{"id":22095999,"url":"https://github.com/HumanSecurity/perimeterx-python-3-wsgi","last_synced_at":"2025-07-24T22:31:31.881Z","repository":{"id":36009203,"uuid":"215491349","full_name":"PerimeterX/perimeterx-python-3-wsgi","owner":"PerimeterX","description":"PerimeterX WSGI Middleware for Python 3","archived":false,"fork":false,"pushed_at":"2024-06-18T18:26:12.000Z","size":139,"stargazers_count":2,"open_issues_count":13,"forks_count":7,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-10-31T07:49:43.843Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/PerimeterX.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-16T08:01:32.000Z","updated_at":"2024-07-12T07:30:54.000Z","dependencies_parsed_at":"2023-01-16T11:42:24.450Z","dependency_job_id":"bfc9ba07-8b41-4ca4-bcea-f529fbb81592","html_url":"https://github.com/PerimeterX/perimeterx-python-3-wsgi","commit_stats":{"total_commits":66,"total_committers":8,"mean_commits":8.25,"dds":0.5757575757575757,"last_synced_commit":"57b4ffef8f65f9b4ae055ec2137ceffa29101f42"},"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Fperimeterx-python-3-wsgi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Fperimeterx-python-3-wsgi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Fperimeterx-python-3-wsgi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/PerimeterX%2Fperimeterx-python-3-wsgi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/PerimeterX","download_url":"https://codeload.github.com/PerimeterX/perimeterx-python-3-wsgi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":227482499,"owners_count":17779968,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-01T04:09:20.812Z","updated_at":"2025-07-24T22:31:26.312Z","avatar_url":"https://github.com/PerimeterX.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/PerimeterX/perimeterx-python-3-wsgi.svg?branch=master)](https://travis-ci.org/PerimeterX/perimeterx-python-3-wsgi)\n[![Known Vulnerabilities](https://snyk.io/test/github/PerimeterX/perimeterx-python-3-wsgi/badge.svg)](https://snyk.io/test/github/PerimeterX/perimeterx-python-3-wsgi)\n\n![image](https://storage.googleapis.com/perimeterx-logos/primary_logo_red_cropped.png)\n\n[PerimeterX](http://www.perimeterx.com) Python 3 Middleware\n=============================================================\n\u003e Latest stable version: [v2.0.0](https://pypi.org/project/perimeterx-python-3-wsgi/)\n\nTable of Contents\n-----------------\n- [Installation](#installation)\n- [Upgrading](#upgrading)\n- [Required Configuration](#required_config)\n- [Advanced Blocking Response](#advanced_blocking_response)\n- [Optional Configuration](#configuration)\n    * [Module Enabled](#module_enabled)\n    * [Module Mode](#module_mode)\n    * [Blocking Score](#blocking_score)\n    * [Send Page Activities](#send_page_activities)\n    * [Debug Mode](#debug_mode)\n    * [Sensitive Routes](#sensitive_routes)\n    * [Sensitive Routes Regex](#sensitive_routes_regex)\n    * [Whitelist Routes](#whitelist_routes)\n    * [Whitelist Routes Regex](#whitelist_routes_regex)\n    * [Enforce Specific Routes](#enforce_specific_routes)\n    * [Enforce Specific Routes Regex](#enforce_specific_routes_regex)\n    * [Monitor Specific Routes](#monitor_specific_routes)\n    * [Monitor Specific Routes Regex](#monitor_specific_routes_regex)\n    * [Sensitive Headers](#sensitive_headers)\n    * [IP Headers](#ip_headers)\n    * [First-Party Enabled](#first_party_enabled)\n    * [Custom Request Handler](#custom_verification_handler)\n    * [Additional Activity Handler](#additional_activity_handler)\n    * [Px Disable Request](#px_disable_request)\n    * [Test Block Flow on Monitoring Mode](#bypass_monitor_header)\n- [Additional Information](#additional_information)\n\n## \u003ca name=\"installation\"\u003e\u003c/a\u003e Installation\n\n* To install the PerimeterX Python 3 middleware, use PIP as follows:\n\n```python\npip install perimeterx-python-3-wsgi\n```\n\n## \u003ca name=\"upgrading\"\u003e\u003c/a\u003e Upgrading\nTo upgrade to the latest PerimeterX Enforcer version, run:\n\n`pip install -U perimeterx-python-3-wsgi`\n\nFor more information, contact [PerimeterX Support](support@perimeterx.com).\n\n## \u003ca name=\"required_config\"\u003e\u003c/a\u003e Required Configurations\nTo use PerimeterX middleware on a specific route follow this example:\n\n```python\nfrom perimeterx.middleware import PerimeterX\n\npx_config = {\n    'px_app_id': 'APP_ID',\n    'px_cookie_secret': 'COOKIE_SECRET',\n    'px_auth_token': 'AUTH_TOKEN',\n}\napplication = get_wsgi_application()\napplication = PerimeterX(application, px_config)\n```\n- The PerimeterX **Application ID** / **AppId** and PerimeterX **Token** / **Auth Token** can be found in the Portal, in [Applications](https://console.perimeterx.com/botDefender/admin?page=applicationsmgmt).\n- PerimeterX **Risk Cookie** / **Cookie Key** can be found in the portal, in [Policies](https://console.perimeterx.com/botDefender/admin?page=policiesmgmt).\nThe Policy from where the **Risk Cookie** / **Cookie Key** is taken must correspond with the Application from where the **Application ID** / **AppId** and PerimeterX **Token** / **Auth Token**.\nFor details on how to create a custom Captcha page, refer to the [documentation](https://docs.perimeterx.com/pxconsole/docs/customize-challenge-page)\n\n## \u003ca name=\"configuration\"\u003e\u003c/a\u003eOptional Configuration\nIn addition to the basic installation configuration [above](#required_config), the following configurations options are available:\n\n#### \u003ca name=\"module_enabled\"\u003e\u003c/a\u003eModule Enabled\n\nA boolean flag to enable/disable the PerimeterX Enforcer.\n\n**Default:** true\n```python\nconfig = {\n  ...\n  px_module_enabled: False\n  ...\n}\n```\n#### \u003ca name=\"module_mode\"\u003e\u003c/a\u003eModule Mode\n\nSets the working mode of the Enforcer.\n\nPossible values:\n* `active_blocking` - Blocking Mode\n* `monitor` - Monitoring Mode\n\n**Default:** `monitor` - Monitor Mode\n\n```python\nconfig = {\n  ...\n  px_module_mode: 'active_blocking'\n  ...\n}\n```\n#### \u003ca name=\"blocking_score\"\u003e\u003c/a\u003eBlocking Score\n\nSets the minimum blocking score of a request.\n\nPossible values:\n* Any integer between 0 and 100.\n\n**Default:** 100\n```python\nconfig = {\n  ...\n  px_blocking_score: 100\n  ...\n}\n```\n#### \u003ca name=\"send_page_activities\"\u003e\u003c/a\u003eSend Page Activities\n\nEnable/disable sending activities and metrics to PerimeterX with each request. \u003cbr/\u003e\nEnabling this feature allows data to populate the PerimeterX Portal with valuable information, such as the number of requests blocked and additional API usage statistics.\n\n**Default:** true\n\n```python\nconfig = {\n  ...\n  send_page_activities: True\n  ...\n}\n```\n\n#### \u003ca name=\"logger_severity\"\u003e\u003c/a\u003eLogger Severity\n\nThe severity level at which the logger should output logs\n'error' - PerimeterX logger will log errors only on fatal events (e.g., uncaught errors)\n'debug' - PerimeterX logger will output detailed logs for debugging purposes\n\n**Default:** 'error'\n\n```python\nconfig = {\n  ...\n  px_logger_severity: 'debug'\n  ...\n}\n```\n#### \u003ca name=\"sensitive_routes\"\u003e\u003c/a\u003e Sensitive Routes\n\nAn array of route prefixes that trigger a server call to PerimeterX servers every time the page is viewed, regardless of viewing history.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_sensitive_routes: ['/login', '/user/checkout']\n  ...\n}\n```\n\n#### \u003ca name=\"sensitive_routes_regex\"\u003e\u003c/a\u003e Sensitive Routes Regex\n\nAn array of regex patterns that trigger a server call to PerimeterX servers every time the page is viewed, regardless of viewing history.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_sensitive_routes_regex: [r'^/login$', r'^/user']\n  ...\n}\n```\n\n#### \u003ca name=\"filtered_routes\"\u003e\u003c/a\u003e Filter By Routes\n\nAn array of route prefixes which will bypass enforcement (will never get scored).\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_filter_by_route: ['/about-us', '/careers']\n  ...\n}\n```\n\n#### \u003ca name=\"whitelist_routes_regex\"\u003e\u003c/a\u003e Whitelist Routes Regex\n\nAn array of regex patterns which will bypass enforcement (will never get scored).\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  whitelist_routes_regex: [r'^/about']\n  ...\n}\n```\n\n#### \u003ca name=\"enforce_specific_routes\"\u003e\u003c/a\u003e Enforce Specific Routes\n\nAn array of route prefixes that are always validated by the PerimeterX Worker (as opposed to whitelisted routes).\nWhen this property is set, any route which is not added - will be whitelisted.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_enforced_routes: ['/profile']\n  ...\n};\n```\n\n#### \u003ca name=\"enforce_specific_routes_regex\"\u003e\u003c/a\u003e Enforce Specific Routes Regex\n\nAn array of regex patterns that are always validated by the PerimeterX Worker (as opposed to whitelisted routes).\nWhen this property is set, any route which is not added - will be whitelisted.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_enforced_routes_regex: [r'^/profile$']\n  ...\n};\n```\n\n#### \u003ca name=\"monitor_specific_routes\"\u003e\u003c/a\u003e Monitor Specific Routes\n\nAn array of route prefixes that are always set to be in [monitor mode](#module_mode). This configuration is effective only when the module is enabled and in blocking mode.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_monitored_routes: ['/profile']\n  ...\n};\n```\n\n#### \u003ca name=\"monitor_specific_routes_regex\"\u003e\u003c/a\u003e Monitor Specific Routes Regex\n\nAn array of regex patterns that are always set to be in [monitor mode](#module_mode). This configuration is effective only when the module is enabled and in blocking mode.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_monitored_routes_regex: [r'^/profile/me$']\n  ...\n};\n```\n\n#### \u003ca name=\"sensitive_headers\"\u003e\u003c/a\u003eSensitive Headers\n\nAn array of headers that are not sent to PerimeterX servers on API calls.\n\n**Default:** ['cookie', 'cookies']\n\n```python\nconfig = {\n  ...\n  px_sensitive_headers: ['cookie', 'cookies', 'x-sensitive-header']\n  ...\n}\n```\n\n#### \u003ca name=\"ip_headers\"\u003e\u003c/a\u003eIP Headers\n\nAn array of trusted headers that specify an IP to be extracted.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_ip_headers: ['x-user-real-ip']\n  ...\n}\n```\n\n#### \u003ca name=\"first_party_enabled\"\u003e\u003c/a\u003eFirst-Party Enabled\n\nEnable/disable First-Party mode.\n\n**Default:** True\n\n```python\nconfig = {\n  ...\n  px_first_party_enabled: False\n  ...\n}\n```\n\n#### \u003ca name=\"custom_verification_handler\"\u003e\u003c/a\u003eCustom Verification Handler\n\nA Python function that adds a custom response handler to the request.\u003c/br\u003e\nYou must declare the function before using it in the config.\u003c/br\u003e\nThe Custom Request Handler is triggered after PerimeterX's verification.\nThe custom function should handle the response (most likely it will create a new response)\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_custom_verification_handler: custom_verification_handler_function,\n  ...\n}\n```\n#### \u003ca name=\"additional_activity_handler\"\u003e\u003c/a\u003eAdditional Activity Handler\n\nA Python function that allows interaction with the request data collected by PerimeterX before the data is returned to the PerimeterX servers. Does not alter the response.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_additional_activity_handler: additional_activity_handler_function,\n  ...\n}\n```\n\n#### \u003ca name=\"pxde\"\u003e\u003c/a\u003ePerimeterX Data Enrichment\n\nThis is a cookie we make available for our costumers, that can provide extra data about the request\n\n```python\ncontext.pxde\ncontext.pxde_verified\n\n```\n\n#### \u003ca name=\"px_disable_request\"\u003e\u003c/a\u003ePx Disable Request\n\nThis is a property that allows the developer to disable the module for a single request. Its value should be True for disabling, and False for enabling\n\n```python\n...\nenviron['px_disable_request'] = False #The request shall be passed to the enforcer.\n\nor\n\nenviron['px_disable_request'] = True #The enforcer shall be disabled for that request.\n\n```\n\n#### \u003ca name=\"bypass_monitor_header\"\u003e\u003c/a\u003e Test Block Flow on Monitoring Mode\n\nAllows you to test an enforcer’s blocking flow while you are still in Monitor Mode.\n\nWhen the header name is set(eg. `x-px-block`) and the value is set to `1`, when there is a block response (for example from using a User-Agent header with the value of `PhantomJS/1.0`) the Monitor Mode is bypassed and full block mode is applied. If one of the conditions is missing you will stay in Monitor Mode. This is done per request.\nTo stay in Monitor Mode, set the header value to `0`.\n\nThe Header Name is configurable using the `px_bypass_monitor_header` property.\n\n**Default:** Empty\n\n```python\nconfig = {\n  ...\n  px_bypass_monitor_header: 'x-px-block',\n  ...\n}\n```\n\n## \u003ca name=\"additional_information\"\u003e\u003c/a\u003e Additional Information\n### URI Delimiters\nPerimeterX processes URI paths with general- and sub-delimiters according to RFC 3986. General delimiters (e.g., `?`, `#`) are used to separate parts of the URI. Sub-delimiters (e.g., `$`, `\u0026`) are not used to split the URI as they are considered valid characters in the URI path.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHumanSecurity%2Fperimeterx-python-3-wsgi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHumanSecurity%2Fperimeterx-python-3-wsgi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHumanSecurity%2Fperimeterx-python-3-wsgi/lists"}