The beauty of the Incapsula service is in its simplicity. While the system running in its background is quite robust, you will need only about five minutes to set it up and no training at all for running and managing the service.
When enabling the Incapsula service for a domain, you will have to change some DNS settings (three records overall: a CNAME record and two A ones) to the IP addresses provided by Incapsula. Depending on your domain registrar the transfer could take up to a day - I had our test domain migrated in just over twenty minutes. During the DNS changes, your web site will be completely up and running. As soon as the changes are propagated, you will be able to manage your domain.
The dashboard is accessible via your favorite browser and the web application looks polished and well-constructed. Every usable option is just a click or two away. Since Incapsula is an intermediary service between your domain name and the web server, the administrator will just need to specify the "forwarding" IP address, and the dashboard will start showing reports within the next ten minutes.
The bot access control module gives extensive control over bots and search engines that are accessing the web site. While legitimate crawlers are usually controlled via a robots.txt file, I witnessed several instances where "rogue bots" would enter into a loop and deplete the siteís memory resources. This usually happens with large web-based forums and this type of proactive defense of system resources is a worthy addition. Also, as some of these bots try to disguise themselves through spoofed IPs and fake user-agents, the service uses a number of identification techniques, searching for clues in the HTTP Headers and in the behavior patterns of the bot.
Web application firewall
Incapsula's web application firewall provides protection against four type of attacks: SQL injection, cross-site scripting, illegal resource access and distributed denial of service.
The intrusion detection and prevention system for typical web-based attacks is fully customizable. The administrator can setup different actions for every type of attack: some can just raise an alert; others can be blocked based on the request, user or the IP address. The illegal resource access module is used for detecting attempts such as directory traversal, command injection and file name guessing.
Each of these modules provides whitelisting possibilities. The whitelist rules can be customized based on IPs and URLs, as well as on user information such as geographical location and browser. More complex whitelisting rules are easy to set up by combining some of the listed parameters.
Given the seemingly never-ending instances of DDoS attacks that make it into the news, a module that detects and stops them is a must for this type of a service.
Incapsula's DDoS protection is available through the Enterprise plan. It features protection against all types of DDoS attacks, including network-based attacks such as SYN or UDP floods, and application attacks.
Reporting is another powerful function of Incapsula's service. While the reports weren't always in real time (they sometimes came in with a delay of a couple of minutes, but the report creation timestamp is always presented on the top of the page) they provide valuable information on the current threats and attacks.
When an alarm is raised, the administrator has the opportunity to investigate the attempt or whitelist it if he judges it to be benign. The investigation screen provides all the collected information about the attempted "hack" and the client that is attempting it. The administrator can then easily block it based on the evidence he is presented with.
When a user's IP address is blocked, he won't be able to access the site - instead of the content he wanted to access he will be greeted with an "access denied" splash page.
Another helpful option provided in the Incapsula service is an acceleration module that uses caching for optimizing visitor access to your web site. It's also good to know that enabling Incapsula will generally make your site load even faster because of its content delivery network (CDN) and the integration of several network acceleration technologies.
Overall, Incapsula is a great service that provides web site protection for a fraction of the cost that would be spent on a typical software or hardware solution for fighting these types of online battles. Itís easy to incorporate into the production environment and can be up and working within mere minutes.
There are four Incapsula plans - Free, Personal ($9 per month), Business ($59 per month) and Enterprise (custom pricing). Read more about it here.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.