Use Case: Provide additional protection to a path. (eg: Login page)
Click Add Rule
The filter criteria will be:
MaliciousIPList == TorIPs & MaliciousIPList == AnonymousProxyIPs & URL contains "^/login"
For rule action, select
Require Javascript Support.
Summary: This rule requires any client originating from a TOR node or Anonymous Proxy to process a JS challenge if they are accessing the login page.
This accomplishes two things:
1.) Keeps low level BOTs off your login page. Good BOTs (like search engine crawlers) will not be using TOR nodes or Anonymous Proxies.
2.) If there is a an advanced BOT or automation technique accessing your login page, we now have a fingerprint (via the JS challenge) that can be used to block it.
Options: Taylor this rule to your liking. Perhaps you adopt an aggressive measure and require CAPTCHA support or block.
A variation of this rule would be:
IPReputationRiskLevel >=
High &
URL contains "^/login"
Rule action:
Require JavaScript Support or
CAPTCHA
Original Message:
Sent: 06-21-2022 10:50
From: Jaired Anderson
Subject: Flexing with IncapRules
Use Case: Retrieve content from a 3rd party or location while masking the Origin. When a client accesses www.example.com/PathHere the content will be retrieved from destination.example.org/PathHere
Your Site: www.example.com
3rd Party: destination.example.org
You must have the load balancing module to define data centers.
This can be accomplished using forward and rewrite rules.
Define destination.example.org as a Data Center and check the box to Support only forward rules.
Create a new Forward rule with the following filter criteria:
URL == "/PathHere"
Adjust the match criteria as desired. For example, the statement above is a strict match ( == ) on "/PathHere" and will not match "/PathHere/".
For the Rule Action, select Forward to Data Center and select the destination.example.org Data Center.
Give the rule a name and click Save.
Imperva Cloud will now Forward all requests for www.example.com/PathHere (client facing) to destination.example.org/PathHere. (backend) and retrieve the content. The clients address bar will display www.example.com/PathHere.
Please note however that a Rewrite rule is also typically required in conjunction with a Forward rule. This is because the Origin Data Center usually won't respond because the original Host header is sent. Additionally, the SSL handshake can fail with the Origin server if the Host names do not match.
Create a Rewrite matching the same path as the Forward rule.
URL == "/PathHere"
For the Rule Action, select Rewrite Header.
For the Header Name, enter Host
Leave the From empty and in the To enter destination.example.org
Enter a name for the rule and click Save.
Reply to this thread to share your IncapRules with the community!
Helpful Links
IncapRule Syntax Guide
https://docs.imperva.com/bundle/cloud-application-security/page/rules/rule-syntax.htm
Simplified Redirect Rules
https://docs.imperva.com/bundle/cloud-application-security/page/rules/simplified-redirect.htm
Scheduler Syntax
https://docs.imperva.com/bundle/cloud-application-security/page/rules/scheduler.htm
Variable$ Galore!
https://docs.imperva.com/bundle/cloud-application-security/page/rules/create-rule.htm
Custom Rate Rules
https://docs.imperva.com/bundle/cloud-application-security/page/rules/rates.htm
#CloudWAF(formerlyIncapsula)