July 12, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsXSS AttackThis policy has been updated to improve protection against additional attack vectorsBlockBlock
Behavioral WAFProbing and Forced BrowsingThis policy has been updated to detect malicious TLS fingerprintingCompositeComposite
Anti-Automation & Bot ProtectionAutomated ClientsThis policy has been updated to detect malicious TLS fingerprintingCompositeComposite
Protocol ValidationPrevent Malformed Request MethodsIntroducing a new policy that enforces HTTP RFC requirements that state how the client must send a request methodNABlock
WAF & OWASP Top ThreatsCode InjectionThis policy now covers additional Java, PHP, Ruby, Python, Linux, and Windows injection attacksBlockBlock