IP Address Reputation is a serverless integration available at Azion Marketplace.
This integration uses a reputation score for a given IP address, provided by IPQualityScore. The score is based on several factors, including whether the IP address was used for spamming or other malicious activity, how often the IP address was reported as suspicious or fraudulent, and other informations.
A higher score indicates the IP address has a better reputation and is less likely to be used maliciously. On the other hand, a lower score indicates that the IP address is more likely to be used for malicious activity and should be used with caution.
Getting the integrationSection titled Getting the integration
To install the IP Address Reputation integration provided by Azion Marketplace, follow these steps:
- Access Real-Time Manager (RTM) > Marketplace.
- On the Marketplace homepage, select the integration’s card.
- Once the integration’s page opens, click the Get It Now button, at the bottom-right corner of the page.
You’ll see a message indicating that your integration was successfully installed.
Getting the API Key at IPQualityScoreSection titled Getting the API Key at IPQualityScore
To use the IP Address Reputation, you’ll have to obtain the API key at IPQualityScore. To do so, follow these steps:
- Create an account at IPQualityScore.
- Wait for the email with your personal information.
- In the email, you’ll receive your API key. You’ll need this information to configure your Azion integration later.
Configuring the integrationSection titled Configuring the integration
Setting up the Edge Firewall ruleSection titled Setting up the Edge Firewall rule
To start the configuration of the IP Address Reputation integration, follow these steps:
- On the Products menu, select Edge Firewall in the SECURE section.
- Click the Add Rule Set button.
- Give an easy-to-remember name to your new rule.
- Select the domains you want to protect with the function.
- Click the Edge Functions switch to enable functions.
- Click the Save button.
Done. Now you’ve instantiated the rule for your function.
Setting up the Edge Firewall functionSection titled Setting up the Edge Firewall function
To instantiate the IP Address Reputation integration, while still on the Edge Firewall page, select the Functions tab and follow these steps:
- Click the Add Function button.
- Give an easy-to-remember name to your instance.
- On the dropdown menu, select the IP Address Reputation function.
- This action will load the function, showing a form with the function’s source code and, just above it, two tabs: Code and Args. By clicking on the Code tab, you’ll be able to navigate through the source code, but won’t be able to change it.
- In the Args tab, you’ll pass the keys you get on the IPQualityScore site and your variables. The
JSONwill look like this:
To run the integration, the only parameter you’ll need to configure is the
api_key, passing the API key you’ve received by email from IPQualityScore.
The other fields are:
allow_public_access_points: allows public connections. This is a boolean field, with the default value of
fast: enables a fast check. When you enable this parameter, your API won’t do some forensic checks. This is a boolean field, with the default value of
strictness: fraud scoring, higher values (above 2) have more chance to return false positives. This is an integer field, with the default value of 0. Use the range
lighter_penalties: lowers the score for proxy IP addresses, preventing false positives. This is a boolean field, with the default value of
user_language: the user header language. This is a string field with no default value.
transaction_strictness: adjusts penalty weights for irregularities and fraud patterns detected on order and transaction details optionally provided with each API request. This feature is only useful when providing order and transaction details. This is an integer field with no default value.
Some other parameters, that aren’t in the
JSON example provided in the Args box, could be used, including:
when_score_above: sets a score threshold. Whenever the IPQS Risk Score exceeds this threshold, the function will perform the action defined by the
executeargument. If the value isn’t set, then no action will be taken by the function. This is an integer field with no default value.
execute: the action that will be performed when the
when_score_abovethreshold was surpassed. This is a string field with three possible values:
add_header. There’s no default value.
get_data_from: determines if the IP will be retrieved from a query string request from the header or the body. If the value is
remote_addr, the value that will be extracted is:
ngx.var.remote_addr. This is a string field with four possible values:
header. The default value is
data_name: identify the field or argument from when the IPQS function will extract the IP to validate. This is only used when the parameter
search_inis different from the parameter
remote_addr. This is a string field, with the default value of
Setting up the Edge Firewall Rules EngineSection titled Setting up the Edge Firewall Rules Engine
To finish, you have to set up the Rules Engine to configure the criteria and the behavior to run the function.
Still on the Edge Firewall page, select the Rules Engine tab and follow these steps:
- Click the New Rule button.
- Give a name to the rule.
- Select a criteria to run and catch the domain you want to run the integration on. Example:
if Hostname is equal xxxxxxxxxxxx.map.azionedge.net.
- Below, select a behavior to the criteria. In this case, it’ll be Run Function.
- Select the adequate IP Address Reputation function according to the name you gave it in the instantiation step.
- Click the Save button.
Done. Now the IP Address Reputation integration is running for every request made to the domain you indicated.
ImportantSection titled Important
For each field present in the results, the integration will add a request header with the prefix
IPQS. For example, if the request has an
ASN field, the header will have an
IPQS-ASN with the same value added to the header. You can also use this information to create and manage your decisions in the Rules Engine. You can check the full list of fields.
It’s a good practice to create an edge application rule redirecting your request to another URL/Origin whenever the risk score is greater than 85. If you want or need it, you can follow the usage of your API key through the IPQualityScore dashboard. Every request to your edge firewall will count as a new request for IP address lookup.