Skip to content

Human Detector

Human-Detector (HD) is a Nitrogen's security module that is able to identify if the request has been made by a human or any script. It can also determine if it has been made by malicious intent based on the request-journey.
Follow these steps to configure HD on desired URLs. Typical use-cases are:

  • wishlist pages
  • cart pages
  • checkout pages

Note: For demo purpose, we will be using www.nviztest.com domain as an example. Here, we will be configuring HD on cart page.

Prerequisite

  1. You must have a domain configured on Nitrogen.
  2. For this example to work, you should have created URL pattern based condition for cart page ^/cart(\?.*)*$. If not set, you can refer this article for the same.

Steps

  1. Click on Security menu, then select Human Detector tab. Select appropriate domain from the domains dropdown.

  2. Click on Learn how to integrate HD in your website. link at top. You will be shown a popup with instruction to add HD script in your pages. Please add the script in all your pages.

  3. Click on Add New button at top right corner. You will be taken to a screen to provide a URL pattern on which HD will be configured.
    Provide the required details:

    1. URL Pattern Group: Select the pattern on which you wish to set 2FA.
      Here, for the example, select the URL pattern you had created for WordPress admin panel URLs.

    2. Mode: Select the pattern on which you wish to set 2FA.

      1. REDIRECT: Requests that fail HD check will be redirected to the home page ^/$

      2. BLOCK: Requests that fail HD check will be blocked with HTTP 403 status code. Select this for now.

      3. LOG ONLY: Requests that fail HD check are logged in system.

    3. Click on Save button. The configured pattern will be showed in Protected Routes list.

    Step

Notes

  1. These changes will only take effect when deployed. Saving them will only be saving them in draft. Please refer documentation about Deploy process for it..

  2. Once requests start flowing through HD, you can see the summary of related blocks in Human Detector chart in Analytics tab.

  3. After HD is configured, it will block the requests in following cases :

    1. If you directly open the configured page - as HD token may not be available for it at that time.
    2. If you change the device mode in browser (desktop/mobile/tablet etc) - as HD token is generated specific to device (along with many other factors) to make it non-shareable and tamper-proof.
    3. If somehow your IP changed during the session - as HD token is generated specific to IP (along with many other factors) to make it non-shareable and tamper-proof.