Blogs

APIsec Endpoint will only be available under the policy section if Automatic Integration is enabled before the endpoint is discovered and baselined. If Automatic Integration is enabled after endpoint is discovered and baselined, then endpoint will not be visible under the policy section and therefore the endpoint will not be protected by APIsec security policy. How to make APIsec endpoint appear in APIsec policy section. Disable the Automatic Integration and Save the configuration. Then enable the Automatic Integration and Save the configuration. After above steps, you should see the endpoint under APIsec policy and therefore it is ...

APIsec Endpoints will get only discovered when all the below conditions are met In the API response, http status code should be between 2xx and 3xx. If http status code contains 1xx, 4xx or 5xx, then APIsec endpoints will not be discovered. If the Response body or Content-length of API response is <10000 bytes. Currently this is hard coded limit and cant be changed If Content-type indicates that response is an API response. Content-type for valid API response would be application/json, application/xml When all the above 3 conditions are matched, only then the API endpoints will be discovered. If API call satisfy all the above 3 criteria and ...

In some scenario customer might see custom certificate when they access their site, even when the custom certificate is not active for the site . Reason being the Imperva proxy first checks to see if a custom certificate was uploaded to the specific site. If one is not found, the proxy looks at other sites in the same account. If the proxy identifies a certificate uploaded to another site in same account that has a SAN corresponding to the site , then that custom certificate is used. However the above behavior is different for the websites onboarded to Imperva after October 20, 2021 , the proxy now selects a certificate in this order: The website's ...