Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Front end and backed communication

Nitin Tyagi06-14-2023 05:36

Hi Team, I need to understand how incapsula secure communication between client----WAF----Origin server. ...

Jaired Anderson06-14-2023 10:03

Hi Nitin, It can be the same or a different cert; it depends upon the configuration. The Cloud ...

1. Front end and backed communication

Like
Nitin Tyagi
Posted 06-14-2023 05:36
Hi Team,

I need to understand how incapsula secure communication between client----WAF----Origin server. will it use same Imperva certificate to secure communication from client----WAF and WAF ----Origin server. or it uses some different mechanism.

#CloudWAF(formerlyIncapsula)

------------------------------
Nitin Tyagi
Security Admin
Xerox
Norwalk CT
------------------------------
2. RE: Front end and backed communication

Like
Jaired Anderson
Posted 06-14-2023 10:03
Hi Nitin,

It can be the same or a different cert; it depends upon the configuration.

The Cloud WAF functions as a reverse proxy, so there are 2 connections - a frontside and a backside. These connections are independent of each other, that is to say, that the client thinks the CWAF is the Origin, and the Origin thinks the CWAF is the client.

Between the client and the CWAF (frontside) you have two options:

Bring your own cert

Use the included cert issued by GlobalSign

Between the CWAF and the Origin (your server) (backside connection) the CWAF will negotiate with whatever certificate is present on your Origin.

This could be the same certificate as "your own cert" uploaded for the frontside connection, or it could be an entirely different cert.

------------------------------
Jaired Anderson
Imperva
------------------------------

Powered by Higher Logic

Global message icon