Incapsula application delivery rules, now available as a new feature of our Load Balancer enables enterprises to improve their levels of application performance and availability. Application delivery rules can be used to modify request or response headers, route traffic to different origins or URLs, or decide whether the response should be returned directly from the cache.
To give you a complete view of the benefits of these capabilities, we’ve compared them against NGINX, a popular open source application delivery controller.
If you’re using Incapsula, we’ve put together common uses cases and show how you can implement them. You can also read our step-by-step guide on how to configure application delivery rules for your account.
Advantages of Incapsula Application Delivery Approach
Here’s how Incapsula and NGINX stack up:
- Minimal latency – Our survey of online shoppers showed that 62 percent of e-commerce site visitors will wait for up to five seconds (or less) for a page to load before leaving the site. Leveraging our global CDN, Incapsula runs application delivery rules at the network edge, close to the user. For example, if your data center is in New York and the end user resides in Japan, the rules will be applied in the Incapsula data center in Tokyo which may be up to 10ms away from the end users.
In contrast, since NGINX doesn’t offer a CDN, it needs to process requests and even perform caching in the data center where the origin server resides which may be 170ms away. This results in a longer round-trip time (x17 in our example) and may impair the user experience.
- Global Server Load Balancing – Large organizations distribute their application traffic across multiple data centers and clouds to optimize performance and maximize availability. Incapsula Load Balancer supports both performance-based and geo-targeting based global server load balancing (GSLB) and is indifferent to how many locations, data centers and clouds you maintain. Incapsula routes traffic based on Layer 7 attributes, such as URL patterns (like all image resources end with .jpg), HTTP headers (like Accept-Language) and client classification attributes (such as Client Type), enabling immediate rerouting as conditions change.
NGINX offers an effective solution for local server load balancing, however it does not have a solution for multiple data centers. If you’ve got more than one data center, you’ll need a separate third party service for monitoring and routing traffic at the data center level. These types of solutions are typically DNS-based and are not capable of analyzing request attributes such as HTTP headers or client classification attributes.
- Behavioral analysis – Application delivery rules can also be defined based on end user behavior. Both NGINX and Incapsula measure request rates in real time when making routing decisions.
Incapsula offers default rate thresholds for various parameters. For example, if the rate of POST requests to a URL from a specific IP address over a 1-minute period exceeds a pre-defined threshold, the requests are blocked or redirected to a temporary page.
In contrast, rate limiting in NGINX requires the editing of complex configuration files.
- Disaster recovery and failover – Incapsula provides cross-data center and in-data center failover. Health monitoring and performance checks detect outages through hundreds of geodistributed samples every minute and immediately reroute traffic to an available server. In disaster recovery scenarios, as soon as Incapsula detects that the primary site has gone down, it automatically kick-starts the standby data center. Similar to GSLB, Incapsula immediately implements routing changes using its own global network of reverse proxies, rather than relying on DNS-based routing.
NGINX does not support failover across different locations or data centers.
- Bot manipulation – Developed to detect and block malicious bots used for DDoS attacks, scraping and vulnerability scanning, our proprietary traffic inspection and client classification technology is also used to build sophisticated application delivery rules. Our security expertise and experience in bot detection allows us to distinguish between humans, good bots and bad bots, and act accordingly.
For example, you own an e-commerce site and your competitor is scraping your prices and using that information to undercut you on price comparison websites. Incapsula helps you identify the scraper and use application delivery rules to redirect it to a special site or server with fake prices.
- Search engine optimization – In addition to improved page load times, using cleverly-crafted URLs will also help increase your SEO rankings. A site’s URL structure should be straightforward and meaningful. This means avoiding dynamic and relative URLs, as well URLs that contain your keywords rather than numbers and punctuation marks that are useful for querying a database but have little meaning for your end users.Both NGINX and Incapsula use application delivery rules to rewrite URLs so that the customer facing URL is always SEO-friendly.
- Easy and centralized rule management – Incapsula application delivery rules were developed based on the same concept as the IncapRules engine used to create custom security rules. Accordingly, an intuitive rule builder allows non-technical users to define and generate application delivery rules in a centralized manner for all origin servers. All rules (both security and application delivery) use the same syntax and are maintained in one central repository.
With NGINX, rule management is not centralized across a deployment and each load balancer needs to be configured separately. The lack of a UI also means that creating rules requires coding and technical knowledge of the specific rule syntax.
- Change management and version control – Incapsula maintains rule versions and revisions with a rollback capability to support change management processes. Administrators can review an audit trail of all rule changes and easily revert to a previous rule revision, as needed.
NGINX does not support this capability, which means that customers need to implement external change management and source control tools.
- Consolidated reporting – Similar to the security features provided by Incapsula, application delivery rules are monitored through the centralized management dashboard. Summary and detailed reports are available for all actions and events (security and application delivery) across all your application servers. The dashboard displays statistics on the most used rules, giving you better visibility into your application traffic.
NGINX recently announced a beta release for a new tool that includes metrics and dashboards. Unlike Incapsula, this tool requires installation of an agent on each NGINX server.
- Redundancy and scalability – With 30 data centers located in strategic locations around the globe, redundancy and scalability are built into the cloud-based Incapsula service. You never have to worry about upgrading your hardware or software or other deployment issues, regardless of the number of application delivery rules you have.
NGINX is built to work with very large websites. Redundancy requires the planning and deployment of multiple NGINX instances in a high-availability topology.
Want to learn more about our application delivery rules? Send us your questions in the comments box.
Keep your finger on the pulse
Sign up for updates from Imperva, our affiliated entities and industry news.
Keep your finger on the pulse
Sign up for Imperva updates and industry news and never miss a beat.