July 04, 2023
Posted by ReadMe API 3 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | SQL Injection | This policy has been updated to improve the detection of benchmark, sleep, Postgres pg_sleep, and wait-for-delay injections | Block | Block |
| WAF & OWASP Top Threats | XML External Entity | This policy has been updated to contain additional attack vectors | Block | Block |
| Allow Known Bots | Google Service bot | This policy allows general Google Service bots requests | N/A | Allow |
June 27, 2023
Posted by ReadMe API 3 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Protocol Attack | This policy has been updated to better detect CRLF injections | Block | Block |
| WAF & OWASP Top Threats | XSS Attack | his policy has been updated to improve the detection of HTML injection attacks | Block | Block |
June 20, 2023
Posted by ReadMe API 3 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| NEW! Advanced API Protection | Non-Baselined API Requests | Enable a positive security policy that blocks requests to an API that is not part of the API baseline - more information can be found here. | N/A | Block |
| NEW! Advanced API Protection | API-Level Authorization | Block API calls to endpoints tagged as 'admin' or 'privileged' from being accessed by users who are NOT authorized - more information can be found here. | N/A | Block |
| NEW! Advanced API Protection | Sensitive Data Exposure | Block API responses that contain PII data. This check can be disabled for certain API endpoints by tagging them appropriately - more information can be found here. | N/A | Block |
| NEW! Advanced API Protection | Invalid API Traffic | Block API requests and responses that do not conform to a JSON structure. | N/A | Block |
| NEW! Advanced API Protection | Auth Token Protection | Prevent multiple authentication attempts and block access for users with multiple invalid token attempts - more information can be found here. | N/A | Block |
| Protocol Validation | Unknown User-Agent | This policy was updated to validate requests that present unknown User-Agent headers. | JS Validation | JS Validation |
| Protocol Validation | Prevent Malformed Request Methods | This policy was updated to block requests with missing or empty User-Agent headers. | N/A | Block |
June 13, 2023
Posted by ReadMe API 4 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Edge Rules | Tag Generating Rules | Introducing the 'Paid' Magic Tag, a new magic tag that has similar functionality to 'Registered' and 'Logged In' tags - more information can be found here. | NA | Tag |
June 06, 2023
Posted by ReadMe API 4 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| Allow Known Bots | Google Inspection Tool | Google Inspection Tool was added to the Known Bots ruleset. | N/A | Allow |
| Allow Known Bots | Google Store Bot | Google Store Bot was added to the Known Bots ruleset. | N/A | Allow |
May 16, 2023
Posted by ReadMe API 5 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Shellshock Attack | This policy has been improved to reduce the false-positive rate | Block | Block |
May 09, 2023
Posted by ReadMe API 5 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | Code Injection | The policy has been improved to reduce false positives | Block | Block |
| WAF & OWASP Top Threats | XSS Attack | The policy has been improved to reduce false positives | Block | Block |
April 24, 2023
Posted by ReadMe API 5 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| CMS Protection | Whitelist WordPress Admin | This policy was updated to improve the detection of logged-in WordPress admins | Allow | Allow |
April 04, 2023
Posted by ReadMe API 6 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| WAF & OWASP Top Threats | SQL Injection | This policy has been updated to improve the detection of conditional SQL injection attempts | Block | Block |
| Allow Known Bots | This policy's detection of the following bots has been improved: Workato, New Relic, Ahrefs, and more | Allow | Allow |
March 21, 2023
Posted by ReadMe API 6 months ago
| Ruleset | Policy | Description of Update | Previous Action | New Action |
|---|---|---|---|---|
| CMS Protection | Whitelist WordPress Admin | This policy was updated to improve the detection of logged-in WordPress admins | Allow | Allow |
| WAF & OWASP Top Threats | Code Injection | This policy has been updated to reduce false positives | Block | Block |
| WAF & OWASP Top Threats | XSS Attack | This policy has been updated to detect additional XSS filters | Block | Block |
