March 22, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
IP ReputationTraffic Via CDNsA new policy has been added, Traffic via CDNs, that validates (JavaScript validation) traffic from IP addresses originating from CDN companiesN/AJS Validation

March 15, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Allow Known BotsImproved detection of Microsoft and Google bots and servicesAllowAllow

March 08, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsObfuscated Attacks and Zero-Day MitigationPolicy’s detection of injection attempts has been improvedBlockBlock

March 01, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsCode InjectionThis policy now covers additional XPath injection attacksBlockBlock
WAF & OWASP Top ThreatsXSS AttackThis policy now covers additional XSS tag vectorsBlockBlock

February 22, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Behavioral WAF (advanced threat protection)Probing and Forced BrowsingDetection of mechanical requests on Ajax endpoints was improvedCompositeComposite

February 15, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
CMS ProtectionLogged-in PimCore adminsThis policy has been updated to improve Pimcore admin detectionAllowAllow

February 08, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsServer-Side Template InjectionThis is a new policy that blocks server-side template injection attemptsN/ABlock
WAF & OWASP Top ThreatsCode InjectionThe policy now covers additional Windows HTTP protocol injectionsBlockBlock
CMS ProtectionWordpress WAF RulesetThe policy now covers additional WordPress exploit query unauthenticated attemptsBlockBlock

February 01, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsCode InjectionThis policy has been updated to cover additional session fixation, PHP, and remote command execution methodsBlockBlock
WAF & OWASP Top ThreatsWeb Shell Execution AttemptThe policy now covers additional PHP execution methodsBlockBlock
WAF & OWASP Top ThreatsLocal File InclusionThe policy now covers additional PHP execution methodsBlockBlock
WAF & OWASP Top ThreatsShell InjectionThe policy now covers additional remote command execution methodsBlockBlock
Traffic SourcesTraffic Via Proxy NetworksThis policy has been updated to cover additional cloud service providersJS ValidationJS Validation
WAF & OWASP Top ThreatsProtocol AttackThis policy has been updated to improve the detection of CLRF injectionBlockBlock
WAF & OWASP Top ThreatsSQL InjectionThis policy has been updated to improve the detection of SQL comment sequencesBlockBlock

January 25, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
Allow Known BotsLivedoor Japan botLivedoor bot detection has been improvedAllowAllow

January 18, 2022

RulesetPolicyDescription of UpdatePrevious ActionNew Action
WAF & OWASP Top ThreatsXSS AttackHTML injection attack vectors were added to this policyBlockBlock
WAF & OWASP Top ThreatsCode InjectionPolicy's detection of command injection attacks was improvedBlockBlock
WAF & OWASP Top ThreatsWeb Shell Execution AttemptThe policy now covers additional PHP execution methodsBlockBlock
Behavioral WAF (advanced threat protection)Obfuscated Attacks and Zero-Day MitigationImproved the detection of injection attempts for this policyBlockBlock