Hi Sudarta,
I mostly deployed Imperva WAF in IMPHA Bridge mode (because it requires almost no topology changes) so my sharing will be based on this mode. But, you can choose different mode according to your need and you can find required information from docs.imperva.com portal about deployment options and HA modes.
I will share my opinion regarding to Imperva Menus;
* Discovery
- Schedule Web Service Discovery scan weekly for detecting new web services on your network. You can populate "Site Tree" with the Discovered Servers results if you want.
* Setup -> Sites
- Define your authorized scanner (Netsparker, Nessus, etc.) tools' IP addresses as Ignore IP Group under "Source Restriction" setting of related server group.
- Change Character Set option under Web Service regarding to your web service charset.
- Configure Error Page setting to return 404 status code instead of "200 OK".
- Define Data Masking Group for headers, parameters and cookies to mask sensitive data on Imperva GUI.
- If Imperva is between a reverse proxy/load balancer and web application, set XFF header on reverse proxy/load balancer and define this header on Forwarded Connections settings on Imperva WAF.
- If you see unsupported ciphers alerts, configure Transparent Reverse Proxy on Imperva WAF.
- If you host more than one web application on same server, define web applications under related HTTP service and map it on Applications tab of HTTP service to profile different applications under different profile settings.
- On each Web Application, set "URL Learning settings" as "Only URLs with parameters"
* Setup -> Gateways
- Define Fail Mode as "Fail Open" under Topology Configuration of related gateway group to bypass traffic through GW if GW malfunctions.
* Risk Management - Web Scanner Integration
- Integrate with Web Scanner Tool so you can use virtaul patching.
* Policies -> Security
- Define suitable followed actions for critical policies.
* Policies -> System Events
- Define suitable followed actions for critical system events to be able to be aware when they triggered.
* Reports -> Manage Reports
- Modify pre-defined reports according to your organisation's needs and schedule to send them to related teams.
------------------------------
cezmi çal
technical expert
Barikat Cyber Security
------------------------------
Original Message:
Sent: 10-30-2019 21:32
From: Sudarta Sudarta
Subject: Imperva WAF Deployment
Hi All,
Anyone can share on premise waf best practice?
From installation, monitoring until blocking.
Thanks
Sudarta
#On-PremisesWAF(formerlySecuresphere)