Skip to content

Human-Detector (HD): Configuration Guide

Typical Use-Cases

  • Account Pages
  • Cart Pages
  • Checkout Pages
  • Other sensitive Pages/APIs

Prerequisites

  • A domain must be configured on Nitrogen.
  • Website or mobile app must integrate the HD script or token-fetching step.
  • URL pattern must be set for the desired pages (e.g., ^/cart(\?.)$).

Configuration Steps

  • Go to the Security menu and select the Human Detector tab.
  • Choose the domain from the dropdown list.
  • Click Add New to set up a new HD rule.
  • Provide the required details:
  • URL Pattern Group: Select the relevant pattern (e.g., /cart)

  • Mode: LOG ONLY (for this example) — requests will only be logged for failed HD checks.

    1. REDIRECT: Requests that fail HD check will be redirected to the home page ^/$

    2. BLOCK: Requests that fail HD check will be blocked with HTTP 403 status code.

    3. LOG ONLY: Requests that fail HD check are logged in system.

  • Click Save. The configuration will now appear in the Protected Routes list.

Step

Note: These rules must be deployed to take effect. Please refer documentation about Deploy process for it..

Post-Configuration

Once requests start routing through HD, you can monitor them via the Human Detector chart in the Analytics tab.

When Requests Are Blocked?

If the user does not access the desired endpoint through the intended journey, the request will be blocked.

Additional Notes

It is recommended to identify a specific set of requests that pose a higher security risk and add them to the Human Detector monitoring list. For the most effective use, it is advisable to connect with the Nitrogen team, as other requests might be adequately managed by existing security measures like Web Application Firewalls (WAF), rate-limits, or Two-Factor Authentication (2FA)