Be sure to join our Discord for a free trial key, questions and support.
Incapsula, now known as Imperva, is a robust Web Application Firewall (WAF) designed to safeguard websites against various attacks, including DDoS. It employs advanced security measures to block traffic that does not resemble human behavior.
Incapsula's firewall functions as a mediator between the client and the server. When a user attempts to access a website protected by Incapsula, the WAF intercepts the request, scrutinizes it, and then sends a new request to the source server to fetch the content.
Websites protected by Incapsula often require specific cookies to allow navigation. Incapsula primarily works with two types of cookies: the ___utmvc cookie and the Reese84 cookie. Depending on the website, you may need to have a valid Reese84 cookie, a valid ___utmvc cookie, or both.
This cookie is generated using a valid, encrypted payload. Some websites require this cookie for navigation. Our API provides an endpoint to generate a valid Reese84 cookie, either by generating just the payload or directly creating the cookie.
This cookie checks for soe browser information. Some websites use this cookie for navigation.
Incapsula recently introduced removed the old WAF for reese84's websites (that right now gets a direct block), with a new different type. This one is based on the GeeTest captcha. It present only on some websites that uses the ___utmvc cookie, for example the SmythsToys website.
Differently from the other challenge, is going to be required only the GeeTest captcha token. And will set you some incap_sh_xxx cookies.
Most of the tickets websites are using Incapsula to protect their website. Here are some examples of websites using Incapsula and the cookies/challenge they require:
| Website | reese84 | ___utmvc | waf |
|---|---|---|---|
| ticketmaster.com (and other US domains) | ✅ | ||
| ticketmaster.co.uk (and other EU domains) | ✅ | ||
| tickets.rolandgarros.com | ✅ | ||
| smythstoys.com | ✅ | ✅ | ✅ |
| eticketing.co.uk | ✅ |
Our API is designed to facilitate smooth and effortless navigation through Incapsula-protected websites. We offer several endpoints to help you generate the necessary cookies and solve any challenges you might encounter. Whether you're dealing with the reese84 challenge, the ___utmvc challenge, both or their WAFs, our API has you covered.
Check out our documentation to learn more about our Incapsula API.
- Is suggested to always use a TLS client
- Generate the payloads/cookies from our APIs by passing the same
User-AgentandSec-Ch-Uaheaders you are using in your session, for a smooth and always good cookie!
Here are some examples of how to use our API to generate the necessary cookies and solve the challenges:
- reese84 generation
- ___utmvc generation
- WAF (we solve GeeTest with our APIs)
- Ticketmaster SG Login Provided an example login flow for Ticketmaster SG with reese84 solving and the new implemented AWS Cognito
Get also a free API key to start using our API.