Centinel AnalyticaCentinel Analytica
Platforms

Cloudflare Workers

Deploy Centinel Analytica on your website via the Cloudflare Workers dashboard.

Overview

This guide covers the console workflow for installing the Centinel Worker as a standalone file. The worker deploys globally in 2-3 minutes.

Have an existing worker?

If you already have a Cloudflare Worker and want to add Centinel to it, use the npm package instead.

Prerequisites

  • Centinel secret key (for validator API)
  • Cloudflare account with a website added
  • Access to the Cloudflare dashboard
Prepare the script
  1. Download or copy centinel-worker.js.
  2. Keep your CENTINEL_SECRET_KEY ready (you'll add it as an environment variable later).
Create the worker
  1. Log into your Cloudflare dashboard.
  2. Go to Workers & Pages → Create application → Create Worker.
  3. Name your worker (e.g. centinel-protection).
  4. Click Deploy to create the worker with default code.
Upload the script
  1. In the worker overview, click Quick Edit (or go to Edit code).
  2. Delete all the default code.
  3. Paste the entire contents of centinel-worker.js.
  4. Click Save and Deploy.
Configure environment variables
  1. Go to Settings → Variables.
  2. Under Environment Variables, add:
    • Variable name: CENTINEL_SECRET_KEY
    • Value: your-secret-key
    • Type: Encrypt (recommended)
  3. (Optional) Add CENTINEL_VALIDATOR_URL if using a custom validator endpoint.
  4. Click Save and Deploy.
Add a route to your domain
  1. Go to Triggers → Add route.
  2. Enter your route pattern (e.g. example.com/* or *.example.com/*).
  3. Select your zone/domain from the dropdown.
  4. Click Add route.
Verify deployment
  • Visit your site to confirm traffic flows normally.
  • Test that requests to protected paths are validated by the Centinel API.
  • Monitor worker logs by clicking Logs → Begin log stream in your worker dashboard.
  • Look for entries with "service": "CentinelAnalytica" to verify the worker is running.

Advanced configuration

Edit the activateCentinel() call at the bottom of the script (around line 580):

export default {
    async fetch(request, env, ctx) {
        const handler = activateCentinel(undefined, {
            // Protect only specific paths (optional)
            protectedPathsInclusion: /\/(api|admin|checkout)\//,

            // Exclude static assets (already excluded by default)
            protectedPathsExclusion: /\.(js|css|png|jpg|svg)$/,

            // Custom validator URL (optional)
            validatorURL: 'https://custom-validator.example.com/validate',

            // Increase API timeout in milliseconds (default: 300ms)
            timeout: 500,

            // Enable debug logging (default: false)
            enableDebugging: false,
        });
        return handler.fetch(request, env, ctx);
    },
};

For permanent changes, edit the variables at the top of the script (lines 26-27):

/**
 * Path regex patterns for protection
 */
let CENTINEL_PROTECTED_PATHS_INCLUSION = null;  // null = protect all paths
let CENTINEL_PROTECTED_PATHS_EXCLUSION = /\.(avi|avif|bmp|css|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|json|less|map|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|otf|png|svg|svgz|swf|ttf|wav|webm|webp|woff|woff2|xml|zip)$/i;

Examples:

// Protect only API and admin paths
let CENTINEL_PROTECTED_PATHS_INCLUSION = /\/(api|admin)\//;

// Add more file extensions to exclusion
let CENTINEL_PROTECTED_PATHS_EXCLUSION = /\.(js|css|png|jpg|svg|ico|woff|woff2|ttf)$/i;

After making changes, click Save and Deploy.

Using Wrangler CLI (alternative)

For command-line deployment:

# Install Wrangler
npm install -g wrangler

# Authenticate
wrangler login

# Set secret
wrangler secret put CENTINEL_SECRET_KEY

# Deploy
wrangler deploy centinel-worker.js --name centinel-protection

# Add route
wrangler route add "example.com/*" centinel-protection

Monitoring and logs

  • Real-time logs: Workers dashboard → Your worker → Logs → Begin log stream
  • Analytics: Workers dashboard → Your worker → Analytics
  • Debugging: Set enableDebugging: true in configuration options for detailed logging

Changelog

  • 1.2.0 — Security hardening, smarter backoff, and edge case fixes.

v1.1.2

  • Response headers from /validate are now applied to all outgoing responses (block, redirect, and allow). Headers like Content-Type are no longer hardcoded — they come from the validator.
  • Validator API requests now include a User-Agent header identifying the integration name and version.
  • 1.2 - Better timeout handling.
  • 1.1 - Better error handling.
  • 1.0 - Initial release.

Cloudflare Workers (npm)

Add Centinel bot detection to an existing Cloudflare Worker using the npm package.

Drupal 7

Add Centinel Analytica to your Drupal 7 website.

On this page

Advanced configurationUsing Wrangler CLI (alternative)Monitoring and logsChangelogv1.1.2