Challenge Endpoints - Origin Test Server

How It Works

Each endpoint below has a URL pattern that you match with an Imperva security rule. For example, create a rule: URL contains "captcha" → Action: Require CAPTCHA Support. When you visit the endpoint through the proxy, Imperva serves its challenge page instead of forwarding to the origin.

Available Challenge Endpoints

GET /captcha CAPTCHA Challenge

Rule action: Require CAPTCHA Support · Error pages: captcha_resp, captcha_v2_resp, captcha_v2_2_resp, captcha_gee_resp, captcha_gee_v2_resp

GET /jschallenge JS Challenge

Rule action: Require JavaScript Support · Error pages: authenticate_resp, authenticate_v2_resp, authenticate_gee_resp

GET /botdetect Bot Detection

Rule action: Bot Detection · Error pages: distil_identify_resp, distil_identify_v2_resp

GET /pow Proof of Work

Rule action: Proof of Work · Error pages: proof_of_work

GET /waitingroom Waiting Room

Rule action: Waiting Room · Error pages: waiting_room_resp

GET /2fa Two-Factor Auth

Rule action: Require 2FA · Error pages: authenticate with 2FA

GET /blockme WAF Block

Rule action: Block · Error pages: security_resp

Imperva Rule Setup

# For each endpoint, create an Imperva Incap Rule:
# Rule Filter: URL contains "captcha"
# Rule Action: Require CAPTCHA Support

# Rule Filter: URL contains "jschallenge"
# Rule Action: Require JavaScript Support

# Rule Filter: URL contains "botdetect"
# Rule Action: Bot Detection

# Rule Filter: URL contains "pow"
# Rule Action: Proof of Work

# Rule Filter: URL contains "waitingroom"
# Rule Action: Waiting Room

# Rule Filter: URL contains "2fa"
# Rule Action: Require 2FA

# Rule Filter: URL contains "blockme"
# Rule Action: Block