October 11, 2020 Release

In this release:

• CDN: Configure weighted load balancing
• Attack Analytics insight renamed
• Migration to the new GlobalSign Atlas platform
• Statistics temporarily unavailable for accounts using Policy Management
• Heads Up: Attack Analytics API change

New Features

None.

Enhancements

CDN: Configure weighted load balancing

Assign weights to your data centers and origin servers to gain more precise control over the distribution of load between them.

You can define a load balancing ratio to distribute load across your data centers, as well as a ratio for servers within a data center.

What changed: Adds the option to define a predefined load balancing ratio in addition to the existing performance and geo-targeting load balancing methods.

Where it’s located:

• In the Cloud Security Console Website Settings > Origin Servers page. For details, see Load Balancing Settings.
• Via the API. For details, see Performance Settings API Definition.

For more details, see Weighted Load Balancing.

Attack Analytics insight renamed

The Whitelist vulnerabilities insight was renamed Allowlist vulnerabilities.

For more details on Attack Analytics insights, see Actionable Insights.

Migration to the new GlobalSign Atlas platform

For improved security and performance, we are now moving to the new GlobalSign Atlas Platform for ordering and maintaining new SSL certificates. This platform is replacing the GlobalSign CloudSSL service that was used until now.

To support this change, we are migrating all of our existing GlobalSign CloudSSL certificates to the new platform starting today, October 11, 2020. Cloud SSL will be gradually phased out and is expected to be decommissioned by November 22, 2020.

Impact:

Note: This change is only applicable to Imperva-generated SSL certificates.

While most customers can expect a seamless and transparent process, there are a few use cases where your attention and action are required.

• Revalidation: During the migration, all SAN’s will be migrated to the new SSL certificates. In most cases, Imperva will revalidate the SANs automatically. In the event that automatic revalidation is not possible, you will receive a revalidation email from Imperva. We ask that you promptly complete the process to revalidate ownership of your domain. You will receive an additional mail confirming that validation completed successfully.

  Note that if the validation is not completed by November 22, 2020 , the pending Imperva SSL certificate will expire.

• Certificate pinning: Websites using SSL certificate pinning with Imperva-generated certificates may experience a service disruption when the certificate is migrated.

  To prevent that from happening, we advise you to remove any certificate pinning linked to any Imperva-generated certificates.

  You may continue to use certificate pinning by uploading and pinning custom certificates instead. For details, see Upload a Custom Certificate for Your Website on Imperva.

• GlobalSign root certificate: Client applications that are using the GlobalSign root certificate in their trust store will need to update the trust store with the Atlas root certificate after migration.

Additional information about Atlas:

• https://www.globalsign-media.com/en/datasheet/atlas/
• https://www.globalsign.com/en/blog/atlas-blogged

For follow-up questions or specific configuration issues, contact Imperva Support at https://www.imperva.com/login.

Statistics temporarily unavailable for accounts using Policy Management

In accounts that have already migrated to Policy Management, the following website statistics are not currently available:

• Visitors from blacklisted IPs
• Visitors from blacklisted Countries
• Visitors from blacklisted URLs

What changed: If you are using the new Policies feature, the values of blocked IPs, requests, and sessions are not counted at the site level, and are therefore hidden in the UI, and removed from the API. We are currently working on providing these statistics within the framework of Policy Management.

Where it’s located: In accounts that have migrated to Policy Management, these statistics were removed from the following locations:

• Cloud Security Console: In the Website Dashboard > Security page, under Threats.

  

• Weekly Report: These statistics are also currently unavailable in the weekly report that is sent to accounts that have subscribed to receive it using the option in Account Settings.
• API: These statistics are not provided by the Get Statistics API for a site (/api/stats/v1).

Heads Up: Attack Analytics API change

On October 25, 2020, the following change will be made in the Attack Analytics API:

The insight type MALICIOUS_IP_IN_WHITELIST_INSIGHT will be changed to MALICIOUS_IP_IN_ALLOWLIST_INSIGHT.

Details:

The GET /v1/insights API returns details of actionable insights that were detected for your account. The API response includes the insight type, which currently includes the value MALICIOUS_IP_IN_WHITELIST_INSIGHT as one possible value. This value will be changed to MALICIOUS_IP_IN_ALLOWLIST_INSIGHT.

For more details on insights, see Actionable Insights.

For more details on the Attack Analytics API, see Attack Analytics API Definition.

Fixes

None.

Known Issues

None.

 

Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.