Use the Imperva rules proprietary scripting language to implement your own security, delivery, and access control rules on top of Imperva's existing security and application delivery logic.

Overview

Custom rules can be manually coded or generated using a dedicated GUI that helps you get acquainted with the rule generation process.

Web application owners and security engineers can use the rules to improve the security and performance of their websites and applications. For example, rules can be created to:

  • Prevent bots from accessing a site’s registration form
  • Restrict access to a specific part of an application based on IP address
  • Limit the rate of requests to a website
  • Manipulate traffic routes and redirects
  • Control a request's URL structure, headers and cookies

Filters, triggers, and actions

The rule syntax was designed for simplicity. It relies on a few dozen descriptively-named parameters and a set of logical operators. These elements are combined to form a trigger that leads to one of the pre-defined actions. To illustrate just how intuitive this language is, here's an example of a rule that restricts public access to your application’s admin:

In this case, the trigger is a combination of two filters - one to mark the restricted URL and another to prevent access from all external IPs. Overall, the rules enable you to create policies based on:

  • HTTP request methods (Post or Get)
  • Header values
  • URL parameters
  • Client types (e.g., browser, search engine, feed fetched, etc.)
  • IPs and Geo-locations
  • Access rates on a request or session level
  • Cookie and JavaScript support
  • Pool of over 900 predefined client signatures (e.g., GoogleAds, CroneTask, WordPress bots, etc.)

The resulting actions may also vary, with options ranging from “Silent Alert”, to initiation of additional challenges (e.g., CAPTCHA, JS, etc), to absolute blocking of a visitor or even null-routing of all traffic from a specific IP address.

Rule type Available rule actions
Security and access control rules
  • Alert
  • Block Request
  • Block Session
  • Block IP
  • Require Cookie Support
  • Require Javascript Support
  • Require CAPTCHA Support
Application delivery rules
  • Redirect URL
  • Rewrite (URL, Header, Cookie)
  • Forward

All in all, with its vast number of possible combinations, the rules allow for limitless possibilities, giving you the flexibility you need to deal with any possible security scenario.

Rule sequence

There is a fixed order in which the rule actions are run. Your traffic will trigger rules according to the following sequence:

Simplified Redirect > Redirect > Rates > Security > Rewrite/Remove Request > Forward > Rewrite/Remove Response > Override WAF Setting.

You can control run order within an action type to define an explicit rule-based policy. For details, see Manage Rules.

Rule management and revisions

Rules are managed at the site level for every protected web domain. In addition to creating, editing, and deleting rules, the rules management interface enables revision management. Imperva maintains a list of revisions for every rule, enabling administrators to review an audit trail of all rule changes and easily revert to a previous rule revision, as needed.

Monitor rule activity

Similar to other Imperva security features, you can also monitor rule activity in a website's Dashboard and Events pages.

Read More