Imperva Cyber Community

Expand all | Collapse all

Masking the Alias IP on Imperva from Outside Scan

  • 1.  Masking the Alias IP on Imperva from Outside Scan

    Posted 02-24-2020 08:27

    Is it possible to mask the VIP (Alias IP) from the Imperva WAF to the External Users/Scanners/attackers ?

    rg
    Karthik
    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Karthik Narayanan
    Gulfit Network
    Dubai
    ------------------------------


  • 2.  RE: Masking the Alias IP on Imperva from Outside Scan

    Imperva Employee
    Posted 02-24-2020 13:23
    Hi Karthik,

    Can you provide a little more information?  If you are using your WAF onsite, you will need to expose some IP address to someone- either the public or a proxy/load balancer in the cloud.  (FYI, this is what our CloudWAF product does - users connect to the CloudWAF, which proxies the connection to you, so no one ever has to see your actual IP address.  All the scans and other garbage gets stopped by us before it ever gets to your site.)  

    For WAF onsite, depending on your configuration, you either have the WAF sniffing the connection to the server (so the IP address of the WAF is hidden), or you have the WAF terminating the connection (so the IP of the WAF is known, but the IP of the server behind it is "hidden").  Either way, without CloudWAF, you have to have some IP address known to the public.

    Jim

    ------------------------------
    Jim Burtoft
    Imperva
    PA
    ------------------------------