Once you on-board your websites, please follow these steps in order to complete the on-boarding process:
In order to make sure that Incapsula will monitor all the traffic which is routed to your sites, you will have to restrict direct access on your origin servers and whitelist the Incapsula IP ranges only.
An updated list of Incapsula IP ranges and additional information can be found in this article.
In case you own custom certificate you may upload it by approaching:
Site Settings -----> General -----> configure (which is located under custom certificate).
Custom certificate will provide SSL support only for browsers with SNI support.
As part of the activation process, Incapsula requires that an SSL website add its domain to an existing Incapsula certificate. This certificate will be presented to any visitor trying to access your website, indicating that the connection is secure.
If you have uploaded your own custom certificate, the Incapsula generated certificate will be presented to browsers which don't support SNI while the custom certificate will be presented to browsers with SNI support.
Additional information regarding uploading custom certificate can be found in this article.
Incapsula offers generated certificates which are issued by GlobalSign.
In order to issue the Incapsula generated certificate you may approach the "General" tab and press "Configure" which is located under the Incapsula generated certificate.
You have to validate that you are the site's owner by setting one of these methods:
GlobalSign - DCV TXT record, META tag or E-mail address which is registered in the WhoIs.
DCV TXT record and E-mail validation methods are available to configure on your own. In case you prefer another method, please contact Incapsula support.
In order to accelerate your site's performance, we highly recommend you to set the caching mode: "Static + Dynamic" (for paid plans only).
Static + Dynamic caching mode is using proprietary learning algorithms in order to monitor freshness and maximize the CDN Capabilities for your sites.
Additional information regarding "Static + Dynamic" caching mode can be found in this article.
WAF's action settings are configured as "Alert Only" by default.
In order to protect your site it is recommended to change the action of each threat as you see fit (Block Request is recommended).
For customer with DDoS protection plan, these are the optional actions:
Off - All DDoS mitigation rules will be disabled.
Automatic (Recommended) - DDoS mitigation will be triggered once the configured Request/second threshold is exceeded.
In order to modify the DDoS threshold and change the challenges which are presented to unknown clients, you may approach Advanced Settings which is located under DDoS.
On - All DDoS mitigation rules will be enabled no matter what the Requests/second rate is.
Please note that this option is only recommended to sites which experience DDoS attacks very frequently.
The recommended DDoS settings are:
1. Action - Automatic. The DDoS threshold has to be set according to your average traffic in order to trigger the DDoS protection properly.
Additional information regarding setting up the DDoS mitigation can be found in this article.
Make the necessary DNS changes as requested per site.
These DNS changes are mandatory in order to make your site fully configured and apply the CDN capabilities according to the geo-loaction of the visitor.
In order to receive real-time notification regarding WAF and DDoS attack please approach
Site Settings >> Notifications and check the requested notifications.
In order to manage the e-mail address which will receive these real-time notification please approach
Account Settings >> E-mail for Notifications.
In case you wish to add more than 1 e-mail address, the e-mails should be separated by " ; " (semicolon) string.
For example: firstname.lastname@example.org;email@example.com
If this field remains empty, the real-time notifications will be sent to all the users under your account.
- Enterprise customers may add users and modify their permissions. Additional information can be found in this article.
- Login Protect enables Incapsula clients to set up an additional layer of authentication for any URL with no overhead, no special equipment, and no learning curve.Additional information can be found in this article.
You may view the current status of the Management Console and our Data centers in our StatusPage.
Enterprise customers may subscribe in order to receive real-time notifications regarding our management console and our infrastructure by following this link.