Skip to main content
Git Interface

Modules Reference

Learn about the pre-packaged modules that you can deploy on CloudFlow.

BigCommerce Cache

NameVersionImage
bigcommercecache2.0.0bigcommercecache:2.0.0
bigcommercecache1.2.0bigcommercecache:1.2.0
bigcommercecache1.1.0bigcommercecache:1.1.0

bigcommercecache.json Reference

KeyValueDefaultRequiredDescription
static_cachingbooltrueYesWhether to enable the static caching feature.
enforce_httpsbooltrueYesRedirect all HTTP requests to HTTPS.
optimizer_settingsobj{"enabled":false,"strategy":"whitelist","paths":["/"],"development_ips":[]}YesSettings for the BigCommerce Optimizer.
optimizer_settings > enabledboolfalseYesEnable or disable the BigCommerce Optimizer
optimizer_settings > strategywhitelist or blacklist
string
whitelistNoStrategy for the page paths used by the BigCommerce Optimizer.
optimizer_settings > pathsstring[]["/"]YesPage paths included or excluded by the BigCommerce Optimizer based on the strategy.
optimizer_settings > development_ipsstring[][]NoIP address(es) that bypass the BigCommerce Optimizer.

bigcommercecache.json Example

bigcommercecache.json
{
"static_caching": true,
"enforce_https": true,
"optimizer_settings": {
"enabled": false,
"strategy": "whitelist",
"paths": ["/"],
"development_ips": []
}
}

BigCommerce Optimizer

NameVersionImage
bigcommerceoptimizer2.0.0bigcommerceoptimizer:2.0.0
bigcommerceoptimizer1.2.0bigcommerceoptimizer:1.2.0

bigcommerceoptimizer.json Reference

KeyValueDefaultRequiredDescription
enabledbooltrueYesEnable or disable the BigCommerce Optimizer.
holepunch_tagstring"</title>"NoHTML tag to hole punch for the BigCommerce Optimizer streaming feature.

bigcommerceoptimizer.json Example

bigcommerceoptimizer.json
{
"enabled": true,
"holepunch_tag": "</title>"
}

Consistent Hash

NameVersionImage
consistenthash1.0.0consistenthash:1.0.0

ModSecurity

NameVersionImage
modsecurity3.0.4modsecurity:3.0.4
modsecurity2.7.7modsecurity:2.7.7

Node.js

NameVersionImage
nodejslatestnodejs:latest
nodejs16.13.1nodejs:16.13.1
nodejs14.10.0nodejs:14.10.0
nodejs10.11.0nodejs:10.11.0

OpenResty

NameVersionImage
openrestylatestopenresty:latest
openresty1.25.3.1openresty:1.25.3.1
openresty1.21.4.1openresty:1.21.4.1
openresty1.19.3.1openresty:1.19.3.1
openresty1.15.8.2openresty:1.15.8.2
openresty1.15.8.2.chopenresty:1.15.8.2.ch
openresty1.15.8.2.iplbopenresty:1.15.8.2.iplb
openresty1.13.6.1openresty:1.13.6.1

Optidash

NameVersionImage
optidashlatestoptidash:latest
optidash2.0optidash:2.0
optidash1.1optidash:1.1
optidash1.0optidash:1.0

optidash.json Reference

KeyValueDefaultRequiredDescription
api_keystring""YesOptidash API key.
losslessbooltrueYesWhether to enable lossless compression.
enabledbooltrueYesWhether to enable Optidash.
ttlint31622400NoValue for the max-age directive.
cache_versionstringv1YesWhether to enable Cloudinary.
s3obj{"key":"","secret":"","region":"","bucket":""}YesValues for the storage bucket (provided by CloudFlow).
s3 > keystring""Yes--
s3 > secretstring""Yes--
s3 > regionstring""Yes--
s3 > bucketstring""Yes--

optidash.json Example

optidash.json
{
"api_key": "",
"lossless": true,
"enabled": true,
"ttl": 31622400,
"cache_version": "v1",
"s3": {
"key": "",
"secret": "",
"region": "",
"bucket": ""
}
}

PerimeterX

NameVersionImage
perimeterxlatestperimeterx:latest
perimeterx0.14.7perimeterx:0.14.7
perimeterx0.10.1perimeterx:0.10.1

section-nginx.conf Reference

VariableValueDefaultRequiredDescription
px_enabledbooltrueYesWhether to enable PerimeterX.
px_debugboolfalseYesWhether to enable debug mode.
px_appIdstring""YesPerimeterX application ID.
px_cookie_secretstring""NoPerimeterX policy risk cookie.
px_auth_tokenstring""YesPerimeterX application authentication token.
px_block_enabledbooltrueYesWhether to enable block mode.
px_ip_headersstringTrue-Client-IPYesRequest header that contains the client IP address.

section-nginx.conf Example

section-nginx.conf
px_enabled       true;
px_debug false;
px_appId "";
px_cookie_secret "";
px_auth_token "";
px_block_enabled true;
px_ip_headers "True-Client-IP";

QuantWAF

NameVersionImage
quantwaf1.7.1quantwaf:1.7.1
quantwaf0.7.0quantwaf:0.7.0

config.json Reference

VariableValueDefaultRequiredDescription
notify_slackstring""YesThis should be in the format: https://hooks.slack.com/services/X/Y/Z. Only one alert is sent per URL per 60 seconds.
allow_ipstring[][]YesThis can be provided to always allow certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes).
block_ipstring[][]YesThis can be provided to always block certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes).
block_uastring[][]YesThis can be used to block user agents. These are case insensitive and support the wildcard (*) character.
allow_rulesstring[][]YesThis may be used to bypass certain WAF rules. The rule ID is displayed in both the Dashboard WAF logs as well as in Slack notifications. Note: These need to be strings not integers (e.g wrap in double quotes).
block_countrystring[][]YesThis accepts an array of ISO 3166 2 character country codes.
paranoia_levelint1YesThis should be an integer between 1 and 4 (recommend 1).
modestringreportYesThis should be either "disabled", "report", or "block". Report mode will still capture WAF hits in the WAF logs, slack, and return in the response headers. Disabled will not route requests through the WAF.
log_levelstringstandardYesThis should either be "standard", "verbose" or "none". Recommend "standard" (provided log shipping is enabled).
httpblobject-YesThis may optionally be enabled with a key provided from Project Honeypot.

config.json Example

config.json
{
"notify_slack": "",
"allow_ip": [],
"block_ip": [],
"block_ua": [],
"allow_rules": [],
"block_country": [],
"paranoia_level": 1,
"mode": "report",
"log_level": "standard",
"httpbl": {
"httpbl_enabled": false,
"httpbl_key": "",
"block_suspicious": false,
"block_harvester": true,
"block_spam": true,
"block_search_engine": false
}
}

Radware Bot Manager

NameVersionImage
radwarebotmanager5.3.4radwarebotmanager:5.3.4

shieldsquare.json Reference

KeyValueDefaultRequiredDescription
keystring""YesRadware Bot Manager API key.
enabledbooltrueYesWhether to enable Radware Bot Manager.
deployment_numberstring""YesThe deployment number used to get the configuration from Radware.
support_emailstring""YesEmail address used for Radware Bot Manager alerts.

shieldsquare.json Example

shieldsquare.json
{
"key": "",
"enabled": true,
"deployment_number": "",
"support_email": "",
}

Signal Sciences

NameVersionImage
sigscilatestsigsci:latest
sigsci4.51.0.0sigsci:4.51.0.0
sigsci4.49.1.0sigsci:4.49.1.0
sigsci4.49.0.0sigsci:4.49.0.0
sigsci4.47.0.0sigsci:4.47.0.0
sigsci4.46.0.0sigsci:4.46.0.0

proxy-features.json Reference

KeyValueDefaultRequiredDescription
environment_variablesstring[]["SIGSCI_ACCESSKEYID=", "SIGSCI_SECRETACCESSKEY="]YesSignal Sciences environment variables.

proxy-features.json Example

proxy-features.json
{
"environment_variables": [
"SIGSCI_ACCESSKEYID=",
"SIGSCI_SECRETACCESSKEY="
]
}

SiteSpect

NameVersionImage
sitespectlatestsitespect:latest
sitespect10.33.0.0sitespect:10.33.0.0
sitespect10.14.1.0sitespect:10.14.1.0
sitespect9.16.0.1sitespect:9.16.0.1

ThreatX

NameVersionImage
threatxlatestthreatx:latest
threatx3.20.0threatx:3.20.0
threatx3.18.1threatx:3.18.1
threatx3.15.1threatx:3.15.1
threatx3.6.4threatx:3.6.4

Varnish Cache

NameVersionImage
varnish7.3.0varnish:7.3.0
varnish7.2.1varnish:7.2.1
varnish7.0.3varnish:7.0.3
varnish7.0.2varnish:7.0.2
varnish6.6.2varnish:6.6.2
varnish6.3.1varnish:6.3.1
varnish6.2.1varnish:6.2.1
varnish6.1.1varnish:6.1.1
varnish6.0.1varnish:6.0.1
varnish6.0.0varnish:6.0.0
varnish5.2.1varnish:5.2.1
varnish5.1.3varnish:5.1.3
varnish5.1.2varnish:5.1.2
varnish4.1.10varnish:4.1.10
varnish4.1.9varnish:4.1.9
varnish4.1.8varnish:4.1.8
varnish4.0.3varnish:4.0.3
varnish3.0.5varnish:3.0.5

proxy-features.json Reference

KeyValueDefaultRequiredDescription
parameter/pipe_timeoutint125NoIdle timeout for PIPE sessions.
parameter/http_max_hdrint128NoMaximum number of HTTP header lines allowed in {req\|resp\|bereq\|beresp}.http.
statics-enable-cachingstring""NoThe amount of time Varnish Cache should cache your static assets for.
statics-remove-querystringbooltrueNoWhether query strings should be stripped. This means assets will be cached as the same object even if the query string differs, which can increase your cache hit rate.
statics-set-browser-cachestring""NoThe amount of time the browser should cache your static assets for. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d).
html-cachingboolfalseNoWhether to enable HTML caching.
html-caching-url-regexstring""NoRegular expression for URLs that should not be cached. html-caching must be enabled.
html-caching-cookie-regexstring""NoRegular expression for HTTP cookies that should not be cached.
html-caching-cache-ttlstring""NoThe amount of time Varnish Cache should cache your HTML documents for. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d).
html-caching-grace-ttlstring""NoThe amount of time Varnish Cache should deliver a stale cached HTML document when an error is received from the origin. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d).

proxy-features.json Example

proxy-features.json
{
"parameter/pipe_timeout": 125,
"parameter/http_max_hdr": 128,
"statics-enable-caching": "",
"statics-remove-querystring": true,
"statics-set-browser-cache": "",
"html-caching": false,
"html-caching-url-regex": "",
"html-caching-cookie-regex": "",
"html-caching-cache-ttl": "",
"html-caching-grace-ttl": ""
}

Virtual Waiting Room

NameVersionImage
virtualwaitingroomlatestvirtualwaitingroom:latest
virtualwaitingroom1.0.0virtualwaitingroom:1.0.0

virtualwaitingroom.json Reference

KeyValueDefaultRequiredDescription
api_keystring""YesVirtual Waiting Room API key.
threshold1-100000
int
3000YesMaximum number of allowed concurrent visitors.
enabledbooltrueYesWhether to enable Virtual Waiting Room.
section_visitors_versionstring""YesVersioning for the HTTP cookie.
hostnamestring""YesHostname for the current application.
strategyrandom or fifo
string
randomNoQueuing strategy for the Virtual Waiting Room.
upstream_response_timeout_seconds1-600
int or bool
falseNoNumber of seconds to keep the upstream connection open in case of a slow response. False to disable.
fifo_settingsobj{"cookie_secret":"","secretUrl":"", "queueTTL":180,"accessCookieTTL":3600, "accessCookieValue":"access", "checkQueueLength":10}NoFirst in first out strategy settings. Requires strategy to be set as fifo.
fifo_settings > cookie_secretstring""NoSecret value to verify the HTTP cookie.
fifo_settings > secretUrlstring""NoSecret URL to set access HTTP cookie.
fifo_settings > queueTTL30-3600
int
180NoNumber of seconds a session ID is kept in the queue.
fifo_settings > accessCookieTTL30-31536000
int
3600NoNumber of seconds before an access HTTP cookie expires.
fifo_settings > accessCookieValuestringaccessNoSecret value that is used in the access HTTP cookie to allow requests past queuing.
fifo_settings > checkQueueLength1-1000
int
10NoHow many sessions to check at the front of the queue to allow access.

virtualwaitingroom.json Example

virtualwaitingroom.json
{
"api_key": "",
"threshold": 3000,
"enabled": true,
"section_visitors_version": "",
"hostname": "",
"strategy": "fifo",
"upstream_response_timeout_seconds": false,
"fifo_settings": {
"cookie_secret": "",
"secretUrl": "",
"queueTTL": 180,
"accessCookieTTL": 3600,
"accessCookieValue": "",
"checkQueueLength": 10
}
}

Wallarm

NameVersionImage
wallarm4.10.2.1wallarm:4.10.2.1
wallarm4.10.1.1wallarm:4.10.1.1
wallarm4.8.0.1wallarm:4.8.0.1
wallarm4.6.0.1wallarm:4.6.0.1
wallarm4.4.0.1wallarm:4.4.0.1
wallarm4.2.0wallarm:4.2.0
wallarm4.0.1.1wallarm:4.0.1.1
wallarm3.6.0.1wallarm:3.6.0.1
wallarm3.2.0.1wallarm:3.2.0.1