Imperva integration

Prev Next

Imperva WAF (Web Application Firewall) helps protect against sensitive data theft and essential transactions. Imperva empowers businesses with a comprehensive suite of products, including Web Application Firewall (WAF), Data and File Security, DDoS Protection, Cloud Security, and API Security to protect their digital assets, ensure data integrity, and maintain compliance. Traceable integrates with Imperva's WAF to block IP addresses and threat actors.

Traceable's integration with Imperva supports the following three types of rules:

  • IP range rules

  • Threat actor rules

  • Custom signature rules

The following is a high-level integration diagram:

Make a note of the following regarding threat actor and IP range blocking:

  • Threat actor—Any status change of a threat actor on the Traceable Platform is propagated to Imperva. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using Imperva. Moreover, if you make any changes, such as adding a threat actor to the allowlist or resolving the status, then such changes are reflected in Imperva in a few minutes.

  • IP-range blocking — If you configure any custom rules to enforce blocking or allow action is also enforced through Imperva.

Traceable recommends reviewing the allow list conditions before creating IP-range rules. For more information, see IP address allowlist.


Before you begin

Make a note of the following before proceeding with the integration steps:

  • To integrate Imperva with Traceable, ensure you have an API ID and API Key from Imperva. For more information, see Imperva documentation.

  • Make sure you have the Imperva Account ID. The Website(s) that you would choose for integration are tied to the Account ID.

  • The policies configured in Traceable apply to all the websites present in the configured Imperva account.

  • The policies set by Traceable would have their name as Traceable:<UUID>.

Custom Signature Rules for Imperva Integration

The Custom Signature rule type in the Imperva integration enables the creation of application-specific blocking rules based on request attributes. These rules are defined per website within Imperva, and each rule specifies a filter condition and an action.

Supported Rule Attributes and Operators

Traceable’s Imperva integration supports a subset of rule attributes and operators based on Imperva’s API capabilities. The following combinations are supported when creating custom signature rules through Traceable:

Attribute

Description

Supported Operators

Notes

URL

Matches request path (excluding query string)

==, !=, contains, not contains

For == and !=, must start with /

Request Header Name

Matches specific header names

==, !=, contains, not contains

Request Header Value

Matches specific header values

==, !=, contains, not contains

ParamExists

Checks for existence of query parameters or POST fields

==, !=

Example: ParamExists != "test"

ParamValue

Matches specific key-value pairs in query or POST data

==, !=

Example: ParamValue == {"Admin";"true"}

AnyParamValue

Matches any value in query or POST data

==, !=

Example: AnyParamValue == "debug"

Method

Matches HTTP methods (e.g., GET, POST)

==, !=

Host

Matches the Host header in the request

==, !=

User-Agent

Matches the User-Agent header

==, !=

Cookie Name

Matches cookie names

==, !=

Cookie Value

Matches specific cookie key-value pairs

==, !=

Example: CookieValue == {"SessionID";"abc"}

Note:

Only the above combinations of attributes and operators are supported via the Traceable UI. Additional Imperva fields, such as request body parameters, are not currently supported.

Additional Behavior and Constraints
  • Action Type: All custom signature rules created via Traceable enforce a BLOCK action in Imperva.

  • Rule Name: Must be alphanumeric. Traceable automatically sanitizes rule names to meet Imperva requirements.

  • Website Association: As part of the integration setup in Traceable, you will select the target website where custom signature rules will be applied.

For detailed syntax rules and parameter guidelines, see Imperva Rule Parameter Documentation.


Configuration

To integrate Traceable with Cloudflare, navigate to the Integrations page. Complete the following steps:

  1. Click on WAF.

  2. Click on Configure on the Imperva tile.

  3. Provide the Integration Name and Description for the integration.

  4. From the Environments drop-down, select the Environment for which you would like to configure the integration. You can choose one or more Environments.

  5. Add the API ID and API Key that you fetched from Imperva.

  6. Enter the Account ID. This is a mandatory field.

    Note

    The Website drop-down (in the next step) is populated only when the right Account ID is provided.

  7. Choose the Websites for which you wish to configure the integration and click the Save button.

Verify in Imperva

Log in to your Imperva account, navigate to the WAF menu, and click on WAF Policies. The policy set by Traceable will be displayed in Imperva.