Are you ready to flex 💪 your brain? This thread will contain a list of IncapRules and be updated periodically. Use Case: Retrieve content from a 3rd party or location while masking the Origin. When a client accesses www.example.com/PathHere the content will be retrieved from destination.example.org/PathHere
Your Site: www.example.com3rd Party: destination.example.org
You must have the load balancing module to define data centers.
This can be accomplished using forward and rewrite rules.Define destination.example.org as a Data Center and check the box to Support only forward rules.Create a new Forward rule with the following filter criteria: URL == "/PathHere"Adjust the match criteria as desired. For example, the statement above is a strict match ( == ) on "/PathHere" and will not match "/PathHere/".For the Rule Action, select Forward to Data Center and select the destination.example.org Data Center.Give the rule a name and click Save.Imperva Cloud will now Forward all requests for www.example.com/PathHere (client facing) to destination.example.org/PathHere. (backend) and retrieve the content. The clients address bar will display www.example.com/PathHere.Please note however that a Rewrite rule is also typically required in conjunction with a Forward rule. This is because the Origin Data Center usually won't respond because the original Host header is sent. Additionally, the SSL handshake can fail with the Origin server if the Host names do not match.Create a Rewrite matching the same path as the Forward rule. URL == "/PathHere"For the Rule Action, select Rewrite Header.For the Header Name, enter HostLeave the From empty and in the To enter destination.example.orgEnter a name for the rule and click Save.
Reply to this thread to share your IncapRules with the community! 👍
IncapRule Syntax Guidehttps://docs.imperva.com/bundle/cloud-application-security/page/rules/rule-syntax.htmIncapRule Parameter Listhttps://docs.imperva.com/bundle/cloud-application-security/page/rules/rule-parameters.htm
Simplified Redirect Rules
https://docs.imperva.com/bundle/cloud-application-security/page/rules/simplified-redirect.htm Scheduler Syntaxhttps://docs.imperva.com/bundle/cloud-application-security/page/rules/scheduler.htmVariable$ Galore!https://docs.imperva.com/bundle/cloud-application-security/page/rules/create-rule.htm
Custom Rate Rules
https://docs.imperva.com/bundle/cloud-application-security/page/rules/rates.htm#CloudWAF(formerlyIncapsula)⚠ WARNING: Please follow your organization's change control procedures, and always test rules before adding to production
Use Case: Retrieve content from a 3rd party or location while masking the Origin. When a client accesses www.example.com/PathHere the content will be retrieved from destination.example.org/PathHere
Reply to this thread to share your IncapRules with the community!
Use Case: Provide additional protection to a path. (eg: Login page)Click Add RuleThe filter criteria will be: MaliciousIPList == TorIPs & MaliciousIPList == AnonymousProxyIPs & URL contains "^/login"
IncapRule Syntax Guidehttps://docs.imperva.com/bundle/cloud-application-security/page/rules/rule-syntax.htm
Hi InCap Rulers!Just to let you know that @Jaired Anderson's session has been posted in the blog section. If you missed it you can check it out here:
We'd love to hear your feedback and questions so feel free to comment on the blog itself or on this thread.Enjoy!
https://docs.imperva.com/bundle/cloud-application-security/page/rules/rates.htm#CloudWAF(formerlyIncapsula)WARNING: Please follow your organization's change control procedures, and always test rules before adding to production
Did you know 🤔 IncapRules can be scheduled? 🕑
For example, the scheduler can be used to redirect requests to a backup site during a scheduled maintenance window to avoid downtime.
The rule is triggered when requests arrive during the specified times and match all other conditions of the rule filter.
For syntax, please see: https://docs.imperva.com/bundle/cloud-application-security/page/rules/scheduler.htm
Use Case: Prevent your site from being loaded in an i-frameRule Filter: Leave this blankRule Action: Rewrite Response HeaderHeader Name: X-Frame-Options Add new if missing: Check this boxNote: This will override an existing header if one is already set from the server/codeFrom: Leave this field blankTo: SAMEORIGINAlternatively, you may DENY. For all valid options, please see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-OptionsRule Name: Give the rule a name. Ex: Block i-framesClick Save.