Incapsula review

Incapsula is a content delivery network developed by Imperva, a successful data and application security company.

This is a premier CDN aimed at business and enterprise users, and priced accordingly. But don't let that put you off. Incapsula also includes a simple free plan for personal sites, giving you access to a little of this enterprise technology for no cost at all.

The service works as a reverse proxy, which means you must change your domain DNS settings to route all website traffic through Incapsula. That won't be right for everyone, but it makes setup relatively easy and ensures you don't have to modify your site code.

• You can sign up for Incapsula here

Once it's configured, Incapsula employs multiple methods to optimize your website performance. Content minification and on-the-fly image optimization reduces the size of source files. Static file compression crunches them down even more. Your content is then cached and served from Imperva's 38 data centres spread around the globe.

Smaller measures fine-tune operations to give you even more speed. With other CDNs, for example, the first request for an expired resource will probably result in a request to the origin. Turn on Asynchronous Validation and Incapsula serves the first request from the cache, while simultaneously updating the resource in the background. The end result is no user has to wait for an update from the origin.

Incapsula includes many security features. Even the free plan gets comment spam elimination, reputation-based security, security threat notifications, a Cloudflare-like CAPTCHA check and more.

Access control options include the ability to blacklist your choice of clients, countries, IPs and more. Imperva claims there's some intelligence behind this, as it maintains "guaranteed search engine access" (you won't accidentally block something important). That's interesting as it's not a claim that many other companies make, but we've no way to assess how true it might be.

Moving from the free plan to a commercial product adds caching of dynamic content, SSL support, a web application firewall, DDoS protection, dynamic content compression and caching, cache purging of specific items, and technical support to help with troubleshooting.

Pricing

Incapsula is available in a free plan which offers a strong set of CDN and website optimization features. There are no bandwidth limits or other major restrictions to force you to upgrade.

The free version does have some issues. In particular, there's no SSL support and no option to purge the cache of individual URLs on demand, both of which you'd get in Cloudflare's free plan. There's also no free tech support, although the company does have an excellent web knowledgebase.

Incapsula's Pro plan – $59 (£47.20) per month, regardless of bandwidth – gives you basic SSL support (not custom certificates). An enterprise-level web application firewall keeps hackers at bay, and you get an array of advanced CDN speedup optimizations. Support is available via email, but only 8 hours a day, 5 days a week.

Upgrading to the Business – $299 (£239) a month – or Enterprise products gets you DDoS protection, 24/7 support, an enterprise-grade SLA and more.

If you're not put off by the prices of the commercial products, you can take the Business and Pro plans for a spin with a free trial.

Setup

Getting started with Incapsula takes just a few seconds. Hand over your full name and email address, choose a password, hit the Create My Account button and you're in.

A straightforward console asks you for your website domain. There's no technical jargon to confuse the novice – 'origin', 'zone', 'distribution' – and if you are unsure of what to do, links to support articles and a tutorial video quickly point you in the right direction.

The website grabs and displays key site details: IP address, location, name service provider and whether there's HTTPS support, displaying the results and setting itself up automatically. Experienced users will find the report useful to confirm what's happening, but everyone else can ignore it and hit Continue.

The final page explains the DNS changes you'll need to make, including updating and adding A records to point your domain to an Incapsula IP address, and creating a CNAME record to point to a custom Incapsula subdomain. This is inevitably more technical, but again there are text and video guides to tell you more, and you're also sent an email with further advice.

Incapsula's web dashboard opens with assorted reports on your site, and these should begin to fill with data just as soon as the DNS changes have propagated (up to 24 hours, often much less). You're able to view traffic history, security incidents, CDN performance metrics (cached bandwidth and requests, accumulated saved bandwidth, average response times) and more. There's a real-time log, too, although this isn't included in the free plan.

An interesting Events page enables filtering website requests in various ways. You can easily highlight activity by vulnerability scanners, worms, comment spam bots or crawlers, as well as viewing CAPTCHA passes or fails, or attempts to access your site by blocked countries, IPs or blocked URLs.

Incapsula is configured via a thoughtfully designed settings panel. While other services force you to battle your way around complex jargon-packed dialog boxes, Incapsula goes to great lengths to make configuration as easy as possible. Section names are kept to a minimum, plain English is used wherever possible, everything is well-structured and help isn't far away.

Take the option to block countries, for instance. We've seen services that expect you to specify locations via a country code. Here, you can enter a country name in a box and see matches update as you type. You can choose a name from a flat list, browse or select countries by continent (block everything in Oceania, except this country and that), even click locations on a zoomable world map.

Core CDN settings are well organized. Clicking Performance displays several related panels. The Content Optimisation panel groups related settings together. Most options are clear and straightforward, and can be toggled on or off with a click (Minify JavaScript, Minify CSS). But there are tooltips for everything, so if you're curious what ‘on the fly’ compression actually does, you can quickly discover that it uses GZip compression to optimize HTML, CSS and JavaScript files.

The Settings page hides an unusual bonus feature in Login Protect. This enables adding two-factor authentication to your website or a specific URL without changing any part of the site. Tell Incapsula to protect mydomain.com/private/secret.html, for instance, and it intercepts any attempt to access that page. Users are then asked for their email address and sent a message with a one-time passcode, which they must enter before they can continue.

There are multiple other options and settings, including the ability to authenticate users via SMS or Google Authenticator in the commercial Incapsula plans. Login Protect isn't going to optimize your site, but if it's a feature you need, it might justify installing Incapsula all on its own.

Performance

Understanding how a CDN might perform for you is extremely difficult. The results will vary depending on the type of site, the location of visitors, the size of files and the CDN settings you use, and there's no general test which can take all of those factors into account.

One way to get a basic idea is to check out the performance information available at Cedexis. This uses a huge amount of data from real users around the world to measure the response times of various CDNs. It's just a single metric and doesn't begin to tell the whole story, but it can give a feel for how a service might perform.

We compared Incapsula with Cloudflare and Cloudfront, and the results were mostly disappointing. Incapsula was significantly slower than the other services in North America. In Europe, it was a close match for Cloudfront, but still lagged way behind Cloudflare. Incapsula returned to third place in Asia, and its Oceania performance is best forgotten (Cloudflare response time is 42ms, Incapsula hits a comparatively woeful 187ms).

These figures don't necessarily represent what you'll see on your own site, and we've no doubt that installing even the free Incapsula product will improve response times compared to not using a CDN at all. But it seems likely that you'll get better speeds elsewhere.

Final verdict

Incapsula is a likeable CDN, easy to set up and with a straightforward, well-designed web console. Performance isn't great and you have to pay a lot for some key features, but the free plan might still be worth a look.

• We’ve rounded up the best CDNs of 2018