Cloud WAF Resources

Getting Started with Cloud WAF

Introducing the Cloud Security Portal

This section will ensure you and your team have access to the Cloud Security Portal (MY Portal) for simple management of your Cloud WAF.

Access the Cloud Security Portal here
How to add users to the portal
Follow this step by step guide to get your team on board the Cloud Security Portal
Assign Roles to Users
Now you can assign specific roles to your added users.
Create a Support Case
You should already have access to the Customer Support Portal. This quick intro includes video guides to help you to open your first case.
Maximizing the Support Experience *Webinar Recording*
This webinar gives great insight into Imperva support processes, allowing you to maximize your support experience.

Imperva Cloud WAF 101

These are the top resources on the community and beyond, recommended by our product experts:

How to onboard a new site on Imperva Cloud WAF (video)
Several customers have asked "How to onboard a new site on Imperva Cloud WAF?" In this video I will explain the steps on how to properly add a new website on Imperva cloud WAF, including on the SSL configuration.
See documentation for more: How to onboard a site - documentation
Best Practices for a Newly Onboarded Site to the Cloud WAF (video)
Once you have onboarded your new site, this video is to help you ensure that your site is in a strong position from the start, allowing you time to make adjustments.
Best practices for Cloud WAF Settings (blog)
Alert mode should only be used for websites that are subject to the “Cross Site Scripting Rule”. If your website is not subject to the rule and your security modules are set to “Alert Only”, your settings may not be meeting best practice. A walk through on how to do this is shown. Find out more here: WAF Settings - Documentation
How to upload SSL Certificate
How do I troubleshoot when my site is slow? (video) This video provides some basic troubleshooting steps to resolve issues when a page load time is long on Imperva Cloud WAF.
Cloud WAF Set Up Check list
Ready to go? Why not run through this check list to make sure.

Cloud WAF Rules

There are many different Cloud WAF Rules (sometimes referred to as InCap Rules), that you can use to help make your WAF add value to your business processes.

In this section, you will find content around Cloud WAF rules and a video that will go in depth around five Cloud WAF Rules you might of not known about. Use the Imperva rules proprietary scripting language to implement your own security, delivery, and access control rules on top of Imperva's existing security and application delivery logic.

Cloud WAF Masterclass - Flexing with InCap Rules
This was one of our most popular Cloud WAF webinars. Jaired Anderson provides all you need to know to make the most of your Cloud WAF rules to offer real business solutions and value.
Flexing with InCap Rules Discussion Thread
This discussion was kicked off by one of our Cloud WAF experts, Jaired Anderson. It includes a number of important and valuable Cloud WAF rules that you can implement today. Want to know how to achieve something with InCap rules? Add your query to this thread and see what suggestions the Community has. Maybe you'd like to share your own suggestion? We'd love to learn about it.

FAQ's for Cloud WAF Rules

|Q. Is there a way to setup shared Rules that can be enabled for multiple sites without having to create separate rules that do the same thing for multiple websites?
|A. The framework has been created and available now to apply policy for SiteACL and whitelist to sub-account and sites. Incaprule is planned to added in this framework. As of now incaprules are not part of policy framework so these need to be manually copied or use API to copy them between sites.

|Q. Which is processed first a blacklisted IP, or a rule that was created to block an IP? Is one method more efficient than another?
|A. Incaprule are by default have alert, block or challenge actions. All rules are evaluated before action. Request matching no matching rules are allowed to origin.

|Q. Is there a way to block SQL injection at Imperva for Java based application?
|A. There are 1000s of SQLi default rules and if needed incaprule can be used to control specific use case. Please note the rule with regex can only be applied by support team.

|Q. Can we pass the client_IP value in the header rewrite?
|A. By default the client_ip is sent in XFF and incap_client_ip header to origin . A custom rule is not available yet.

|Q.  If we have configured cache on the WAF, deploying new rules are they applied immediately? Usually comments are configured on static pages, and hence we do add cache on static pages, adding rules, will it be applied immediately?(Limit number of comments)
|A. Cache policies can detect possible dynamic content by learning or custom rules can help, but the incaprules are applied within few seconds across the CDN. Not sure what is the actual ask here 6. Is their a possibility to setup a rule to block udp flooding? WAF by default have DDOS protection and UDP flooding never reach origin as CWAF will pass only web traffic to origin. If the origin is non web application Infra and per IP DDOS solutions are also available

Getting Started: These are documents pulled by https://docs.imperva.com/ site to give you a more in-depth understanding on how to setup your Cloud WAF websites, rules, logs and more.

Dashboards

Website Security: Overview of all the threats that target your protected websites and applications
Website Performance: View caching and traffic statistics for your Imperva protected websites and applications
Website Real-Time Statistics: View overall statistics about traffic flow to your websites

Reporting

*NEW Imperva's Account Security Assessment This tutorial video provides you with an overview on how to navigate your security assessment report.
Usage Report This report displays bandwidth usage history for an account. It provides you with a view of your bandwidth usage per service over time, enabling you to easily understand usage trends and quickly detect overages in your account.
Attack Report: Gain insights into attack trends on your websites and web application over the past 3 months including attack distribution by type, severity, time, source country, source client, and website, and easily share them across your organisation.
Attack Report Demonstration: View caching and traffic statistics for your Imperva protected websites and applications.

Imperva Cloud WAF Advanced

These are the top resources on the community that go more in-depth while you use Imperva Cloud WAF. If you are a developer, these blogs will help.

Imperva API Composer: Open Source On-Premise and Cloud WAF Automation (Blog) - In this Imperva Community Blog, Brian Anderson introduces API Composer: Efficient, On-Demand API Call Generation and Testing. Imperva API Composer gives on-premise Gateway WAF and Cloud WAF users the ability to quickly generate and test API calls interactively pre-populating contextual parameters between calls, as opposed to simply referring to documentation.
HashiCorp Terraform: Cloud-Agnostic Deployment and Provisioning for Imperva Cloud WAF (Blog) - In this Imperva Community blog, Brian Anderson talks more about how to integrate Security as Infrastructure as Code with HashiCorp’s Terraform through Imperva's Github.
Incapsula-CLI: An Easy-to-use Interface for Imperva’s Cloud WAF (Blog) - If you want to figure out how to use Incapsula-CLI, an open source project available on Imperva's Github repository, this Imperva Community blog is for you. The Incap-CLI can be used to automate repeatable tasks such as adding new sites, creating and managing security policies (alert, block, etc), defining application delivery rules to facilitate global load balancing, manipulating urls, or enriching headers to downstream origin servers.
Automated Certificate Management and Security Policy Migration Made Easy (Blog) - Imperva’s automated capabilities help users implement consistent security solutions and maintain operations at the speed of business. In this blog Brian Anderson answers questions around how to automate Certificate Uploads for On-Premises and Cloud WAF. He also talks about How to Migrate Policies from On-Premises Platforms to Cloud WAF though Imperva’s API Composer.
API Overview
Terraform

Cloud WAF Video Resources

Latest Discussions

RE: Flexing with IncapRules

User: Sarah Lamont, 7 days ago

Discussion

This is a fantastic update, @Jaired Anderson. Thank you for sharing! Community members - keep us posted on your experience with these rules. We love ...
RE: Flexing with IncapRules

User: Jaired Anderson, 8 days ago

Discussion

Did you know we added an AI BOT classification over one year ago? 🤔 It's true! You can read all about it in the release notes from December 1st, ...
RE: How to Onboard applications on Imperva waf on premises

User: Sarah Lamont, 26 days ago

Discussion

Hi Shubham, I notice you haven't had a response here. Did you find the information you were looking for? ------------------------------ Sarah Lamont ...

Recent Blogs

Cloud WAF Workshop: Website Onboarding and TLS Implementation Demo Webinar Recording

User: Seana Murray, 10-28-2025 10:29

Blog Entry

Hi Community, Just want to share this insightful webinar with you all. The Cloud WAF Workshop provided a hands-on learning experience focused on the ...
In The Know: Cloud WAF Podcast

User: Michael Wright, 10-02-2025 05:21

Blog Entry

Hi Community, Check out my latest podcast where I welcome Like Babarinde, Global Solutions Architect and Ziv Rika, Principle Product Manager ...
Your Cloud WAF is Watching the Door, but Who is Protecting the Gate? Network-Layer DDoS Protection Webinar ...

User: Seana Murray, 10-01-2025 10:13

Blog Entry

Hi Community, I’m excited to share this engaging webinar, where Ofir Shaham and Alex Bakshtein discussed the growing threat of large-scale Distributed ...