The StackPath Developer Portal

WAF & OWASP Top Threats

Code Injection

The detection of reverse shell attacks was improved.

Block

Block

Traffic Sources

Traffic Via Proxy Networks

This policy has been update to cover additional cloud service providers.

JS Validation

JS Validation

Allow Known Bots

Spatineo, Stackify, W3C

The following bots and services were added to the Known Bots ruleset: Spatineo, Stackify, W3C.

NA

Allow

Allow Known Bots

JetPack Bot

This policy has been updated to improve the detection of Photon image tool.

Allow

Allow

Allow Known Bots

The following bots and services were added to the Known Bots ruleset: Workato, GhostInspector, Freshping Monitoring, BinaryCanary, Adestra bot, Acquia Uptime, Spring Bot, parse.ly scraper, Landau Media Spider, Geckoboard, Audisto Bot, FeedWind, FeedPress, Feeder.co, Shareaholic Bot, Adjust Servers, Kyoto Tohoku Crawler.

NA

Allow

Behavioral WAF

Brute-Force Protection

This policy has been improved to better detect login forms.

Captcha

Captcha

WAP & OWASP Top Threats

XSS Attack

This policy has been updated to improve XSS protection against additional attack vectors.

Block

Block

IP Reputation

External Reputation Block List

This policy has been renamed to External Reputation Block List.

Handshake

Handshake

Behavioral WAF (advanced threat protection)

Spam Protection

This policy has been updated to improve the mitigation of spam clients and to improve the detection of spam bots.

Handshake

Handshake or Captcha

Allow Known Bots

Semrush Bot

This policy has been updated to improve the detection of Semrush bots.

Allow

Allow

WAP & OWASP Top Threats

Protocol Attack

This policy has been updated to Improve the detection of CLRF injection.

Block

Block

WAP & OWASP Top Threats

SQL Injection

This policy has been updated to improve the detection of SQL injection.

Block

Block

WAP & OWASP Top Threats

Personal Identifiable Information

This policy has been updated to improve the detection of personal identifiable information leakage.

Block

Block

Traffic Sources

Traffic From Hosting Services

This policy has been updated with additional hosting services.

JS Validation

JS Validation

CMS Protection

Whitelist WordPress admin logged-in users

This policy has been updated to improve false positive rates and to improve the user experience for logged-in admins.

Allow

Allow

WAP & OWASP Top Threats

SQL Injection

This policy has been updated to handle additional SQL injection cases.

Block

Block

WAP & OWASP Top Threats

Open Redirect

This policy has been updated to improve false negative rates.

Block

Block

Behavioral WAF (advanced threat protection)

Block Probing and Forced Browsing

This policy has been updated to detect additional vulnerability scanning tools.

JS Validation

JS Validation

Anti-Automation & Bot Protection

Anti Scraping

This policy has been updated to improve the detection of highly sophisticated content scrapers.

Captcha

Captcha

CMS Protection

Whitelist WordPress admin logged-in users

This policy has been updated to improve false negative rates.

Allow

Allow

Behavioral WAF (advanced threat protection)

Obfuscated Attacks and Zero-Day Mitigation

This policy has been updated to perform "Block" actions.

Captcha

Block

Anti-Automation & Bot Protection

Force Browser Validation on traffic anomalies

This policy has been updated to mitigate additional cases of anomalies in cookies.

Captcha

Captcha