How to install the IP Address Reputation integration through Azion Marketplace
IP Address Reputation is a serverless integration available at Azion Marketplace.
This integration uses a reputation score for a given IP address, provided by IPQualityScore. The score is based on several factors, including whether the IP address was used for spamming or other malicious activity, how often the IP address was reported as suspicious or fraudulent, and other informations.
A higher score indicates the IP address has a better reputation and is less likely to be used maliciously. On the other hand, a lower score indicates that the IP address is more likely to be used for malicious activity and should be used with caution.
Getting the integration
To install the IP Address Reputation integration provided by Azion Marketplace, follow these steps:
- Access Azion Console > Marketplace.
- On the Marketplace homepage, select the integration’s card.
- Once the integration’s page opens, click the Install button, at the bottom-right corner of the page.
You’ll see a message indicating that your integration was successfully installed.
- Access Real-Time Manager (RTM) > Marketplace.
- On the Marketplace homepage, select the integration’s card.
- Once the integration’s page opens, click the Get It Now button, at the bottom-right corner of the page.
You’ll see a message indicating that your integration was successfully installed.
Getting the API Key at IPQualityScore
To use the IP Address Reputation, you’ll have to obtain the API key at IPQualityScore. To do so, follow these steps:
- Create an account at IPQualityScore.
- Wait for the email with your personal information.
- In the email, you’ll receive your API key. You’ll need this information to configure your Azion integration later.
Configuring the integration
Setting up an edge firewall
To start the configuration of the IP Address Reputation integration, follow these steps:
- On the Products menu, select Edge Firewall in the SECURE section.
- Click the + Edge Firewall button.
- Give an easy-to-remember name to your edge firewall.
- Select the domains you want to protect with the function.
- Click the Edge Functions switch to enable functions.
- Click the Save button.
Done. Now you’ve instantiated the edge firewall for your function.
- On the Products menu, select Edge Firewall in the SECURE section.
- Click the Add Rule Set button.
- Give an easy-to-remember name to your edge firewall.
- Select the domains you want to protect with the function.
- Click the Edge Functions switch to enable functions.
- Click the Save button.
Done. Now you’ve instantiated the edge firewall for your function.
Setting up the Edge Firewall function
To instantiate the IP Address Reputation integration, while still on the Edge Firewall page:
- Select the Functions Instances tab and follow these steps:
- Click the + Function Instance button.
- Give an easy-to-remember name to your instance.
- On the dropdown menu, select the IP Address Reputation function.
- This action will load the Arguments tab, where you can add the parameters to execute your application.
- In the Arguments tab, you’ll pass the keys you get on the IPQualityScore site and your variables. The
JSON
will look like this:
{ "api_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXX", "allow_public_access_points": true, "fast": true, "strictness": 0, "lighter_penalties": true, "user_language": "en-US", "transaction_strictness": 0
}
To run the integration, the only parameter you’ll need to configure is the api_key
, passing the API key you’ve received by email from IPQualityScore.
The other fields are:
allow_public_access_points
: allows public connections. This is a boolean field, with the default value oftrue
.fast
: enables a fast check. When you enable this parameter, your API won’t do some forensic checks. This is a boolean field, with the default value oftrue
.strictness
: fraud scoring, higher values (above 2) have more chance to return false positives. This is an integer field, with the default value of 0. Use the range0-3
for this.lighter_penalties
: lowers the score for proxy IP addresses, preventing false positives. This is a boolean field, with the default value oftrue
.user_language
: the user header language. This is a string field with no default value.transaction_strictness
: adjusts penalty weights for irregularities and fraud patterns detected on order and transaction details optionally provided with each API request. This feature is only useful when providing order and transaction details. This is an integer field with no default value.
Some other parameters, that aren’t in the JSON
example provided in the Arguments box, could be used, including:
when_score_above
: sets a score threshold. Whenever the IPQS Risk Score exceeds this threshold, the function will perform the action defined by theexecute
argument. If the value isn’t set, then no action will be taken by the function. This is an integer field with no default value.execute
: the action that will be performed when thewhen_score_above
threshold was surpassed. This is a string field with three possible values:deny
,drop
, andadd_header
. There’s no default value.get_data_from
: determines if the IP will be retrieved from a query string request from the header or the body. If the value isremote_addr
, the value that will be extracted is:ngx.var.remote_addr
. This is a string field with four possible values:remote_addr
,querystring
,body
, andheader
. The default value isremote_addr
.data_name
: identify the field or argument from when the IPQS function will extract the IP to validate. This is only used when the parametersearch_in
is different from the parameterremote_addr
. This is a string field, with the default value ofX-Forwarded-For
.
- Click the Save button.
- Select the Functions tab and follow these steps:
- Click the Add Function button.
- Give an easy-to-remember name to your instance.
- On the dropdown menu, select the IP Address Reputation function.
- This action will load the function, showing a form with the function’s source code and, just above it, two tabs: Code and Args. By clicking on the Code tab, you’ll be able to navigate through the source code, but won’t be able to change it.
- In the Args tab, you’ll pass the keys you get on the IPQualityScore site and your variables. The
JSON
will look like this:
{ "api_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXX", "allow_public_access_points": true, "fast": true, "strictness": 0, "lighter_penalties": true, "user_language": "en-US", "transaction_strictness": 0
}
To run the integration, the only parameter you’ll need to configure is the api_key
, passing the API key you’ve received by email from IPQualityScore.
The other fields are:
allow_public_access_points
: allows public connections. This is a boolean field, with the default value oftrue
.fast
: enables a fast check. When you enable this parameter, your API won’t do some forensic checks. This is a boolean field, with the default value oftrue
.strictness
: fraud scoring, higher values (above 2) have more chance to return false positives. This is an integer field, with the default value of 0. Use the range0-3
for this.lighter_penalties
: lowers the score for proxy IP addresses, preventing false positives. This is a boolean field, with the default value oftrue
.user_language
: the user header language. This is a string field with no default value.transaction_strictness
: adjusts penalty weights for irregularities and fraud patterns detected on order and transaction details optionally provided with each API request. This feature is only useful when providing order and transaction details. This is an integer field with no default value.
Some other parameters, that aren’t in the JSON
example provided in the Args box, could be used, including:
when_score_above
: sets a score threshold. Whenever the IPQS Risk Score exceeds this threshold, the function will perform the action defined by theexecute
argument. If the value isn’t set, then no action will be taken by the function. This is an integer field with no default value.execute
: the action that will be performed when thewhen_score_above
threshold was surpassed. This is a string field with three possible values:deny
,drop
, andadd_header
. There’s no default value.get_data_from
: determines if the IP will be retrieved from a query string request from the header or the body. If the value isremote_addr
, the value that will be extracted is:ngx.var.remote_addr
. This is a string field with four possible values:remote_addr
,querystring
,body
, andheader
. The default value isremote_addr
.data_name
: identify the field or argument from when the IPQS function will extract the IP to validate. This is only used when the parametersearch_in
is different from the parameterremote_addr
. This is a string field, with the default value ofX-Forwarded-For
.
- Click the Save button.
Setting up the Edge Firewall Rules Engine
To finish, you have to set up the Rules Engine to configure the criteria and the behavior to run the function.
Still on the Edge Firewall page:
- Select the Rules Engine tab.
- Click the + Rule Engine button.
- Give a name to the rule.
- Select a criteria to run and catch the domain you want to run the integration on. Example:
if Hostname is equal xxxxxxxxxxxx.map.azionedge.net
. - Below, select a behavior to the criteria. In this case, it’ll be Run Function.
- Select the adequate IP Address Reputation function according to the name you gave it in the instantiation step.
- Click the Save button.
Done. Now the IP Address Reputation integration is running for every request made to the domain you indicated.
- Select the Rules Engine tab.
- Click the New Rule button.
- Give a name to the rule.
- Select a criteria to run and catch the domain you want to run the integration on. Example:
if Hostname is equal xxxxxxxxxxxx.map.azionedge.net
. - Below, select a behavior to the criteria. In this case, it’ll be Run Function.
- Select the adequate IP Address Reputation function according to the name you gave it in the instantiation step.
- Click the Save button.
Done. Now the IP Address Reputation integration is running for every request made to the domain you indicated.
Important
For each field present in the results, the integration will add a request header with the prefix IPQS
. For example, if the request has an ASN
field, the header will have an IPQS-ASN
with the same value added to the header. You can also use this information to create and manage your decisions in the Rules Engine. You can check the full list of fields.
It’s a good practice to create an edge application rule redirecting your request to another URL/Origin whenever the risk score is greater than 85. If you want or need it, you can follow the usage of your API key through the IPQualityScore dashboard. Every request to your edge firewall will count as a new request for IP address lookup.