Use the Cloud WAF CLI to Optimize Complex Workflows, Part One

By Joe Moore posted 15 days ago

  
Save time on tedious, repetitive tasks using the Cloud WAF command line.

The Imperva Cloud WAF interface is intuitive and easy to use. As great as this is, it can make some tasks more tedious and time-consuming than they need to be.


Graphical user interfaces usually have to sacrifice some power and efficiency for the sake of user-friendliness. Point-and-click functionality is great when familiarizing yourself with a brand-new software application, but eventually it can get in the way of productivity.


Let’s say you have hundreds of files to configure in a specific sequence. With a graphical user interface, you would have to point and click on every single file in order to finish the task. Using a command line interface, you could write a snippet of code and get it done in mere seconds.


That is the bottom-line value that the Cloud WAF CLI offers to users. Let’s look at some specific ways this powerful Imperva or Open-Source, available on GitHub tool makes it easier for users to configure security policies in bulk and automate repetitive tasks.

How to Set Up Imperva Cloud WAF CLI for Site Configuration

One of the first things that most users will want to automate using the Imperva Cloud WAF CLI is site configuration. In order for the Cloud WAF system to recognize CLI commands as valid, you will have to create an API profile with permission to create and modify site configuration files.


This can be done using one simple command:

incap config api_id api_key account_id


Or you can add multiple profiles for managing different account by adding the --profile parameter:

incap config api_id api_key account_id --profile=dev


This creates a set of API-based account users. All of your API commands are going to go through these user accounts.

You can introduce a new site to the system using a single command instead of spending time clicking through the Imperva Cloud WAF user interface:

incap site add [domain] --profile api-create


Upon successful execution, the site will be created and the command line interface will show the configuration details of the newly created site. You will see the site, domain, active status, and DNS information on-screen. You’ll also see the following configuration values drawn from the Imperva Cloud WAF system:

  • SQL Injection alert status
  • Cross Site Scripting status
  • Illegal Resource Access status
  • Bot Access Control status
  • DDoS setting status
  • Backdoor Protect status
  • Remote File Inclusion status
  • IncapRules status
  • API Specification Violation status
  • Account Takeover status
  • Advanced Bot Protection status
  • SSL certificate information
  • Origin server information

All of these values can be configured directly through the command line. You can also upload and approve custom SSL certificates through this tool.

Watch: Commanding Cloud WAF with Cloud WAF - CLI Webinar

Uploading a Custom Certificate through the Cloud WAF CLI

Upon creating a new site, you may see that the site reports it has detected SSL even if you haven’t uploaded a custom certificate yet. This can happen if the site status is still pending approval.

You can use the command line to upload a local custom certificate directly. Use the following command:

incap site upcert --private_key=[yourkey.txt] [yourcertificate.txt] [site_id]


Since you have just created the new site through the command line, your site ID will be located just above the area where you are inputting these new commands. Upon successful upload, the command line will show you the site’s new certificate details, telling you whether the certificate is active, when it expires, and more.

You can verify this information by running the incap site status [site_id] command and looking at the new SSL information section. You should see it reflect the new certificate upload and show the same information.


Tests and Debugging In the Cloud WAF CLI

One of the optional arguments that you can run in the Cloud WAF API is TESTS. Users can test domain validation, HTTP and HTTPS services, and DNS status. 

Example: Incap site status [site_id] --tests=dns

If you are familiar with JSON, you can even check the raw data using the --log=debug optional argument with every command. This allows users to look at every transaction going through the API. The tool will even output the raw request as a cURl request. This allows command-line users to copy and paste cURL statements to show examples of specific requests easily.

Configuring Multiple Sites Simultaneously

One of the most powerful features of the Cloud WAF CLI is the fact that it allows users to create and configure multiple sites simultaneously. There is no hardcoded limit on the number of sites that users can create.

You can quickly find out how many websites are enabled on your user account using the following command:

incap account subscription


The CLI tool can generate significant improvements in time-efficiency when working with organizations that need to create and test sites quickly. The automation-friendly nature of the CLI environment makes creating multiple sites from a text file as fast as creating a single one in the UI.

Example: while read -r site; do incap site add $site; done < sites.txt


From the resulting list, you can begin adding rules and configuring policies for all of the displayed websites at once. Since the list provides you with specific site IDs for each subdomain searched for, users can simply add as many site IDs as necessary to any configuration command they wish to input.

for site in $(incap site list | grep [your_domain] | grep pending | awk -F '|' '{print $4}'); do incap site add_incaprule --name='Block Untrusted Requests' --filter='ClientIP != 8.8.8.8' --action=RULE_ACTION_BLOCK  $site; done

Learn More with Imperva Community 

The Imperva Community is a great place to learn more about how to use Imperva cyber security technologies like Cloud WAFAdvanced Bot Protection, DDoS Protection, and more to establish efficient, secure processes for enterprise networks. Rely on the expertise of Imperva partners, customers and technical experts. 

 



#CloudWAF(formerlyIncapsula)
0 comments
894 views

Permalink