September 27, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
IP ReputationExternal Reputation Block ListA new external reputation block list has been added to this policyHandshakeHandshake

September 20, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsXSS AttackThis policy has been updated to detect additional XSS attack vectorsBlockBlock
WAF & OWASP Top ThreatsXML External EntityThis policy has been updated to protect against additional attack vectorsBlockBlock
WAF & OWASP Top ThreatsSQL InjectionThis policy was updated to detect additional SQL injectionsBlockBlock
WAF & OWASP Top ThreatsLocal File InclusionThis policy was updated to detect additional path traversal attacksBlockBlock
WAF & OWASP Top ThreatsOpen RedirectThis policy was updated to protect against CRLF attackBlockBlock

September 13, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Behavioral WAFProbing and Forced BrowsingThis policy was updated in order to reduce false positives caused by validating site scannersCompositeComposite
Behavioral WAFAnti-SpamThis policy has been updated to reduce false positives with the Microsoft Office Auto Discover serviceCompositeComposite

August 23, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Protocol ValidationPrevent Malformed Request MethodsThis policy has been updated to detect and validate missing content-type headers with no request bodyBlockComposite
Protocol ValidationPrevent Malformed Request MethodsThis policy has been updated to detect restricted charset parameters within the content-type headerBlockComposite
WAF & OWASP Top ThreatsCode InjectionThe policy is now covering the PHPUnit vulnerabilityBlockBlock
WAF & OWASP Top ThreatsShell InjectionThe policy is now covering the PHPUnit vulnerabilityBlockBlock
IP ReputationTraffic Via CDNsThe policy now covers more CDN providersJS Validation

August 09, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsLocal File InclusionThe policy now covers additional methods of detecting Windows system patterns.BlockBlock
Allow Known BotsPinterest BotThe detection of Pinterest bots has been improved.AllowAllow

July 26, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Allow Known BotsSmart Plugin Manager BotThe Smart Plugin Manager bot has been added to the Known Bots rulesetNAAllow

July 19, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Anti-Automation & Bot ProtectionForced Browser Validation on Traffic AnomaliesThis policy has been updated to detect clients who preset invalid extensions stringCompositeComposite
Protocol ValidationPrevent Malformed Request MethodsThis policy has been updated to detect illegal empty Accept header requestsBlockBlock
Protocol ValidationPrevent Malformed Request MethodsThis policy has been updated to detect Unicode full/half-width abuseBlockBlock
Protocol ValidationPrevent Malformed Request MethodsThis policy has been updated to detect malformed URL which uses encoding to obfuscate payloads and bypass input validation in the requestBlockBlock

July 12, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsXSS AttackThis policy has been updated to improve protection against additional attack vectorsBlockBlock
Behavioral WAFProbing and Forced BrowsingThis policy has been updated to detect malicious TLS fingerprintingCompositeComposite
Anti-Automation & Bot ProtectionAutomated ClientsThis policy has been updated to detect malicious TLS fingerprintingCompositeComposite
Protocol ValidationPrevent Malformed Request MethodsIntroducing a new policy that enforces HTTP RFC requirements that state how the client must send a request methodNABlock
WAF & OWASP Top ThreatsCode InjectionThis policy now covers additional Java, PHP, Ruby, Python, Linux, and Windows injection attacksBlockBlock

July 05, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsCode InjectionThe policy is now covering more Spring4Shell vulnerabilitiesBlockBlock
WAF & OWASP Top ThreatsCode InjectionThis policy now covers additional Java, PHP, Ruby, Python, Linux, and Windows injection attacksBlockBlock

June 28, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsSQL InjectionThis policy has been updated to improve the detection of additional SQL injectionsBlockBlock
WAF & OWASP Top ThreatsServer-Side Template InjectionThis policy has been updated to improve the detection of additional server-side templates injectionsBlockBlock
WAF & OWASP Top ThreatsCode InjectionThis policy has been updated to cover additional remote command execution methodsBlockBlock