Hello Imperva Community,
I am exploring the possibility of replacing our current NGINX setup with an on-premises WAF solution and would appreciate your insights on this matter. Below is a summary of our current NGINX configuration:
# Configuration Highlights
- SSL configuration with TLSv1.3 and specific ciphers.
- Client certificate validation.
- Detailed proxy settings and header manipulations.
- Access and error logging configurations.
- Specific location block for /payments with custom proxy settings.
- Security directives like hiding server tokens and limiting methods.
Given this setup, my question is: Can an on-premises WAF from Imperva fully replace this NGINX configuration, particularly with respect to SSL/TLS handling, client certificate validation, and the detailed proxy and header settings we currently have in place?
Additionally, how would the Imperva WAF handle the following aspects:
I am particularly interested in understanding any limitations or additional considerations that may be relevant in transitioning to an on-prem WAF solution.
Thank you in advance!
A significant chunk of the functionalities you requested could be replaced by Imperva WAF (on-premises), but not all I am afraid. Specifically, some advanced proxy settings and header manipulation is something that WAF doesn't do - you simply can't strip, modify or add headers apart from adding the IP of the original request origin in reverse proxy mode. Furthermore, you can't use WAF as a load balancer if that's what your current reverse proxy does.
Could you also please elaborate more on the concept of "hiding server tokens"?
Everything else seems to be something that you can easily do with WAF.
#On-PremisesWAF(formerlySecuresphere)------------------------------Lasha LomjariaCybersecurity engineerGreen Systems LLCTbilisi------------------------------