Hi Andrew,
In this scenario you can leverage a feature called "CNAME Reuse" as long as:
- The certificate in Imperva Cloud WAF answers for the specified domains
- The Origin server(s) answers for the specified domains
If you are using the Imperva Cloud WAF (GlobalSign) generated certificate and have issued a wildcard cert, (default) then it will cover *.example.com
If your own certificate is in use it must be a wildcard certificate or contain additional SANs.
In the example above, let's assume that
a.example.com and
d.example.com are onboarded, and:
- a was assigned an incap DNS entry of 123.x.incapdns.net
- d was assigned an incap DNS entry of 789.x.incapdns.net
To leverage CNAME Reuse, your
DNS will be configured as follows:
- b will be a CNAME of 123.x.incapdns.net
- c will be a CNAME of 123.x.incapdns.net
- e will be a CNAME of 789.x.incapdns.net
- f will be a CNAME of 789.x.incapdns.net
That's it - no additional config required within Imperva Cloud WAF.
Please be aware that sites
b and
c will share the same cache, config, security policy, etc with site
a.
Sites
e and
f will share the same cache, config, security policy, etc with site
d.
When reviewing the Imperva Cloud WAF console you will only see 2 domains listed, however,
6 are being protected. (and only consuming 2 licenses)
For more information on CNAME reuse, please see:
https://docs.imperva.com/bundle/cloud-application-security/page/more/cname-reuse.htm------------------------------
Jaired Anderson
Senior Professional Services Consultant
Imperva
Tulsa OK
------------------------------
Original Message:
Sent: 01-16-2020 17:45
From: Andrew Ford
Subject: Best Practice, multiple origins and sub domains
Hi All,
Been running the Imperva for a little while now, adding a site that has just a root and www domain is really easy, but I have a more complex requirement for a new site and just wondering how to accomplish it.
example.com has 2 servers on different IP addresses with multiple sub domains and content we wish to protect.
a.example.com (203.x.x.x)
b.example.com (203.x.x.x)
c.example.com (203.x.x.x)
d.example.com (165.x.x.x)
e.example.com (165.x.x.x)
f.example.com (165.x.x.x)
I can't see a way of making this work without creating 6 different sites for a-f which seems really messy.
Any help would be appreciated.
Cheers,
#CloudWAF(formerlyIncapsula)
------------------------------
Andrew Ford
Guild
------------------------------