Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Can we setup a Source IP filtering based on the URL ?

    Posted 01-17-2024 06:37

    Supposed I am allowing  xya.com/welcome from all internet and want to allow the xya.com/images specific Public IP not to all.

    If yes , please let me know how.


    #CloudWAF(formerlyIncapsula)

    ------------------------------
    Pratik Ghotkar
    Technical User
    Prudential Services Singapore Pte Ltd
    Singapore
    ------------------------------


  • 2.  RE: Can we setup a Source IP filtering based on the URL ?

    Posted 01-17-2024 10:42

    Hi Pratik,

    This is easily achievable via a Security rule. (incaprule) Rules are located at the site level within the left hand navigation under Security > Rules. 

    As an example, you could use something like the following:


    If the URL Starts with images and the IP is NOT 10.10.10.10 then Block.

    The IP would be set to the IP or IPs/Networks that you do want to allow access. 



    ------------------------------
    Jaired Anderson
    Imperva
    https://www.imperva.com/
    ------------------------------



  • 3.  RE: Can we setup a Source IP filtering based on the URL ?

    Posted 01-22-2024 06:16

    great thanks, how will be syntax is I have multiple public IPs and/or whole subnets



    ------------------------------
    Pratik Ghotkar
    Technical User
    Prudential Services Singapore Pte Ltd
    Singapore
    ------------------------------



  • 4.  RE: Can we setup a Source IP filtering based on the URL ?

    Posted 01-22-2024 10:01
    Edited by Jaired Anderson 01-22-2024 10:03

    Hi Pratik,

    Use a semi-colon ; to combine several like values into a list.

    For example:

    URL contains "^/images" & ClientIP == 10.10.10.10;10.10.10.11;10.50.10.0/24;10.51.11.0/24

    • 10.10.10.10
    • 10.10.10.11
    • 10.50.10.0/24
    • 10.51.11.0/24



    ------------------------------
    Jaired Anderson
    Imperva
    https://www.imperva.com/
    ------------------------------



  • 5.  RE: Can we setup a Source IP filtering based on the URL ?

    Posted 01-23-2024 06:49
    ACLI think one more way is ACL, Deny every think 0.0.0.0 - 255.255.255.255 , and then add exception IPs from which we want to allow.


    ------------------------------
    Pratik Ghotkar
    Technical User
    Prudential Services Singapore Pte Ltd
    Singapore
    ------------------------------



  • 6.  RE: Can we setup a Source IP filtering based on the URL ?

    Posted 01-24-2024 09:35

    Hi Pratik,

    You are correct; using a policy is also an acceptable method.

    The benefit of using a policy is that it can be created once and applied to multiple websites.

    The benefit of a using a security rule is that there are more filtering options available if needed/desired. 



    ------------------------------
    Jaired Anderson
    Imperva
    https://www.imperva.com/
    ------------------------------