January 24, 2023

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Anti-Automation & Bot ProtectionAutomated ClientsAutomation detection has been improvedCompositeComposite

January 17, 2023

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsCode InjectionThe policy now covers the Exchange Zero-Day vulnerability (CVE-2022-41040 and CVE-2022-41082)BlockBlock

January 04, 2023

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsOpen RedirectThis policy has been updated to detect and ignore false positives created by misconfigured sitesBlockBlock
Edge RulesTags Generating RulesIntroducing new reserved tags legitimate activity and malicious activityTagTag
WAF & OWASP Top ThreatsSQL InjectionThis policy has been updated to improve the detection of SQL comment sequencesBlockBlock
WAF & OWASP Top ThreatsXSS AttackThis policy has been updated to reduce false positives and now includes additional XSS filters detectionBlockBlock

December 27, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsLocal File InclusionThe policy now covers additional methods of detecting Postgress, Apache, Logs, Boot, and Xampp patternsBlockBlock
WAF & OWASP Top ThreatsSensitive Data ExposureThe policy now covers additional methods of detecting Postgress, Apache, Logs, Boot, and Xampp patternsBlockBlock
WAF & OWASP Top ThreatsCode InjectionThe policy now covers additional Download/Upload injectionsBlockBlock

December 20, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsSQL InjectionThis policy was updated to detect abusing JSON-Based SQL injectionsBlockBlock

November 14, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
IP ReputationTraffic From Hosting ServicesThis policy has been updated with additional hosting servicesJS ValidationJS Validation
WAF & OWASP Top ThreatsWeb Shell Execution AttemptThis policy now covers additional PHP, ASP.NET, and Java execution methodsBlockBlock

November 08, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsObfuscated Attacks and Zero-Day MitigationDetection of injection attempts has been improved to reduce false-positivesBlockBlock
Protocol ValidationPrevent Malformed Request MethodsThe policy has been updated to detect illegal range headersCompositeComposite
WAF & OWASP Top ThreatsCommon Web Application VulnerabilitiesThe policy has been revised to reduce false-positivesBlockBlock

November 02, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Edge RulesTag Generating RulesIntroducing Tag Generating Rules, which are meant to simplify the handling of your rules and make their integration with the heuristics system simpler by defining registered/logged-in clients and login pagesNATag

October 12, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Anti-Automation & Bot ProtectionForced Browser Validation on Traffic AnomaliesThe policy now detects heavy clients on Ajax endpointsCompositeComposite
Behavioral WAFProbing and Forced BrowsingThe policy now detects site mappers and heavy clients on Ajax endpointsCompositeComposite

October 06, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Allow Known BotsOutbrain BotOutbrain bot was added to the Known Bots rulesetNAAllow
Allow Known BotsComscore CrawlerComscore crawler was added to the Known Bots rulesetNAAllow
Protocol ValidationPrevent Malformed Request MethodsThis policy has been updated to detect restricted Accept-Encoding headerBlockComposite