How to install the IP Address Reputation integration through Azion Marketplace

IP Address Reputation is a serverless integration available at Azion Marketplace.

This integration uses a reputation score for a given IP address, provided by IPQualityScore. The score is based on several factors, including whether the IP address was used for spamming or other malicious activity, how often the IP address was reported as suspicious or fraudulent, and other informations.

A higher score indicates the IP address has a better reputation and is less likely to be used maliciously. On the other hand, a lower score indicates that the IP address is more likely to be used for malicious activity and should be used with caution.


To install the IP Address Reputation integration provided by Azion Marketplace, follow these steps:

  1. Access Real-Time Manager (RTM) > Marketplace.
  2. On the Marketplace homepage, select the integration’s card.
  3. Once the integration’s page opens, click the Get It Now button, at the bottom-right corner of the page.

You’ll see a message indicating that your integration was successfully installed.


Getting the API Key at IPQualityScore

Section titled Getting the API Key at IPQualityScore

To use the IP Address Reputation, you’ll have to obtain the API key at IPQualityScore. To do so, follow these steps:

  1. Create an account at IPQualityScore.
  2. Wait for the email with your personal information.
    • In the email, you’ll receive your API key. You’ll need this information to configure your Azion integration later.

Setting up the Edge Firewall rule

Section titled Setting up the Edge Firewall rule

To start the configuration of the IP Address Reputation integration, follow these steps:

  1. On the Products menu, select Edge Firewall in the SECURE section.
  2. Click the Add Rule Set button.
  3. Give an easy-to-remember name to your new rule.
  4. Select the domains you want to protect with the function.
  5. Click the Edge Functions switch to enable functions.
  6. Click the Save button.

Done. Now you’ve instantiated the rule for your function.


Setting up the Edge Firewall function

Section titled Setting up the Edge Firewall function

To instantiate the IP Address Reputation integration, while still on the Edge Firewall page, select the Functions tab and follow these steps:

  1. Click the Add Function button.
  2. Give an easy-to-remember name to your instance.
  3. On the dropdown menu, select the IP Address Reputation function.
  • This action will load the function, showing a form with the function’s source code and, just above it, two tabs: Code and Args. By clicking on the Code tab, you’ll be able to navigate through the source code, but won’t be able to change it.
  1. In the Args tab, you’ll pass the keys you get on the IPQualityScore site and your variables. The JSON will look like this:
{
"api_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXX",
"allow_public_access_points": true,
"fast": true,
"strictness": 0,
"lighter_penalties": true,
"user_language": "en-US",
"transaction_strictness": 0
}

To run the integration, the only parameter you’ll need to configure is the api_key, passing the API key you’ve received by email from IPQualityScore.

The other fields are:

  • allow_public_access_points: allows public connections. This is a boolean field, with the default value of true.
  • fast: enables a fast check. When you enable this parameter, your API won’t do some forensic checks. This is a boolean field, with the default value of true.
  • strictness: fraud scoring, higher values (above 2) have more chance to return false positives. This is an integer field, with the default value of 0. Use the range 0-3 for this.
  • lighter_penalties: lowers the score for proxy IP addresses, preventing false positives. This is a boolean field, with the default value of true.
  • user_language: the user header language. This is a string field with no default value.
  • transaction_strictness: adjusts penalty weights for irregularities and fraud patterns detected on order and transaction details optionally provided with each API request. This feature is only useful when providing order and transaction details. This is an integer field with no default value.

Some other parameters, that aren’t in the JSON example provided in the Args box, could be used, including:

  • when_score_above: sets a score threshold. Whenever the IPQS Risk Score exceeds this threshold, the function will perform the action defined by the execute argument. If the value isn’t set, then no action will be taken by the function. This is an integer field with no default value.
  • execute: the action that will be performed when the when_score_above threshold was surpassed. This is a string field with three possible values: deny, drop, and add_header. There’s no default value.
  • get_data_from: determines if the IP will be retrieved from a query string request from the header or the body. If the value is remote_addr, the value that will be extracted is: ngx.var.remote_addr. This is a string field with four possible values: remote_addr, querystring, body, and header. The default value is remote_addr.
  • data_name: identify the field or argument from when the IPQS function will extract the IP to validate. This is only used when the parameter search_in is different from the parameter remote_addr. This is a string field, with the default value of X-Forwarded-For.

Setting up the Edge Firewall Rules Engine

Section titled Setting up the Edge Firewall Rules Engine

To finish, you have to set up the Rules Engine to configure the criteria and the behavior to run the function.

Still on the Edge Firewall page, select the Rules Engine tab and follow these steps:

  1. Click the New Rule button.
  2. Give a name to the rule.
  3. Select a criteria to run and catch the domain you want to run the integration on. Example: if Hostname is equal xxxxxxxxxxxx.map.azionedge.net.
  4. Below, select a behavior to the criteria. In this case, it’ll be Run Function.
    • Select the adequate IP Address Reputation function according to the name you gave it in the instantiation step.
  5. Click the Save button.

Done. Now the IP Address Reputation integration is running for every request made to the domain you indicated.


For each field present in the results, the integration will add a request header with the prefix IPQS. For example, if the request has an ASN field, the header will have an IPQS-ASN with the same value added to the header. You can also use this information to create and manage your decisions in the Rules Engine. You can check the full list of fields.

It’s a good practice to create an edge application rule redirecting your request to another URL/Origin whenever the risk score is greater than 85. If you want or need it, you can follow the usage of your API key through the IPQualityScore dashboard. Every request to your edge firewall will count as a new request for IP address lookup.


Contributors