July 12, 2022

Ruleset

Policy

Description of Update

Previous Action

New Action

WAF & OWASP Top Threats

XSS Attack

This policy has been updated to improve protection against additional attack vectors

Block

Block

Behavioral WAF

Probing and Forced Browsing

This policy has been updated to detect malicious TLS fingerprinting

Composite

Composite

Anti-Automation & Bot Protection

Automated Clients

This policy has been updated to detect malicious TLS fingerprinting

Composite

Composite

Protocol Validation

Prevent Malformed Request Methods

Introducing a new policy that enforces HTTP RFC requirements that state how the client must send a request method

NA

Block

WAF & OWASP Top Threats

Code Injection

This policy now covers additional Java, PHP, Ruby, Python, Linux, and Windows injection attacks

Block

Block