Imperva Cyber Community

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------

@Shantanu Chaurasia I haven't forgot about you. I have reached out to @Abhishek Gupta and some others to see if they can help. Stay tuned.  ​​

------------------------------
Christopher Detzel
Community Manager
Imperva
------------------------------

Original Message:
Sent: 08-06-2020 16:37
From: Shantanu Chaurasia
Subject: How to check if IP is protected

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------

Hi @Shantanu Chaurasia,  

I did not follow the question if  question is for for IP protection ( DDOS services ) or Protected IP per account setting or origin info ( protected by CWAF) or Protected IP for origin access so below are some details and if it does not match your expectation, kindly elaborate or send me private response. 

-  If you have an ip that you own as per public record support can add your /32 IP to origin lock to prevent usage by other Account.  ( Origin Lock) 
   https://docs.imperva.com/bundle/cloud-application-security/page/settings/account-settings.htm#OriginLock
- if the ask is to get all origin setting for account, depending on the account can be reported using publicly available tool ( origin setting and Origin access report)  
    https://github.com/imperva/site-protection-viewer
- If you need a simple excel sheet with specific info  - email support and they can provide a account level site, original DNS mapping, current origin , SSL  and date of onboarding report.  ( via support)  

Let me know if any more details is needed. 


 



------------------------------
Abhishek Gupta
Customer Success team
Imperva
------------------------------

Original Message:
Sent: 08-06-2020 16:37
From: Shantanu Chaurasia
Subject: How to check if IP is protected

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------

Hi @Shantanu Chaurasia,  
Adding to Abishek's response, if you have Attack Analytics you can see origin-servers that are accessible as part of the insights. Take a look at this page Get Actionable Insights.
By 'exposed' it means that http and/or https requests can reach your origin server and an http response is received. 
Bear in mind that in some cases even if you do receive an http response back (for example 403) it still means that your server is protected. Therefore when you look at the results you need to understand what is your deployment method.
BTW, if you do get exposed origin-server it means that you didn't configure your router/firewall to only receive outside traffic from Imperva, see Step 6: Whitelist Imperva IPs in the Imperva documentation portal.

Doron


------------------------------
Doron Tzur
------------------------------

Original Message:
Sent: 08-09-2020 01:11
From: Abhishek Gupta
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  

I did not follow the question if  question is for for IP protection ( DDOS services ) or Protected IP per account setting or origin info ( protected by CWAF) or Protected IP for origin access so below are some details and if it does not match your expectation, kindly elaborate or send me private response. 

-  If you have an ip that you own as per public record support can add your /32 IP to origin lock to prevent usage by other Account.  ( Origin Lock) 
   https://docs.imperva.com/bundle/cloud-application-security/page/settings/account-settings.htm#OriginLock
- if the ask is to get all origin setting for account, depending on the account can be reported using publicly available tool ( origin setting and Origin access report)  
    https://github.com/imperva/site-protection-viewer
- If you need a simple excel sheet with specific info  - email support and they can provide a account level site, original DNS mapping, current origin , SSL  and date of onboarding report.  ( via support)  

Let me know if any more details is needed. 


 



------------------------------
Abhishek Gupta
Customer Success team
Imperva

Original Message:
Sent: 08-06-2020 16:37
From: Shantanu Chaurasia
Subject: How to check if IP is protected

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------

Thank you Christopher, Abhishek and Doron for reply. 

Actually what I meant to ask is for on-premise WAF, for TRP and KRP configuration, we have hundreds of protected web server behind waf. If we have to check for a particular IP if its protected by waf or not we have to look into many TRP or KRP config. I was wondering if there's a quicker/ better way to find out if a particular ip is under KRP/ TRP or not.

------------------------------
SC
------------------------------

Original Message:
Sent: 08-09-2020 10:42
From: Doron Tzur
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  
Adding to Abishek's response, if you have Attack Analytics you can see origin-servers that are accessible as part of the insights. Take a look at this page Get Actionable Insights.
By 'exposed' it means that http and/or https requests can reach your origin server and an http response is received. 
Bear in mind that in some cases even if you do receive an http response back (for example 403) it still means that your server is protected. Therefore when you look at the results you need to understand what is your deployment method.
BTW, if you do get exposed origin-server it means that you didn't configure your router/firewall to only receive outside traffic from Imperva, see Step 6: Whitelist Imperva IPs in the Imperva documentation portal.

Doron


------------------------------
Doron Tzur

Original Message:
Sent: 08-09-2020 01:11
From: Abhishek Gupta
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  

I did not follow the question if  question is for for IP protection ( DDOS services ) or Protected IP per account setting or origin info ( protected by CWAF) or Protected IP for origin access so below are some details and if it does not match your expectation, kindly elaborate or send me private response. 

-  If you have an ip that you own as per public record support can add your /32 IP to origin lock to prevent usage by other Account.  ( Origin Lock) 
   https://docs.imperva.com/bundle/cloud-application-security/page/settings/account-settings.htm#OriginLock
- if the ask is to get all origin setting for account, depending on the account can be reported using publicly available tool ( origin setting and Origin access report)  
    https://github.com/imperva/site-protection-viewer
- If you need a simple excel sheet with specific info  - email support and they can provide a account level site, original DNS mapping, current origin , SSL  and date of onboarding report.  ( via support)  

Let me know if any more details is needed. 


 



------------------------------
Abhishek Gupta
Customer Success team
Imperva

Original Message:
Sent: 08-06-2020 16:37
From: Shantanu Chaurasia
Subject: How to check if IP is protected

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------

Hi Shantanu,

There is configuration report option providing following fields to select as criteria but I think it is not useful for you because of not providing TRP/KRP configuration level criterion:


------------------------------
cezmi çal
technical expert
Barikat Cyber Security
------------------------------

Original Message:
Sent: 08-09-2020 11:35
From: Shantanu Chaurasia
Subject: How to check if IP is protected

Thank you Christopher, Abhishek and Doron for reply. 

Actually what I meant to ask is for on-premise WAF, for TRP and KRP configuration, we have hundreds of protected web server behind waf. If we have to check for a particular IP if its protected by waf or not we have to look into many TRP or KRP config. I was wondering if there's a quicker/ better way to find out if a particular ip is under KRP/ TRP or not.

------------------------------
SC

Original Message:
Sent: 08-09-2020 10:42
From: Doron Tzur
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  
Adding to Abishek's response, if you have Attack Analytics you can see origin-servers that are accessible as part of the insights. Take a look at this page Get Actionable Insights.
By 'exposed' it means that http and/or https requests can reach your origin server and an http response is received. 
Bear in mind that in some cases even if you do receive an http response back (for example 403) it still means that your server is protected. Therefore when you look at the results you need to understand what is your deployment method.
BTW, if you do get exposed origin-server it means that you didn't configure your router/firewall to only receive outside traffic from Imperva, see Step 6: Whitelist Imperva IPs in the Imperva documentation portal.

Doron


------------------------------
Doron Tzur

Original Message:
Sent: 08-09-2020 01:11
From: Abhishek Gupta
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  

I did not follow the question if  question is for for IP protection ( DDOS services ) or Protected IP per account setting or origin info ( protected by CWAF) or Protected IP for origin access so below are some details and if it does not match your expectation, kindly elaborate or send me private response. 

-  If you have an ip that you own as per public record support can add your /32 IP to origin lock to prevent usage by other Account.  ( Origin Lock) 
   https://docs.imperva.com/bundle/cloud-application-security/page/settings/account-settings.htm#OriginLock
- if the ask is to get all origin setting for account, depending on the account can be reported using publicly available tool ( origin setting and Origin access report)  
    https://github.com/imperva/site-protection-viewer
- If you need a simple excel sheet with specific info  - email support and they can provide a account level site, original DNS mapping, current origin , SSL  and date of onboarding report.  ( via support)  

Let me know if any more details is needed. 


 



------------------------------
Abhishek Gupta
Customer Success team
Imperva

Original Message:
Sent: 08-06-2020 16:37
From: Shantanu Chaurasia
Subject: How to check if IP is protected

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------

@Shantanu Chaurasia, 

Thanks for the post!

One of our experts says the below: 

​​

------------------------------
Christopher Detzel
Community Manager
Imperva
------------------------------

Original Message:
Sent: 08-09-2020 11:35
From: Shantanu Chaurasia
Subject: How to check if IP is protected

Thank you Christopher, Abhishek and Doron for reply. 

Actually what I meant to ask is for on-premise WAF, for TRP and KRP configuration, we have hundreds of protected web server behind waf. If we have to check for a particular IP if its protected by waf or not we have to look into many TRP or KRP config. I was wondering if there's a quicker/ better way to find out if a particular ip is under KRP/ TRP or not.

------------------------------
SC

Original Message:
Sent: 08-09-2020 10:42
From: Doron Tzur
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  
Adding to Abishek's response, if you have Attack Analytics you can see origin-servers that are accessible as part of the insights. Take a look at this page Get Actionable Insights.
By 'exposed' it means that http and/or https requests can reach your origin server and an http response is received. 
Bear in mind that in some cases even if you do receive an http response back (for example 403) it still means that your server is protected. Therefore when you look at the results you need to understand what is your deployment method.
BTW, if you do get exposed origin-server it means that you didn't configure your router/firewall to only receive outside traffic from Imperva, see Step 6: Whitelist Imperva IPs in the Imperva documentation portal.

Doron


------------------------------
Doron Tzur

Original Message:
Sent: 08-09-2020 01:11
From: Abhishek Gupta
Subject: How to check if IP is protected

Hi @Shantanu Chaurasia,  

I did not follow the question if  question is for for IP protection ( DDOS services ) or Protected IP per account setting or origin info ( protected by CWAF) or Protected IP for origin access so below are some details and if it does not match your expectation, kindly elaborate or send me private response. 

-  If you have an ip that you own as per public record support can add your /32 IP to origin lock to prevent usage by other Account.  ( Origin Lock) 
   https://docs.imperva.com/bundle/cloud-application-security/page/settings/account-settings.htm#OriginLock
- if the ask is to get all origin setting for account, depending on the account can be reported using publicly available tool ( origin setting and Origin access report)  
    https://github.com/imperva/site-protection-viewer
- If you need a simple excel sheet with specific info  - email support and they can provide a account level site, original DNS mapping, current origin , SSL  and date of onboarding report.  ( via support)  

Let me know if any more details is needed. 


 



------------------------------
Abhishek Gupta
Customer Success team
Imperva

Original Message:
Sent: 08-06-2020 16:37
From: Shantanu Chaurasia
Subject: How to check if IP is protected

How do you guys check if an ip is protected by waf or not. If there's a lot of protected ip's, checking every single protected ip is not the best option. So was just wondering what you do check if an ip is protected or not.
#Cloud WAF (formerly Incapsula)
#On-PremisesWAF(formerlySecuresphere)

------------------------------
SC
------------------------------