Set AppSec Microagent ID and Run Application

Once you have instrumented your application with the Threat Stack AppSec microagent, you must provide an agent ID to the application as an environment variable when it runs.

Note

The process of setting environment variables may vary depending on how you deploy and launch the application.

Node.js

Pass the Agent ID you created in the previous step as an environment variable to the Node application.

BLUEFYRE_AGENT_ID="YOUR_AGENT_ID_GOES_HERE" npm start

Replace Your_Agent_ID_Goes_Here with your microagent ID number.

Note

Please see Threat Stack AppSec Microagents > View Microagent ID for instructions on how to find the microagent ID number. If you have not yet created a microagent in your project, please see Threat Stack AppSec Microagents > Create Microagents.

Python

If running a Django application in production, use the appropriate WSGI server startup command. For example, if using gunicorn:

  • gunicorn
    BLUEFYRE_AGENT_ID="YOUR_AGENT_ID_GOES_HERE" bluefyrectl execProgram gunicorn web_project.wsgi -b :5001
  • gunicorn with a different worker class thread, such as gevent and three workers:
    BLUEFYRE_AGENT_ID="YOUR_AGENT_ID_GOES_HERE" bluefyrectl execProgram gunicorn --worker-class=gevent --worker-connections=1000 --workers=3 web_project.wsgi 0.0.0.0:5000

Replace Your_Agent_ID_Goes_Here with your microagent ID number.

Note

Please see Threat Stack AppSec Microagents > View Microagent ID for instructions on how to find the microagent ID number. If you have not yet created a microagent in your project, please see Threat Stack AppSec Microagents > Create Microagents.

Ruby

Use the following command to start your application using the agent ID you created:

THREATSTACK_AGENT_ID="YOUR_AGENT_ID_GOES_HERE" bundle exec rails s -b '[IP]' -p [port_number]

Replace Your_Agent_ID_Goes_Here with your microagent ID number.

Note

Please see Threat Stack AppSec Microagents > View Microagent ID for instructions on how to find the microagent ID number. If you have not yet created a microagent in your project, please see Threat Stack AppSec Microagents > Create Microagents.

Other Optional Arguments

In addition to specifying Agent ID as an environment variable when running your application, you can also set other variables to further control the behavior of AppSec monitoring:

  • To automatically block detected SQL injection attacks:
    • For Python and Node
      BLUEFYRE_BLOCK_SQLI=true
    • For Ruby
      THREATSTACK_BLOCK_SQLI=true
  • To automatically block cross-site scripting attacks:
    • For Python and Node
      BLUEFYRE_BLOCK_XSS=true
    • For Ruby
      THREATSTACK_BLOCK_XSS=true
  • To exclude specific fields from scanning, such as sensitive fields like Social Security Numbers, payment card information, and so on:
    • For Python and Node only
      BLUEFYRE_DROP_FIELDS ="list of fields"

      Replace list of fields with field names.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request