Imperva WAF (Web Application Firewall) helps protect against sensitive data theft and essential transactions. Imperva empowers businesses with a comprehensive suite of products, including Web Application Firewall (WAF), Data and File Security, DDoS Protection, Cloud Security, and API Security to protect their digital assets, ensure data integrity, and maintain compliance. Traceable integrates with Imperva's WAF to block IP addresses and threat actors.
Traceable's integration with Imperva supports the following three types of rules:
IP range rules
Threat actor rules
Custom signature rules
The following is a high-level integration diagram:
Make a note of the following regarding threat actor and IP range blocking:
Threat actor—Any status change of a threat actor on the Traceable Platform is propagated to Imperva. For example, if Traceable detects a threat actor and changes it to a deny state, then the requests from this threat actor can be blocked using Imperva. Moreover, if you make any changes, such as adding a threat actor to the allowlist or resolving the status, then such changes are reflected in Imperva in a few minutes.
IP-range blocking — If you configure any custom rules to enforce blocking or allow action is also enforced through Imperva.
Traceable recommends reviewing the allow list conditions before creating IP-range rules. For more information, see IP address allowlist.
Before you begin
Make a note of the following before proceeding with the integration steps:
To integrate Imperva with Traceable, ensure you have an API ID and API Key from Imperva. For more information, see Imperva documentation.
Make sure you have the Imperva Account ID. The Website(s) that you would choose for integration are tied to the Account ID.
The policies configured in Traceable apply to all the websites present in the configured Imperva account.
The policies set by Traceable would have their name as
Traceable:<UUID>
.
Custom Signature Rules for Imperva Integration
The Custom Signature rule type in the Imperva integration enables the creation of application-specific blocking rules based on request attributes. These rules are defined per website within Imperva, and each rule specifies a filter condition and an action.
Supported Rule Attributes and Operators
Traceable’s Imperva integration supports a subset of rule attributes and operators based on Imperva’s API capabilities. The following combinations are supported when creating custom signature rules through Traceable:
Attribute | Description | Supported Operators | Notes |
---|---|---|---|
URL | Matches request path (excluding query string) |
| For |
Request Header Name | Matches specific header names |
| |
Request Header Value | Matches specific header values |
| |
ParamExists | Checks for existence of query parameters or POST fields |
| Example: |
ParamValue | Matches specific key-value pairs in query or POST data |
| Example: |
AnyParamValue | Matches any value in query or POST data |
| Example: |
Method | Matches HTTP methods (e.g., GET, POST) |
| |
Host | Matches the Host header in the request |
| |
User-Agent | Matches the User-Agent header |
| |
Cookie Name | Matches cookie names |
| |
Cookie Value | Matches specific cookie key-value pairs |
| Example: |
Note:
Only the above combinations of attributes and operators are supported via the Traceable UI. Additional Imperva fields, such as request body parameters, are not currently supported.
Additional Behavior and Constraints
Action Type: All custom signature rules created via Traceable enforce a
BLOCK
action in Imperva.Rule Name: Must be alphanumeric. Traceable automatically sanitizes rule names to meet Imperva requirements.
Website Association: As part of the integration setup in Traceable, you will select the target website where custom signature rules will be applied.
For detailed syntax rules and parameter guidelines, see Imperva Rule Parameter Documentation.
Configuration
To integrate Traceable with Cloudflare, navigate to the Integrations page. Complete the following steps:
Click on WAF.
Click on Configure on the Imperva tile.
Provide the Integration Name and Description for the integration.
From the Environments drop-down, select the Environment for which you would like to configure the integration. You can choose one or more Environments.
Add the API ID and API Key that you fetched from Imperva.
Enter the Account ID. This is a mandatory field.
Note
The Website drop-down (in the next step) is populated only when the right Account ID is provided.
Choose the Websites for which you wish to configure the integration and click the Save button.
Verify in Imperva
Log in to your Imperva account, navigate to the WAF menu, and click on WAF Policies. The policy set by Traceable will be displayed in Imperva.