September 27, 2022
Posted by ReadMe API 3 days ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| IP Reputation | External Reputation Block List | A new external reputation block list has been added to this policy | Handshake | Handshake |
September 20, 2022
Posted by ReadMe API 11 days ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | XSS Attack | This policy has been updated to detect additional XSS attack vectors | Block | Block |
| WAF & OWASP Top Threats | XML External Entity | This policy has been updated to protect against additional attack vectors | Block | Block |
| WAF & OWASP Top Threats | SQL Injection | This policy was updated to detect additional SQL injections | Block | Block |
| WAF & OWASP Top Threats | Local File Inclusion | This policy was updated to detect additional path traversal attacks | Block | Block |
| WAF & OWASP Top Threats | Open Redirect | This policy was updated to protect against CRLF attack | Block | Block |
September 13, 2022
Posted by ReadMe API 18 days ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Behavioral WAF | Probing and Forced Browsing | This policy was updated in order to reduce false positives caused by validating site scanners | Composite | Composite |
| Behavioral WAF | Anti-Spam | This policy has been updated to reduce false positives with the Microsoft Office Auto Discover service | Composite | Composite |
August 23, 2022
Posted by ReadMe API about 1 month ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect and validate missing content-type headers with no request body | Block | Composite |
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect restricted charset parameters within the content-type header | Block | Composite |
| WAF & OWASP Top Threats | Code Injection | The policy is now covering the PHPUnit vulnerability | Block | Block |
| WAF & OWASP Top Threats | Shell Injection | The policy is now covering the PHPUnit vulnerability | Block | Block |
| IP Reputation | Traffic Via CDNs | The policy now covers more CDN providers | JS Validation |
August 09, 2022
Posted by ReadMe API about 2 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Local File Inclusion | The policy now covers additional methods of detecting Windows system patterns. | Block | Block |
| Allow Known Bots | Pinterest Bot | The detection of Pinterest bots has been improved. | Allow | Allow |
July 26, 2022
Posted by ReadMe API 2 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Allow Known Bots | Smart Plugin Manager Bot | The Smart Plugin Manager bot has been added to the Known Bots ruleset | NA | Allow |
July 19, 2022
Posted by ReadMe API 2 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Anti-Automation & Bot Protection | Forced Browser Validation on Traffic Anomalies | This policy has been updated to detect clients who preset invalid extensions string | Composite | Composite |
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect illegal empty Accept header requests | Block | Block |
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect Unicode full/half-width abuse | Block | Block |
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect malformed URL which uses encoding to obfuscate payloads and bypass input validation in the request | Block | Block |
July 12, 2022
Posted by ReadMe API 3 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | XSS Attack | This policy has been updated to improve protection against additional attack vectors | Block | Block |
| Behavioral WAF | Probing and Forced Browsing | This policy has been updated to detect malicious TLS fingerprinting | Composite | Composite |
| Anti-Automation & Bot Protection | Automated Clients | This policy has been updated to detect malicious TLS fingerprinting | Composite | Composite |
| Protocol Validation | Prevent Malformed Request Methods | Introducing a new policy that enforces HTTP RFC requirements that state how the client must send a request method | NA | Block |
| WAF & OWASP Top Threats | Code Injection | This policy now covers additional Java, PHP, Ruby, Python, Linux, and Windows injection attacks | Block | Block |
July 05, 2022
Posted by ReadMe API 3 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Code Injection | The policy is now covering more Spring4Shell vulnerabilities | Block | Block |
| WAF & OWASP Top Threats | Code Injection | This policy now covers additional Java, PHP, Ruby, Python, Linux, and Windows injection attacks | Block | Block |
June 28, 2022
Posted by ReadMe API 3 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | SQL Injection | This policy has been updated to improve the detection of additional SQL injections | Block | Block |
| WAF & OWASP Top Threats | Server-Side Template Injection | This policy has been updated to improve the detection of additional server-side templates injections | Block | Block |
| WAF & OWASP Top Threats | Code Injection | This policy has been updated to cover additional remote command execution methods | Block | Block |
