Implementation
Monocle can be implemented at different levels depending on how you want to use the data. Each level provides value, from traffic visibility through to automated enforcement.
Monocle Implementation States
| State | Description |
|---|---|
| Visibility | Monocle enriches sessions to provide insight into traffic patterns, including anonymous sessions, infrastructure type, VPN/proxy usage, and geo intelligence. |
| Policy | Monocle evaluates sessions against configured rules and returns a decision: Allow or Block. |
| Enforcement | Policy decisions are used to drive an action, such as blocking or challenging a session. |
These states represent a progression from understanding traffic, to evaluating it, to taking action.
Visibility
Visibility is the starting point for most Monocle deployments.
Monocle generates encrypted assessments for each session, providing insight into:
- VPN usage
- Proxy detection
- Anonymous session status
- Infrastructure type
- Geographic signals
- Additional connection context
At this stage, Monocle provides insight only. No action is required.
Policy
The Policy layer introduces decision-making.
Monocle evaluates sessions against configured policy criteria and returns a simple outcome:
- Allow
- Block
This allows you to understand how traffic would be affected without needing to build your own decision logic directly against assessment fields.
Decision Approaches
You can apply logic in two ways:
| Approach | Description |
|---|---|
| Raw Assessment | Decrypt and evaluate assessment fields directly |
| Policy API | Use Monocle to evaluate traffic and return a decision |
Raw Assessment
You evaluate fields directly in your application.
Example conditions:
vpn = trueproxied = trueanon = true
This approach gives full control over how traffic is interpreted.
Policy API
Monocle evaluates sessions against configured rules and returns a decision:
- Allow
- Block
This simplifies decision-making and keeps policy configuration centralized.
Enforcement
Enforcement is the process of acting on a Policy decision.
Monocle does not enforce decisions by default.
In most implementations, your system is responsible for applying the action.
Common enforcement examples include:
- Blocking sessions that receive a Block decision
- Triggering additional verification for high-risk traffic
- Using decisions as input into broader security systems
Where Enforcement Happens
| Location | Description |
|---|---|
| Backend | Application logic or APIs enforce decisions |
| Middleware / Gateway | Enforcement at the request processing layer |
| Edge (e.g. Cloudflare) | Enforcement before traffic reaches your application |
Cloudflare Enforcement
Cloudflare enables enforcement directly at the edge via our no-code Cloudflare worker integration.
Typical flow:
- Traffic reaches your domain
- Monocle evaluates the session
- Policy is applied
- A Block or Allow decision is returned
- Cloudflare applies the configured response
This allows enforcement before traffic reaches your application.
What Monocle Does and Does Not Do
| Capability | Monocle |
|---|---|
| Identify anonymized traffic (VPNs, proxies, datacenters) | ✓ |
| Generate session-level assessments | ✓ |
| Provide traffic visibility and insights | ✓ |
| Evaluate traffic using policies | ✓ |
| Return decisions (Allow / Block) | ✓ |
| Enforce decisions by default | ✕ |
| Replace your application logic | ✕ |
| Enforce decisions without integration | ✕ |
Moving from Visibility to Enforcement
Most implementations follow this progression:
- Use Visibility to understand traffic patterns
- Configure a Policy
- Review which sessions would be blocked
- Decide where enforcement should happen
- Implement Enforcement in your system or at the edge
This allows you to move from insight → decision → action in a controlled and measurable way.