Incapsula: CDN, Security and Monitoring for Your Site
Incapsula is one of those companies whose product is useful but also hard to explain.
The short version is that your site traffic goes through Incapsula’s own servers, where it is highly optimized.
Here’s the longer version: You make a simple DNS settings change on your site. Your site traffic is then routed through Incapsula’s global network of high-powered servers. Incoming traffic is analyzed and a security layer is added to block a wide-range of threats. Outgoing traffic is optimized for faster load times.
Here’s a graphical explanation of what Incapsula does:
Features and Plans
Incapsula promises to enhance these areas:
- Web Security
- Web Application Firewall
- PCI Compliance
- DDoS Protection
- CDN & Optimizer
- Analytics and Monitoring
In terms of pricing, Incapsula have a comparison table so you can see what’s available on each level. The service comes in four levels from free to an enterprise level that needs to be quoted to get a price.
- If you have an SSL secured site, you’ll need at least the Personal level.
- If you want the security features you’ll need the Business level.
- If you want Denial of Service protection, you’ll need the Enterprise level.
Set up and Synchronization
Immediately on sign up, they give you the directions on how to activate your site. The directions are easy. I did run into a few complications however, but tech support resolved them in a matter of minutes. For example, I could no longer access htttp://mysite.com/cpanel. Incapsula tech support answered my ticket in just a few minutes with clear and concise directions and I was able to get it all resolved quickly.
Web Security
After just one day of operation, I can see that 5 security events occurred. The threats were effectively blocked before they ever touched the server.
When I clicked View Events for the Illegal Resource Access I get very specific information, plus the ability to take further action, as you can see in the screen shot below.
From here I can block or whitelist the IP, see the country of origin and see what script they were trying to access. This is a great feature by itself. There are other ways to get this information and to create the blocks, but this is probably the most convenient method I have seen. Clicking the More link opens an accordion window with more details. An experienced web master will have a lot of information and will know what to do with this. An inexperienced person can still get good results by taking the obvious and intuitive actions.
Another good feature is the Bot Access control for both security and to save you bandwidth. I have some WordPress sites that get pounded by comment spam and phony sign ups. The bots were blocked instantly when I started running the sites through Incapsula.
It’s way more effective than the two anti-spam and anti-splogging plugins I have installed on the WordPress sites. And I like the fact that it automatically adds CAPTCHA to bot requests.
While I was taking this screen shot, two more attempts were blocked. So I feel pretty good about the real time protection and overall security of the site.
PCI Compliance
PCI compliance is a big issue for e-commerce sites. Incapsula allows you to generate a report with a single click and instantly see compliance issues. It also keeps a log of the changes you made to comply. To fix these issues all I had to do was go to the Settings page and click the checkboxes that changed the settings and I was done.
Analytics and traffic
Graphs and charts are kept simple and easy to read. In the Daily visits chart above you can see the bot visits in yellow and the real people visits in green. I found all their charts and graphs to be easy to interpret.
Mousing over the links pops up some analysis and provides even more links. You can also see that between screenshots my visits went up from 200 to 209, and it accurately reflects the percentage of human traffic vs. bots. Very handy information for marketing and security. (And as i mentioned earlier, you can see that two more threats were blocked between screenshots. Check the security tab.)
Additional charts are easy to read and give you the most important items. You aren’t overburdened with statistics you don’t really care about with this. It makes quick analysis much more convenient.
Additional settings and features
Two really great features are the Acceleration Mode and Domain Redirection.
Acceleration mode set to Advanced uses the Incapsula servers for caching. My test site has no optimization for speed and is heavy with Java scripts because of all the things I load on to it. I was able to actually see a speed increase when I visited the pages. The difference was immediately apparent and very dramatic – eye-blink fast.
Domain Redirection seems minor, but is actually very important for SEO. Usually you have to make modifications to your htaccess file to redirect from the “naked” URL (the one without the www) to the full URL (with the www). Checking the box takes the worry out of that completely and you just never have to think about it.
Conclusions
At first I was wondering why you would need this since most of these functions can be handled in other ways or are already handled by hosting companies. After I tried it though, I can see that within minutes I had a high class appliance installed and working with virtually no effort on my part.
I opened a business account, and several free accounts and tested everything I could get to. Bottom line is that Incapsula does exactly what it says it does. It’s simple to use, very intuitive and reasonably priced. The business version would be the one I would get if I had an ecommerce site with moderate to heavy traffic.
I only had a couple of simple questions for support tickets, but each was answered within minutes. Overall, I had a very positive experience with Incapsula.
Would this take the place of Joomla extensions such as jchoptimize,admin tools, etc.? Does it work well with Joomla at all?
Hi Daoud,
I only tried this with Joomla and WordPress sites. Results were the same.
I didn’t try it with those two extensions. There is some overlap in what they do, but there are things like the PCI compliance you can’t get in the extensions.
Hi Daoud,
My name is Igal and I`m a community manager at Incapsula.
Our service works with all Content Management Systems. This, of course, includes Joomla.
Also, inside Incpasula you will find our “application awareness” feature that will automatically recognize common CMSs (i.e. Joomla, Drupal or WP) and turn on specific security policies, optimized for each CMS.
How does this compare to CloudFlare? Can parts of a site, like the Joomla backend, bypass Incapsula’s servers? If not, there will be problems with extensions if not Joomla itself.
We used Cloudflare some time ago, and we had a lot of complaints of visitors receiving captcha messages. The reason is that most of IPs of the main ISP here are blacklisted in some degree.
This problem didn´t appear with Incapsula, and for us it was a great improvement.