Partner Plugin: This plugin is developed, tested, and maintained by Imperva
The Imperva API Security plugin connects Kong Gateway with the Imperva
API Security service, providing continuous discovery and monitoring of APIs
exposed by the API gateway. This enables security teams to protect business
applications and data against unauthorized access.
The plugin operates with a very low CPU and memory footprint, avoiding any
negative impact on the inline performance of the gateway or your applications.
The Imperva API Security plugin captures API calls with request/response payloads
and sends them to the Imperva API Security service for inspection. API calls are
copied and streamed through Kong Gateway. You provide the API Security
receiver service endpoint though the plugin’s configuration, so the API data is
kept under the control of the application owner.
How it works
The plugin sends a copy of API call requests/responses to the Imperva API receiver. The receiver service destination address and port are specified as config parameters. Additional parameters are used to control how the API captures are sent.
How to install
If you are using Kong’s Kubernetes ingress controller, the installation is slightly different. Review the docs for the Kong Ingress Controller.
.rock file is a self-contained package that can be installed locally or from a remote server.
If the LuaRocks utility is installed in your system (this is likely the case if you used one of the official installation packages), you can install the
rock in your LuaRocks tree, that is, the directory in which LuaRocks installs Lua modules.
Install the Imperva Plugin
luarocks install imp-appsec-connector
Update your loaded plugins list
imp-appsec-connector to the
plugins field. Make sure the field is not commented out.
plugins = bundled,imp-appsec-connector # Comma-separated list of plugins this node
# should load. By default, only plugins
# bundled in official distributions are
# loaded via the `bundled` keyword.
After LuaRocks is installed, restart Kong before enabling the plugin: