0% found this document useful (0 votes)

41 views78 pages

Cloud Application and Network Security Web Protection - Introduction 2024-11-28-14-02-43

Uploaded by

Trần Hữu Cương

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

41 views78 pages

Cloud Application and Network Security Web Protection - Introduction 2024-11-28-14-02-43

Uploaded by

Trần Hữu Cương

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 78

Cloud Application and Network Security

Cloud Application and Network Security 1

Contents

Contents
Website Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Websites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Website Management API Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Website General Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Website Domain Management API Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Website Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
General Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Login Protect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
WAF Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
DDoS Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Adaptive L7 DDoS Threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Notification Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Give access to external users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Error Responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75

Cloud Application and Network Security 2

Cloud Application and Network Security

Web Protection – Introduction

Imperva’s Web Protection is a 100% cloud based solution for protecting websites and applications from external threats
including: OWASP top 10 threats, hacking attempts, malicious bots, scraping, and DDoS attacks.

At the core of Imperva’s Web Protection are our security reverse proxy and Web Application Firewall (WAF) in the
cloud, which are deployed across our globally distributed CDN network. Organizations using Web Protection route
their website traffic through the Imperva network by performing a simple DNS change. This enables Imperva to inspect
each and every request sent to the website and filter out any kind of malicious activity.

Benefits
• PCI certified Web Application Firewall
• Service is backed by Imperva’s security team for updating and tuning security rules
• Easy and quick implementation - usually no rule tuning is required
• Bot mitigation using Imperva’s advanced client classification technology
• Backdoor Protection to identify and quarantine backdoors planted on your website
• Custom security logic using security rules
• Granular access controls based on IPs, URLs, location and client type
• Seamless implementation of two-factor authentication
• Real-time dashboard for traffic monitoring and event analysis
• REST API and SIEM integration of access and security logs

Cloud Application and Network Security 3

Cloud Application and Network Security

How Does Web Protection Work?

Imperva’s Web Protection is based on a network of secure reverse proxies deployed on our globally distributed CDN.
Web traffic that is routed through the Imperva network is terminated by those proxies, allowing Imperva to inspect each
and every request to the website and identify and block any malicious activity.

Organizations using Web Protection update their domain DNS to point to a unique hostname (CNAME) provided by
Imperva (e.g., mysite.incapdns.net). This hostname is dynamically resolved for every website visitor, making sure each
visitor is served by the closest Imperva data center.

Web Application Firewall

Imperva’s secure proxy and Web Application Firewall (WAF) inspect every request at three levels: the connection level, the
request format and structure level, and the content level. The WAF matches the HTTP/S requests against a set of security
engines, known attack patterns, heuristic rules, anomaly detection and known "good" patterns. Each visitor is also
profiled and matched against a large set of known client signatures. These components allow Imperva to automatically
filter out bad actors and enable organizations to define their access policy for bots.

Personal Data Protection

Imperva's reverse proxies include over 50 patterns used to recognize personal data such as credit card numbers, email
addresses, or phone numbers.

Imperva reverse proxies analyze incoming requests and search for data that matches these patterns. When a match is
found, we immediately perform irreversible masking in memory (RAM), in real-time. Logs generated in the proxy use the
masked data.

Cloud Application and Network Security 4

Cloud Application and Network Security

These patterns are fully configurable and can be enhanced per customer, per website. Our customers can expand the list
of patterns as needed to cover additional information that they consider to be sensitive.

The current definition and the ability to add new patterns is configured by Support.

DDoS Mitigation
Websites using Imperva DDoS Protection are protected from any type of DDoS attack, including both network (Layer 3
and 4) and application (Layer 7) attacks. Imperva’s secure HTTP proxy terminates TCP connections, acting as a buffer
between the Internet and the origin server and filtering out any kind of DDoS attack, such as SYN floods and UDP floods.
Only legitimate HTTP/HTTPs traffic is forwarded to the origin server.

Layer 7 DDoS attacks are mitigated by a dedicated engine that can distinguish between legitimate visitors and DDoS bots.
This engine leverages Imperva’s client classification technology, as well as unique capabilities to challenge suspicious
visitors and verify their authenticity, without impacting the website's normal user experience.

Security Operations Center

Imperva Web Protection is backed up by a team of security experts who are responsible for keeping the Web Application
Firewall and other security engines up to date and accurate. The research team monitors external sources such as new
vulnerability disclosures and analyzes all traffic going through Imperva. Any new attack identified on the network is
automatically analyzed, and new mitigation rules are propagated to all Web Protection customers. All rules go through a
vetting phase in which they are deployed across the network but only generate alerts. Those alerts are analyzed by the
security team and, if required, adjustments are made to make sure that new rules do not create false positives.

Deployment
Websites that support SSL are required to provision an SSL certificate on Imperva. Imperva maintains two types of
certificates. The first is an Imperva-generated certificate that can be automatically created and integrated using the new
site wizard. Organizations using Web Protection can also upload their own certificate, which will be presented to SNI-
supporting clients instead of the Imperva-generated certificate. See Web Protection - SSL/TLS for more information.

Web Protection can be deployed as an always-on solution (the most common scenario) or as an on-demand solution for
DDoS mitigation.

Traffic Flow
Understand the behind-the-scenes flow of an end user visit to a website protected by Imperva’s Web Protection.

Before Adding the Domain to Imperva

1. A visitor opens a web browser and types in your website’s URL (for example, http://www.yourdomain.com).
2. The web browser queries its DNS server for the IP address associated with www.yourdomain.com and receives
your origin server IP address.
3. The web browser sends requests to the origin server IP address, which are routed through the Internet to your
ISP or hosting provider.

Cloud Application and Network Security 5

Cloud Application and Network Security

After Adding the Domain to Imperva

1. A visitor opens a web browser and types in your website’s URL (for example, http://www.yourdomain.com)
2. The web browser queries its DNS server for the IP address associated with www.yourdomain.com and receives
the Imperva CNAME you configured in your DNS (for example, yourdomain.incapdns.net).
3. The web browser queries its DNS server for the IP address associated with yourdomain.incapdns.net and
receives the IP address of the nearest Imperva data center.
4. The web browser sends requests for http://www.yourdomain.com to the IP address of the nearest Imperva data
center.
5. The request is accepted by the Imperva secure proxy and inspected for any security risk.
6. If the request does not pose any threat, it is either responded to directly from Imperva’s cache or forwarded to
the origin server (if the resource is dynamic and cannot be cached).
7. Responses from the origin server are accepted by the Imperva secure proxy and then forwarded back to the
visitor’s web browser.

How To

• Onboarding a Site – Web Protection and CDN

• Account Settings
• Web Protection - Website Settings

• Web Protection - SSL/TLS

• Upload a Custom Certificate for Your Website on Imperva

Cloud Application and Network Security 6

Cloud Application and Network Security

• Web Protection - Dedicated Network

• Bot Mitigation
• Extended Mitigation

Last updated: 2023-10-17

Web Protection - Websites

View and manage your websites configured in Imperva, or add a new site.

To open the Websites page, log in to your account in the Imperva Cloud Security Console .

1. On the top menu bar, click Application.

2. On the sidebar, click Websites.

To add a new site, click the Add website button and follow the onscreen instructions. For more details, see Onboarding a
Site – Web Protection and CDN.

The following details are displayed for each website. The statistics are generated daily and cover the last 7 days, except
for bandwidth, which covers the last 30 days.

Field Description
Name of the website. Click to drill down into the specific
website's dashboard to view incoming traffic, security
Name
events, and server activity in real-time. Configure site
settings to meet your needs.
The total amount of traffic (requests per second) served
Bandwidth from your website, both from the Imperva cache and from
your origin server.
Number of visits to your website by legitimate human
Human Visits
visitors, typically via a web browser.
Bot Visits Total visits by all good and bad bots.
WAF Sessions Threats to your website detected by Imperva.
Creation Date The date the site was created.

Indicates if the website is enabled, disabled, or partially

configured. Click the status icon on the Websites page to
view more details.
Status
Fully configured:

Traffic to the website is protected and accelerated.

Cloud Application and Network Security 7

Cloud Application and Network Security

Field Description

Partially configured:

DNS is configured on either the naked domain or the www

domain, but not both. The website is pointing to the
Imperva-provided CNAME but the naked domain’s A
records are not pointing to the Imperva-provided IPs.

Not configured:

DNS is not configured on any domain. Traffic to the

website is not completely secured. Complete the DNS
configuration to enhance the site’s security.

Disabled:

Traffic to the website is directed to your origin server

without being routed through Imperva.

• Disable/Enable a site. When a site is disabled,

DNS resolves the site's CNAME into the origin IP
address for the site instead of into one of the
Imperva PoP's IP addresses. As a result, traffic
bypasses Imperva and is routed directly to your
origin servers.
• Events. This opens the Security Events page to
display a log of security events detected by
Imperva. For more details, see View Security
Events.
• Setting. This opens the Website Settings page to
define general site attributes and options related
to security, web scraping protection,
More performance, and availability of your website.
For more details, see Web Protection - Website
Settings.
• Purge Cache. This purges the entire cache of the
website. For more details, see Cache Settings.
• Purge Cache Resource. This purges a subset of
the website's cached resources. For more details,
see Cache Settings.

• Delete a site. Use this option when you want to

remove a website from Imperva.

Note:

• Before deleting a website, change your DNS

Cloud Application and Network Security 8

Cloud Application and Network Security

Field Description

configuration back to its original settings;

otherwise you might lose visitors.
• Deleting a site requires the following user
permissions: Modify site settings, Add and
remove sites

• Move Site. If your account has sub accounts, you

can move a site from the parent account to a sub
account (or vice versa), or from one sub account
to another. For more details, see Manage Account
Resources

Note: The Imperva IP address assigned to your

website may change when you move a site.

Tip: Click Export to CSV to download the list of websites in

.csv
file format.

Website Management API

Get details about your configured websites, including site information and TLS information, with the Imperva Website
Management API Definition.

• Web Protection – Introduction

• Web Protection - Website Settings
• Website Management API Definition

Last updated: 2024-06-24

Website Management API Definition

Sites management API Documentation

Get details of your websites configured in Imperva.
More information: https://helloreverb.com
Contact Info: [email protected]
Version: 1.0.0
BasePath:/sites-mgmt

Cloud Application and Network Security 9

Cloud Application and Network Security

The terms in the absence of an applicable signed agreement between you and Imperva
https://www.imperva.com/legal/license-agreement/

Access
1. APIKey KeyParamName:x-API-Id KeyInQuery:false KeyInHeader:true
2. APIKey KeyParamName:x-API-Key KeyInQuery:false KeyInHeader:true

Methods
Models

Table of Contents

AccountTLSConfiguration

• get /v3/accounts/settings/default-tls-configuration
• put /v3/accounts/settings/default-tls-configuration

SimplifiedSiteOnboarding

• post /v3/sites/onboard

SiteManagement

• delete /v3/sites/{siteId}
• get /v3/sites/{siteId}
• get /v3/sites
• post /v3/sites

WebsiteTLSConfiguration

• get /v3/sites/{siteId}/settings/TLSConfiguration
• patch /v3/sites/{siteId}/settings/TLSConfiguration

AccountTLSConfiguration
Up

get /v3/accounts/settings/default-tls-configuration

Get account default TLS configuration settings. (getAccountDefaultInboundTLSConfiguration)

Get account default TLS configuration settings by account ID.

Cloud Application and Network Security 10

Cloud Application and Network Security

Query parameters
caid (optional)
Query Parameter — The Imperva ID of the account or subaccount. By default, the account ID is the ID associated with the
API credentials used for authentication. To run an API on a sub account, specify the sub account ID. format: int64

Return type
AccountInboundTLSConfigurationRequest

Example data
Content-Type: application/json

{
"data" : [ {
"tlsConfiguration" : [ {
"tlsVersion" : "TLS_1_0",
"ciphersSupport" : [ "ciphersSupport", "ciphersSupport" ]
}, {
"tlsVersion" : "TLS_1_0",
"ciphersSupport" : [ "ciphersSupport", "ciphersSupport" ]
} ],
"configurationProfile" : "CUSTOM"
} ]
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation AccountInboundTLSConfigurationRequest

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

Cloud Application and Network Security 11

Cloud Application and Network Security

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

put /v3/accounts/settings/default-tls-configuration

Define account default TLS configuration settings. (setAccountDefaultInboundTLSConfiguration)

Update the account default TLS configuration. This configuration will be applied to new websites created directly under
the specified account.

Consumes
This API call consumes the following media types via the Content-Type request header:

• application/json

Request body
body AccountInboundTLSConfigurationRequest (required)
Body Parameter —
example:
{
"description" : "Sets custom ciphers profile with support for
just TLS v1.3 and specific
list of ciphers.",
"value" : {
"data" : [ {
"configurationProfile" : "CUSTOM",
"tlsConfiguration" : [ {
"tlsVersion" : "TLS_1_3",
"ciphersSupport" : [ "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_P
OLY1305_SHA256" ]
} ]
} ]
}
}

Cloud Application and Network Security 12

Cloud Application and Network Security

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

SimplifiedSiteOnboarding
Up

post /v3/sites/onboard

Simplified site onboarding (postSiteController)

Quickly onboard a website with a single API call.If the specified domain is configured in DNS to point to your
website’s servers, Imperva automatically identifies the origin servers and associates them with the new site. If the
specified domain is not configured in your DNS, you must provide the site’s origin server addresses using the servers
parameter. The created website automatically receives SSL coverage served by an Imperva-managed certificate
dedicated to this site.The API response includes all the REST entities that are created during the onboarding
process (site, domains, servers, and certificate settings). The response also includes instructions comprised of 2 parts:
SSL and Network.The SSL instructions describe how to configure your DNS in order to complete the domain
ownership validation process. By default, domain ownership validation is done using a CNAME record.The
Network section provides instructions on how to direct your domain’s traffic to the Imperva network.

Cloud Application and Network Security 13

Cloud Application and Network Security

Consumes
This API call consumes the following media types via the Content-Type request header:

• application/json

Request body
body SiteOnboardingRequest (required)
Body Parameter —

Return type
CollectionSiteOnboardResponse

Example data
Content-Type: application/json

{
"data" : [ {
"instructions" : {
"SSL" : [ {
"description" : "Add the following record to your DNS provider",
"recordType" : "CNAME",
"value" : "qweqwe.ng.impervadns.net",
"host" : "_delegate_validation.example.com"
} ],
"Network" : [ {
"description" : "Add the following record to your DNS provider",
"recordType" : "A",
"value" : "1.2.3.4",
"host" : "example.com"
}, {
"description" : "Add the following record to your DNS provider",
"recordType" : "A",
"value" : "5.6.7.8",
"host" : "example.com"
}, {
"description" : "Add the following record to your DNS provider",
"recordType" : "CNAME",
"value" : "asdasd.ng.impervadns.net",
"host" : "www.example.com"
} ]
},

Cloud Application and Network Security 14

Cloud Application and Network Security

"site" : {
"accountId" : 10,
"creationTime" : 1673186130,
"isDefaultSite" : false,
"name" : "www.example.com",
"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"
},
"certificateSettings" : {
"validationMethod" : "CNAME"
},
"servers" : {
"ips" : [ "1.2.3.4", "3.2.2.2" ]
},
"domains" : [ {
"name" : "www.example.com",
"protectionStatus" : "BYPASSED",
"id" : 123456
}, {
"name" : "www.example.com",
"protectionStatus" : "BYPASSED",
"id" : 123456
} ]
}, {
"instructions" : {
"SSL" : [ {
"description" : "Add the following record to your DNS provider",
"recordType" : "CNAME",
"value" : "qweqwe.ng.impervadns.net",
"host" : "_delegate_validation.example.com"
} ],
"Network" : [ {
"description" : "Add the following record to your DNS provider",
"recordType" : "A",
"value" : "1.2.3.4",
"host" : "example.com"
}, {
"description" : "Add the following record to your DNS provider",
"recordType" : "A",
"value" : "5.6.7.8",
"host" : "example.com"
}, {
"description" : "Add the following record to your DNS provider",
"recordType" : "CNAME",
"value" : "asdasd.ng.impervadns.net",
"host" : "www.example.com"
} ]
},
"site" : {
"accountId" : 10,
"creationTime" : 1673186130,
"isDefaultSite" : false,
"name" : "www.example.com",
"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"

Cloud Application and Network Security 15

Cloud Application and Network Security

},
"certificateSettings" : {
"validationMethod" : "CNAME"
},
"servers" : {
"ips" : [ "1.2.3.4", "3.2.2.2" ]
},
"domains" : [ {
"name" : "www.example.com",
"protectionStatus" : "BYPASSED",
"id" : 123456
}, {
"name" : "www.example.com",
"protectionStatus" : "BYPASSED",
"id" : 123456
} ]
} ]
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation CollectionSiteOnboardResponse

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

Cloud Application and Network Security 16

Cloud Application and Network Security

SiteManagement
Up

delete /v3/sites/{siteId}

Delete site (deleteSite)

Delete an existing site

Path parameters
siteId (required)
Path Parameter — Numeric identifier of the site. format: int64

Return type
CollectionSite

Example data
Content-Type: application/json

{
"data" : [ {
"accountId" : 10,
"creationTime" : 1673186130,
"isDefaultSite" : false,
"name" : "www.example.com",
"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"
}, {
"accountId" : 10,
"creationTime" : 1673186130,
"isDefaultSite" : false,
"name" : "www.example.com",
"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"
} ]
}

Cloud Application and Network Security 17

Cloud Application and Network Security

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation CollectionSite

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

get /v3/sites/{siteId}

Get site (getSite)

Retrieve details of a website according to its Imperva ID

Path parameters
siteId (required)
Path Parameter — Numeric identifier of the site. format: int64

Cloud Application and Network Security 18

Cloud Application and Network Security

Return type
CollectionSite

Example data
Content-Type: application/json

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation CollectionSite

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

Cloud Application and Network Security 19

Cloud Application and Network Security

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

get /v3/sites

Get sites (getSites)

Retrieve details of all websites associated with the current account. To filter for a subset of the account’s websites,
provide website IDs and website names. If multiple filters are provided, an AND operation is applied and the API will
return all websites matching the filters.

Query parameters
siteIds (optional)
Query Parameter — A list of website ids. If this parameter is provided, only websites matching one of these IDs will be
returned. format: int64
names (optional)
Query Parameter — A list of website names. If this parameter is provided, only websites matching one of these names will
be returned.
siteTypes (optional)
Query Parameter — A list of website types. Indicates if the website is onboarded to Imperva Cloud WAF or configured for
Imperva WAF Anywhere. If this parameter is provided, only websites with type matching one of these types will be
returned.
page (optional)
Query Parameter — The page to return starting from 0. default: 0 format: int32
size (optional)
Query Parameter — Page size used to determine the first object to be returned and the number of objects to be returned.
default: 10 format: int32
caid (optional)
Query Parameter — The Imperva ID of the account or subaccount. By default, the account ID is the ID associated with the
API credentials used for authentication. To run an API on a sub account, specify the sub account ID. format: int64

Return type
PaginatedCollectionSite

Example data
Content-Type: application/json

{
"data" : [ {
"accountId" : 10,
"creationTime" : 1673186130,

Cloud Application and Network Security 20

Cloud Application and Network Security

"isDefaultSite" : false,
"name" : "www.example.com",
"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"
}, {
"accountId" : 10,
"creationTime" : 1673186130,
"isDefaultSite" : false,
"name" : "www.example.com",
"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"
} ],
"meta" : {
"size" : 1,
"totalPages" : 0,
"page" : 5,
"totalElements" : 6
},
"links" : {
"key" : "links"
}
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation PaginatedCollectionSite

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

Cloud Application and Network Security 21

Cloud Application and Network Security

500

Internal Error ErrorResponse

post /v3/sites

Create site (postSite)

Create site associated with the current account

Consumes
This API call consumes the following media types via the Content-Type request header:

• application/json

Request body
body Site (required)
Body Parameter —

Return type
CollectionSite

Example data
Content-Type: application/json

Cloud Application and Network Security 22

Cloud Application and Network Security

"cname" : "sdh5s.example.com",
"id" : 123456,
"type" : "CLOUD_WAF"
} ]
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation CollectionSite

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

WebsiteTLSConfiguration
Up

get /v3/sites/{siteId}/settings/TLSConfiguration

Get website TLS configuration settings (getSiteTLSConfiguration)

Get website tls configuration settings by website id

Cloud Application and Network Security 23

Cloud Application and Network Security

Path parameters
siteId (required)
Path Parameter — Numeric identifier of the website. format: int64

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

Successful operation

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

patch /v3/sites/{siteId}/settings/TLSConfiguration

Modify website TLS configuration settings (partial update) (setSiteTLSConfiguration)

Update TLS settings of an existing website. Only fields that are sent in the request will be updated.

Cloud Application and Network Security 24

Cloud Application and Network Security

Path parameters
siteId (required)
Path Parameter — Numeric identifier of the website. format: int64

Consumes
This API call consumes the following media types via the Content-Type request header:

• application/json

Request body
body SiteTLSConfigurationRequest (required)
Body Parameter —
example:
{
"description" : "Enables and configure HSTS and sets custom ci
phers profile with support
for just TLS v1.3 and specific list of ciphers.",
"value" : {
"data" : [ {
"hstsConfiguration" : {
"preLoaded" : false,
"maxAge" : 7543,
"subDomainsIncluded" : false,
"isEnabled" : true
},
"inboundTlsSettings" : {
"configurationProfile" : "CUSTOM",
"tlsConfiguration" : [ {
"tlsVersion" : "TLS_1_3",
"ciphersSupport" : [ "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_P
OLY1305_SHA256" ]
} ]
}
} ]
}
}

Return type
CollectionSiteTLSConfiguration

Cloud Application and Network Security 25

Cloud Application and Network Security

Example data
Content-Type: application/json

{
"data" : [ {
"hstsConfiguration" : {
"maxAge" : 7543,
"isEnabled" : false,
"subDomainsIncluded" : false,
"preLoaded" : false
},
"inboundTlsSettings" : {
"tlsConfiguration" : [ {
"tlsVersion" : "TLS_1_0",
"ciphersSupport" : [ "ciphersSupport", "ciphersSupport" ]
}, {
"tlsVersion" : "TLS_1_0",
"ciphersSupport" : [ "ciphersSupport", "ciphersSupport" ]
} ],
"configurationProfile" : "CUSTOM"
}
}, {
"hstsConfiguration" : {
"maxAge" : 7543,
"isEnabled" : false,
"subDomainsIncluded" : false,
"preLoaded" : false
},
"inboundTlsSettings" : {
"tlsConfiguration" : [ {
"tlsVersion" : "TLS_1_0",
"ciphersSupport" : [ "ciphersSupport", "ciphersSupport" ]
}, {
"tlsVersion" : "TLS_1_0",
"ciphersSupport" : [ "ciphersSupport", "ciphersSupport" ]
} ],
"configurationProfile" : "CUSTOM"
}
} ]
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Cloud Application and Network Security 26

Cloud Application and Network Security

Responses

200

Successful operation CollectionSiteTLSConfiguration

400

Bad Request ErrorResponse

401

Unauthorized ErrorResponse

404

Not Found ErrorResponse

500

Internal Error ErrorResponse

Models
Methods

Table of Contents
1. APIError
2. AccountInboundTLSConfigurationRequest
3. CertificateSettings
4. CollectionSite
5. CollectionSiteOnboardResponse
6. CollectionSiteTLSConfiguration
7. DnsOnboardingInstructionDto
8. Domain
9. ErrorResponse
10. InboundTlsSettings
11. PaginatedCollectionSite
12. PaginationMetadata
13. Servers
14. Site
15. SiteHstsConfiguration
16. SiteOnboardResponse
17. SiteOnboardingRequest
18. SiteTLSConfiguration
19. SiteTLSConfigurationRequest

Cloud Application and Network Security 27

Cloud Application and Network Security

20. TLSVersion

APIError
Up
status (optional)
Integer format: int32
id (optional)
String
code (optional)
String
source (optional)
map[String, Object]
title (optional)
String
detail (optional)
String

AccountInboundTLSConfigurationRequest
Up
data (optional)
array[InboundTlsSettings]

CertificateSettings
Up
Certificate Settings entity
validationMethod (optional)
String The method used by Imperva to validate domain ownership.
example: CNAME

CollectionSite
Up
data (optional)
array[Site]

CollectionSiteOnboardResponse
Up
data (optional)
array[SiteOnboardResponse]

Cloud Application and Network Security 28

Cloud Application and Network Security

CollectionSiteTLSConfiguration
Up
data (optional)
array[SiteTLSConfiguration]

DnsOnboardingInstructionDto
Up
site onboarding DNS instruction
description (optional)
String instruction's description
recordType (optional)
String DNS record type
example: CNAME
value (optional)
String DNS record value
example: abc.impervadns.net
host (optional)
String DNS record host
example: www.example.com

Domain
Up
Domain entity
id (optional)
Long The ID of the domain format: int64
example: 123456
name (optional)
String The domain name
example: www.example.com
protectionStatus (optional)
String The domain ownership verification status. Possible values: BYPASSED, MISCONFIGURED, VERIFIED, PROTECTED
example: BYPASSED

ErrorResponse
Up
errors (optional)
array[APIError]

InboundTlsSettings
Up
configurationProfile (optional)
String TLS configuration profile is an enumeration of predefined configuration profiles.It can also be set to CUSTOM, for

Cloud Application and Network Security 29

Cloud Application and Network Security

setting custom TLS configuration.

Enum:
CUSTOM
DEFAULT
ENHANCED_SECURITY
tlsConfiguration (optional)
array[TLSVersion] List of supported TLS versions and ciphers related to the specific version. This list holds the CUSTOM
configuration that is going to be used in the communication between the client and Imperva. If the list is empty a
predefined configuration profile should be used.

PaginatedCollectionSite
Up
data
array[Site] API paginated response data
meta (optional)
PaginationMetadata
links (optional)
map[String, String] API pagination links

PaginationMetadata
Up
API pagination metadata
totalPages (optional)
Integer format: int32
totalElements (optional)
Long format: int64
size (optional)
Integer format: int32
page (optional)
Integer format: int32

Servers
Up
Server entity
ips (optional)
array[String] Data Center's origin server IPs/CNAMEs
example: ["1.2.3.4","3.2.2.2"]

Site
Up
Site entity
id (optional)
Long The ID of the site. format: int64

Cloud Application and Network Security 30

Cloud Application and Network Security

example: 123456
name
String Friendly name of the site.
example: www.example.com
type
String The website type. Indicates which kind of website is created, e.g. CLOUD_WAF for a website onboarded to Imperva
Cloud WAF.
Enum:
CLOUD_WAF
LOCAL
example: CLOUD_WAF
accountId (optional)
Long The account ID of the site format: int64
example: 10
creationTime (optional)
Long The creation date of the site format: int64
example: 1673186130
cname (optional)
String The CNAME provided by Imperva that is used for pointing your website traffic to the Imperva network.
example: sdh5s.example.com
isDefaultSite (optional)
Boolean Default anywhere site
example: false

SiteHstsConfiguration
Up
HTTP Strict transport security (HSTS) ensures that any attempt by visitors to use the unsecure version (http://) of a page
will be forwarded automatically to the secure version (https://).
preLoaded (optional)
Boolean The most secure way to enforce HSTS. Ensures the first request goes out in a secure tunnel, since the browser
already has that URL in the pre-load list. The domain needs to be listed at https://hstspreload.appspot.com/.
maxAge (optional)
Long (TTL) The amount of time in seconds to apply HSTS in the browser before attempting to load the page using http://.
format: int64
example: 7543
subDomainsIncluded (optional)
Boolean Enforce HSTS on sub-domains. For example, a page listed on xxx.ddd.com uses resources from images.ddd.com.
If HSTS for sub-domains is enabled, the images are also covered. Make sure that the site and all sub-domains support
HTTPS so that HSTS does not break an internal resource when rendering the page.
isEnabled (optional)
Boolean Enable/disable HSTS support for this website

SiteOnboardResponse
Up
Site onboarding response entity
site (optional)
Site

Cloud Application and Network Security 31

Cloud Application and Network Security

domains (optional)
array[Domain]
servers (optional)
Servers
certificateSettings (optional)
CertificateSettings
instructions (optional)
map[String, array[DnsOnboardingInstructionDto]] Site onboarding instructions list
example: {"SSL":[{"description":"Add the following record to your DNS
provider","recordType":"CNAME","value":"qweqwe.ng.impervadns.net","host":"_delegate_validation.example.com"}],"Network":[{"des
the following record to your DNS provider","recordType":"A","value":"1.2.3.4","host":"example.com"},{"description":"Add
the following record to your DNS provider","recordType":"A","value":"5.6.7.8","host":"example.com"},{"description":"Add
the following record to your DNS
provider","recordType":"CNAME","value":"asdasd.ng.impervadns.net","host":"www.example.com"}]}

SiteOnboardingRequest
Up
Site onboarding request entity
domain
String The domain of the site
example: my.domain.com
servers (optional)
array[String] List of your origin server IP addresses or CNAMEs.
example: ["1.2.3.4","3.2.2.2"]
name (optional)
String The name of the site. If not specified, the domain name is used.
example: my site
type (optional)
String The website type. Indicates which kind of website is created, e.g. CLOUD_WAF for a website onboarded to Imperva
Cloud WAF.
Enum:
CLOUD_WAF
LOCAL
example: CLOUD_WAF

SiteTLSConfiguration
Up
hstsConfiguration (optional)
SiteHstsConfiguration
inboundTlsSettings (optional)
InboundTlsSettings

SiteTLSConfigurationRequest
Up
data (optional)

Cloud Application and Network Security 32

Cloud Application and Network Security

array[SiteTLSConfiguration]

TLSVersion
Up
List of supported TLS versions and ciphers related to the specific version. This list holds the CUSTOM configuration that is
going to be used in the communication between the client and Imperva. If the list is empty a predefined configuration
profile should be used.
tlsVersion (optional)
String TLS version name. For example: TLS_1_2
Enum:
TLS_1_0
TLS_1_1
TLS_1_2
TLS_1_3
ciphersSupport (optional)
array[String] List of RFC cipher names supported for the specified TLS version. This configuration is used when the
CUSTOM configuration profile is selected. Please refer to https://docs.imperva.com/bundle/cloud-application-security/
page/cipher-suites.htm for the list of ciphers.

Last updated: 2023-10-30

Website General Settings

View and update settings for the selected website, including data encryption, adding Imperva headers to incoming
requests, and your site's DNS settings.

Note: Website TLS configuration has moved. For details, see Customize Website TLS Configuration.

Access the General Settings

To open General Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Origin and Network > General.

Data Storage
By default, Imperva assigns a region to a site based on geolocation of the origin server registered for the site. If the
account administrator changed the default region for new sites created in your Imperva account, the data storage region
for your site may be different. For details, see Account Settings.

Cloud Application and Network Security 33

Cloud Application and Network Security

Option Description

Determines the geographical region for storing your Layer

7 (application layer) Imperva data. Available regions
include APAC, AU, EU, and US.
Region
If you change the data storage region, all subsequent data
is stored in the selected region. The Events page will
display only those events that occurred after the region
change.

Use the hashing method for masking fields in your logs

and in the Events page, instead of default (XXX) data
masking.

Salt value: Enter a hashing salt to use for hashing. The salt
Mask data by hashing
increases the security of the hashing process.

Type your own salt or click Generate to automatically

create one for you. The salt value is limited to 64
characters.

Note: Event data is stored for 90 days. To view events from the previous region during that time period, click the pop-up
banner on the Events page.

If you change the data storage region twice within a 90-day period, you will no longer be able to view event data from the
first region.

Example: You changed from region A to region B and then to region C within a 90-day period. When you change to region
C, you will not be able to access event data from region A.

For more details on stored data, see Data Storage Management.

Imperva Headers
Enabling Imperva request headers adds new headers to each request sent to your origin server.

Imperva supports the following headers:

Option Description

Indicates the TLS version of the client browser and can be

used to identify visitors using old, non-secured browsers.
INCAP-TLS-VERSION
Format: TLSv1.0 ; TLSv1.1; TLSv1.2; TLSv1.3; SSLv3

Cloud Application and Network Security 34

Cloud Application and Network Security

Option Description

Indicates a unique and persisted request ID. It can be used

to correlate requests with records in Imperva logs, and
allow debug level visibility into each request passing
INCAP-REQ-ID
through the Imperva service to the Origin.

Format: 64-bit number

DNS settings
This section displays reference information showing your original DNS settings, and the DNS records that were provided
by Imperva for onboarding your site. The instructions for changing your DNS records were provided by Imperva.

Option Description
The DNS settings detected by Imperva during the initial
Original DNS Settings
onboarding process of the website.

The DNS settings issued by Imperva for onboarding this

website.
DNS Settings for Imperva
Note that the structure of the domain used for CNAMEs is
subject to change, and should not be relied on for
automation purposes.

Links additional domains or hosts to this website using the

CNAME provided by Imperva. All DNS queries are resolved
to the primary domain.
Alternative domains / hosts (CNAME reuse)
For more details, see Alternative domains/hosts
(CNAME reuse) below.

Displays the Text records based on the specified conditions

returned by Imperva when responding to TXT queries for
your site's CNAME.

Maximum length: 255 characters.

TXT records in Imperva DNS
As part of onboarding your site, you configure your DNS
settings to use the CNAME provided by Imperva. Since
DNS protocol doesn't permit other record types when the
CNAME record exists, you can't add TXT records directly to
your domain's DNS configuration. This section enables you

Cloud Application and Network Security 35

Cloud Application and Network Security

Option Description

to configure TXT records while simultaneously using a

CNAME record for your domain.

For example, you can define a TXT record here for SPF
authentication in order to prevent email spoofing.

To query additional hosts, select Add New.

Alternative domains/hosts (CNAME reuse)

This section lists all domains that are connected to an onboarded website via CNAME reuse.

Note: Apex domains are not supported as alternative domains. If you need to onboarded an apex domain, it must be
added as a separate site per request to Imperva Support.

Imperva detects and adds all domains that are using the Imperva-provided CNAME assigned to the onboarded (primary)
website.

Once ownership of a domain is verified, the domain is protected by Imperva and shares the website settings and
configuration of the onboarded website. Legitimate traffic for all verified domains is allowed.

You can also manually add domains to the table, as follow:

• Click Add New to add a single domain

• To add multiple domains, you can upload a file in csv format, with one domain per line. Click the arrow and
click Upload bulk CSV.

Note: The table can list up to 1000 domains.

• When this limit is passed the Add New button is disabled.

• If adding a CSV file will surpass the limit, the upload will fail and an error is displayed.
• If Imperva's autodiscovery detects additional domains and passes the limit, only 1000 domains are listed. The
list is dynamic, and the domains that most recently had traffic are listed in the table.
• You cannot detach a wildcard domain if it causes the number of domains in the table to pass the limit. For more
details on wildcard domains, see Wildcard domains.

Column Description
Name The name of the domain. For example, www.example.com.

Cloud Application and Network Security 36

Cloud Application and Network Security

Column Description

Indicates if the domain is the website that is onboarded to

Imperva, or another domain that is sharing the CNAME
provided by Imperva for the website.

• Primary: The website that is onboarded to

Imperva.
Domain type
• Full: The domain is a full or naked domain (not a
wildcard domain).

• Wildcard: A wildcard domain, such as

*.example.com. Includes all subdomains under
the wildcard domain. For more details, see
Wildcard domains below.

Indicates that the domain was automatically detected by

Auto-discovered
Imperva.

Indicates the domain ownership verification status.

Possible values:

• Protected: Imperva has verified your ownership

of the domain and traffic to the domain is
flowing through the Imperva network.

• Bypassed: Ownership of the domain was not yet

verified by Imperva. To enable Imperva to verify
your ownership of the domain, add the specified
value as a CNAME or TXT record to the domain's
Protection Status
DNS zone.

• Misconfigured: The domain is already verified

and associated with another website configured
in Imperva.

• Verified: The CNAME value was added to your

DNS configuration as a TXT record but not as a
CNAME record. Imperva was able to verify your
ownership of the domain but traffic to the
domain is not yet flowing through the Imperva
network.

Wildcard domains

Once a wildcard domain is in Protected status, all domains that match the wildcard domain are added to the list of

Cloud Application and Network Security 37

Cloud Application and Network Security

allowed domains when traffic to them is detected. You cannot manually add or remove a subdomain of a wildcard
domain.

You can choose to "promote" the matching domains to become full domains. On the wildcard domain row, click
and select Detach Wildcard. Each of the matching domains is then listed as a full domain and the wildcard is removed
from the table.

Website domain API

To manage alternative domains using the Imperva API, see Website Domain Management API Definition.

Additional Settings
Miscellaneous

Option Description

A free-text field where you can add a unique identifier to

Reference ID correlate an object in our service, such as a protected
website, with an object on the customer side.

By default, error responses are returned in HTML format

only.

Enable content based error responses This option enables you to return an error response in
JSON or XML format, based on the Accept or Content-
Type HTTP request headers. For details, see Error
Responses.

Website Domain API

Manage domains that share the CNAME of an onboarded website with the Imperva Website Domain Management API
Definition.

• Web Protection – Introduction

• Onboarding a Site – Web Protection and CDN

Cloud Application and Network Security 38

Cloud Application and Network Security

Last updated: 2024-09-29

Website Domain Management API Definition

Imperva Website Domain Management

Manage the domains that are sharing the CNAME of an onboarded website.

All domains that are using the same CNAME share the website configuration settings and policies of the onboarded
website.

For full feature documentation, see Website General Settings.

More information: https://helloreverb.com
Contact Info: [email protected]
Version: 1.0.0
BasePath:/site-domain-manager
The terms in the absence of an applicable signed agreement between you and Imperva
https://www.imperva.com/legal/license-agreement/

Access
1. APIKey KeyParamName:x-API-Id KeyInQuery:false KeyInHeader:true
2. APIKey KeyParamName:x-API-Key KeyInQuery:false KeyInHeader:true

Methods
Models

Table of Contents

Domains

• post /v2/sites/{siteId}/domains
• delete /v2/sites/{siteId}/domains/{domainId}
• get /v2/sites/{siteId}/domains/{domainId}
• get /v2/sites/{siteId}/domains

Domains
Up

post /v2/sites/{siteId}/domains

Cloud Application and Network Security 39

Cloud Application and Network Security

Add domain to a given website (addSiteDomain)

Adds a domain to an onboarded website.

Path parameters
siteId (required)
Path Parameter — The Imperva ID of the onboarded website. format: int64

Consumes
This API call consumes the following media types via the Content-Type request header:

• application/json

Request body
body AddSiteDomainDetails (required)
Body Parameter —

Return type
SiteDomainDetails

Example data
Content-Type: application/json

{
"validationMethod" : "CNAME",
"managed" : false,
"domain" : "a.example.com",
"autoDiscovered" : true,
"subDomains" : [ {
"creationTime" : 1655140751000,
"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
}, {
"creationTime" : 1655140751000,
"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
} ],
"siteId" : 66575115,
"mainDomain" : false,
"validationCode" : "xjkschvver.impervadnsstage.net",
"id" : 440,
"cnameRedirectionRecord" : "xjkschvver.impervadnsstage.net",
"creationDate" : 1655140751000,
"status" : "BYPASSED"

Cloud Application and Network Security 40

Cloud Application and Network Security

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

successful operation SiteDomainDetails

400

Bad Request APIErrors

500

Internal Error APIErrors

delete /v2/sites/{siteId}/domains/{domainId}

Delete a domain from a website (deleteSiteDomain)

Deletes a domain from an onboarded website.

Path parameters
siteId (required)
Path Parameter — The Imperva ID of the onboarded website. format: int64
domainId (required)
Path Parameter — The Imperva ID of the domain. You can retrieve the domain ID using the GET /domains call. format:
int64

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• */*

Cloud Application and Network Security 41

Cloud Application and Network Security

Responses

200

successful operation

400

Bad Request APIErrors

500

Internal Error APIErrors

get /v2/sites/{siteId}/domains/{domainId}

Retrieve details of a given domain (getSiteDomain)

Retrieve details of a domain associated with an onboarded website.

Return type
SiteDomainDetails

Example data
Content-Type: application/json

Cloud Application and Network Security 42

Cloud Application and Network Security

"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
} ],
"siteId" : 66575115,
"mainDomain" : false,
"validationCode" : "xjkschvver.impervadnsstage.net",
"id" : 440,
"cnameRedirectionRecord" : "xjkschvver.impervadnsstage.net",
"creationDate" : 1655140751000,
"status" : "BYPASSED"
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

successful operation SiteDomainDetails

400

Bad Request APIErrors

500

Internal Error APIErrors

get /v2/sites/{siteId}/domains

List domains for a given website (listSiteDomains)

Lists all domains associated with an onboarded website.

Path parameters
siteId (required)
Path Parameter — The Imperva ID of the onboarded website. format: int64

Query parameters
pageNumber (optional)

Cloud Application and Network Security 43

Cloud Application and Network Security

Query Parameter — The page to return starting from 0. In order to view the full results, run the API call with
page_num set to 0, then again with page_num set to 1, and so forth. Default: 0 format: int32
pageSize (optional)
Query Parameter — The number of objects to return in the response. Default: 50 Maximum: 100
format: int32

Return type
GetSiteDomainsDetails

Example data
Content-Type: application/json

{
"data" : [ {
"validationMethod" : "CNAME",
"managed" : false,
"domain" : "a.example.com",
"autoDiscovered" : true,
"subDomains" : [ {
"creationTime" : 1655140751000,
"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
}, {
"creationTime" : 1655140751000,
"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
} ],
"siteId" : 66575115,
"mainDomain" : false,
"validationCode" : "xjkschvver.impervadnsstage.net",
"id" : 440,
"cnameRedirectionRecord" : "xjkschvver.impervadnsstage.net",
"creationDate" : 1655140751000,
"status" : "BYPASSED"
}, {
"validationMethod" : "CNAME",
"managed" : false,
"domain" : "a.example.com",
"autoDiscovered" : true,
"subDomains" : [ {
"creationTime" : 1655140751000,
"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
}, {
"creationTime" : 1655140751000,
"subDomain" : "sub.domain.example.com",
"lastDiscoveredTime" : 1655140751000,
"id" : 320
} ],

Cloud Application and Network Security 44

Cloud Application and Network Security

"siteId" : 66575115,
"mainDomain" : false,
"validationCode" : "xjkschvver.impervadnsstage.net",
"id" : 440,
"cnameRedirectionRecord" : "xjkschvver.impervadnsstage.net",
"creationDate" : 1655140751000,
"status" : "BYPASSED"
} ],
"meta" : {
"totalPages" : 5
}
}

Produces
This API call produces the following media types according to the Accept request header; the media type will be conveyed
by the Content-Type response header.

• application/json

Responses

200

successful operation GetSiteDomainsDetails

400

Bad Request APIErrors

500

Internal Error APIErrors

Models
Methods

Table of Contents
1. APIError
2. APIErrors
3. AddSiteDomainDetails
4. GetEntitiesDetailsMeta
5. GetSiteDomainsDetails
6. SiteDomainDetails
7. WildCardSubDomainDetails

Cloud Application and Network Security 45

Cloud Application and Network Security

APIError
Up
status (optional)
Integer format: int32
id (optional)
String
code (optional)
String
source (optional)
map[String, Object]
title (optional)
String
detail (optional)
String

APIErrors
Up
errors (optional)
array[APIError]

AddSiteDomainDetails
Up
domain
String The name of the domain to add
example: full.alternative.domain.incaptest.co
strictMode (optional)
Boolean Internal use for Terraform. In strict mode, add/delete of hostname is allowed only if it does not affect other
hosts in the site. For example, adding a wildcard hostname is forbidden in strict mode if a subdomain of the wildcard
already exists as a siteDomain, while in loose mode, the subdomain is converted to a WildCardSubDomain
example: true

GetEntitiesDetailsMeta
Up
totalPages (optional)
Integer The total number of pages format: int32
example: 5

GetSiteDomainsDetails
Up
data (optional)
array[SiteDomainDetails]
meta (optional)

Cloud Application and Network Security 46

Cloud Application and Network Security

GetEntitiesDetailsMeta

SiteDomainDetails
Up
id (optional)
Long The ID of the alternative domain format: int64
example: 440
siteId (optional)
Long The Imperva ID of the onboarded website. format: int64
example: 66575115
domain (optional)
String The name of the domain to add
example: a.example.com
autoDiscovered (optional)
Boolean CNAME reuse domain that was discovered automatically by Imperva proxy
example: true
mainDomain (optional)
Boolean Indicates if the domain is primary domain or alternative domain
example: false
managed (optional)
Boolean Indicates that the primary domain does not have any alternative domains
example: false
subDomains (optional)
array[WildCardSubDomainDetails]
validationMethod (optional)
String The method used to validate ownership of the domain. Possible values: CNAME, TXT, A
example: CNAME
validationCode (optional)
String The code that should be used to validate ownership of the domain
example: xjkschvver.impervadnsstage.net
cnameRedirectionRecord (optional)
String The CNAME value that should be used for CNAME reuse for the alternative domains.
example: xjkschvver.impervadnsstage.net
status (optional)
String The domain ownership verification status. Possible values: BYPASSED, MISCONFIGURED, VERIFIED, PROTECTED
example: BYPASSED
creationDate (optional)
Long The date of the domain creation format: int64
example: 1655140751000

WildCardSubDomainDetails
Up
id (optional)
Long The Imperva Id of the wild card subdomain details format: int64
example: 320
subDomain (optional)
String The name of the subdomain

Cloud Application and Network Security 47

Cloud Application and Network Security

example: sub.domain.example.com
lastDiscoveredTime (optional)
Long For auto-discovered domains, indicates the last time the domain was discovered. format: int64
example: 1655140751000
creationTime (optional)
Long The creation time of the wildcard subdomain details format: int64
example: 1655140751000

Last updated: 2022-08-08

Web Protection - Website Settings

Define general site attributes and options related to security, web scraping protection, performance, and availability of
your website.

Note: If you are subscribed via an Imperva partner, your default settings are defined by the partner and may vary from
the descriptions in this documentation.

To open Website Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.

The following settings pages are available:

Origin Servers: Define your site topology as Single Origin

Server, Multiple Origin Servers (Single Data Center), or
Multiple Data Centers, and allows you to configure the load
balancing settings for the defined topology. For details, see
Load Balancing Settings.

General: Define various site attributes, such as redirection

rules, SSL support, original DNS settings and other general
settings for Imperva. For details, see Web Protection -
General Settings.

Login Protect: Set up a two-factor authentication solution

for any website or application, without making any
changes to your website. For details, see Web Protection -
Login Protect.

Security: Configure access control rules as well as

whitelists and blacklists for your website. For details, see
Web Protection - Security Settings.

Cloud Application and Network Security 48

Cloud Application and Network Security

WAF: Configure WAF settings. Imperva's PCI-Certified Web

Application Firewall (WAF) analyzes all incoming traffic to
your site and prevents access by malicious and unwanted
visitors. For details, see Web Protection - WAF Settings.

Notifications: Turn specific notifications on and off. For

details, see Website Notification Settings.

Permissions: Grant access to a user from another account

to view or edit the website. For details, see Give access to
external users.

Last updated: 2023-06-12

Web Protection - General Settings

View and update SSL and HSTS settings for the selected website.

Note:

• All Website General settings except SSL support have been moved to a new page. For details, see Website
General Settings and Customize Website TLS Configuration.

• Custom certificates are now managed on the SSL Certificates page. For details, see Manage SSL Certificates.
The option to use the existing certificate currently on your website has been deprecated.

Access the General settings

To open General Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click General.

SSL support
Configure SSL support for your site, and view your site's SSL configuration status.

Cloud Application and Network Security 49

Cloud Application and Network Security

Note: When you onboard a website, you are given an Imperva IP address to configure in your DNS records so that traffic
to your website will flow through Imperva.

This IP address may change in the following cases:

• If you configure SSL support for your site after onboarding and request an Imperva-generated certificate.

• If you remove the Imperva-generated certificate.

Option Description

Imperva generated certificate. As part of the process of

onboarding an SSL site, you add your domain to an
Certificate Type Imperva certificate. The Imperva certificate is presented to
visitors trying to access your website, indicating that the
connection is secure.

Possible values include:

Active. SSL support is configured for the site. If a

certificate becomes invalid, is revoked, or has some other
error, then the status displays Active + <the error>.

Not active. SSL support is not configured for the site.

Certificate Status
SSL was not detected. Imperva checked your site for SSL,
and SSL was not detected.

Other. If you have initiated the validation process, the

status is displayed according to the validation method that
you chose. For example, "Validation email was sent to
<approver email address>".

Possible values include:

Check my site for SSL. Checks for SSL on your site. If SSL
is detected, the configure action is displayed and you can
start the configuration process.

Configure. Starts the SSL configuration process. Follow

Actions
the onscreen instructions. For more details, see
Onboarding a Site – Web Protection and CDN.

Test CAA records. Checks your domain for the required

CAA records. For more details, see CAA Compliance.

Cancel. Cancels the configuration process.

Cloud Application and Network Security 50

Cloud Application and Network Security

Option Description

Remove. Removes SSL support for the site. Attempts by

visitors to access your site via a secured HTTPS connection
may fail or result in browser error messages.

Change SAN settings after renewal

You can configure the following options for Imperva to use each time the certificate is renewed.

Option Description

Adds the wildcard SAN to the Imperva SSL certificate

instead of the full domain SAN.

Example: For www.example.com, the wildcard SAN is

*.example.com and the full domain SAN is
www.example.com.

Using a wildcard SAN enables you to add subdomains,

such as sub.example.com, without the need for a
certificate change and revalidation.

Note: Typically, when your site's Imperva-generated

certificate needs to be renewed, the process is completed
automatically by Imperva. If you are using a wildcard SAN,
Add wildcard domain SAN automated validation can only be completed for a
subdomain under the following circumstances:

• if the domain (e.g. example.com) is also

protected by Imperva

• when the validation of the domain (e.g.

example.com) was done by CNAME validation
and the CNAME record for the SSL validation
(starts with _delegate_validation) remains in
place

Otherwise, you will receive an email notification from

Imperva requiring you to revalidate ownership of your
domain.

Add full domain SAN Adds the full domain SAN to the Imperva SSL certificate.

For second-level domains with the www prefix, adds the

Add naked domain SAN
naked domain SAN to the Imperva SSL certificate.

Cloud Application and Network Security 51

Cloud Application and Network Security

Option Description

Example: For www.example.com, the SAN example.com is

added to the certificate in addition to the wildcard or full
domain SAN.

Note: To configure SSL coverage with an Imperva-generated cerficate via the Imperva API, use the Modify site
configuration endpoint with the domain_validation parameter: POST: https://my.imperva.com/api/prov/v1/sites/
configure

For details, see Cloud Application Security v1/v3 API Definition.

• Web Protection – Introduction

• Onboarding a Site – Web Protection and CDN

Last updated: 2024-09-26

Web Protection - Login Protect

Login Protect adds a second level of security to sensitive URLs and websites, such as an admin login or configuration
pages, and should be used to restrict access to a limited number of admin users per site.

Note: You can add no more than 10 Login Protect users per website and no more than 500 per account.

Overview
On top of existing usernames and passwords, Login Protect adds two factor authentication based on a one-time passcode
sent to the authenticating user, without making any changes to your applications or installing any software. The following
methods are available for users to obtain one-time passcodes:

• Email
• Text message (SMS)
• Google Authenticator mobile application

Note: To limit suspected bot requests, a CAPTCHA challenge may appear before a passcode is sent. Imperva does not
display one when it recognizes a user that has either passed a CAPTCHA challenge or entered a correct two factor
passcode during the session.

To add a persistent cookie on a computer that provides 14 weeks of automatic recognition, click “Trust this computer”

Cloud Application and Network Security 52

Cloud Application and Network Security

before entering a passcode.

Login Protect for Administrators

To open the Login Protect Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click Login Protect.

If Login Protect is not yet enabled, click Enable.

Cloud Application and Network Security 53

Cloud Application and Network Security

Protected Pages

Protected Pages refer to sensitive pages on your website, such as an admin login page, for which you want to add an
extra layer of security.

Click on the Add Page button and select either a specific URL to protect or a URL pattern (for example, any page whose
URL ends with /admin). Any number of URLs or URL patterns may be entered, as long as they are all within the same top-
level domain (for example, all start with www.mydomain.com).

Excluded Pages

The option to exclude resources defined in the Protected Pages section from being protected by two-factor

Cloud Application and Network Security 54

Cloud Application and Network Security

authentication.

Example:

Protected Pages rule is : “URL is: /wp-admin “

Excluded Pages rule is : “URL is: /wp-admin/admin-ajax.php“

In this case, all resources under wp-admin will require "two-factor authentication" except from admin-ajax.php.

Methods and Notifications

This section lets you define the authentication mechanisms by which users can receive a one-time passcode.

Select one or more of the following authentication methods:

• Email: User receives an email with a one-time passcode.

• Text Message (SMS): User receives a text message with a one-time passcode.
• Google Authenticator: User can get the one-time passcode via the Google Authenticator mobile application.
Learn more about Google Authenticator here.

Authorized Users

This section lets you define which users are allowed to access Protected Pages after authentication. Login Protect enables
two methods for selecting the group of Login Protect users that will be authorized to access Protected Pages:

• Authorize all Login Protect users in this account: this option will automatically authorize all existing and
future Login Protect users, even if they are added as users on other sites.
• Select authorized users from list: this option can be used for selecting a subset of Login Protect users from the
Login Protect users list

Login Protect Users List

The Login Protect users list is an account level setting of all the Login Protect users defined for all your Imperva-protected
sites. Users can be invited via email or added as a group by uploading a CSV file.

To access the Login Protect Users List:

1. On the top menu bar, click Account > Account Management.

2. On the sidebar, click Account Management > Login Protect.

Cloud Application and Network Security 55

Cloud Application and Network Security

When adding users you will be prompted to review the invitation email that will be sent out and customize it if required.
You may enter multiple email addresses separated by commas or semicolons.

Cloud Application and Network Security 56

Cloud Application and Network Security

Login Protect for the Authenticating User

Setting Up Login Protect

Any user that has been invited to use Login Protect will receive an email (the same one you have reviewed and
customized as the administrator).

After users have clicked the activation link at the bottom of the invitation email they will be asked to configure the
methods for receiving one-time passcodes. The available methods will be determined by the Login Protect settings for
that site under Methods and Notifications.

Cloud Application and Network Security 57

Cloud Application and Network Security

Logging In

A user accessing a URL that is protected with Login Protect will be prompted to enter a one-time passcode using the
following screen:

Cloud Application and Network Security 58

Cloud Application and Network Security

Based on the Login Protect configuration for this website, users can obtain the passcode by either opening their Google
Authenticator mobile application, entering their email address to receive the passcode by email, or by clicking the Text
Me button to receive the passcode in a text message.

After entering a valid passcode, users will be able to proceed to the website. Users remain authenticated for the
remainder of their session, or for 14 days if they select the Trust this computer for 14 days option.

Users who did not complete their Login Protect user activation may do so by clicking the Didn't Activate Login Protect?
link.

Last updated: 2024-09-26

Cloud Application and Network Security 59

Cloud Application and Network Security

Web Protection - Security Settings

Define granular access control policies for your website.

Note: The Block Specific Sources and Allowlist Specific Sources settings are now configured using policies. For details,
see Create and Manage Policies.

Access the Security settings

To open the Security Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click Security.

Set bot access control policy

Bot Access Control lets you define an access control policy for each client that accesses your website.

Imperva client classification

Imperva’s unique classification technology can tell whether your website visitors are humans or bots. Our client database
holds an extensive list of bot classifications and can identify the specific type of bot visiting your website.

Each bot is marked either as a Good Bot or a Bad Bot. Bad Bots are those bots that pose a threat to your website security.
For example, a vulnerability scanner or a DDoS attack bot. Googlebot (and all other search engine bots) is marked as a
good bot and not blocked by the Bad Bots rule.

For the list of the clients and client type categories that Imperva addresses, see Client Classification.

For more details on Imperva's mitigation capabilities for automated threats, see Bot Mitigation.

Cloud Application and Network Security 60

Cloud Application and Network Security

Set the bot access control options

Option Description

All good bots are allowed to access your website by

default. You can customize the list of good bots from the
Bot Access Control settings.

Note: Requests from good bots are also filtered by the

WAF. This is because some legitimate services might be
manipulated to send malicious requests to your website.

Click the Good Bots link to edit the Good Bots List. The
Good Bots List displays a list of the bots that do not pose a
threat to your website. By default, each of these bots is
marked with a checkmark, which means that they are not
blocked by default.

All Good Bots (like Google and Pingdom) will be allowed to

access your site

Note: To add additional good bots to the list, such as your

own API client or mobile app, contact Imperva support.

All bad bots are denied access to your website by default.

You can modify this list Block additional bad bots or by
Create an exception to use a bad bot.
Block Bad Bots (like comment spammers and scanners)
Only bad bots that are in Imperva’s database can be
added. If you would like to add an additional bot to this
list, contact Imperva support.

Cloud Application and Network Security 61

Cloud Application and Network Security

Option Description

If Imperva can't classify a bot, it is considered a Suspected

Bot. In many cases these bots are operated by legitimate
service providers, and in some cases these are malicious
bots.
Require all other suspected bots to pass additional
You can configure Imperva to filter out any suspected bot
challenges
by requiring the client to complete a CAPTCHA test or
additional challenges. This will filter out bad bots, reduce
unnecessary load from unwanted crawlers and services,
and ensure that only legitimate visitors can access your
website.

Exceptions See Define exceptions.

Block additional bad bots

You might want to block legitimate bots that Imperva does not categorize as bad. For the list of the clients and client type
categories that Imperva addresses, see Client Classification

1. Click the Block additional bad bots link.

2. Start typing the name of a bot you want to block and click Add.

3. After you finishing adding bots, click Save.

Create an exception to use a bad bot

In some cases, you might want to allow a bot from the Bad Bots List for legitimate purposes. For the list of the clients and
client type categories that Imperva addresses, see Client Classification

1. Click the Add exception link.

2. From the Add exception rule on drop-down menu select Client app ID.

3. Start typing the name of a bot you want to allow and click Add.

4. After you finishing adding bots, click Confirm

CAPTCHA providers
As a security service, Imperva is committed to providing the highest grade of security. Part of the service includes
selecting the best CAPTCHA service to use for our customers. Imperva uses these captcha providers:

• hCaptcha

• reCAPTCHA

Cloud Application and Network Security 62

Cloud Application and Network Security

• GeeTest

As the service provider, Imperva selects the captcha provider depending on how you configure your sites and the client
IP geolocation.

Define exceptions
To add an item to the Exceptions list for any of the security rules:

1. Click Add exception, or Exceptions if there are already existing exceptions defined.

2. In the Add exception rule on field, select the type of item to be added to the whitelist, such as User agent,
URL, Client app ID, IP, or Country.

◦ For IP exceptions, single IPs, IP ranges, and subnets are supported, such as 2.2.2.2, 3.3.3.3-3.3.3.5, or
10.10.10.10/24.

◦ For User agents, the value must be an exact match, such as

Googlebot-News
or
APIs-Google
. You can't use partial matches, wildcards, or regex to define the value.

3. In the field to the right, fill in the value to exclude from the rule.
4. Click Add.
5. You can repeat the steps above to add additional rules.
6. Click Confirm.

Note: An exception rule will match only if all match criteria are satisfied. If you want to add an exception for multiple and
non-related scenarios, you can add multiple exception rules.

Last updated: 2024-06-30

Web Protection - WAF Settings

Define how Imperva's Web Application Firewall (WAF) responds to malicious visitors or requests.

Note: Most WAF settings are now managed by the WAF Rules policy feature. For more details, see Create and Manage
Policies.

Cloud Application and Network Security 63

Cloud Application and Network Security

For DDoS settings, see Web Protection - DDoS Settings.

Access the WAF Settings

To open the WAF Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click WAF.

Backdoor protection
This option detects and quarantines backdoors to your website.

Backdoors are widely used by hackers trying to find a way into your site for malicious purposes, such as sending spam
and participating in DDoS attacks on other websites.

Usually the first thing a hacker does after gaining access to a compromised website is to plant a backdoor that can later
be used to obtain full access to the compromised server and to its root capabilities.

Select one of the following options:

Option Description

Any detected backdoor is automatically quarantined.

After a backdoor is detected, subsequent requests for the

Auto-Quarantine (default)
same URL are blocked and the path is added to the
quarantine list. In addition, an event is listed in the
Security Events page.

Cloud Application and Network Security 64

Cloud Application and Network Security

Option Description

A notification is sent to your Imperva account's

administrator/user (according to the WAF Settings) and an
alert appears in the Security Events page.
Alert Only
If there are existing URLs in the quarantine list when you
enable this option, they will continue to be blocked.

The event is not listed in the Security Events page and no

action (such as blocking) is taken.
Ignore
Backdoors in the quarantine list as well as any new
backdoor that is detected are ignored.

Quarantined Backdoors

This list contains all backdoor URLs that are detected while the Auto-Quarantine option is selected.

Hover over a URL for more details. Click Show Backdoor to view the blocked page.

To remove a backdoor URL from the quarantine list, click the X on the item in the list.

You can also add or remove backdoor URLs from the quarantine list when an event is logged on the Security Events
page. For details, see View Security Events.

Add allowlist rules

The Imperva Cloud WAF allowlists enable you to specify conditions under which the WAF will not analyze a request. Any
item that you enter into the allowlist is considered trusted and safe by Imperva.

Note: An allowlist rule will match only if all match criteria are satisfied. If you want to allowlist multiple and non-related
scenarios, you can add multiple allowlist rules

To add an item to the allowlist:

1. Click the Add allowlist option under the relevant type of WAF protection. For example under the DDoS option.
The following displays:

Cloud Application and Network Security 65

Cloud Application and Network Security

2. In the Add allowlist rule on field, select the type of item to be added to the allowlist, such as URL, Client app
ID, IP, Country, User Agent or HTTP parameter.
3. In the field to the right, fill in the value to be allowlisted.
4. Click the Add button.
5. Multiple rules can be added to this window by following the steps above.
6. Click the Confirm button.

Tip: You can also add an item to the WAF allowlist directly from the Security Events page if you have identified a false
positive event.

• Web Protection – Introduction

• Web Protection - DDoS Settings

Last updated: 2023-12-18

Web Protection - DDoS Settings

Define how Imperva reacts to a DDoS attack on your application or website.

Cloud Application and Network Security 66

Cloud Application and Network Security

Access the DDoS settings

To open the DDoS Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click WAF.

Configure DDoS settings

Select a level of protection against DDoS attacks on your website.

Select the desired WAF DDoS behavior from the drop-down menu.

Note: API-only and SPA sites require special configuration. To enable API DDoS settings for one of these site types, contact
Imperva Support.

Option Description
On DDoS mitigation rules are enabled for all traffic.

Cloud Application and Network Security 67

Cloud Application and Network Security

Option Description

DDoS mitigation rules are activated when traffic to the site

exceeds the current Imperva threshold. The current
threshold is updated automatically based on daily traffic
volumes. For more details on the method used to set this
dynamic threshold, see Adaptive L7 DDoS Threshold.

Adaptive Imperva also enables DDoS mitigation rules when it

detects known DDoS attack patterns.

Note: The Adaptive threshold option is only available

when there are at least 7 days of data during the past 30
days. If this option was already selected and traffic drops
below the minimum requirement, it remains enabled.

DDoS mitigation rules are automatically activated when

traffic to the site exceeds your threshold setting. Click
Automatic Mitigation settings to adjust this threshold. By default,
the threshold is 1,000 requests per second (RPS).
(default)
Imperva also enables DDoS mitigation rules when it
detects known DDoS attack patterns.

Off DDoS mitigation rules are disabled for all traffic.

L7 DDoS Mitigation Settings

Click Mitigation Settings to access additional DDoS settings:

Cloud Application and Network Security 68

Cloud Application and Network Security

Option Description

When the Automatic option is selected, this window

includes the Automatic Threshold field. Enter the request
rate threshold beyond which Imperva enables DDoS
mitigation rules.

Allowed values: 10-10000 requests per second. Request

rate cannot be empty.
Consider site to be under DDoS
Tip: If you are activating a marketing campaign and expect
(Automatic request rate) a significant increase in traffic over a short period of time,
you may want to increase this value so it is not considered
a DDoS attack.

Note that rates above 5000 RPS are considered high. If you
are setting a high threshold to handle a temporary
increase in traffic, remember to adjust it when traffic
returns to normal.

After Imperva has determined that a DDoS attack is

underway, it challenges suspicious bots with a set of tests
Challenge for Unknown Clients to filter out any kind of malicious visitor. Except for the
CAPTCHA challenge, these challenges do not affect the
user experience.

Cloud Application and Network Security 69

Cloud Application and Network Security

Option Description

• No Challenge: Requests from suspicious bots are

not challenged during a suspected DDoS attack.
However, requests are subsequently challenged
during the regular bot mitigation process.
• Cookie Support: Suspicious bots are challenged
for Cookie support. If the attacking client does
not support cookies, a JavaScript challenge is
sent instead.
• JavaScript Support: Suspicious bots are
challenged for JavaScript support.
• Human Interaction (CAPTCHA): Suspicious bots
are required to complete a CAPTCHA test.

Blocking non-essential bots is designed to overcome

attacks carried out by bots that disguise themselves as a
legitimate service that is classified by Imperva’s client
Block Non-essential bots classification engine.

This option should be used only in extreme situations and

after consulting with Imperva’s 24x7 support team.

Add allowlist rules

The Imperva DDoS allowlist lets you specify conditions under which the DDoS rules will not analyze a request. Any item
that you enter into the allowlist is considered trusted and safe by Imperva.

An allowlist rule will match only if all match criteria are satisfied. If you want to allowlist multiple and non-related
scenarios, you can add multiple allowlist rules.

To add an item to the allowlist :

1. In the DDoS section, click Add allowlist:

The following displays:

Cloud Application and Network Security 70

Cloud Application and Network Security

2. In the Add exception rule on field, select the type of item to be added to the allowlist, such as URL, Client app
ID, IP, or Country.
3. In the field to the right, fill in the value to be allowlisted.
4. Click Add.
5. Add additional rules as needed by following the steps above.
6. Click Confirm.

Tip: Alternatively, you can add an item to the WAF allowlist directly from the Events page if you have identified a false
positive event.

Customize Slow HTTP mitigation

Override default mitigation settings for slow HTTP attacks.

Slow HTTP attacks are a type of denial-of-service (DoS) attack in which requests are sent in small chunks, one at a time.
This is problematic because if the HTTP request is incomplete, or if the transfer rate is very slow, server resources are kept
busy waiting for the rest of the information, and legitimate connections cannot be made.

To prevent slow HTTP attacks, we configure a request body timeout which determines the minimal number of bytes we
accept during a specified time period.

Imperva provides DoS mitigation for HTTP methods according to the default rate of a minimum of 5000 bytes received
every 30 seconds.

You can choose to override the default rates for any or all of the following methods: GET, POST, PUT, RPC_IN_DATA,
RPC_OUT_DATA.

Cloud Application and Network Security 71

Cloud Application and Network Security

To override the default rates:

1. In the DDoS section, click Slow HTTP.

2. Under Override default rate, click the toggle to enable.

3. Select the methods for which you want to set different values, and configure the values.

The custom rate will be used only for the methods that you select. Other methods continue to use the default
rate.

• Web Protection – Introduction

• Web Protection - WAF Settings

Last updated: 2024-10-13

Adaptive L7 DDoS Threshold

This topic describes the method Imperva uses to set a dynamic threshold for DDoS mitigation.

Imperva's Web Protection - DDoS Settings determine how and when mitigation is activated.

When DDoS mitigation for layer 7 (application layer) traffic is enabled, Imperva needs to be able to determine when a site
is under DDoS attack. This is done by setting a threshold that indicates when traffic exceeds the normal, expected rate of
requests. Once this threshold is passed, a set of mitigation rules are activated to determine if the website is under actual
attack.

Correctly setting the threshold value is therefore a crucial part of L7 DDoS protection.

The problem
One mitigation option is the default Automatic L7 DDoS setting, which activates mitigation rules when the request rate
exceeds a static threshold setting.

By default, the threshold is set to 1000 requests per second (rps), which may not be appropriate for all websites.

Alternatively, you can manually define the threshold rate.

Changing this setting requires a certain level of expertise and is accompanied by some risk.

• Setting the threshold too high may leave you exposed to attack.

Cloud Application and Network Security 72

Cloud Application and Network Security

• Setting the threshold too low can trigger false positives, blocking clean traffic or inundating your system with
alerts, and may disrupt the end-user experience by triggering unnecessary challenges, such as CAPTCHAs.

In addition, a static threshold may not be suitable as traffic patterns change over time.

The solution
The Adaptive L7 DDoS setting dynamically sets the threshold for DDoS mitigation for your website. This automated
process regularly updates the threshold, reducing the risk of false positives or false negatives resulting from an outdated
configuration.

The algorithm used to set the threshold works by testing multiple thresholds and estimating their performance. All
possible thresholds are simulated to determine which works best.

The optimal threshold value is determined by estimating the number of false positive, true positives, and true negatives
that result from each threshold.

The evaluation is based on traffic over the previous 30 days.

Note: This solution is best suited to sites that are not experiencing traffic changes on an hourly basis, such as during
campaign events.

Enable adaptive L7 DDoS mitigation

To configure the DDoS mitigation settings for a website, navigate to Application > Websites > <select a website>
> Website Settings > WAF.

For more details, see Web Protection - DDoS Settings.

Last updated: 2024-10-13

Website Notification Settings

Get email notifications about threats to your website (Imperva WAF alerts) and a weekly PCI compliance report.

For an overview of other email notifications sent by Imperva, see Notifications.

Open the Notification Settings

1. On the top menu bar, click Application.
2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click Notifications.

Cloud Application and Network Security 73

Cloud Application and Network Security

Get notified about threats to your website

Select the types of threats to your website that you want to receive notifications about. By default, notifications are sent
per site for DDoS events (according to default Notification Settings) and Backdoor Protect security events only.

Imperva will notify you by email. A single mail is sent for all alerts occurring within a 5-minute interval. The mail will
include a sample of up to three of the generated alerts, and details of the total number of alerts and visits.

You can view the full list of threat alerts in the Website Security Dashboard > WAF violations section, and then drill
down to more detailed information displayed in the Security Events page.

What else do I need to know?

You can define what actions to take when a threat is identified using the WAF Rules policy. For details, see Create and
Manage Policies.

Request PCI compliance reports

Stay informed about changes to your security rule configuration and compliance with PCI 6.6 requirements.

In accounts where the new WAF Rules policy is available, the report is slightly different. The information provided reflects
the status of the website’s security rule configuration at the time the report is generated.

Cloud Application and Network Security 74

Cloud Application and Network Security

Last updated: 2023-09-24

Give access to external users

Grant access to a user from another account to view or edit the site.

The user can then see the site listed in the Cloud Security Console Websites page.

The user you add must be an existing user in another account which is on the same or higher level subscription plan.

Note: The Permissions page applies only to users from other accounts. To manage permissions for users in the current
account and its sub accounts, see Manage Account Users.

Access the Permissions settings

To open the Permissions Settings, log in to your my.imperva.com account.

1. On the top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.
3. On the sidebar, click Website Settings.
4. Click Permissions.

Add user
Click Add User and fill in the details.

Last updated: 2024-03-04

Cloud Application and Network Security 75

Cloud Application and Network Security

Error Responses
This topic explains how error responses are returned to clients.

Overview
Error responses are returned to website visitors in each of the following scenarios when a request is blocked:

Error type Description

Connection timeout The connection between the client and Imperva timed out.
Access denied Security rules were triggered.
Imperva could not parse the HTTP request sent by the
Unable to parse request
client.
Imperva could not parse the HTTP response sent by the
Unable to parse response
origin server.
Unable to connect to origin server Imperva could not connect to the origin server.
The request is sent by a cookieless visitor or requires an
Initial connection denied - cookie or challenge required
HTML challenge.
Imperva could not establish an SSL connection to the
Unable to establish SSL connection
origin server.
Initial connection denied - CAPTCHA required The request is blocked pending a CAPTCHA challenge.
Initial connection denied - 2FA required The request is blocked pending two-factor authentication.
The request is attempting to access the site via SSL but the
Site not configured for SSL
site is not configured for SSL in the Cloud Security Console.
The request is attempting to access the site with IPv6 but
IPv6 not enabled for the site IPv6 is not enabled for the site in the Cloud Security
Console.

For more details, see Cloud WAF Error Pages and Codes.

Response format
By default, error responses are returned in HTML format.

To return error responses in JSON or XML format, based on the Accept or Content-Type HTTP request headers:

1. On the Cloud Security Console top menu bar, click Application.

2. On the sidebar, click Websites and click a website name.

3. On the sidebar, click Origin and Network > General.

Cloud Application and Network Security 76

Cloud Application and Network Security

4. Under Additional Settings, enable the Enable content based error responses option.

When this option is enabled, responses are returned as follows:

Request header Error response

Accept header: contains xml, does not contain html

Default XML error response

Accept header: contains xml

Default XML error response
Content-type header: contains xml

Accept header: contains json, does not contain html Default JSON error response

Accept header: contains json

Default JSON error response
Content-type header: contains json

None Default HTML response

Response examples
JSON error response

{
“incidentId” : “3411854340000000422-34793753560490",
“hostName” : “test.example.com”,
“errorCode” : “20",
“description” : “The proxy failed to connect to the web server, due to TCP connection time
“timeUtc” : “2019-03-12 12:37:19 UTC”,
“clientIp” : “1.2.3.4",
“proxyId” : “1111",
“proxyIp” : “5.6.7.8"
}

XML error response

<?xml version=“1.0” encoding=“UTF-8"?>

<incident incidentId=“3411854340000000422-12172160812450”>
<hostName>test.example.com</hostName>
<errorCode>20</errorCode>
<description>“The proxy failed to connect to the web server, due to TCP connection timeout
<timeUtc>2019-03-12 12:37:25 UTC</timeUtc>
<clientIp>1.2.3.4</clientIp>
<proxyId>1111</proxyId>

Cloud Application and Network Security 77

Cloud Application and Network Security

• Website General Settings

• Custom Error Pages

Last updated: 2023-09-24

Cloud Application and Network Security 78

Windows Administrator L2 Interview Question - System Administrator
63% (48)
Windows Administrator L2 Interview Question - System Administrator
44 pages
Trellix Endpoint Security (Ens) 10 7 X Product Guide - Windows Overview of Trellix Endpoint Security (Ens) 2025-01!11!10!13!21
100% (1)
Trellix Endpoint Security (Ens) 10 7 X Product Guide - Windows Overview of Trellix Endpoint Security (Ens) 2025-01!11!10!13!21
22 pages
Barracuda Web Application Firewall Best Practices Guide PDF
No ratings yet
Barracuda Web Application Firewall Best Practices Guide PDF
14 pages
IT430 Short Notes For Final Term Exam Preparation
43% (7)
IT430 Short Notes For Final Term Exam Preparation
44 pages
Akamai Security Capabilities Whitepaper
No ratings yet
Akamai Security Capabilities Whitepaper
12 pages
Cloud Application and Network Security 5-4-2022
No ratings yet
Cloud Application and Network Security 5-4-2022
7 pages
Getting Started Guide: Websense® TRITON™ Cloud Web Security
No ratings yet
Getting Started Guide: Websense® TRITON™ Cloud Web Security
72 pages
Cloud Web Help
No ratings yet
Cloud Web Help
306 pages
Cloud Web Help
No ratings yet
Cloud Web Help
306 pages
PAN OS 6.0 Admin Guide PDF
No ratings yet
PAN OS 6.0 Admin Guide PDF
348 pages
Trellix Mcafee Mvision Standard 1 1bz 5 250 User 1yr Subscription With 1yr Business Software Support BZ Manual
No ratings yet
Trellix Mcafee Mvision Standard 1 1bz 5 250 User 1yr Subscription With 1yr Business Software Support BZ Manual
509 pages
Lecture 3 - Network Security 2 (Kerio Control and Firewall Related Terms)
No ratings yet
Lecture 3 - Network Security 2 (Kerio Control and Firewall Related Terms)
18 pages
PAN OS 6.0 Admin Guide
No ratings yet
PAN OS 6.0 Admin Guide
478 pages
Webroot SecureAnywhere User Guide - 101411
No ratings yet
Webroot SecureAnywhere User Guide - 101411
186 pages
SAP Cloud Identity Service en PDF
No ratings yet
SAP Cloud Identity Service en PDF
578 pages
PAN OS 6.0 Admin Guide
No ratings yet
PAN OS 6.0 Admin Guide
522 pages
Trellix Endpoint Security (Ens) 10 7 X Product Guide - Windows 2024-12-19-17-02-25
No ratings yet
Trellix Endpoint Security (Ens) 10 7 X Product Guide - Windows 2024-12-19-17-02-25
557 pages
Bipcp-Ug 36
No ratings yet
Bipcp-Ug 36
98 pages
WG 70 PG Product 7002514A00 En-Us
No ratings yet
WG 70 PG Product 7002514A00 En-Us
274 pages
Fortigate Fundamentals 40 Mr3
No ratings yet
Fortigate Fundamentals 40 Mr3
166 pages
PAN OS 7.0 Web Interface Ref
100% (1)
PAN OS 7.0 Web Interface Ref
500 pages
PAN OS 6.1 Admin Guide
No ratings yet
PAN OS 6.1 Admin Guide
666 pages
Junos Pulse Secure Access Service 8 0 Adminguide
No ratings yet
Junos Pulse Secure Access Service 8 0 Adminguide
1,510 pages
Mcafee Mvision Unified Cloud Edge Getting Started 5-3-2022
No ratings yet
Mcafee Mvision Unified Cloud Edge Getting Started 5-3-2022
85 pages
Pan Os 6.1
No ratings yet
Pan Os 6.1
680 pages
Sonicwall SSL-VPN 2.1 Users Guide
No ratings yet
Sonicwall SSL-VPN 2.1 Users Guide
80 pages
CDNetworks Cloud Security - Giai Phap Bao Ve Toan Dien Tren Khong Gian Mang.
No ratings yet
CDNetworks Cloud Security - Giai Phap Bao Ve Toan Dien Tren Khong Gian Mang.
37 pages
Barracuda Web App Firewall Administrator Guide PDF
No ratings yet
Barracuda Web App Firewall Administrator Guide PDF
258 pages
Junos Pulse Secure Access
No ratings yet
Junos Pulse Secure Access
1,168 pages
HP Man Na Administration 9.22 PDF
No ratings yet
HP Man Na Administration 9.22 PDF
157 pages
Config PaloAlto
100% (1)
Config PaloAlto
684 pages
SAP Cloud Identity Service-1
No ratings yet
SAP Cloud Identity Service-1
278 pages
SonicWALL Aventail 10.5.2 Getting Started Guide
No ratings yet
SonicWALL Aventail 10.5.2 Getting Started Guide
93 pages
Pan Os 61 AdminGuide
No ratings yet
Pan Os 61 AdminGuide
698 pages
Bitdefender GravityZone AdministratorsGuide 1 EnUS
No ratings yet
Bitdefender GravityZone AdministratorsGuide 1 EnUS
261 pages
Pan Os
No ratings yet
Pan Os
928 pages
VMW 10q3 White Paper Cloud Director Security PDF
No ratings yet
VMW 10q3 White Paper Cloud Director Security PDF
37 pages
Understanding Web Application Security
100% (1)
Understanding Web Application Security
12 pages
SAP Cloud Identity Service
No ratings yet
SAP Cloud Identity Service
252 pages
SAP Cloud Platform Identity Authentication Service
No ratings yet
SAP Cloud Platform Identity Authentication Service
456 pages
Https Theerplearning - Com Free-Materials - 10
No ratings yet
Https Theerplearning - Com Free-Materials - 10
122 pages
Lecture 30
No ratings yet
Lecture 30
31 pages
In 1054 SecurityGuide en
No ratings yet
In 1054 SecurityGuide en
245 pages
Pan Os
No ratings yet
Pan Os
932 pages
VWAF WebUI User Guide V3.5
No ratings yet
VWAF WebUI User Guide V3.5
685 pages
Web Application Firewall
No ratings yet
Web Application Firewall
187 pages
NS AppFirewall Guide
No ratings yet
NS AppFirewall Guide
396 pages
Data Security 7.8.x
No ratings yet
Data Security 7.8.x
575 pages
WCG Help
No ratings yet
WCG Help
525 pages
Pan Os 6.0 GSG
No ratings yet
Pan Os 6.0 GSG
108 pages
Deployment and Installation Center v7.7
No ratings yet
Deployment and Installation Center v7.7
824 pages
Official CHFI Study Guide
No ratings yet
Official CHFI Study Guide
976 pages
OpenScape Voice V7, Security Checklist, Planning Guide, Issue 2 - Addfiles
No ratings yet
OpenScape Voice V7, Security Checklist, Planning Guide, Issue 2 - Addfiles
45 pages
SSL Certificates Cloud - Application - and - Network - Security - Web - Protection - SSL - Tls - 2024-06-04
No ratings yet
SSL Certificates Cloud - Application - and - Network - Security - Web - Protection - SSL - Tls - 2024-06-04
98 pages
Cybersecurity for Executives: A Guide to Protecting Your Business
From Everand
Cybersecurity for Executives: A Guide to Protecting Your Business
Matthew C. Smith
No ratings yet
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 3
From Everand
Certified Information Systems Auditor Exam Prep And Dumps Exam Review Guide for ISACA CISA Exam PART 3
Byte Books
No ratings yet
Build Your Own VPN Server: A Step by Step Guide: Build Your Own VPN
From Everand
Build Your Own VPN Server: A Step by Step Guide: Build Your Own VPN
Lin Song
No ratings yet
AZURE AZ 500 STUDY GUIDE-2: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
From Everand
AZURE AZ 500 STUDY GUIDE-2: Microsoft Certified Associate Azure Security Engineer: Exam-AZ 500
Mamta Devi
No ratings yet
SSL VPN : Understanding, evaluating and planning secure, web-based remote access
From Everand
SSL VPN : Understanding, evaluating and planning secure, web-based remote access
Tim Speed
No ratings yet
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
From Everand
JavaScript Programming: 3 In 1 Security Design, Expressions And Web Development
Richie Miller
No ratings yet
Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server: Build Your Own VPN
From Everand
Set Up Your Own IPsec VPN, OpenVPN and WireGuard Server: Build Your Own VPN
Lin Song
5/5 (1)
Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1
From Everand
Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1
Kevin Clark
No ratings yet
PFTP Uk SB Security Awareness Training Content
No ratings yet
PFTP Uk SB Security Awareness Training Content
6 pages
Cloud Application and Network Security Create Rules 2024-11-28-14-04-30
No ratings yet
Cloud Application and Network Security Create Rules 2024-11-28-14-04-30
23 pages
Cloud Application and Network Security Rule Filter Parameters 2024-11-28-13-55-07
No ratings yet
Cloud Application and Network Security Rule Filter Parameters 2024-11-28-13-55-07
51 pages
Cloud Application and Network Security Create Rate Rules 2024-11-28-14-06-02
No ratings yet
Cloud Application and Network Security Create Rate Rules 2024-11-28-14-06-02
6 pages
Basic - Api - Security - Settings - 2024 11 28 14 09 32
No ratings yet
Basic - Api - Security - Settings - 2024 11 28 14 09 32
3 pages
BT TL 01
No ratings yet
BT TL 01
26 pages
Linux Interview Questions
100% (1)
Linux Interview Questions
52 pages
Ultimate Blueprint For Building SMTP
No ratings yet
Ultimate Blueprint For Building SMTP
42 pages
Answer Keys
No ratings yet
Answer Keys
44 pages
Networking Interview Questions and Answers
No ratings yet
Networking Interview Questions and Answers
25 pages
Difference Between IPV4 & IPV6
No ratings yet
Difference Between IPV4 & IPV6
4 pages
Haramaya University: Department of Information Systems
No ratings yet
Haramaya University: Department of Information Systems
34 pages
Adil Javed Resume
No ratings yet
Adil Javed Resume
3 pages
Avaya Wireless Telephone
No ratings yet
Avaya Wireless Telephone
31 pages
CN Practical-Swapnil Tiwari 1713310233
No ratings yet
CN Practical-Swapnil Tiwari 1713310233
63 pages
F5 Testinside 101 vv2014-11-17 by James 234q
100% (1)
F5 Testinside 101 vv2014-11-17 by James 234q
48 pages
Internet Infrastructure
No ratings yet
Internet Infrastructure
12 pages
Exp Linux Resume
No ratings yet
Exp Linux Resume
4 pages
Disa Chart Chapter 4
No ratings yet
Disa Chart Chapter 4
26 pages
Cyber Security Alison Notes
No ratings yet
Cyber Security Alison Notes
70 pages
Sy0-701 - Lesson 11
No ratings yet
Sy0-701 - Lesson 11
26 pages
Mc5303-Web-Programming-Essentials-All Units
No ratings yet
Mc5303-Web-Programming-Essentials-All Units
75 pages
TjiwKimia - TaiJi PID Quick Guide
No ratings yet
TjiwKimia - TaiJi PID Quick Guide
5 pages
Red Hat Satellite-6.13-Installing Satellite Server in A Disconnected Network Environment-En-Us
No ratings yet
Red Hat Satellite-6.13-Installing Satellite Server in A Disconnected Network Environment-En-Us
77 pages
Discovery 1: Configure Cisco Unified Communications Manager Initial Parameters
No ratings yet
Discovery 1: Configure Cisco Unified Communications Manager Initial Parameters
26 pages
Introduction To LINUX OS: Objectives
No ratings yet
Introduction To LINUX OS: Objectives
68 pages
Field Issues Avoid - Enhancements
No ratings yet
Field Issues Avoid - Enhancements
37 pages
Email Security Deployment Guide
100% (1)
Email Security Deployment Guide
17 pages
Dns & Irc: Prepared By: Zekria Muzafar
No ratings yet
Dns & Irc: Prepared By: Zekria Muzafar
35 pages
1 GCP Cheatsheet Cloud
No ratings yet
1 GCP Cheatsheet Cloud
3 pages
8110-600-052 (4.1)
No ratings yet
8110-600-052 (4.1)
14 pages
Palo Alto Basic Setup
No ratings yet
Palo Alto Basic Setup
16 pages
Linux Networking Commands New
No ratings yet
Linux Networking Commands New
18 pages
PacketFence Administration Guide-3.1.0
No ratings yet
PacketFence Administration Guide-3.1.0
93 pages