Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Contact Us
  • Login
  • Home
  • Articles

DDoS Mitigation Strategy Using Imperva Web Protection

Learn how to effectively protect your website from DDoS attacks with Imperva's Web Protection solution.

Written by I. Solomon

Updated at February 10th, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • White Papers
  • Articles
  • DDoS Attack Vectors
+ More

Overview: This article provides a comprehensive strategy for mitigating Distributed Denial of Service (DDoS) attacks using Imperva Web Protection (formerly Incapsula). The outlined approach aims to enhance web application security through structured configuration and proactive measures.

Key Components of the DDoS Mitigation Strategy:

  1. Mapping Web Endpoints:
    • Objective: Identify and categorize web endpoints to determine protection requirements.
    • Categories:
      • Static Content (e.g., images, documents)
      • APIs (Application Programming Interfaces)
      • Dynamic Content (with/without user authentication)
      • Large Downloadable Files
      • Search Pages
      • Login Pages
    • Tools: Utilize Swagger files and Imperva’s conversion features to streamline the mapping process.
  2. Building a Cache Strategy:
    • Objective: Leverage Content Distribution Network (CDN) topology to distribute load and mitigate DDoS attacks.
    • Caching Modes:
      • No Caching
      • Custom Caching (based on rules)
      • Standard Caching (header-based)
      • Smart Caching (automatic determination)
      • Cache All (full system caching)
    • Recommendations: Maximize caching where feasible, considering compliance issues related to Personally Identifiable Information (PII).
  3. Choosing Applicable Challenges:
    • Objective: Implement web challenges to filter out non-human traffic and mitigate attacks.
    • Types of Challenges:
      • Cookie Support
      • JavaScript Support
      • Human Interaction (CAPTCHA)
    • Implementation: Conduct a challenge lab to test compatibility with client applications.
    • Best Practices: Prefer JavaScript challenges; apply cookie-based challenges for compatible API clients.
  4. Fine-Tuning Rate-Limits:
    • Objective: Set thresholds for request rates to prevent abuse while avoiding false positives.
    • Configuration:
      • Define rules for different endpoint categories (e.g., dynamic content, APIs, large files).
      • Implement global and specific rate-limit rules based on asset capacity and traffic analysis.
      • Use report-only mode initially to monitor effects and adjust thresholds accordingly.

Conclusion: Implementing a robust DDoS mitigation strategy with Imperva Web Protection requires a coordinated effort across development and security teams. By following the outlined steps and continuously refining configurations, organizations can significantly enhance their resilience against DDoS attacks.

cyber protection defense strategy

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • AWS DDoS Mitigation Best Practices
  • AWS Shield Advanced DDoS Visibility with CloudWatch
  • Avoiding False Positives With Cloudflare Bots-Based WAF Rules
  • Basic Rate Limit Configuration for DDoS Protection
  • Akamai Site Shield
[email protected]

Services

  • DDoS Testing
  • DDoS 360
  • Technology Hardening
  • DDOS Training
  • Incident Response

Resources

  • Resource Library
  • DDoS Resiliency Score (DRS)
  • DDoS Glossary
  • DDoS Day Conferences

Company

  • About Us
  • Careers
  • Contact
Red Button Inc. All rights reserved
  • Privacy policy
  • Site Terms
Expand