Modules Reference
Learn about the pre-packaged modules that you can deploy on CloudFlow.
BigCommerce Cache
| Name | Version | Image |
|---|---|---|
| bigcommercecache | 2.0.0 | bigcommercecache:2.0.0 |
bigcommercecache.json Reference
| Key | Value | Default | Required | Description |
|---|---|---|---|---|
static_caching | bool | true | Yes | Whether to enable the static caching feature. |
enforce_https | bool | true | Yes | Redirect all HTTP requests to HTTPS. |
optimizer_settings | obj | {"enabled":false,"strategy":"whitelist","paths":["/"],"development_ips":[]} | Yes | Settings for the BigCommerce Optimizer. |
optimizer_settings > enabled | bool | false | Yes | Enable or disable the BigCommerce Optimizer |
optimizer_settings > strategy | whitelist or blackliststring | whitelist | No | Strategy for the page paths used by the BigCommerce Optimizer. |
optimizer_settings > paths | string[] | ["/"] | Yes | Page paths included or excluded by the BigCommerce Optimizer based on the strategy. |
optimizer_settings > development_ips | string[] | [] | No | IP address(es) that bypass the BigCommerce Optimizer. |
bigcommercecache.json Example
bigcommercecache.json
{
"static_caching": true,
"enforce_https": true,
"optimizer_settings": {
"enabled": false,
"strategy": "whitelist",
"paths": ["/"],
"development_ips": []
}
}
BigCommerce Optimizer
| Name | Version | Image |
|---|---|---|
| bigcommerceoptimizer | 2.0.0 | bigcommerceoptimizer:2.0.0 |
bigcommerceoptimizer.json Reference
| Key | Value | Default | Required | Description |
|---|---|---|---|---|
enabled | bool | true | Yes | Enable or disable the BigCommerce Optimizer. |
holepunch_tag | string | "</title>" | No | HTML tag to hole punch for the BigCommerce Optimizer streaming feature. |
bigcommerceoptimizer.json Example
bigcommerceoptimizer.json
{
"enabled": true,
"holepunch_tag": "</title>"
}
Consistent Hash
| Name | Version | Image |
|---|---|---|
| consistenthash | 1.1.1 | consistenthash:1.1.1 |
ModSecurity
| Name | Version | Image |
|---|---|---|
| modsecurity | 3.0.4 | modsecurity:3.0.4 |
| modsecurity | 2.7.7 | modsecurity:2.7.7 |
OpenResty
| Name | Version | Image |
|---|---|---|
| openresty | latest | openresty:latest |
| openresty | 1.27.1.2 | openresty:1.27.1.2 |
| openresty | 1.25.3.1 | openresty:1.25.3.1 |
| openresty | 1.21.4.1 | openresty:1.21.4.1 |
| openresty | 1.19.9.1.http | openresty:1.19.9.1.http |
| openresty | 1.19.3.1 | openresty:1.19.3.1 |
| openresty | 1.15.8.2 | openresty:1.15.8.2 |
| openresty | 1.15.8.2.iplb | openresty:1.15.8.2.iplb |
| openresty | 1.13.6.1 | openresty:1.13.6.1 |
Optidash
| Name | Version | Image |
|---|---|---|
| optidash | latest | optidash:latest |
| optidash | 2.0 | optidash:2.0 |
| optidash | 1.1 | optidash:1.1 |
optidash.json Reference
| Key | Value | Default | Required | Description |
|---|---|---|---|---|
api_key | string | "" | Yes | Optidash API key. |
lossless | bool | true | Yes | Whether to enable lossless compression. |
enabled | bool | true | Yes | Whether to enable Optidash. |
ttl | int | 31622400 | No | Value for the max-age directive. |
cache_version | string | v1 | Yes | Whether to enable Cloudinary. |
s3 | obj | {"key":"","secret":"","region":"","bucket":""} | Yes | Values for the storage bucket (provided by CloudFlow). |
s3 > key | string | "" | Yes | -- |
s3 > secret | string | "" | Yes | -- |
s3 > region | string | "" | Yes | -- |
s3 > bucket | string | "" | Yes | -- |
optidash.json Example
optidash.json
{
"api_key": "",
"lossless": true,
"enabled": true,
"ttl": 31622400,
"cache_version": "v1",
"s3": {
"key": "",
"secret": "",
"region": "",
"bucket": ""
}
}
PerimeterX
| Name | Version | Image |
|---|---|---|
| perimeterx | latest | perimeterx:latest |
| perimeterx | 0.15.10 | perimeterx:0.15.10 |
| perimeterx | 0.15.8 | perimeterx:0.15.8 |
| perimeterx | 0.15.3 | perimeterx:0.15.3 |
| perimeterx | 0.14.7 | perimeterx:0.14.7 |
| perimeterx | 0.10.1 | perimeterx:0.10.1 |
section-nginx.conf Reference
| Variable | Value | Default | Required | Description |
|---|---|---|---|---|
px_enabled | bool | true | Yes | Whether to enable PerimeterX. |
px_debug | bool | false | Yes | Whether to enable debug mode. |
px_appId | string | "" | Yes | PerimeterX application ID. |
px_cookie_secret | string | "" | No | PerimeterX policy risk cookie. |
px_auth_token | string | "" | Yes | PerimeterX application authentication token. |
px_block_enabled | bool | true | Yes | Whether to enable block mode. |
px_ip_headers | string | True-Client-IP | Yes | Request header that contains the client IP address. |
section-nginx.conf Example
section-nginx.conf
px_enabled true;
px_debug false;
px_appId "";
px_cookie_secret "";
px_auth_token "";
px_block_enabled true;
px_ip_headers "True-Client-IP";
QuantWAF
| Name | Version | Image |
|---|---|---|
| quantwaf | 1.9.1 | quantwaf:1.9.1 |
| quantwaf | 1.9.0 | quantwaf:1.9.0 |
| quantwaf | 1.8.1 | quantwaf:1.8.1 |
| quantwaf | 1.8.0 | quantwaf:1.8.0 |
| quantwaf | 1.7.1 | quantwaf:1.7.1 |
| quantwaf | 0.6.2 | quantwaf:0.6.2 |
| quantwaf | 0.6.1 | quantwaf:0.6.1 |
| quantwaf | 0.5.2 | quantwaf:0.5.2 |
| quantwaf | 0.4.4 | quantwaf:0.4.4 |
config.json Reference
| Variable | Value | Default | Required | Description |
|---|---|---|---|---|
notify_slack | string | "" | Yes | This should be in the format: https://hooks.slack.com/services/X/Y/Z. Only one alert is sent per URL per 60 seconds. |
allow_ip | string[] | [] | Yes | This can be provided to always allow certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes). |
block_ip | string[] | [] | Yes | This can be provided to always block certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes). |
block_ua | string[] | [] | Yes | This can be used to block user agents. These are case insensitive and support the wildcard (*) character. |
allow_rules | string[] | [] | Yes | This may be used to bypass certain WAF rules. The rule ID is displayed in both the Dashboard WAF logs as well as in Slack notifications. Note: These need to be strings not integers (e.g wrap in double quotes). |
block_country | string[] | [] | Yes | This accepts an array of ISO 3166 2 character country codes. |
paranoia_level | int | 1 | Yes | This should be an integer between 1 and 4 (recommend 1). |
mode | string | report | Yes | This should be either "disabled", "report", or "block". Report mode will still capture WAF hits in the WAF logs, slack, and return in the response headers. Disabled will not route requests through the WAF. |
log_level | string | standard | Yes | This should either be "standard", "verbose" or "none". Recommend "standard" (provided log shipping is enabled). |
httpbl | object | - | Yes | This may optionally be enabled with a key provided from Project Honeypot. |
config.json Example
config.json
{
"notify_slack": "",
"allow_ip": [],
"block_ip": [],
"block_ua": [],
"allow_rules": [],
"block_country": [],
"paranoia_level": 1,
"mode": "report",
"log_level": "standard",
"httpbl": {
"httpbl_enabled": false,
"httpbl_key": "",
"block_suspicious": false,
"block_harvester": true,
"block_spam": true,
"block_search_engine": false
}
}
Radware Bot Manager
| Name | Version | Image |
|---|---|---|
| radwarebotmanager | 5.3.4 | radwarebotmanager:5.3.4 |
shieldsquare.json Reference
| Key | Value | Default | Required | Description |
|---|---|---|---|---|
key | string | "" | Yes | Radware Bot Manager API key. |
enabled | bool | true | Yes | Whether to enable Radware Bot Manager. |
deployment_number | string | "" | Yes | The deployment number used to get the configuration from Radware. |
support_email | string | "" | Yes | Email address used for Radware Bot Manager alerts. |
shieldsquare.json Example
shieldsquare.json
{
"key": "",
"enabled": true,
"deployment_number": "",
"support_email": "",
}
Signal Sciences
| Name | Version | Image |
|---|---|---|
| sigsci | latest | sigsci:latest |
| sigsci | 4.70.0.0 | sigsci:4.70.0.0 |
| sigsci | 4.69.0.0 | sigsci:4.69.0.0 |
| sigsci | 4.68.0.0 | sigsci:4.68.0.0 |
| sigsci | 4.67.0.0 | sigsci:4.67.0.0 |
| sigsci | 4.66.0.0 | sigsci:4.66.0.0 |
| sigsci | 4.64.0.0 | sigsci:4.64.0.0 |
proxy-features.json Reference
| Key | Value | Default | Required | Description |
|---|---|---|---|---|
environment_variables | string[] | ["SIGSCI_ACCESSKEYID=", "SIGSCI_SECRETACCESSKEY="] | Yes | Signal Sciences environment variables. |
proxy-features.json Example
proxy-features.json
{
"environment_variables": [
"SIGSCI_ACCESSKEYID=",
"SIGSCI_SECRETACCESSKEY="
]
}
SiteSpect
| Name | Version | Image |
|---|---|---|
| sitespect | latest | sitespect:latest |
| sitespect | 10.46.0.1 | sitespect:10.46.0.1 |
| sitespect | 10.46.0.0 | sitespect:10.46.0.0 |
ThreatX
| Name | Version | Image |
|---|---|---|
| threatx | latest | threatx:latest |
| threatx | 3.20.0 | threatx:3.20.0 |
| threatx | 3.18.1 | threatx:3.18.1 |
| threatx | 3.15.1 | threatx:3.15.1 |
Varnish Cache
| Name | Version | Image |
|---|---|---|
| varnish | 8.0.0 | varnish:8.0.0 |
| varnish | 7.7.3 | varnish:7.7.3 |
| varnish | 7.5.0 | varnish:7.5.0 |
| varnish | 7.3.0 | varnish:7.3.0 |
| varnish | 7.2.1 | varnish:7.2.1 |
| varnish | 7.0.2 | varnish:7.0.2 |
| varnish | 6.6.2 | varnish:6.6.2 |
| varnish | 6.3.1 | varnish:6.3.1 |
| varnish | 6.1.1 | varnish:6.1.1 |
| varnish | 6.1.0 | varnish:6.1.0 |
| varnish | 6.0.0 | varnish:6.0.0 |
| varnish | 5.1.3 | varnish:5.1.3 |
| varnish | 4.1.10 | varnish:4.1.10 |
| varnish | 4.0.3 | varnish:4.0.3 |
| varnish | 3.0.5 | varnish:3.0.5 |
proxy-features.json Reference
| Key | Value | Default | Required | Description |
|---|---|---|---|---|
parameter/pipe_timeout | int | 125 | No | Idle timeout for PIPE sessions. |
parameter/http_max_hdr | int | 128 | No | Maximum number of HTTP header lines allowed in {req\|resp\|bereq\|beresp}.http. |
statics-enable-caching | string | "" | No | The amount of time Varnish Cache should cache your static assets for. |
statics-remove-querystring | bool | true | No | Whether query strings should be stripped. This means assets will be cached as the same object even if the query string differs, which can increase your cache hit rate. |
statics-set-browser-cache | string | "" | No | The amount of time the browser should cache your static assets for. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d). |
html-caching | bool | false | No | Whether to enable HTML caching. |
html-caching-url-regex | string | "" | No | Regular expression for URLs that should not be cached. html-caching must be enabled. |
html-caching-cookie-regex | string | "" | No | Regular expression for HTTP cookies that should not be cached. |
html-caching-cache-ttl | string | "" | No | The amount of time Varnish Cache should cache your HTML documents for. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d). |
html-caching-grace-ttl | string | "" | No | The amount of time Varnish Cache should deliver a stale cached HTML document when an error is received from the origin. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d). |
proxy-features.json Example
proxy-features.json
{
"parameter/pipe_timeout": 125,
"parameter/http_max_hdr": 128,
"statics-enable-caching": "",
"statics-remove-querystring": true,
"statics-set-browser-cache": "",
"html-caching": false,
"html-caching-url-regex": "",
"html-caching-cookie-regex": "",
"html-caching-cache-ttl": "",
"html-caching-grace-ttl": ""
}
Wallarm
| Name | Version | Image |
|---|---|---|
| wallarm | 6.5.1 | wallarm:6.5.1 |
| wallarm | 6.4.0 | wallarm:6.4.0 |
| wallarm | 6.3.1 | wallarm:6.3.1 |
| wallarm | 5.0.3.1 | wallarm:5.0.3.1 |
| wallarm | 4.8.0.1 | wallarm:4.8.0.1 |
| wallarm | 4.6.0.1 | wallarm:4.6.0.1 |
| wallarm | 4.4.0.1 | wallarm:4.4.0.1 |
| wallarm | 3.6.0.1 | wallarm:3.6.0.1 |