May 17, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsXSS AttackThis policy has been updated to improve protection against additional attack vectors and to reduce the false-positive rateBlockBlock
WAF & OWASP Top ThreatsShell InjectionThis policy has been improved to reduce the false-positive rateBlockBlock
WAF & OWASP Top ThreatsCommon Web Application VulnerabilitiesThis policy has been improved to reduce the false-positive rateBlockBlock

April 26, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Allow Known BotsTestomato BotTestomato bot was added to the Known Bots rulesetNAAllow

April 19, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsXSS AttackThis policy has been updated to improve protection against additional attack vectorsBlockBlock
IP ReputationTraffic From Hosting ServicesThis policy has been updated with additional hosting servicesJS ValidationJS Validation

April 12, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsObfuscated Attacks and Zero-Day MitigationThe policy’s detection of injection attempts has been improved to reduce the false-positive rateBlockBlock
IP ReputationTraffic From Hosting ServicesThis policy has been updated with additional hosting servicesJS ValidationJS Validation

April 05, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Behavioral WAFAnti-SpamThis policy has been updated to reduce false positives with the Microsoft Auto Discover Office serviceCompositeComposite
Protocol ValidationHTTP Method ValidationIntroducing a new policy to block non-standard HTTP methodsNABlock
WAF & OWASP Top ThreatsCode InjectionThe policy is now covering the Spring4shell vulnerabilityBlockBlock

March 22, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
IP ReputationTraffic Via CDNsA new policy has been added, Traffic via CDNs, that validates (JavaScript validation) traffic from IP addresses originating from CDN companiesN/AJS Validation

March 15, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Allow Known BotsImproved detection of Microsoft and Google bots and servicesAllowAllow

March 08, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsObfuscated Attacks and Zero-Day MitigationPolicy’s detection of injection attempts has been improvedBlockBlock

March 01, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsCode InjectionThis policy now covers additional XPath injection attacksBlockBlock
WAF & OWASP Top ThreatsXSS AttackThis policy now covers additional XSS tag vectorsBlockBlock

February 22, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Behavioral WAF (advanced threat protection)Probing and Forced BrowsingDetection of mechanical requests on Ajax endpoints was improvedCompositeComposite