This nodejs tool will provide the user with a simple way to see the current security configuration of the websites protected by our Cloud WAF (Incapsula). It provides a centralized view of all the account website security configuration and also checks whether the sites origin servers are not restricted to receive traffic only from Incapsula as described here. The tool uses the Incapsula API to get the relevant site information and http/https calls to check the origin servers accessibility. The output is an html file and (if configured) csv files. For more infomation please refer to this blog. The tool can be used with it's default settings or if needed, user may change the behavior by changing the values in the settings file as described in the configuration section of this page.
- Install nodejs
- Download the project files from the github repository and save them locally in a directory of your choice (aka project directory).
- In the project directory open a command prompt and run 'npm install'
- In setting.js set the following:
- accountId (mandatory)- your account ID
- apiId (mandatory)- your API ID which you can generate as described in the API Key Management page
- apiKey (mandatory) - Your API_KEY which you can generate as described in the API Key Management page
- checkOriginServers (default true)- true if you want to check origin server access, running of the tool will take longer, depending on number of origin servers; false if you don't
- getSubAccountsInfo (default true)- true if you want to get sub account names, running of the tool will take longer, depending on number of origin servers; false if you don't
- showFullDetails (default false) - true - provides a table per website with detailed information
- title (default name of account) - the title of the web page
- fileName (default name of account) - the filename
- filePath (default project directory)- Where the files will be saved. Directory must be created prior to running the tool
- addTimestamp (default false) - true if you want to have the timestamp attached to the filenames. Without this each time the tool is run the output files will be overridden
- saveCsv (default true) - true if you want a csv file as well as an html file
- originServerFileNamePrefix (default 'Origin-servers') - String used as prefix for origin server csv file
- originServerProtectedCode When origin servers are checked, if one of these codes is returned, it implies that the origin server was NOT reached - it is protected
- protectionDisplay - Use these settings to control the display of whether a setting is considered protected or not.
- printDebugInfo - (default false) - true to print debug info during execution
- numConcurrentConnections - (default 15) - Number of concurrent open API sessions
- defaultProtectionDisplayPolicy - This is used if specific action was not set in protectionDisplay
- originServerConnectionTimeout - (default 10000 miliseconds) Timeout for connection request to origin-server. Note that if the number is too low it may cause timeout before server actually responds which implies server is protected
- In the project directory run command: 'node spv'
- Output files can be found in the configured filePath
- nodejs
- packages
- aysnc
- node-datetime
- request
- request-promise
- You can create your own branch and add features, fix bugs. If you have to merge your changes into the master branch, please reach out to me via mail doron.tzur@imperva.com.
- You can also reach out to me with suggestions which I might implement.
Please open a Git Issue and include as much information as possible. If possible, provide sample code that illustrates the problem you're seeing. If you're seeing a bug only on a specific repository, please provide a link to it if possible.
Please do not open a Git Issue for help, leave it only for bug reports.