n declare local var.netacea_captcha STRING;\n declare local var.netacea_match_string STRING;\n declare local var.netacea_mitigate_string STRING;\n declare local var.netacea_captcha_string STRING;\n declare local var.netacea_captcha_mitigate_string STRING;\n declare local var.netacea_best_mitigation STRING;\n declare local var.netacea_bctype_string STRING;\n if (resp.http.x-netacea-match) { \n set var.netacea_match = resp.http.x-netacea-match;\n } elseif (req.http.netacea_match) { \n set var.netacea_match = req.http.netacea_match;\n } else {\n set var.netacea_match = \"0\";\n }\n if (resp.http.x-netacea-mitigate) { \n set var.netacea_mitigate = resp.http.x-netacea-mitigate;\n } elseif (req.http.netacea_mitigate) { \n set var.netacea_mitigate = req.http.netacea_mitigate;\n } else {\n set var.netacea_mitigate = \"0\";\n }\n if (resp.http.x-netacea-captcha) { \n set var.netacea_captcha = resp.http.x-netacea-captcha;\n } elseif (req.http.netacea_captcha) { \n set var.netacea_captcha = req.http.netacea_captcha;\n } else {\n set var.netacea_captcha = \"0\";\n }\n if (var.netacea_match) {\n set var.netacea_match_string = table.lookup(Netacea_Match_Dict, var.netacea_match, \"unknown\");\n if (var.netacea_match_string != \"\") {\n set var.netacea_bctype_string = var.netacea_match_string + \"_\";\n }\n }\n if (var.netacea_mitigate) {\n set var.netacea_mitigate_string = table.lookup(Netacea_Mitigate_Dict, var.netacea_mitigate, \"unknown\");\n if (var.netacea_mitigate_string != \"\") {\n set var.netacea_bctype_string = var.netacea_bctype_string + var.netacea_mitigate_string;\n }\n set var.netacea_best_mitigation = table.lookup(Netacea_Best_Mitigations_Dict, var.netacea_mitigate, \"no-best-mitigation\");\n if (var.netacea_best_mitigation == \"no-best-mitigation\") {\n set var.netacea_best_mitigation = \"\";\n }\n }\n if (var.netacea_captcha) {\n if (req.url != \"/AtaVerifyCaptcha\") {\n if (var.netacea_captcha == \"2\") {\n set var.netacea_captcha = \"4\";\n } elseif (var.netacea_captcha == \"3\") {\n set var.netacea_captcha = \"5\";\n }\n }\n set var.netacea_captcha_string = table.lookup(Netacea_Captcha_Dict, var.netacea_captcha, \"unknown\");\n if (var.netacea_captcha_string != \"\") {\n set var.netacea_bctype_string = var.netacea_bctype_string + \",\" + var.netacea_captcha_string;\n }\n set var.netacea_captcha_mitigate_string = table.lookup(Netacea_Best_Mitigations_Captcha_Dict, var.netacea_captcha, \"no-best-captcha-mitigation\");\n if (var.netacea_captcha_mitigate_string != \"no-best-captcha-mitigation\") {\n set var.netacea_best_mitigation = var.netacea_captcha_mitigate_string;\n }\n }\n set req.http.netacea_bctype_string = var.netacea_bctype_string;\n set req.http.netacea_best_mitigation = var.netacea_best_mitigation;\n set req.http.netacea_best_mitigation_code = var.netacea_match + var.netacea_mitigate + var.netacea_captcha;\n if (var.netacea_mitigate == \"3\") {\n set req.http.netacea_require_revalidation = \"1\";\n }\n if (var.netacea_mitigate == \"1\" && var.netacea_captcha != \"2\" && var.netacea_captcha != \"4\") {\n set req.http.netacea_require_revalidation = \"1\";\n }\n }\n}\nsub set_mitata_cookie {\n declare local var.netacea_mitSvc_secret STRING;\n declare local var.netacea_encryption_key STRING;\n set var.netacea_mitSvc_secret = get_netacea_config_secret_key();\n set var.netacea_encryption_key = get_netacea_config_encryption_key();\n if (!req.http.X-Netacea-UserId) {\n set req.http.X-Netacea-UserId = \"c\" + randomstr(15, \"1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ\");\n set req.http.x-netacea:cookie_session_status = \"1\";\n }\n declare local var.netacea_iv STRING;\n declare local var.netacea_iv_trimmed STRING;\n declare local var.netacea_sig STRING;\n declare local var.netacea_mitata_cookie_full_value_base64 STRING;\n declare local var.netacea_mitata_cookie_full_value_hex STRING;\n declare local var.netacea_mitata_cookie_full_value_encrypted STRING;\n declare local var.netacea_mitata_cookie_final_value STRING;\n declare local var.netacea_mitata_cookie_full_value STRING;\n declare local var.netacea_ataCookie_stringValue STRING;\n declare local var.netacea_ataCookie_HMAC STRING;\n declare local var.netacea_mitSvc_exp STRING;\n declare local var.netacea_mitSvc_sig STRING;\n declare local var.netacea_mitSvc_userId STRING;\n declare local var.netacea_mitigation_code STRING;\n declare local var.netacea_client_ip_time_ua STRING;\n declare local var.netacea_client_ip_time_ua_hash STRING;\n declare local var.netacea_cookie_name STRING;\n set var.netacea_mitigation_code = req.http.netacea_best_mitigation_code;\n set var.netacea_mitSvc_userId = req.http.X-Netacea-UserId;\n set var.netacea_cookie_name = get_sanitised_netacea_config_cookie_name();\n if (req.http.netacea_require_revalidation == \"1\") {\n set var.netacea_mitSvc_exp = time.units(\"s\", time.sub(now, 1m));\n } else {\n set var.netacea_mitSvc_exp = time.units(\"s\", time.add(now, 1m));\n }\n set var.netacea_client_ip_time_ua = req.http.X-Netacea-Client-IP + \"|\" + var.netacea_mitSvc_exp + \"|\" + req.http.user-agent;\n set var.netacea_client_ip_time_ua_hash = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_client_ip_time_ua);\n if (var.netacea_client_ip_time_ua_hash ~ \"0x(.*)\") {\n set var.netacea_client_ip_time_ua_hash = re.group.1;\n }\n set var.netacea_ataCookie_stringValue = var.netacea_mitSvc_exp + \"_/@#/\" + var.netacea_mitSvc_userId + \"_/@#/\" + digest.base64(var.netacea_client_ip_time_ua_hash) + \"_/@#/\" + var.netacea_mitigation_code;\n set var.netacea_ataCookie_HMAC = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_ataCookie_stringValue);\n if (var.netacea_ataCookie_HMAC ~ \"0x(.*)\") {\n set var.netacea_ataCookie_HMAC = re.group.1;\n }\n set var.netacea_mitSvc_sig = digest.base64(var.netacea_ataCookie_HMAC);\n set var.netacea_mitata_cookie_full_value = var.netacea_mitSvc_sig + \"_/@#/\" + var.netacea_ataCookie_stringValue;\n if (var.netacea_encryption_key ~ \".\") {\n set var.netacea_mitata_cookie_full_value_base64 = digest.base64(var.netacea_mitata_cookie_full_value);\n set var.netacea_mitata_cookie_full_value_hex = bin.base64_to_hex(var.netacea_mitata_cookie_full_value_base64);\n set var.netacea_iv = uuid.version4();\n set var.netacea_iv_trimmed = std.replaceall(var.netacea_iv, \"-\", \"\");\n set var.netacea_mitata_cookie_full_value_encrypted = crypto.encrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_iv_trimmed, var.netacea_mitata_cookie_full_value_hex);\n set var.netacea_sig = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_cookie_full_value_encrypted);\n set var.netacea_mitata_cookie_final_value = var.netacea_iv_trimmed + \".\" + var.netacea_mitata_cookie_full_value_encrypted + \".\" + var.netacea_sig;\n add resp.http.Set-Cookie = var.netacea_cookie_name + \"=\" + var.netacea_mitata_cookie_final_value + \"; Max-Age=\" + time.units(\"s\", 1d) + \"; Path=/;\";\n }\n if (var.netacea_encryption_key !~ \".\") {\n add resp.http.Set-Cookie = var.netacea_cookie_name + \"=\" + var.netacea_mitata_cookie_full_value+ \"; Max-Age=\" + time.units(\"s\", 1d) + \"; Path=/;\";\n }\n set req.http.mitigation_user_id = var.netacea_mitSvc_userId;\n}\nsub process_netacea_mitata_cookie {\n declare local var.netacea_mitSvc_secret STRING;\n set var.netacea_mitSvc_secret = get_netacea_config_secret_key();\n declare local var.netacea_cookie_sig STRING;\n declare local var.netacea_cookie_payload STRING;\n declare local var.netacea_cookie_expiry STRING;\n declare local var.netacea_client_ip_time_ua_hash STRING;\n declare local var.netacea_real_client_ip_time_ua STRING;\n declare local var.netacea_real_client_ip_time_ua_hash STRING;\n declare local var.netacea_cookie_HMAC STRING;\n declare local var.netacea_cookie_real_value STRING;\n if (req.http.Cookie:_mitata) {\n if (req.http.Cookie:_mitata ~ \"^(.*)_\\/@#\\/((\\d+)_\\/@#\\/(.+)_\\/@#\\/(.+)_\\/@#\\/((\\d)(\\d)(\\d)))$\") {\n set var.netacea_cookie_sig = re.group.1;\n set var.netacea_cookie_payload = re.group.2;\n set var.netacea_cookie_expiry = re.group.3;\n set req.http.X-Netacea-UserId = re.group.4;\n set var.netacea_client_ip_time_ua_hash = re.group.5;\n set req.http.netacea_match = re.group.7;\n set req.http.netacea_mitigate = re.group.8;\n set req.http.netacea_captcha = re.group.9;\n set var.netacea_cookie_real_value = var.netacea_cookie_expiry + \"_/@#/\" + req.http.X-Netacea-UserId + \"_/@#/\" + var.netacea_client_ip_time_ua_hash + \"_/@#/\" + req.http.netacea_match + req.http.netacea_mitigate + req.http.netacea_captcha;\n set var.netacea_cookie_HMAC = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_cookie_real_value);\n if (var.netacea_cookie_HMAC ~ \"0x(.*)\") {\n set var.netacea_cookie_HMAC = re.group.1;\n }\n set var.netacea_real_client_ip_time_ua = req.http.X-Netacea-Client-IP + \"|\" + var.netacea_cookie_expiry + \"|\" + req.http.user-agent;\n set var.netacea_real_client_ip_time_ua_hash = digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_real_client_ip_time_ua);\n if (var.netacea_real_client_ip_time_ua_hash ~ \"0x(.*)\") {\n set var.netacea_real_client_ip_time_ua_hash = re.group.1;\n }\n if (var.netacea_cookie_sig != digest.base64(var.netacea_cookie_HMAC)) {\n unset req.http.Cookie:_mitata;\n unset req.http.X-Netacea-UserId;\n unset req.http.netacea_match;\n unset req.http.netacea_mitigate;\n unset req.http.netacea_captcha;\n } else {\n if (time.is_after(now, std.time(var.netacea_cookie_expiry, now)) || digest.base64(var.netacea_real_client_ip_time_ua_hash) != var.netacea_client_ip_time_ua_hash ) {\n set req.http.netacea_mitata_must_reauthenticate = \"1\";\n set req.http.x-netacea:cookie_session_status = \"3\";\n } else {\n set req.http.x-netacea:cookie_session_status = \"2\";\n }\n }\n } else {\n unset req.http.Cookie:_mitata;\n }\n }\n if (!req.http.Cookie:_mitata) {\n unset req.http.Cookie:_mitatacaptcha;\n }\n}\nsub normalise_netacea_cookie_names {\n declare local var.netacea_custom_cookie_name STRING;\n declare local var.netacea_custom_captcha_cookie_name STRING;\n set var.netacea_custom_cookie_name = get_sanitised_netacea_config_cookie_name();\n set var.netacea_custom_captcha_cookie_name = get_sanitised_netacea_config_captcha_cookie_name();\n set req.http.Cookie = regsuball(req.http.Cookie, \";\\s*+\", \"; \");\n if (var.netacea_custom_cookie_name !~ \"^_mitata$\") {\n unset req.http.Cookie:_mitata;\n set req.http.Cookie = std.replace_prefix(req.http.Cookie, var.netacea_custom_cookie_name + \"=\", \"_mitata=\");\n set req.http.Cookie = std.replace(req.http.Cookie, \"; \" + var.netacea_custom_cookie_name + \"=\", \"; _mitata=\");\n }\n if (var.netacea_custom_captcha_cookie_name !~ \"^_mitatacaptcha$\") {\n unset req.http.Cookie:_mitatacaptcha;\n set req.http.Cookie = std.replace_prefix(req.http.Cookie, var.netacea_custom_captcha_cookie_name + \"=\", \"_mitatacaptcha=\");\n set req.http.Cookie = std.replace(req.http.Cookie, \"; \" + var.netacea_custom_captcha_cookie_name + \"=\", \"; _mitatacaptcha=\");\n }\n}\nsub decrypt_netacea_cookies_values {\n declare local var.netacea_mitSvc_secret STRING;\n declare local var.netacea_mitata_cookie_encrypted STRING;\n declare local var.netacea_encryption_key STRING;\n declare local var.netacea_iv STRING;\n declare local var.netacea_mitata_cookie_base64 STRING;\n declare local var.netacea_mitata_cookie_hex STRING;\n declare local var.netacea_mitata_cookie_value STRING;\n declare local var.netacea_mitata_cookie_sig STRING;\n declare local var.netacea_mitata_captcha_cookie_encrypted STRING;\n declare local var.netacea_captcha_iv STRING;\n declare local var.netacea_mitata_captcha_cookie_base64 STRING;\n declare local var.netacea_mitata_captcha_cookie_hex STRING;\n declare local var.netacea_mitata_captcha_cookie_value STRING;\n declare local var.netacea_mitata_captcha_cookie_sig STRING;\n set var.netacea_encryption_key = get_netacea_config_encryption_key();\n if (var.netacea_encryption_key ~ \".\") {\n set var.netacea_mitSvc_secret = get_netacea_config_secret_key();\n if (req.http.Cookie:_mitata ~ \".\") {\n if (req.http.Cookie:_mitata ~ \"^(.*?)\\.\") {\n set var.netacea_iv = re.group.1;\n }\n if (req.http.Cookie:_mitata ~ \"\\.(.*?)\\.\") {\n set var.netacea_mitata_cookie_encrypted = re.group.1;\n }\n if (req.http.Cookie:_mitata ~ \"([^\\.]+$)\") {\n set var.netacea_mitata_cookie_sig = re.group.1;\n }\n set var.netacea_mitata_cookie_hex = crypto.decrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_iv, var.netacea_mitata_cookie_encrypted);\n set var.netacea_mitata_cookie_base64 = bin.hex_to_base64(var.netacea_mitata_cookie_hex);\n set var.netacea_mitata_cookie_value = digest.base64_decode(var.netacea_mitata_cookie_base64);\n set req.http.Cookie:_mitata = var.netacea_mitata_cookie_value;\n if(var.netacea_mitata_cookie_sig != digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_cookie_encrypted)) {\n unset req.http.Cookie:_mitata;\n }\n }\n if (req.http.Cookie:_mitatacaptcha ~ \"^(.*?)\\.\") {\n if (req.http.Cookie:_mitatacaptcha ~ \"^(.*?)\\.\") {\n set var.netacea_captcha_iv = re.group.1;\n }\n if (req.http.Cookie:_mitatacaptcha ~ \"\\.(.*?)\\.\") {\n set var.netacea_mitata_captcha_cookie_encrypted = re.group.1;\n }\n if (req.http.Cookie:_mitatacaptcha ~ \"([^\\.]+$)\") {\n set var.netacea_mitata_captcha_cookie_sig = re.group.1;\n }\n set var.netacea_mitata_captcha_cookie_hex = crypto.decrypt_hex(aes256, ctr, nopad, var.netacea_encryption_key, var.netacea_captcha_iv, var.netacea_mitata_captcha_cookie_encrypted);\n set var.netacea_mitata_captcha_cookie_base64 = bin.hex_to_base64(var.netacea_mitata_captcha_cookie_hex);\n set var.netacea_mitata_captcha_cookie_value = digest.base64_decode(var.netacea_mitata_captcha_cookie_base64);\n set req.http.Cookie:_mitatacaptcha = var.netacea_mitata_captcha_cookie_value;\n if(var.netacea_mitata_captcha_cookie_sig != digest.hmac_sha256(var.netacea_mitSvc_secret, var.netacea_mitata_captcha_cookie_encrypted)) {\n unset req.http.Cookie:_mitatacaptcha;\n }\n }\n }\n}\nsub cleanup_netacea_variables {\n if (fastly.ff.visits_this_service > 0) {\n return;\n }\n set req.http.netacea_best_mitigation_code = \"000\";\n set req.http.netacea_match = \"0\";\n set req.http.netacea_mitigate = \"0\";\n set req.http.netacea_captcha = \"0\";\n unset req.http.mit_status;\n unset req.http.netacea_bctype_string;\n unset req.http.netacea_best_mitigation;\n unset req.http.netacea_cookies;\n unset req.http.netacea_mitata_captcha_cookie_expiry;\n unset req.http.netacea_mitata_captcha_cookie_value;\n unset req.http.netacea_mitata_must_reauthenticate;\n unset req.http.netacea_require_revalidation;\n unset req.http.netacea_set_cookies;\n unset req.http.X-Netacea-Match;\n unset req.http.X-Netacea-Mitigate;\n unset req.http.X-Netacea-Captcha;\n unset req.http.X-Netacea-Event-ID;\n unset req.http.X-Netacea-Api-Key;\n unset req.http.X-Netacea-Captcha-Status;\n unset req.http.X-Netacea-UserId;\n unset req.http.X-Netacea-Compile-JSON;\n unset req.http.x-netacea;\n}\nsub netacea_check_req {\n if (req.is_purge) {\n return;\n }\n declare local var.netacea_mitSvc_authenticate BOOL;\n declare local var.netacea_mitSvc_apiKey STRING;\n declare local var.netacea_integration_mode STRING;\n declare local var.netacea_use_relative_path_captcha_assets STRING;\n declare local var.captcha_path STRING;\n set req.http.x-netacea:integration_mode = get_netacea_config_integration_mode();\n if (req.http.x-netacea:netacea_check_req_called || fastly.ff.visits_this_service > 0) {\n return;\n }\n set var.netacea_integration_mode = get_netacea_config_integration_mode();\n if (std.strlen(var.netacea_integration_mode) == 0) {\n return;\n }\n set req.http.x-netacea:netacea_check_req_called = \"true\";\n unset req.http.netacea_processed;\n if (is_path_ignored()) {\n return;\n }\n set var.netacea_mitSvc_apiKey = get_netacea_config_api_key();\n set var.netacea_use_relative_path_captcha_assets = get_netacea_config_use_relative_path_captcha_assets();\n set var.captcha_path = get_netacea_captcha_path();\n if (var.netacea_use_relative_path_captcha_assets == \"true\") {\n if (std.prefixof(req.url.path, \"/Mitigations/\") && req.method == \"GET\") {\n if (std.suffixof(req.url.path, \".css\") || std.suffixof(req.url.path, \".js\")) {\n set req.backend = F_CaptchaAssets;\n return(lookup);\n }\n }\n }\n if (var.captcha_path != \"\" && urldecode(req.url.path) == var.captcha_path) {\n set req.backend = F_MitSvc;\n set req.http.x-netacea:mit_svc_start_time = time.elapsed.msec;\n if (req.backend.healthy) {\n set req.http.netacea_origin_method = \"GET\";\n set req.http.netacea_processed = \"1\";\n set req.http.netacea_captcha_path = \"1\";\n set req.http.netacea_origin_host = req.http.host;\n set req.http.netacea_origin_url = req.url;\n set req.url = \"/captcha?\" + req.url.qs;\n set req.http.X-Netacea-Api-Key = var.netacea_mitSvc_apiKey;\n return(lookup);\n }\n }\n if (req.restarts == 0) {\n call set_netacea_ip_header;\n if (var.netacea_integration_mode != \"BYPASS\") {\n set var.netacea_mitSvc_authenticate = true;\n call normalise_netacea_cookie_names;\n call decrypt_netacea_cookies_values;\n call process_netacea_mitata_cookie;\n }\n } else {\n if (req.http.X-Netacea-Compile-JSON == \"requested\") {\n set req.http.netacea_processed = \"1\";\n set req.http.X-Netacea-Compile-JSON = \"processing\";\n error 601;\n }\n if (var.netacea_integration_mode == \"MITIGATE\" && req.http.netacea_best_mitigation == \"block\") {\n error 403;\n }\n }\n if (req.http.Cookie:_mitata && !req.http.netacea_mitata_must_reauthenticate) {\n set var.netacea_mitSvc_authenticate = false;\n set req.http.x-netacea:cookie_session_status = \"2\";\n }\n set req.http.mitigation_user_id = req.http.X-Netacea-UserId;\n set req.http.integration_type = get_netacea_config_integration_type();\n set req.http.integration_version = get_netacea_config_integration_version();\n if (var.netacea_mitSvc_authenticate) {\n set req.http.netacea_set_cookies = \"1\";\n } else {\n if (var.netacea_integration_mode == \"INJECT\" && req.restarts == 0) {\n set req.http.X-Netacea-Match = req.http.netacea_match;\n set req.http.X-Netacea-Mitigate = req.http.netacea_mitigate;\n set req.http.X-Netacea-Captcha = req.http.netacea_captcha;\n }\n }\n if (var.netacea_integration_mode ~ \"(MITIGATE|INJECT)\" && var.netacea_mitSvc_authenticate) {\n set req.backend = F_MitSvc;\n set req.http.x-netacea:mit_svc_start_time = time.elapsed.msec;\n if (req.backend.healthy) {\n unset req.http.netacea_match;\n unset req.http.netacea_mitigate;\n unset req.http.netacea_captcha;\n unset req.http.Cookie:_mitata;\n set req.http.netacea_origin_method = req.method;\n set req.http.netacea_processed = \"1\";\n set req.http.netacea_origin_host = req.http.host;\n set req.http.netacea_origin_url = req.url;\n if (req.url != \"/AtaVerifyCaptcha\") {\n set req.method = \"GET\";\n set req.url = \"/\";\n }\n set req.http.X-Netacea-Api-Key = var.netacea_mitSvc_apiKey;\n return(pass);\n }\n }\n}\n", "type": "init" } ], - "version": 7 + "version": "5.10.1" } diff --git a/etc/shielding/datacenters.json b/etc/shielding/datacenters.json index c06e7c6a..821814f6 100644 --- a/etc/shielding/datacenters.json +++ b/etc/shielding/datacenters.json @@ -28,20 +28,6 @@ }, "shield": "amsterdam-nl" }, - { - "code": "WDC", - "name": "Ashburn", - "group": "United States", - "region": "US-East", - "stats_region": "usa", - "billing_region": "North America", - "coordinates": { - "x": 0, - "y": 0, - "latitude": 39.022, - "longitude": -77.451 - } - }, { "code": "DCA", "name": "Ashburn (Metro)", @@ -71,39 +57,9 @@ }, "shield": "iad-va-us" }, - { - "code": "ATL", - "name": "Atlanta", - "group": "United States", - "region": "US-East", - "stats_region": "usa", - "billing_region": "North America", - "coordinates": { - "x": 0, - "y": 0, - "latitude": 33.636719, - "longitude": -84.428067 - }, - "shield": "atl-ga-us" - }, - { - "code": "FTY", - "name": "Atlanta", - "group": "United States", - "region": "US-East", - "stats_region": "usa", - "billing_region": "North America", - "coordinates": { - "x": 0, - "y": 0, - "latitude": 33.636719, - "longitude": -84.428067 - }, - "shield": "fty-ga-us" - }, { "code": "PDK", - "name": "Atlanta", + "name": "Atlanta (Metro)", "group": "United States", "region": "US-East", "stats_region": "usa", @@ -761,7 +717,7 @@ "shield": "bur-ca-us" }, { - "code": "LGB", + "code": "LAX", "name": "Los Angeles (Metro)", "group": "United States", "region": "US-West", @@ -1055,7 +1011,7 @@ }, { "code": "PAO", - "name": "Palo Alto", + "name": "Palo Alto (Metro)", "group": "United States", "region": "US-West", "stats_region": "usa", @@ -1067,6 +1023,20 @@ "longitude": -122.110783 } }, + { + "code": "CDG", + "name": "Paris (Metro)", + "group": "Europe", + "region": "EU-West", + "stats_region": "europe", + "billing_region": "Europe", + "coordinates": { + "x": 0, + "y": 0, + "latitude": 48.928, + "longitude": 2.352 + } + }, { "code": "PAR", "name": "Paris (Metro)", @@ -1198,20 +1168,6 @@ "longitude": -70.7935 } }, - { - "code": "CGH", - "name": "Sao Paulo", - "group": "South America", - "region": "SA-East", - "stats_region": "southamerica_std", - "billing_region": "South America", - "coordinates": { - "x": 0, - "y": 0, - "latitude": -23.498, - "longitude": -46.815 - } - }, { "code": "GRU", "name": "Sao Paulo (Metro)", diff --git a/etc/vcl_snippets/deliver.vcl b/etc/vcl_snippets/deliver.vcl index d4c4744f..dbfeceb2 100644 --- a/etc/vcl_snippets/deliver.vcl +++ b/etc/vcl_snippets/deliver.vcl @@ -39,7 +39,7 @@ # Add an easy way to see whether custom Fastly VCL has been uploaded if ( req.http.Fastly-Debug ) { - set resp.http.Fastly-Magento-VCL-Uploaded = "1.2.207"; + set resp.http.Fastly-Magento-VCL-Uploaded = "1.2.220"; if (table.lookup(magentomodule_config, "allow_super_users_during_maint", "0") == "1") { set resp.http.Fastly-Magento-Maintenance-Mode = "on"; } diff --git a/etc/vcl_snippets/fetch.vcl b/etc/vcl_snippets/fetch.vcl index 49ef9e5f..0e697261 100644 --- a/etc/vcl_snippets/fetch.vcl +++ b/etc/vcl_snippets/fetch.vcl @@ -52,7 +52,9 @@ if (!beresp.http.Vary ~ "Accept-Encoding") { set beresp.http.Vary:Accept-Encoding = ""; } - if (req.http.Accept-Encoding == "gzip") { + if (req.http.Accept-Encoding == "br") { + set beresp.brotli = true; + } else if (req.http.Accept-Encoding == "gzip") { set beresp.gzip = true; } } diff --git a/etc/vcl_snippets/miss.vcl b/etc/vcl_snippets/miss.vcl index abddc331..11b1a4b7 100644 --- a/etc/vcl_snippets/miss.vcl +++ b/etc/vcl_snippets/miss.vcl @@ -3,4 +3,4 @@ unset bereq.http.Accept-Encoding; # Send VCL version uploaded to the backend - set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.207"; + set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.220"; diff --git a/etc/vcl_snippets/pass.vcl b/etc/vcl_snippets/pass.vcl index 83d9ded5..97c06cab 100644 --- a/etc/vcl_snippets/pass.vcl +++ b/etc/vcl_snippets/pass.vcl @@ -12,4 +12,4 @@ } # Send VCL version uploaded to the backend - set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.207"; + set bereq.http.Fastly-Magento-VCL-Uploaded = "1.2.220"; diff --git a/etc/vcl_snippets/recv.vcl b/etc/vcl_snippets/recv.vcl index dad826df..5aaba2de 100644 --- a/etc/vcl_snippets/recv.vcl +++ b/etc/vcl_snippets/recv.vcl @@ -41,7 +41,7 @@ if (table.lookup(magentomodule_config, "allow_super_users_during_maint", "0") == "1" && !req.http.Fastly-Client-Ip ~ maint_allowlist && !req.url ~ "^/(index\.php/)?####ADMIN_PATH####/" && - !req.url ~ "^/pub/(static|error)/") { + !req.url ~ "^/pub/(static|errors?)/") { # If we end up here after a restart and there is a ResponseObject it means we got here after error # page VCL restart. We shouldn't touch it. Otherwise return a plain 503 error page @@ -106,6 +106,13 @@ set req.http.Https = "on"; } + # Add support for Brotli static compression + if (req.http.Fastly-Orig-Accept-Encoding) { + if (req.http.Fastly-Orig-Accept-Encoding ~ "\bbr\b") { + set req.http.Accept-Encoding = "br"; + } + } + if (fastly.ff.visits_this_service > 0) { # disable ESI processing on Origin Shield set req.esi = false; diff --git a/view/adminhtml/web/js/log-endpoints.js b/view/adminhtml/web/js/log-endpoints.js index 5914c247..d7d93f5e 100644 --- a/view/adminhtml/web/js/log-endpoints.js +++ b/view/adminhtml/web/js/log-endpoints.js @@ -96,14 +96,20 @@ define([ $('#condition_priority').val(''); return getResponseConditions(active_version, loaderVisibility) .done(function (response) { - let html = ''; $('#attach_span').hide(); if (response !== false) { + let conditionElement = document.getElementById('conditions'); conditions = response.conditions; - html += ''; + let option = document.createElement("option"); + option.text = 'no condition'; + option.value = ''; + conditionElement.add(option); $.each(conditions, function (index, condition) { - if (condition.type === "REQUEST") { - html += ''; + if (condition.type === "RESPONSE") { + let option = document.createElement("option"); + option.text = _.escape(condition.name) +' ('+condition.type+') ' + _.escape(condition.statement); + option.value = _.escape(condition.name); + conditionElement.add(option); } }); } @@ -112,7 +118,6 @@ define([ $('#detach').show(); $('#create-response-condition').show(); $('#sep').show(); - $('#conditions').html(html); }) } @@ -336,10 +341,16 @@ define([ } const formElements = document.forms['create-log-endpoint-form'].elements; + // Inputs which should be available only on endpoint creation and shouldn't be used on update, such as API keys + const createLogInputs = ['access_key', 'secret_key', 'token', 'sas_token']; for (const prop in endpoint) { let element = formElements.namedItem(`log_endpoint[${prop}]`); if (element) { - $(element).val(endpoint[prop]); + if (createLogInputs.includes(prop) && endpoint[prop]) { + $(element).remove() + } else { + $(element).val(endpoint[prop]); + } } } } From 3c8965988e057c0282187e5f77cb5441863f3aac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl?= <108686236+MickaelDatadome@users.noreply.github.com> Date: Fri, 8 Nov 2024 18:37:58 +0100 Subject: [PATCH 2/2] updating to DataDome Fastly Module 2.23.0 (#7) --- etc/fastly_edge_modules/datadome_integration.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/fastly_edge_modules/datadome_integration.json b/etc/fastly_edge_modules/datadome_integration.json index 9d1b6d19..2f3a6c59 100644 --- a/etc/fastly_edge_modules/datadome_integration.json +++ b/etc/fastly_edge_modules/datadome_integration.json @@ -68,7 +68,7 @@ "vcl": [ { "priority": 7, - "template": "sub set_origin_header {\n if (req.backend.is_origin) {\n if (req.backend == datadome) {\n # Remove all unexpected headers\n header.filter_except(bereq, \"x-datadome-params\", \"accept-charset\", \"accept-language\", \"x-requested-with\", \"x-fl-productid\", \"x-flapi-session-id\", \"fastly-orig-accept-encoding\", \"cache-control\", \"client-id\", \"connection\", \"pragma\", \"accept\", \"headers-list\", \"host\", \"origin\", \"server-hostname\", \"server-name\", \"x-forwarded-for\", \"user-agent\", \"referer\", \"request\", \"content-type\", \"from\", \"true-client-ip\", \"via\", \"x-real-ip\", \"sec-ch-device-memory\", \"sec-ch-ua\", \"sec-ch-ua-arch\", \"sec-ch-ua-full-version-list\", \"sec-ch-ua-mobile\", \"sec-ch-ua-model\", \"sec-ch-ua-platform\", \"sec-fetch-dest\", \"sec-fetch-mode\", \"sec-fetch-site\", \"sec-fetch-user\");\n set bereq.http.x-datadome-params:key = \"{{datadome_api_key}}\";\n set bereq.http.x-datadome-params:requestmodulename = \"FastlyMagento\";\n set bereq.http.x-datadome-params:moduleversion = \"2.22.0\";\n set bereq.http.x-datadome-params:timerequest = time.start.usec;\n set bereq.http.x-datadome-params:servername = server.identity;\n set bereq.http.x-datadome-params:serverregion = server.region;\n set bereq.http.x-datadome-params:ip = urlencode(client.ip);\n set bereq.http.x-forwarded-proto = urlencode(req.protocol);\n set bereq.http.x-datadome-params:authorizationlen = std.strlen(req.http.authorization);\n # Truncating Headers - Start\n set bereq.http.accept-charset = substr(req.http.accept-charset, 0, 128);\n set bereq.http.accept-language = substr(req.http.accept-language, 0, 256);\n set bereq.http.x-requested-with = substr(req.http.x-requested-with, 0, 128);\n set bereq.http.x-fl-productid = substr(req.http.x-fl-productid, 0, 64);\n set bereq.http.x-flapi-session-id = substr(req.http.x-flapi-session-id, 0, 64);\n set bereq.http.fastly-orig-accept-encoding = substr(req.http.fastly-orig-accept-encoding, 0, 128);\n set bereq.http.cache-control = substr(req.http.cache-control, 0, 128);\n set bereq.http.client-id = substr(req.http.client-id, 0, 128);\n set bereq.http.connection = substr(req.http.connection, 0, 128);\n set bereq.http.pragma = substr(req.http.pragma, 0, 128);\n set bereq.http.accept = substr(req.http.accept, 0, 512);\n set bereq.http.headers-list = substr(req.http.headers-list, 0, 512);\n set bereq.http.host = substr(req.http.host, 0, 512);\n set bereq.http.origin = substr(req.http.origin, 0, 512);\n set bereq.http.server-hostname = substr(req.http.server-hostname, 0, 512);\n set bereq.http.server-name = substr(req.http.server-name, 0, 512);\n if( std.strlen(req.http.x-forwarded-for) \u003e 512 ) {\n # Truncate from the end\n set bereq.http.x-forwarded-for = substr(req.http.x-forwarded-for, -512);\n } else {\n set bereq.http.x-forwarded-for = req.http.x-forwarded-for;\n }\n set bereq.http.user-agent = substr(req.http.user-agent, 0, 768);\n set bereq.http.referer = substr(req.http.referer, 0, 1024);\n set bereq.http.request = substr(req.http.request, 0, 2048);\n set bereq.http.content-type = substr(req.http.content-type, 0, 64);\n set bereq.http.from = substr(req.http.from, 0, 128);\n set bereq.http.true-client-ip = substr(req.http.true-client-ip, 0, 128);\n set bereq.http.via = substr(req.http.via, 0, 256);\n set bereq.http.x-real-ip = substr(req.http.x-real-ip, 0, 128);\n set bereq.http.sec-ch-device-memory = substr(req.http.sec-ch-device-memory, 0, 8);\n set bereq.http.sec-ch-ua = substr(req.http.sec-ch-ua, 0, 128);\n set bereq.http.sec-ch-ua-arch = substr(req.http.sec-ch-ua-arch, 0, 16);\n set bereq.http.sec-ch-ua-full-version-list = substr(req.http.sec-ch-ua-full-version-list, 0, 256);\n set bereq.http.sec-ch-ua-mobile = substr(req.http.sec-ch-ua-mobile, 0, 8);\n set bereq.http.sec-ch-ua-model = substr(req.http.sec-ch-ua-model, 0, 128);\n set bereq.http.sec-ch-ua-platform = substr(req.http.sec-ch-ua-platform, 0, 32);\n set bereq.http.sec-fetch-dest = substr(req.http.sec-fetch-dest, 0, 32);\n set bereq.http.sec-fetch-mode = substr(req.http.sec-fetch-mode, 0, 32);\n set bereq.http.sec-fetch-site = substr(req.http.sec-fetch-site, 0, 64);\n set bereq.http.sec-fetch-user = substr(req.http.sec-fetch-user, 0, 8);\n # Truncating Headers - End\n if (req.http.x-datadome-clientid) {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.x-datadome-clientid, 0, 128));\n set bereq.http.x-datadome-x-set-cookie = \"true\";\n } else {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.cookie:datadome, 0, 128));\n }\n set bereq.http.x-datadome-params:cookieslen = std.strlen(req.http.cookie);\n # enforce gzip encoding between Fastly and DataDome\n set bereq.http.accept-encoding = \"gzip\";\n } else {\n # prevent leak of the key\n unset bereq.http.x-datadome-params;\n }\n }\n}\n\nbackend datadome {\n .host = \"api-fastly.datadome.co\";\n .port = \"8443\";\n .max_tls_version = \"1.3\";\n .min_tls_version = \"1.2\";\n .connect_timeout = {{datadome_connect_timeout}}ms;\n .first_byte_timeout = {{datadome_between_bytes_timeout}}ms;\n .between_bytes_timeout = {{datadome_between_bytes_timeout}}ms;\n .max_connections = 200;\n .ssl = true;\n .dynamic = true;\n .probe = {\n .request = \"HEAD /.well-known/healthcheck-datadome HTTP/1.1\" \"Host: api-fastly.datadome.co\" \"Connection: close\" \"User-Agent: Varnish/fastly (healthcheck)\";\n .expected_response = 200;\n .initial = 5;\n .interval = 2s;\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n }\n}", + "template": "sub set_origin_header {\n if (req.backend.is_origin) {\n if (req.backend == datadome) {\n # Remove all unexpected headers\n header.filter_except(bereq, \"x-datadome-params\", \"accept-charset\", \"accept-language\", \"x-requested-with\", \"x-fl-productid\", \"x-flapi-session-id\", \"fastly-orig-accept-encoding\", \"cache-control\", \"client-id\", \"connection\", \"pragma\", \"accept\", \"headers-list\", \"host\", \"origin\", \"server-hostname\", \"server-name\", \"x-forwarded-for\", \"user-agent\", \"referer\", \"request\", \"content-type\", \"from\", \"true-client-ip\", \"via\", \"x-real-ip\", \"sec-ch-device-memory\", \"sec-ch-ua\", \"sec-ch-ua-arch\", \"sec-ch-ua-full-version-list\", \"sec-ch-ua-mobile\", \"sec-ch-ua-model\", \"sec-ch-ua-platform\", \"sec-fetch-dest\", \"sec-fetch-mode\", \"sec-fetch-site\", \"sec-fetch-user\");\n set bereq.http.x-datadome-params:key = \"{{datadome_api_key}}\";\n set bereq.http.x-datadome-params:requestmodulename = \"FastlyMagento\";\n set bereq.http.x-datadome-params:moduleversion = \"2.23.0\";\n set bereq.http.x-datadome-params:timerequest = time.start.usec;\n set bereq.http.x-datadome-params:servername = server.identity;\n set bereq.http.x-datadome-params:serverregion = server.region;\n set bereq.http.x-datadome-params:ip = urlencode(client.ip);\n set bereq.http.x-forwarded-proto = urlencode(req.protocol);\n set bereq.http.x-datadome-params:authorizationlen = std.strlen(req.http.authorization);\n # Truncating Headers - Start\n set bereq.http.accept-charset = substr(req.http.accept-charset, 0, 128);\n set bereq.http.accept-language = substr(req.http.accept-language, 0, 256);\n set bereq.http.x-requested-with = substr(req.http.x-requested-with, 0, 128);\n set bereq.http.x-fl-productid = substr(req.http.x-fl-productid, 0, 64);\n set bereq.http.x-flapi-session-id = substr(req.http.x-flapi-session-id, 0, 64);\n set bereq.http.fastly-orig-accept-encoding = substr(req.http.fastly-orig-accept-encoding, 0, 128);\n set bereq.http.cache-control = substr(req.http.cache-control, 0, 128);\n set bereq.http.client-id = substr(req.http.client-id, 0, 128);\n set bereq.http.connection = substr(req.http.connection, 0, 128);\n set bereq.http.pragma = substr(req.http.pragma, 0, 128);\n set bereq.http.accept = substr(req.http.accept, 0, 512);\n set bereq.http.headers-list = substr(req.http.headers-list, 0, 512);\n set bereq.http.host = substr(req.http.host, 0, 512);\n set bereq.http.origin = substr(req.http.origin, 0, 512);\n set bereq.http.server-hostname = substr(req.http.server-hostname, 0, 512);\n set bereq.http.server-name = substr(req.http.server-name, 0, 512);\n if( std.strlen(req.http.x-forwarded-for) \u003e 512 ) {\n # Truncate from the end\n set bereq.http.x-forwarded-for = substr(req.http.x-forwarded-for, -512);\n } else {\n set bereq.http.x-forwarded-for = req.http.x-forwarded-for;\n }\n set bereq.http.user-agent = substr(req.http.user-agent, 0, 768);\n set bereq.http.referer = substr(req.http.referer, 0, 1024);\n set bereq.http.request = substr(req.http.request, 0, 2048);\n set bereq.http.content-type = substr(req.http.content-type, 0, 64);\n set bereq.http.from = substr(req.http.from, 0, 128);\n set bereq.http.true-client-ip = substr(req.http.true-client-ip, 0, 128);\n set bereq.http.via = substr(req.http.via, 0, 256);\n set bereq.http.x-real-ip = substr(req.http.x-real-ip, 0, 128);\n set bereq.http.sec-ch-device-memory = substr(req.http.sec-ch-device-memory, 0, 8);\n set bereq.http.sec-ch-ua = substr(req.http.sec-ch-ua, 0, 128);\n set bereq.http.sec-ch-ua-arch = substr(req.http.sec-ch-ua-arch, 0, 16);\n set bereq.http.sec-ch-ua-full-version-list = substr(req.http.sec-ch-ua-full-version-list, 0, 256);\n set bereq.http.sec-ch-ua-mobile = substr(req.http.sec-ch-ua-mobile, 0, 8);\n set bereq.http.sec-ch-ua-model = substr(req.http.sec-ch-ua-model, 0, 128);\n set bereq.http.sec-ch-ua-platform = substr(req.http.sec-ch-ua-platform, 0, 32);\n set bereq.http.sec-fetch-dest = substr(req.http.sec-fetch-dest, 0, 32);\n set bereq.http.sec-fetch-mode = substr(req.http.sec-fetch-mode, 0, 32);\n set bereq.http.sec-fetch-site = substr(req.http.sec-fetch-site, 0, 64);\n set bereq.http.sec-fetch-user = substr(req.http.sec-fetch-user, 0, 8);\n # Truncating Headers - End\n if (req.http.x-datadome-clientid) {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.x-datadome-clientid, 0, 128));\n set bereq.http.x-datadome-x-set-cookie = \"true\";\n } else {\n set bereq.http.x-datadome-params:clientid = urlencode(substr(req.http.cookie:datadome, 0, 128));\n }\n set bereq.http.x-datadome-params:cookieslen = std.strlen(req.http.cookie);\n # enforce gzip encoding between Fastly and DataDome\n set bereq.http.accept-encoding = \"gzip\";\n # disable ng-waf inspection on DataDome requests\n set bereq.http.x-sigsci-no-inspection = \"true\";\n } else {\n # prevent leak of the key\n unset bereq.http.x-datadome-params;\n }\n }\n}\n\nbackend datadome {\n .host = \"api-fastly.datadome.co\";\n .port = \"8443\";\n .max_tls_version = \"1.3\";\n .min_tls_version = \"1.2\";\n .connect_timeout = {{datadome_connect_timeout}}ms;\n .first_byte_timeout = {{datadome_between_bytes_timeout}}ms;\n .between_bytes_timeout = {{datadome_between_bytes_timeout}}ms;\n .max_connections = 200;\n .ssl = true;\n .dynamic = true;\n .probe = {\n .request = \"HEAD /.well-known/healthcheck-datadome HTTP/1.1\" \"Host: api-fastly.datadome.co\" \"Connection: close\" \"User-Agent: Varnish/fastly (healthcheck)\";\n .expected_response = 200;\n .initial = 5;\n .interval = 2s;\n .threshold = 1;\n .timeout = 2s;\n .window = 5;\n }\n}", "type": "init" }, { @@ -102,5 +102,5 @@ "type": "pass" } ], - "version": "2.22.0" + "version": "2.23.0" }