Incapsula DDoS Mitigation


When configuring an infrastructure solution from Selectel, you can choose to protect your online applications with help from our partner Imperva Incapsula.

Incapsula is a cloud-based solution that requires no additional technical knowledge, equipment, or software, and offers a series of advantages:

  • an extensive network of Incapsula points of presence;

44 data centers around the world and an aggregate 6 Tbps of traffic bandwidth ward off powerful attacks and suppress them at their points of origin. Incapsula provides a 99.999% uptime SLA.

  • artificial intelligence;

Incapsula uses big data tools and AI to learn from its multi-million member client base. This allows the system to quickly adapt to new kinds of attacks and reacts almost instantaneously.

  • PCI DSS Certificate;

Incapsula is PCI DSS certified and ensures its client services satisfy payment card industry data security requirements without changing any online applications. Thanks to this compliance, you can receive and process bank card data on your site.

  • fine tuning to protect against targeted attacks;

From your Incapsula account, you can create custom security settings to ward off attacks targeting client service vulnerabilities.

  • six solutions in one.

Incapsula’s comprehensive solution brings together six different components that would otherwise only be available from separate vendors.

Incapsula’s WAF protects clients’ online applications from L3, L4, and L7 attacks:

  • OWASP top ten threats;
  • Application vulnerability scanning;
  • DDoS attacks from malicious bots.

Unlike other WAFs, Incapsula clients can configure their own security rules for mitigating targeted attacks.

Clean traffic is routed over BGP and sent to the user from a CDN (content delivery network) made up of 40 globally distributed data centers.

Incapsula compresses bandwidth and lowers load times thanks to its complex solutions:

  • caching for all content;
  • customizable caching rules;
  • content delivery from the nearest data center;
  • content optimized for distribution.

Load Balancer

Resources are optimally distributed using AI and Big Data for load balancing on Layer 7. There are two ways loads are balanced:

  • by performance — based on the lowest connection time to data center;
  • by geolocation.

If the main server is unavailable, traffic is forwarded to a backup.

DDoS Protection

Clients changes DNS settings to forward traffic to Incapsula’s network of high-performance servers. Once connected, all traffic, including HTTPS requests, is sent to Incapsula’s network and filtered.

By pairing intelligent behavior analysis algorithms with its network of high-performance servers, Incapsula can protect online applications from all kinds of DDoS attacks:

  • bandwidth overload;
  • Internet protocol stack attacks;
  • application level attacks.

Incapsula offers 3 options for safeguarding against DDoS attacks:

  • full infrastructure protection;
  • site protection;
  • DNS and IP protection.

Security events are monitored in real time with a less than 0.01% chance of a false positive.

Incapsula’s SLA guarantees less than 10 seconds of downtime in the event of a DDoS attack.

Bot Protection

Incapsula has an extensive database of bot analytics thanks to their huge client base.

Using advanced behavior analysis technology, visitors are classified and divided into two categories:

  • users;
  • bots.

Bots are then analyzed and labeled:

  • malicious — blocked;
  • legitimate — granted access to the web application;
  • suspicious — additional scan.

Users can create their own blacklist and whitelist by IP or bot type from their account.

The service’s integrated security rules are regularly updated to prevent vulnerabilities in CMS, eCommerce platforms, and distributed website stacks from being exploited.

Detailed reports on security events are available from your Incapsula account.

Two-Factor Authentication

Two-factor authentication does not require any software changes or integration with additional resources, and protects all web resources:

  • administrator access pages;
  • secure web applications on Internet-accessible business networks;
  • Internet portals and other online resources.

To enter the management console, you require a login, password, and access code, which can be obtained by email, SMS, or Google Authenticator. Hackers will not be able to access management resources even if they steal or change your password.

Authorizations are centrally managed from the Incapsula account.

Attack Analytics

Security events are analyzed by Incapsula’s AI and sorted in groups by threat level.

Attack Analytics collects filtered security events and provides exact, effective reports by incident groups. Web application security analytics let companies save on expanding security personnel.


All sites are billed monthly for their maximum legitimate traffic bandwidth (incoming and outgoing). Infected traffic is excluded from these calculations. The base WAF+CDN plan includes:

  • 1 site;
  • 5 simultaneous 2-factor authorizations in the management console.

In addition to the WAF+CDN plan, clients can purchase:

  • additional site protection;
  • SIEM integration;
  • load balancer;
  • DDoS protection;
  • authorization protection.

Please note that the bandwidth of additional services should match the base WAF+CDN plan bandwidth.

Filter quality will not suffer even if your plan’s bandwidth is at 95% capacity. In this case, Selectel specialists will recommend switching to a plan that matches threat levels or organize incoming traffic on the level provided under the current plan.

Please note that Incapsula service contracts are effective for one year.

Enabling the Service

Clients are offered a 14-day free trial period to find the perfect service setup for their business. Submit a request on the service page and a specialist from Selectel will contact you for a free consultation.

To enable the service, you will have to provide the following information:

  • company name;
  • contact phone number and email address;
  • IP address of site to be protected.

A message will be sent to the contact email address with instructions for logging into the Incapsula dashboard. The trial period begins as soon as traffic enters the Incapsula network. After 14 days, you can either refuse the service or pay to continue. To pay for the service:

  1. Open Network Services of the control panel.
  2. Under Anti DDoS, click Order services.
  3. Choose WAF Incapsula and click Pay.

Please note that your balance should have enough funds to pay for at least the first month of the service.

  1. Confirm your service payment in the new window.
  2. You will receive a ticket informing you that the service has been enabled. The service will then be listed under active services in the Network and Services section of the Selectel control panel.

Incapsula takes approximately 30 minutes to activate.

In extreme cases, the service can be enabled during an attack: as soon as you activate the service, traffic will be sent to Incapsula’s global network for filtering and the threat of crashes will be minimized.

Using the Service

To access your Incapsula account, please follow the instructions sent to the contact email address.

Under the Websites tab in the sideboard, choose the resource to be protected and click STATS to access the three main sections:

  • Dashboard — graphs of traffic, performance, and website security metrics;
  • Events — security event log;
  • Settings — security, website protection, performance, and website access settings.

Under Dashboard, open the Traffic subsection to view incoming, cached, and blocked traffic for a given period of time. Real-Time shows website traffic and performance in real-time.

Under Security, you can view detailed website security threat analyses, including: IP address, user agent, geoposition, and other session information.

Under Performance, you can view information for monitoring system performance (bandwidth consumption, number of queues, and content caching).

Under Events, you can access the security events log. Events are created when a security rule is activated (either Incapsula’s integrated rules or custom security settings).

Under Settings, you can configure custom security rules in the following subsections:

  • Origin Servers — assign site topology (single server, multiple servers, multiple data centers) and configure load balancing for the selected topology;
  • General — general settings, including forwarding rules, SSL certificates, DNS settings, etc.;
  • Monitoring — choose which crash scenarios alerts will be generated for;
  • IncapRules — implements custom security rules for protecting against targeted attacks;
  • Login Protect — two-factor authentication settings for any website or app;
  • Performance — improved website performance settings;
  • Security — access control, whitelists and blacklists;
  • WAF — WAF settings.

Under the Attack analytics tab on the side panel, security events are analyzed by Incapsula’s AI and sorted into groups by threat level.