The Imperva API Security plugin connects Kong Gateway with the Imperva API Security service, providing continuous discovery and monitoring of APIs exposed by the API gateway. This enables security teams to protect business applications and data against unauthorized access.
The plugin operates with a very low CPU and memory footprint, avoiding any negative impact on the inline performance of the gateway or your applications.
The Imperva API Security plugin captures API calls with request/response payloads and sends them to the Imperva API Security service for inspection. API calls are copied and streamed through Kong Gateway. You provide the API Security receiver service endpoint though the plugin’s configuration, so the API data is kept under the control of the application owner.
How it works
The plugin sends a copy of API call requests/responses to the Imperva API receiver. The receiver service destination address and port are specified as config parameters. Additional parameters are used to control how the API captures are sent.
How to install
If you are using Kong’s Kubernetes Ingress Controller, the installation is slightly different. Review the docs for Kubernetes Ingress.
.rock file is a self-contained package that can be installed locally or from a remote server.
If the LuaRocks utility is installed in your system (this is likely the case if you used one of the official installation packages), you can install the
rock in your LuaRocks tree, that is, the directory in which LuaRocks installs Lua modules.
Install the Imperva Plugin
luarocks install imp-appsec-connector
Update your loaded plugins list
imp-appsec-connector to the
plugins field. Make sure the field is not commented out.
plugins = bundled,imp-appsec-connector # Comma-separated list of plugins this node # should load. By default, only plugins # bundled in official distributions are # loaded via the `bundled` keyword.
After LuaRocks is installed, restart Kong before enabling the plugin: