Modules Reference

Learn about the pre-packaged modules that you can deploy on CloudFlow.

BigCommerce Cache

Name	Version	Image
bigcommercecache	2.0.0	bigcommercecache:2.0.0
bigcommercecache	1.2.0	bigcommercecache:1.2.0
bigcommercecache	1.1.0	bigcommercecache:1.1.0

bigcommercecache.json Reference

Key	Value	Default	Required	Description
static_caching	bool	true	Yes	Whether to enable the static caching feature.
enforce_https	bool	true	Yes	Redirect all HTTP requests to HTTPS.
optimizer_settings	obj	{"enabled":false,"strategy":"whitelist","paths":["/"],"development_ips":[]}	Yes	Settings for the BigCommerce Optimizer.
optimizer_settings > enabled	bool	false	Yes	Enable or disable the BigCommerce Optimizer
optimizer_settings > strategy	whitelist or blacklist string	whitelist	No	Strategy for the page paths used by the BigCommerce Optimizer.
optimizer_settings > paths	string[]	["/"]	Yes	Page paths included or excluded by the BigCommerce Optimizer based on the strategy.
optimizer_settings > development_ips	string[]	[]	No	IP address(es) that bypass the BigCommerce Optimizer.

bigcommercecache.json Example

bigcommercecache.json

{
    "static_caching": true,
    "enforce_https": true,
    "optimizer_settings": {
        "enabled": false,
        "strategy": "whitelist",
        "paths": ["/"],
        "development_ips": []
    }
}

---

BigCommerce Optimizer

Name	Version	Image
bigcommerceoptimizer	2.0.0	bigcommerceoptimizer:2.0.0
bigcommerceoptimizer	1.2.0	bigcommerceoptimizer:1.2.0

bigcommerceoptimizer.json Reference

Key	Value	Default	Required	Description
enabled	bool	true	Yes	Enable or disable the BigCommerce Optimizer.
holepunch_tag	string	"</title>"	No	HTML tag to hole punch for the BigCommerce Optimizer streaming feature.

bigcommerceoptimizer.json Example

bigcommerceoptimizer.json

{
    "enabled": true,
    "holepunch_tag": "</title>"
}

---

Consistent Hash

Name	Version	Image
consistenthash	1.1.1	consistenthash:1.1.1

---

ModSecurity

Name	Version	Image
modsecurity	3.0.4	modsecurity:3.0.4
modsecurity	2.7.7	modsecurity:2.7.7

---

Node.js

Name	Version	Image
nodejs	latest	nodejs:latest
nodejs	16.13.1	nodejs:16.13.1
nodejs	14.10.0	nodejs:14.10.0
nodejs	10.11.0	nodejs:10.11.0

---

OpenResty

Name	Version	Image
openresty	latest	openresty:latest
openresty	1.25.3.1	openresty:1.25.3.1
openresty	1.21.4.1	openresty:1.21.4.1
openresty	1.19.3.1	openresty:1.19.3.1
openresty	1.15.8.2	openresty:1.15.8.2
openresty	1.15.8.2.ch	openresty:1.15.8.2.ch
openresty	1.15.8.2.iplb	openresty:1.15.8.2.iplb
openresty	1.13.6.1	openresty:1.13.6.1

---

Optidash

Name	Version	Image
optidash	latest	optidash:latest
optidash	2.0	optidash:2.0
optidash	1.1	optidash:1.1
optidash	1.0	optidash:1.0

optidash.json Reference

Key	Value	Default	Required	Description
api_key	string	""	Yes	Optidash API key.
lossless	bool	true	Yes	Whether to enable lossless compression.
enabled	bool	true	Yes	Whether to enable Optidash.
ttl	int	31622400	No	Value for the max-age directive.
cache_version	string	v1	Yes	Whether to enable Cloudinary.
s3	obj	{"key":"","secret":"","region":"","bucket":""}	Yes	Values for the storage bucket (provided by CloudFlow).
s3 > key	string	""	Yes	--
s3 > secret	string	""	Yes	--
s3 > region	string	""	Yes	--
s3 > bucket	string	""	Yes	--

optidash.json Example

optidash.json

{
    "api_key": "",
    "lossless": true,
    "enabled": true,
    "ttl": 31622400,
    "cache_version": "v1",
    "s3": {
        "key": "",
        "secret": "",
        "region": "",
        "bucket": ""
    }
}

---

PerimeterX

Name	Version	Image
perimeterx	latest	perimeterx:latest
perimeterx	0.15.3	perimeterx:0.15.3
perimeterx	0.14.7	perimeterx:0.14.7
perimeterx	0.10.1	perimeterx:0.10.1

section-nginx.conf Reference

Variable	Value	Default	Required	Description
px_enabled	bool	true	Yes	Whether to enable PerimeterX.
px_debug	bool	false	Yes	Whether to enable debug mode.
px_appId	string	""	Yes	PerimeterX application ID.
px_cookie_secret	string	""	No	PerimeterX policy risk cookie.
px_auth_token	string	""	Yes	PerimeterX application authentication token.
px_block_enabled	bool	true	Yes	Whether to enable block mode.
px_ip_headers	string	True-Client-IP	Yes	Request header that contains the client IP address.

section-nginx.conf Example

section-nginx.conf

px_enabled       true;
px_debug         false;
px_appId         "";
px_cookie_secret "";
px_auth_token    "";
px_block_enabled true;
px_ip_headers    "True-Client-IP";

---

QuantWAF

Name	Version	Image
quantwaf	1.7.1	quantwaf:1.7.1
quantwaf	0.7.0	quantwaf:0.7.0

config.json Reference

Variable	Value	Default	Required	Description
notify_slack	string	""	Yes	This should be in the format: https://hooks.slack.com/services/X/Y/Z. Only one alert is sent per URL per 60 seconds.
allow_ip	string[]	[]	Yes	This can be provided to always allow certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes).
block_ip	string[]	[]	Yes	This can be provided to always block certain IP addresses or ranges. These support both IPv4 and IPv6 CIDR notation. These should be strings (e.g wrap in double quotes).
block_ua	string[]	[]	Yes	This can be used to block user agents. These are case insensitive and support the wildcard (*) character.
allow_rules	string[]	[]	Yes	This may be used to bypass certain WAF rules. The rule ID is displayed in both the Dashboard WAF logs as well as in Slack notifications. Note: These need to be strings not integers (e.g wrap in double quotes).
block_country	string[]	[]	Yes	This accepts an array of ISO 3166 2 character country codes.
paranoia_level	int	1	Yes	This should be an integer between 1 and 4 (recommend 1).
mode	string	report	Yes	This should be either "disabled", "report", or "block". Report mode will still capture WAF hits in the WAF logs, slack, and return in the response headers. Disabled will not route requests through the WAF.
log_level	string	standard	Yes	This should either be "standard", "verbose" or "none". Recommend "standard" (provided log shipping is enabled).
httpbl	object	-	Yes	This may optionally be enabled with a key provided from Project Honeypot.

config.json Example

config.json

{
    "notify_slack": "",
    "allow_ip": [],
    "block_ip": [],
    "block_ua": [],
    "allow_rules": [],
    "block_country": [],
    "paranoia_level": 1,
    "mode": "report",
    "log_level": "standard",
    "httpbl": {
        "httpbl_enabled": false,
        "httpbl_key": "",
        "block_suspicious": false,
        "block_harvester": true,
        "block_spam": true,
        "block_search_engine": false
    }
}

---

Radware Bot Manager

Name	Version	Image
radwarebotmanager	5.3.4	radwarebotmanager:5.3.4

shieldsquare.json Reference

Key	Value	Default	Required	Description
key	string	""	Yes	Radware Bot Manager API key.
enabled	bool	true	Yes	Whether to enable Radware Bot Manager.
deployment_number	string	""	Yes	The deployment number used to get the configuration from Radware.
support_email	string	""	Yes	Email address used for Radware Bot Manager alerts.

shieldsquare.json Example

shieldsquare.json

{
    "key": "",
    "enabled": true,
    "deployment_number": "",
    "support_email": "",
}

---

Signal Sciences

Name	Version	Image
sigsci	latest	sigsci:latest
sigsci	4.58.2.0	sigsci:4.58.2.0
sigsci	4.56.0.0	sigsci:4.56.0.0
sigsci	4.55.0.0	sigsci:4.55.0.0
sigsci	4.54.0.0	sigsci:4.54.0.0
sigsci	4.53.0.0	sigsci:4.53.0.0
sigsci	4.51.0.0	sigsci:4.51.0.0
sigsci	4.49.1.0	sigsci:4.49.1.0
sigsci	4.49.0.0	sigsci:4.49.0.0
sigsci	4.47.0.0	sigsci:4.47.0.0
sigsci	4.46.0.0	sigsci:4.46.0.0

proxy-features.json Reference

Key	Value	Default	Required	Description
environment_variables	string[]	["SIGSCI_ACCESSKEYID=", "SIGSCI_SECRETACCESSKEY="]	Yes	Signal Sciences environment variables.

proxy-features.json Example

proxy-features.json

{
    "environment_variables": [
        "SIGSCI_ACCESSKEYID=",
        "SIGSCI_SECRETACCESSKEY="
    ]
}

---

SiteSpect

Name	Version	Image
sitespect	latest	sitespect:latest
sitespect	10.46.0.0	sitespect:10.46.0.1
sitespect	10.46.0.0	sitespect:10.46.0.0
sitespect	10.33.0.0	sitespect:10.33.0.0
sitespect	10.14.1.0	sitespect:10.14.1.0
sitespect	9.16.0.1	sitespect:9.16.0.1

---

ThreatX

Name	Version	Image
threatx	latest	threatx:latest
threatx	3.20.0	threatx:3.20.0
threatx	3.18.1	threatx:3.18.1
threatx	3.15.1	threatx:3.15.1
threatx	3.6.4	threatx:3.6.4

---

Varnish Cache

Name	Version	Image
varnish	7.5.0	varnish:7.5.0
varnish	7.3.0	varnish:7.3.0
varnish	7.2.1	varnish:7.2.1
varnish	7.0.3	varnish:7.0.3
varnish	7.0.2	varnish:7.0.2
varnish	6.6.2	varnish:6.6.2
varnish	6.3.1	varnish:6.3.1
varnish	6.2.1	varnish:6.2.1
varnish	6.1.1	varnish:6.1.1
varnish	6.0.1	varnish:6.0.1
varnish	6.0.0	varnish:6.0.0
varnish	5.2.1	varnish:5.2.1
varnish	5.1.3	varnish:5.1.3
varnish	5.1.2	varnish:5.1.2
varnish	4.1.10	varnish:4.1.10
varnish	4.1.9	varnish:4.1.9
varnish	4.1.8	varnish:4.1.8
varnish	4.0.3	varnish:4.0.3
varnish	3.0.5	varnish:3.0.5

proxy-features.json Reference

Key	Value	Default	Required	Description
parameter/pipe_timeout	int	125	No	Idle timeout for PIPE sessions.
parameter/http_max_hdr	int	128	No	Maximum number of HTTP header lines allowed in {req\|resp\|bereq\|beresp}.http.
statics-enable-caching	string	""	No	The amount of time Varnish Cache should cache your static assets for.
statics-remove-querystring	bool	true	No	Whether query strings should be stripped. This means assets will be cached as the same object even if the query string differs, which can increase your cache hit rate.
statics-set-browser-cache	string	""	No	The amount of time the browser should cache your static assets for. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d).
html-caching	bool	false	No	Whether to enable HTML caching.
html-caching-url-regex	string	""	No	Regular expression for URLs that should not be cached. html-caching must be enabled.
html-caching-cookie-regex	string	""	No	Regular expression for HTTP cookies that should not be cached.
html-caching-cache-ttl	string	""	No	The amount of time Varnish Cache should cache your HTML documents for. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d).
html-caching-grace-ttl	string	""	No	The amount of time Varnish Cache should deliver a stale cached HTML document when an error is received from the origin. Use Varnish Cache duration units, which are ms, s, m, h, d, w, and y (e.g. 30d).

proxy-features.json Example

proxy-features.json

{
    "parameter/pipe_timeout": 125,
    "parameter/http_max_hdr": 128,
    "statics-enable-caching": "",
    "statics-remove-querystring": true,
    "statics-set-browser-cache": "",
    "html-caching": false,
    "html-caching-url-regex": "",
    "html-caching-cookie-regex": "",
    "html-caching-cache-ttl": "",
    "html-caching-grace-ttl": ""
}

---

Virtual Waiting Room

Name	Version	Image
virtualwaitingroom	latest	virtualwaitingroom:latest
virtualwaitingroom	1.0.0	virtualwaitingroom:1.0.0

virtualwaitingroom.json Reference

Key	Value	Default	Required	Description
api_key	string	""	Yes	Virtual Waiting Room API key.
threshold	1-100000 int	3000	Yes	Maximum number of allowed concurrent visitors.
enabled	bool	true	Yes	Whether to enable Virtual Waiting Room.
section_visitors_version	string	""	Yes	Versioning for the HTTP cookie.
hostname	string	""	Yes	Hostname for the current application.
strategy	random or fifo string	random	No	Queuing strategy for the Virtual Waiting Room.
upstream_response_timeout_seconds	1-600 int or bool	false	No	Number of seconds to keep the upstream connection open in case of a slow response. False to disable.
fifo_settings	obj	{"cookie_secret":"","secretUrl":"", "queueTTL":180,"accessCookieTTL":3600, "accessCookieValue":"access", "checkQueueLength":10}	No	First in first out strategy settings. Requires strategy to be set as fifo.
fifo_settings > cookie_secret	string	""	No	Secret value to verify the HTTP cookie.
fifo_settings > secretUrl	string	""	No	Secret URL to set access HTTP cookie.
fifo_settings > queueTTL	30-3600 int	180	No	Number of seconds a session ID is kept in the queue.
fifo_settings > accessCookieTTL	30-31536000 int	3600	No	Number of seconds before an access HTTP cookie expires.
fifo_settings > accessCookieValue	string	access	No	Secret value that is used in the access HTTP cookie to allow requests past queuing.
fifo_settings > checkQueueLength	1-1000 int	10	No	How many sessions to check at the front of the queue to allow access.

virtualwaitingroom.json Example

virtualwaitingroom.json

{
    "api_key": "",
    "threshold": 3000,
    "enabled": true,
    "section_visitors_version": "",
    "hostname": "",
    "strategy": "fifo",
    "upstream_response_timeout_seconds": false,
    "fifo_settings": {
        "cookie_secret": "",
        "secretUrl": "",
        "queueTTL": 180,
        "accessCookieTTL": 3600,
        "accessCookieValue": "",
        "checkQueueLength": 10
    }
}

---

Wallarm

Name	Version	Image
wallarm	5.0.3.1	wallarm:5.0.3.1
wallarm	4.10.13.1	wallarm:4.10.13.1
wallarm	4.10.9.1	wallarm:4.10.9.1
wallarm	4.10.6.1	wallarm:4.10.6.1
wallarm	4.10.4.1	wallarm:4.10.4.1
wallarm	4.10.2.1	wallarm:4.10.2.1
wallarm	4.10.1.1	wallarm:4.10.1.1
wallarm	4.8.0.1	wallarm:4.8.0.1
wallarm	4.6.0.1	wallarm:4.6.0.1
wallarm	4.4.0.1	wallarm:4.4.0.1
wallarm	4.2.0	wallarm:4.2.0
wallarm	4.0.1.1	wallarm:4.0.1.1
wallarm	3.6.0.1	wallarm:3.6.0.1
wallarm	3.2.0.1	wallarm:3.2.0.1