Onboarding FAQ

Answers to some common questions about getting started with Imperva Cloud Application Security.

What happens after I add my domain to Imperva?

Once you have completed the DNS instructions that were provided as part of the “Add Site” wizard, visitors to your website will be gradually routed through the Imperva network. This process can take anywhere from 5 minutes to 24 hours according to your DNS entries' TTL (Time to Live).

Visitors routed through Imperva will receive an enhanced user experience as pages will load faster when served by our CDN.

Will Imperva add latency to my web site?

Imperva does not add any latency to your site. In fact, Imperva makes your site load faster and consumes less computing and bandwidth resources.

How long does it take to add a domain on Imperva?

Adding your domain to Imperva can take as little as 5 minutes. If your website supports SSL, the onboarding process might take a bit longer, but typically not more than a few hours to complete the entire process.

Will I experience any downtime during or after joining Imperva?

Absolutely not! You will not lose a single visit.

Do I need to add each one of my domains to Imperva?

Yes. Each domain needs to be added to Imperva separately and has its own dashboard and configuration.

Does Imperva support websites hosted in cloud providers such as AWS or Azure?

Yes. In some cases the origin server address will be defined on Imperva as a CNAME rather than an IP.

Can I use Imperva if I am using Cloudflare’s DNS?

Yes. Here's how to add your domain to Imperva while managing your DNS on Cloudflare:

  1. Log in to your Cloudflare account and navigate to the DNS management screens.
  2. Disable the Cloudflare HTTP service for the domain. (Typically an orange Cloudflare logo indicates that you are using Cloudflare’s HTTP services.)
  3. Add your domain to Imperva.
  4. Use the DNS instructions provided by the Imperva Add Site wizard to configure your DNS entries on Cloudflare.

I already have a CDN. Can I use Imperva just for the security service?

Yes. You can add Imperva in front of or behind another CDN. Read more about this setup here: Onboarding and Keeping Your Own CDN.

What if my website has more than one IP address?

The Imperva service includes a Layer 7 load balancer capable of supporting multiple IPs and multiple data centers.

Why do I need two A records?

Each A record maps a domain name to a different IP address. Having more than one A record enables redundancy, which ensures continuity of service if one of the servers goes down.

Will I need to change my hosting provider / registrar / name server in order to use Imperva?

No. The only thing you need to change is the setting of your domain DNS record, which needs to point to Imperva.

How does Imperva define a website and a domain?

Website: A destination on the Internet and the SSL certificate, if used, for that destination. A destination is either a public IP address or a CNAME.

Domain: Enables multiple websites or applications to resolve to a single destination. As long as these websites have the same destination and SSL certificate (where applicable), they can be combined and routed together through the system using just one website license. If multiple websites resolve to the same IP address, or CNAME, but have different SSL certificates, they must be configured on the system separately and require individual licenses in order to avoid SSL mismatch errors.

Using a single website license and configuring multiple websites together in the Imperva system results in all sites being combined together into a single unit. These sites are reported and managed (security and acceleration policies) as a single unit. If you require granular reporting or separate site management for some or all sites, it is important to configure those sites individually in the Imperva Cloud Security Console.

Does Imperva support WebSocket?

Yes. Imperva supports WebSocket communication by default.

WebSocket requests must be in accordance with RFC 6455 (http://tools.ietf.org/html/rfc6455 ) and in the following standard format:

Client request: 
GET /chat HTTP/1.1 
Host: server.example.com 
Upgrade: websocket 
Connection: Upgrade 
Sec-WebSocket-Key: x3JJHMbDL1EzLkh9GBhXDw== 
Sec-WebSocket-Protocol: chat, superchat 
Sec-WebSocket-Version: 13 
Origin: http://example.com 
Server response: 
HTTP/1.1 101 Switching Protocols 
Upgrade: websocket 
Connection: Upgrade 
Sec-WebSocket-Accept: HSmrc0sMlYUkAGmm5OPpG2HaGWk= 
Sec-WebSocket-Protocol: chat

Is Google AMP supported?

Yes. Imperva supports AMP pages natively, which means no injections will be made into AMP pages.

In order for an HTML page to be identified as an AMP page it must start with “<html amp” or “<html ⚡”. Pages starting with “<html anyothertext ⚡” will not be identified as AMP pages.

Where can I find Imperva's SLA?

You can download a copy of the SLA in pdf format from the Cloud Security Console's subscription page (Management > Subscription).