Cloud WAF Onboarding (Previously Incapsula)

👆 Search ABOVE for any Cloud WAF Onboarding Product Questions 👆

Imperva Cloud WAF Onboarding: Resource Bundle - Ask A Question

Imperva Cloud WAF is designed to work in blocking mode with little or no tuning and with near zero false positives. This resource bundle pulls together community discussions and resources into one easy place for you to access. It’s a collection of our resources to support you throughout your on-boarding process, as well as supplement your product education as you navigate the platform. 

Imperva Cloud WAF 101:
These are the top resources on the community recommended by our product experts: 
  • How to onboard a new site on Imperva Cloud WAF (video) Several customers have asked "How to onboard a new site on Imperva Cloud WAF?" In this video I will explain the steps on how to properly add a new website on Imperva cloud WAF, including on the SSL configuration. 
  • Best practices for Cloud WAF Settings (blog) Alert mode should only be used for websites that are subject to the “Cross Site Scripting Rule”. If your website is not subject to the rule and your security modules are set to “Alert Only”, your settings may not be meeting best practice. A walk through on how to do this is shown. 
  • How do I troubleshoot when my site is slow? (video) This video provides some basic troubleshooting steps to resolve issues when a page load time is long on Imperva Cloud WAF.


Imperva Cloud WAF Advanced:
These are the top resources on the community that go more in-depth while you use Imperva Cloud WAF. If you are a developer and need help, these blog articles will help.
  • Imperva API Composer: Open Source On-Premise and Cloud WAF Automation (Blog) - In this Imperva Community Blog, Brian Anderson introduces API Composer: Efficient, On-Demand API Call Generation and Testing. Imperva API Composer gives on-premise Gateway WAF and Cloud WAF users the ability to quickly generate and test API calls interactively pre-populating contextual parameters between calls, as opposed to simply referring to documentation.
  • HashiCorp Terraform: Cloud-Agnostic Deployment and Provisioning for Imperva Cloud WAF (Blog)  - In this Imperva Community blog, Brian Anderson talks more about how to integrate Security as Infrastructure as Code with HashiCorp’s Terraform through Imperva's Github. 
  • Incapsula-CLI: An Easy-to-use Interface for Imperva’s Cloud WAF (Blog) - If you want to figure out how to use Incapsula-CLI, an open source project available on Imperva's Github repository, this Imperva Community blog is for you. The Incap-CLI can be used to automate repeatable tasks such as adding new sites, creating and managing security policies (alert, block, etc), defining application delivery rules to facilitate global load balancing, manipulating urls, or enriching headers to downstream origin servers.
  • Automated Certificate Management and Security Policy Migration Made Easy (Blog) - Imperva’s automated capabilities help users implement consistent security solutions and maintain operations at the speed of business. In this blog Brian Anderson answers questions around how to automate Certificate Uploads for On-Premises and Cloud WAF. He also talks about How to Migrate Policies from On-Premises Platforms to Cloud WAF though Imperva’s API Composer

Cloud WAF Rules: There are many different Cloud WAF Rules that you can use. In this section, the content will show commonly asked questions around Cloud WAF rules and a video that will go in depth around five Cloud WAF Rules you might of not known about.  Use the Imperva rules proprietary scripting language to implement your own security, delivery, and access control rules on top of Imperva's existing security and application delivery logic.

FAQ's for Cloud WAF Rules

 Is there a way to setup shared Rules that can be enabled for multiple sites without having to create separate rules that do the same thing for multiple websites?
The framework has been created and available now to apply policy for SiteACL and whitelist to sub-account and sites. Incaprule is planned to added in this framework. As of now incaprules are not part of policy framework so these need to be manually copied or use API to copy them between sites.

|Q. Which is processed first a blacklisted IP, or a rule that was created to block an IP? Is one method more efficient than another?
Incaprule are by default have alert, block or challenge actions. All rules are evaluated before action. Request matching no matching rules are allowed to origin.

|Q. Is there a way to block SQL injection at Imperva for Java based application?          
There are 1000s of SQLi default rules and if needed incaprule can be used to control specific use case. Please note the rule with regex can only be applied by support team.

Can we pass the client_IP value in the header rewrite?    
By default the client_ip is sent in XFF and incap_client_ip header to origin . A custom rule is not available yet. 

|Q.  If we have configured cache on the WAF, deploying new rules are they applied immediately? Usually comments are configured on static pages, and hence we do add cache on static pages, adding rules, will it be applied immediately?(Limit number of comments)
Cache policies can detect possible dynamic content by learning or custom rules can help, but the incaprules are applied within few seconds across the CDN. Not sure what is the actual ask here 6. Is their a possibility to setup a rule to block udp flooding? WAF by default have DDOS protection and UDP flooding never reach origin as CWAF will pass only web traffic to origin. If the origin is non web application Infra and per IP DDOS solutions are also available

Getting Started:
These are documents pulled by site to give you a more in-depth understanding on how to setup your Cloud WAF websites, rules, logs and more. 


Still can't find what your looking for? Login to the Imperva Community