Modules Reference
Learn about the pre-packaged modules that you can deploy on CloudFlow.
BigCommerce Cache
Name | Version | Image |
---|---|---|
bigcommercecache | 2.0.0 | bigcommercecache:2.0.0 |
bigcommercecache | 1.2.0 | bigcommercecache:1.2.0 |
bigcommercecache | 1.1.0 | bigcommercecache:1.1.0 |
bigcommercecache.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
static_caching | bool | true | Yes | Whether to enable the static caching feature. |
enforce_https | bool | true | Yes | Redirect all HTTP requests to HTTPS. |
optimizer_settings | obj | {"enabled":false,"strategy":"whitelist","paths":["/"],"development_ips":[]} | Yes | Settings for the BigCommerce Optimizer. |
optimizer_settings > enabled | bool | false | Yes | Enable or disable the BigCommerce Optimizer |
optimizer_settings > strategy | whitelist or blacklist string | whitelist | No | Strategy for the page paths used by the BigCommerce Optimizer. |
optimizer_settings > paths | string[] | ["/"] | Yes | Page paths included or excluded by the BigCommerce Optimizer based on the strategy . |
optimizer_settings > development_ips | string[] | [] | No | IP address(es) that bypass the BigCommerce Optimizer. |
bigcommercecache.json
Example
bigcommercecache.json
{
"static_caching": true,
"enforce_https": true,
"optimizer_settings": {
"enabled": false,
"strategy": "whitelist",
"paths": ["/"],
"development_ips": []
}
}
BigCommerce Optimizer
Name | Version | Image |
---|---|---|
bigcommerceoptimizer | 2.0.0 | bigcommerceoptimizer:2.0.0 |
bigcommerceoptimizer | 1.2.0 | bigcommerceoptimizer:1.2.0 |
bigcommerceoptimizer.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
enabled | bool | true | Yes | Enable or disable the BigCommerce Optimizer. |
holepunch_tag | string | "</title>" | No | HTML tag to hole punch for the BigCommerce Optimizer streaming feature. |
bigcommerceoptimizer.json
Example
bigcommerceoptimizer.json
{
"enabled": true,
"holepunch_tag": "</title>"
}
Consistent Hash
Name | Version | Image |
---|---|---|
consistenthash | 1.1.1 | consistenthash:1.1.1 |
ModSecurity
Name | Version | Image |
---|---|---|
modsecurity | 3.0.4 | modsecurity:3.0.4 |
modsecurity | 2.7.7 | modsecurity:2.7.7 |
Node.js
Name | Version | Image |
---|---|---|
nodejs | latest | nodejs:latest |
nodejs | 16.13.1 | nodejs:16.13.1 |
nodejs | 14.10.0 | nodejs:14.10.0 |
nodejs | 10.11.0 | nodejs:10.11.0 |
OpenResty
Name | Version | Image |
---|---|---|
openresty | latest | openresty:latest |
openresty | 1.25.3.1 | openresty:1.25.3.1 |
openresty | 1.21.4.1 | openresty:1.21.4.1 |
openresty | 1.19.3.1 | openresty:1.19.3.1 |
openresty | 1.15.8.2 | openresty:1.15.8.2 |
openresty | 1.15.8.2.ch | openresty:1.15.8.2.ch |
openresty | 1.15.8.2.iplb | openresty:1.15.8.2.iplb |
openresty | 1.13.6.1 | openresty:1.13.6.1 |
Optidash
Name | Version | Image |
---|---|---|
optidash | latest | optidash:latest |
optidash | 2.0 | optidash:2.0 |
optidash | 1.1 | optidash:1.1 |
optidash | 1.0 | optidash:1.0 |
optidash.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
api_key | string | "" | Yes | Optidash API key. |
lossless | bool | true | Yes | Whether to enable lossless compression. |
enabled | bool | true | Yes | Whether to enable Optidash. |
ttl | int | 31622400 | No | Value for the max-age directive. |
cache_version | string | v1 | Yes | Whether to enable Cloudinary. |
s3 | obj | {"key":"","secret":"","region":"","bucket":""} | Yes | Values for the storage bucket (provided by CloudFlow). |
s3 > key | string | "" | Yes | -- |
s3 > secret | string | "" | Yes | -- |
s3 > region | string | "" | Yes | -- |
s3 > bucket | string | "" | Yes | -- |
optidash.json
Example
optidash.json
{
"api_key": "",
"lossless": true,
"enabled": true,
"ttl": 31622400,
"cache_version": "v1",
"s3": {
"key": "",
"secret": "",
"region": "",
"bucket": ""
}
}
PerimeterX
Name | Version | Image |
---|---|---|
perimeterx | latest | perimeterx:latest |
perimeterx | 0.15.3 | perimeterx:0.15.3 |
perimeterx | 0.14.7 | perimeterx:0.14.7 |
perimeterx | 0.10.1 | perimeterx:0.10.1 |
section-nginx.conf
Reference
Variable | Value | Default | Required | Description |
---|---|---|---|---|
px_enabled | bool | true | Yes | Whether to enable PerimeterX. |
px_debug | bool | false | Yes | Whether to enable debug mode. |
px_appId | string | "" | Yes | PerimeterX application ID. |
px_cookie_secret | string | "" | No | PerimeterX policy risk cookie. |
px_auth_token | string | "" | Yes | PerimeterX application authentication token. |
px_block_enabled | bool | true | Yes | Whether to enable block mode. |
px_ip_headers | string | True-Client-IP | Yes | Request header that contains the client IP address. |
section-nginx.conf
Example
section-nginx.conf
px_enabled true;
px_debug false;
px_appId "";
px_cookie_secret "";
px_auth_token "";
px_block_enabled true;
px_ip_headers "True-Client-IP";
QuantWAF
Name | Version | Image |
---|---|---|
quantwaf | 1.7.1 | quantwaf:1.7.1 |
quantwaf | 0.7.0 | quantwaf:0.7.0 |
config.json
Reference
Variable | Value | Default | Required | Description |
---|---|---|---|---|
notify_slack | string | "" | Yes | This should be in the format: https://hooks.slack.com/services/X/Y/Z . Only one alert is sent per URL per 60 seconds. |
allow_ip | string[] | [] | Yes | This can be provided to always allow certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes). |
block_ip | string[] | [] | Yes | This can be provided to always block certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes). |
block_ua | string[] | [] | Yes | This can be used to block user agents. These are case insensitive and support the wildcard (*) character. |
allow_rules | string[] | [] | Yes | This may be used to bypass certain WAF rules. The rule ID is displayed in both the Dashboard WAF logs as well as in Slack notifications. Note: These need to be strings not integers (e.g wrap in double quotes). |
block_country | string[] | [] | Yes | This accepts an array of ISO 3166 2 character country codes. |
paranoia_level | int | 1 | Yes | This should be an integer between 1 and 4 (recommend 1). |
mode | string | report | Yes | This should be either "disabled", "report", or "block". Report mode will still capture WAF hits in the WAF logs, slack, and return in the response headers. Disabled will not route requests through the WAF. |
log_level | string | standard | Yes | This should either be "standard", "verbose" or "none". Recommend "standard" (provided log shipping is enabled). |
httpbl | object | - | Yes | This may optionally be enabled with a key provided from Project Honeypot. |
config.json
Example
config.json
{
"notify_slack": "",
"allow_ip": [],
"block_ip": [],
"block_ua": [],
"allow_rules": [],
"block_country": [],
"paranoia_level": 1,
"mode": "report",
"log_level": "standard",
"httpbl": {
"httpbl_enabled": false,
"httpbl_key": "",
"block_suspicious": false,
"block_harvester": true,
"block_spam": true,
"block_search_engine": false
}
}
Radware Bot Manager
Name | Version | Image |
---|---|---|
radwarebotmanager | 5.3.4 | radwarebotmanager:5.3.4 |
shieldsquare.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
key | string | "" | Yes | Radware Bot Manager API key. |
enabled | bool | true | Yes | Whether to enable Radware Bot Manager. |
deployment_number | string | "" | Yes | The deployment number used to get the configuration from Radware. |
support_email | string | "" | Yes | Email address used for Radware Bot Manager alerts. |
shieldsquare.json
Example
shieldsquare.json
{
"key": "",
"enabled": true,
"deployment_number": "",
"support_email": "",
}
Signal Sciences
Name | Version | Image |
---|---|---|
sigsci | latest | sigsci:latest |
sigsci | 4.58.2.0 | sigsci:4.58.2.0 |
sigsci | 4.56.0.0 | sigsci:4.56.0.0 |
sigsci | 4.55.0.0 | sigsci:4.55.0.0 |
sigsci | 4.54.0.0 | sigsci:4.54.0.0 |
sigsci | 4.53.0.0 | sigsci:4.53.0.0 |
sigsci | 4.51.0.0 | sigsci:4.51.0.0 |
sigsci | 4.49.1.0 | sigsci:4.49.1.0 |
sigsci | 4.49.0.0 | sigsci:4.49.0.0 |
sigsci | 4.47.0.0 | sigsci:4.47.0.0 |
sigsci | 4.46.0.0 | sigsci:4.46.0.0 |
proxy-features.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
environment_variables | string[] | ["SIGSCI_ACCESSKEYID=", "SIGSCI_SECRETACCESSKEY="] | Yes | Signal Sciences environment variables. |
proxy-features.json
Example
proxy-features.json
{
"environment_variables": [
"SIGSCI_ACCESSKEYID=",
"SIGSCI_SECRETACCESSKEY="
]
}
SiteSpect
Name | Version | Image |
---|---|---|
sitespect | latest | sitespect:latest |
sitespect | 10.46.0.0 | sitespect:10.46.0.0 |
sitespect | 10.33.0.0 | sitespect:10.33.0.0 |
sitespect | 10.14.1.0 | sitespect:10.14.1.0 |
sitespect | 9.16.0.1 | sitespect:9.16.0.1 |
ThreatX
Name | Version | Image |
---|---|---|
threatx | latest | threatx:latest |
threatx | 3.20.0 | threatx:3.20.0 |
threatx | 3.18.1 | threatx:3.18.1 |
threatx | 3.15.1 | threatx:3.15.1 |
threatx | 3.6.4 | threatx:3.6.4 |
Varnish Cache
Name | Version | Image |
---|---|---|
varnish | 7.5.0 | varnish:7.5.0 |
varnish | 7.3.0 | varnish:7.3.0 |
varnish | 7.2.1 | varnish:7.2.1 |
varnish | 7.0.3 | varnish:7.0.3 |
varnish | 7.0.2 | varnish:7.0.2 |
varnish | 6.6.2 | varnish:6.6.2 |
varnish | 6.3.1 | varnish:6.3.1 |
varnish | 6.2.1 | varnish:6.2.1 |
varnish | 6.1.1 | varnish:6.1.1 |
varnish | 6.0.1 | varnish:6.0.1 |
varnish | 6.0.0 | varnish:6.0.0 |
varnish | 5.2.1 | varnish:5.2.1 |
varnish | 5.1.3 | varnish:5.1.3 |
varnish | 5.1.2 | varnish:5.1.2 |
varnish | 4.1.10 | varnish:4.1.10 |
varnish | 4.1.9 | varnish:4.1.9 |
varnish | 4.1.8 | varnish:4.1.8 |
varnish | 4.0.3 | varnish:4.0.3 |
varnish | 3.0.5 | varnish:3.0.5 |
proxy-features.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
parameter/pipe_timeout | int | 125 | No | Idle timeout for PIPE sessions. |
parameter/http_max_hdr | int | 128 | No | Maximum number of HTTP header lines allowed in {req\|resp\|bereq\|beresp}.http . |
statics-enable-caching | string | "" | No | The amount of time Varnish Cache should cache your static assets for. |
statics-remove-querystring | bool | true | No | Whether query strings should be stripped. This means assets will be cached as the same object even if the query string differs, which can increase your cache hit rate. |
statics-set-browser-cache | string | "" | No | The amount of time the browser should cache your static assets for. Use Varnish Cache duration units, which are ms , s , m , h , d , w , and y (e.g. 30d ). |
html-caching | bool | false | No | Whether to enable HTML caching. |
html-caching-url-regex | string | "" | No | Regular expression for URLs that should not be cached. html-caching must be enabled. |
html-caching-cookie-regex | string | "" | No | Regular expression for HTTP cookies that should not be cached. |
html-caching-cache-ttl | string | "" | No | The amount of time Varnish Cache should cache your HTML documents for. Use Varnish Cache duration units, which are ms , s , m , h , d , w , and y (e.g. 30d ). |
html-caching-grace-ttl | string | "" | No | The amount of time Varnish Cache should deliver a stale cached HTML document when an error is received from the origin. Use Varnish Cache duration units, which are ms , s , m , h , d , w , and y (e.g. 30d ). |
proxy-features.json
Example
proxy-features.json
{
"parameter/pipe_timeout": 125,
"parameter/http_max_hdr": 128,
"statics-enable-caching": "",
"statics-remove-querystring": true,
"statics-set-browser-cache": "",
"html-caching": false,
"html-caching-url-regex": "",
"html-caching-cookie-regex": "",
"html-caching-cache-ttl": "",
"html-caching-grace-ttl": ""
}
Virtual Waiting Room
Name | Version | Image |
---|---|---|
virtualwaitingroom | latest | virtualwaitingroom:latest |
virtualwaitingroom | 1.0.0 | virtualwaitingroom:1.0.0 |
virtualwaitingroom.json
Reference
Key | Value | Default | Required | Description |
---|---|---|---|---|
api_key | string | "" | Yes | Virtual Waiting Room API key. |
threshold | 1 -100000 int | 3000 | Yes | Maximum number of allowed concurrent visitors. |
enabled | bool | true | Yes | Whether to enable Virtual Waiting Room. |
section_visitors_version | string | "" | Yes | Versioning for the HTTP cookie. |
hostname | string | "" | Yes | Hostname for the current application. |
strategy | random or fifo string | random | No | Queuing strategy for the Virtual Waiting Room. |
upstream_response_timeout_seconds | 1 -600 int or bool | false | No | Number of seconds to keep the upstream connection open in case of a slow response. False to disable. |
fifo_settings | obj | {"cookie_secret":"","secretUrl":"", "queueTTL":180,"accessCookieTTL":3600, "accessCookieValue":"access", "checkQueueLength":10} | No | First in first out strategy settings. Requires strategy to be set as fifo . |
fifo_settings > cookie_secret | string | "" | No | Secret value to verify the HTTP cookie. |
fifo_settings > secretUrl | string | "" | No | Secret URL to set access HTTP cookie. |
fifo_settings > queueTTL | 30 -3600 int | 180 | No | Number of seconds a session ID is kept in the queue. |
fifo_settings > accessCookieTTL | 30 -31536000 int | 3600 | No | Number of seconds before an access HTTP cookie expires. |
fifo_settings > accessCookieValue | string | access | No | Secret value that is used in the access HTTP cookie to allow requests past queuing. |
fifo_settings > checkQueueLength | 1 -1000 int | 10 | No | How many sessions to check at the front of the queue to allow access. |
virtualwaitingroom.json
Example
virtualwaitingroom.json
{
"api_key": "",
"threshold": 3000,
"enabled": true,
"section_visitors_version": "",
"hostname": "",
"strategy": "fifo",
"upstream_response_timeout_seconds": false,
"fifo_settings": {
"cookie_secret": "",
"secretUrl": "",
"queueTTL": 180,
"accessCookieTTL": 3600,
"accessCookieValue": "",
"checkQueueLength": 10
}
}
Wallarm
Name | Version | Image |
---|---|---|
wallarm | 4.10.9.1 | wallarm:4.10.9.1 |
wallarm | 4.10.6.1 | wallarm:4.10.6.1 |
wallarm | 4.10.4.1 | wallarm:4.10.4.1 |
wallarm | 4.10.2.1 | wallarm:4.10.2.1 |
wallarm | 4.10.1.1 | wallarm:4.10.1.1 |
wallarm | 4.8.0.1 | wallarm:4.8.0.1 |
wallarm | 4.6.0.1 | wallarm:4.6.0.1 |
wallarm | 4.4.0.1 | wallarm:4.4.0.1 |
wallarm | 4.2.0 | wallarm:4.2.0 |
wallarm | 4.0.1.1 | wallarm:4.0.1.1 |
wallarm | 3.6.0.1 | wallarm:3.6.0.1 |
wallarm | 3.2.0.1 | wallarm:3.2.0.1 |