This is a crisp and precise integration guide that will facilitate the integration of ShieldSquare - Real-time Bot Management Solution for Web Apps, Mobile & APIs at the application level using our Django SDK. Please login and download the connectors from here
Django version <= 2.0.1 Python version <= 3.4.5 Pycurl version <= 7.43.0
If you face the below issue while installing pycurl,
Please run the below Commands:
Integrating ShieldSquare in Monitor Mode
ShieldSquare integration in the monitor mode is divided into 3 simple steps
- Integrate the Code
- Verify Integration
- Move changes to production
Integrate the Code
On integrating the code, the SDK will start making API calls to ShieldSquare solution and the response received is in the form of a response code. The response code directly indicates the action to be taken based on the incoming request. All API calls made to ShieldSquare, (in monitor mode) by default would be asynchronous in nature, based on the compatibility of the website platform. In case your website platform does not support asynchronous calls, please reach out to support for further assistance.
Please follow the below outlined steps to integrate the code in Monitor Mode:
- Set the configuration file
- Integrating the API call to the code
- Integrating the JS call to the code
1. Set the configuration file:
Open the ss2_config.py file and replace the sid parameter with your Sandbox ID. Refer the below snapshot
Replace the ss2_domain in the ss2_config.py file parameter with the ShieldSquare endpoint nearest to your server. Refer the below snapshot.
Example :If your server is located in the US, config.ss2_domain = 'ss_scus.shieldsquare.net';
In order to understand the function and use of each of the parameters listed in the ss2_config.rb file, refer the below table.
This holds the subscriber id of the user, and can be obtained by clicking on the Subscriber id details link on the dashboard. Choose Sandbox Id as you are integrating for the very first time
|mode||Sets the mode of the operation depending on the mode of activation. Set value to ‘Monitor’ in this case.||String||Yes|
|timeout_value||This parameter indicates the time limit after which an API call has to be timed out. No synchronous API call would block for more than the value specified to this parameter.|
Important Note:To know optimum value to be set as timeout, run this jar file on your server and note the value. Refer to the guide for detailed steps to achieve the same.Download the ‘jar’ file. The jar may take about 15 minutes to run before it gives an output.
|Numeric value (measured in milliseconds)||Yes|
|ipaddress||This is set to the HTTP header which indicates the IP address of the user. The default value is “auto”.||String||Yes|
|ss2_domain||Select the ShieldSquare server closest to the website’s server and assign it to the _ss2_domain property. Available options are:|
Quick Tip:To help you find out our nearest servers use this Jar file.For other locations, refer this Link. For further assistance, please reach us at firstname.lastname@example.org
|domain_ttl||This parameter indicates the time after which _domain_cache_file is reloaded. The default time is 3600 seconds |
Important Note: To disable the caching feature, set the value as -1
|Numeric value (measured in seconds)||No|
Set this parameter as True if you want to enable logging.
|ip_index||Set the position of valid IP in this parameter.||Integer||Yes|
|other_headers||Set this parameter as True if you want to send other headers.|
Note: By default this parameter is set as False
|_deployment_number||Identifier denoting different families of configuration settings in your servers||String||Yes|
|content_filter||Set as True if static content filtering is required for extensions mentioned in the 'content_type_list' parameter.||Boolean||Yes|
|content_type_list||Append the static resource extensions that have to be filtered to avoid API calls to ShieldSquare server. Separate each resource extension with “,” operator. All the content types added to this list are not processed by ShieldSquare module.||String||Yes|
|ss_captcha_enabled||This parameter is used to enable ShieldSquare CAPTCHA service. In monitor mode, value of this parameter should be False.||Boolean||Yes|
|ss_block_enabled||This parameter is used to enable ShieldSquare block service. In monitor mode, value of this parameter should be False.||Boolean||Yes|
|support_email||Set your support e-mail ID to display in ShieldSquare CAPTCHA and block page. Default support mail is: email@example.com||String||Yes|
|skip_qp||This parameter indicates ShieldSquare's Block/CAPTCHA Page template is used. Default value is 'False'. If you use your own CAPTCHA/Block page, ShieldSquare suggests to set this parameter value to 'True'.||Boolean||Yes|
|redirect_domain||If you want to use your own domain for CAPTCHA/Block page, change the configured default domain as below. |
redirect_domain = '< Your CAPTCHA/Block domain >'
2. Integrate the API call to your code:
Add ShieldSquare middleware in your application middleware's list
Once the code is inserted, the validate request function ( highlighted in the above code) takes the userid, call type, pid as inputs to process requests. Each of the parameters of the validate request function are defined below:
|UserId||Set the user-name/user-id of the logged-in visitors to shieldsquare_userid.|
The value of shieldsquare_calltype determines the type of the call and can have the below values:
1 - Set the value as 1 for this parameter when the current request is of type Page Load.
Uniquely identifies a request.
Possible response codes are:
|0||This indicates that the request should be allowed.This is the default response for monitor mode.|
|-1||Indicates that the ShieldSquare service is facing issues . The request should be allowed in case this response code is received. For eg. this response code will be returned in case a timeout occurs.|
A response code of -1 is usually received when a server timeout occurs.
3. Integrate the JS Tag to your code:
- Go to 'Download Connectors' page and switch to 'JS Tag' tab to find your customized JS.
- Integrate the JS in the starting of head section of web pages protected by ShieldSquare to ensure JS Tag executes immediately after the page loads. This will facilitate ShieldSquare to catch sophisticated bots.
Both the aforementioned code snippets (API & JS) need to be executed from the every page of the website. It is therefore mandatory to include both the snippets in the common header file.
Visit the verify integration page in the ShieldSquare Admin Portal and green check marks for "API Data - IP Details" & "API Data - Session Details" will indicate the successful integration of ShieldSquare with your website. A minimum of 5 requests have to be made from the same machine using the same browser for the check marks to appear as an indication to the status of integration. In the event of a Red check mark, it indicates that a particular step might have been executed incorrectly.
The verification will only be successful when the Sandbox ID is assigned in the ss2_config.py file. Post successful verification, it is strongly recommended that you share the ss2_config.py file with ShieldSquare Support
ShieldSquare Customer Onboarding team will verify and validate the configurations typically within 24 hours. This will ensure that the production site’s performance is not affected due to a wrong configuration set in the process of integration.
Move changes to Production
In order to move changes to production replace _sid parameter ( in the ss2_config file) with the Production ID. It takes about 2-3 hours for the production data to reflect in the ShieldSquare Dashboard. Refer the below snapshot:
The ShieldSquare Dashboard will not populate data if the Sandbox ID is used.
Please send an email to firstname.lastname@example.org confirming the changes moved to production. ShieldSquare support team will verify the correctness of data received by the ShieldSquare servers.
A dedicated data scientist will be assigned to your website to analyze site specific bot patterns. Any fine tuning required for bot classification rules specific to your site will be taken care of.
Within 24 hours of successful replication of changes in the production, ShieldSquare Dashboard will be released, enabling exhaustive insights on bot traffic.