November 14, 2022
Posted by ReadMe API 5 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| IP Reputation | Traffic From Hosting Services | This policy has been updated with additional hosting services | JS Validation | JS Validation |
| WAF & OWASP Top Threats | Web Shell Execution Attempt | This policy now covers additional PHP, ASP.NET, and Java execution methods | Block | Block |
November 08, 2022
Posted by ReadMe API 5 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Obfuscated Attacks and Zero-Day Mitigation | Detection of injection attempts has been improved to reduce false-positives | Block | Block |
| Protocol Validation | Prevent Malformed Request Methods | The policy has been updated to detect illegal range headers | Composite | Composite |
| WAF & OWASP Top Threats | Common Web Application Vulnerabilities | The policy has been revised to reduce false-positives | Block | Block |
November 02, 2022
Posted by ReadMe API 5 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Edge Rules | Tag Generating Rules | Introducing Tag Generating Rules, which are meant to simplify the handling of your rules and make their integration with the heuristics system simpler by defining registered/logged-in clients and login pages | NA | Tag |
October 12, 2022
Posted by ReadMe API 6 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Anti-Automation & Bot Protection | Forced Browser Validation on Traffic Anomalies | The policy now detects heavy clients on Ajax endpoints | Composite | Composite |
| Behavioral WAF | Probing and Forced Browsing | The policy now detects site mappers and heavy clients on Ajax endpoints | Composite | Composite |
October 06, 2022
Posted by ReadMe API 6 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Allow Known Bots | Outbrain Bot | Outbrain bot was added to the Known Bots ruleset | NA | Allow |
| Allow Known Bots | Comscore Crawler | Comscore crawler was added to the Known Bots ruleset | NA | Allow |
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect restricted Accept-Encoding header | Block | Composite |
September 27, 2022
Posted by ReadMe API 6 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| IP Reputation | External Reputation Block List | A new external reputation block list has been added to this policy | Handshake | Handshake |
September 20, 2022
Posted by ReadMe API 6 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | XSS Attack | This policy has been updated to detect additional XSS attack vectors | Block | Block |
| WAF & OWASP Top Threats | XML External Entity | This policy has been updated to protect against additional attack vectors | Block | Block |
| WAF & OWASP Top Threats | SQL Injection | This policy was updated to detect additional SQL injections | Block | Block |
| WAF & OWASP Top Threats | Local File Inclusion | This policy was updated to detect additional path traversal attacks | Block | Block |
| WAF & OWASP Top Threats | Open Redirect | This policy was updated to protect against CRLF attack | Block | Block |
September 13, 2022
Posted by ReadMe API 7 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Behavioral WAF | Probing and Forced Browsing | This policy was updated in order to reduce false positives caused by validating site scanners | Composite | Composite |
| Behavioral WAF | Anti-Spam | This policy has been updated to reduce false positives with the Microsoft Office Auto Discover service | Composite | Composite |
August 23, 2022
Posted by ReadMe API 7 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect and validate missing content-type headers with no request body | Block | Composite |
| Protocol Validation | Prevent Malformed Request Methods | This policy has been updated to detect restricted charset parameters within the content-type header | Block | Composite |
| WAF & OWASP Top Threats | Code Injection | The policy is now covering the PHPUnit vulnerability | Block | Block |
| WAF & OWASP Top Threats | Shell Injection | The policy is now covering the PHPUnit vulnerability | Block | Block |
| IP Reputation | Traffic Via CDNs | The policy now covers more CDN providers | JS Validation |
August 09, 2022
Posted by ReadMe API 8 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Local File Inclusion | The policy now covers additional methods of detecting Windows system patterns. | Block | Block |
| Allow Known Bots | Pinterest Bot | The detection of Pinterest bots has been improved. | Allow | Allow |
