- 16 Sep 2024
- Print
- DarkLight
What's New
- Updated on 16 Sep 2024
- Print
- DarkLight
Version 3.5.3
Released 2024-09-16
Response provider enforcer (for Credential Intelligence, GraphQL) includes HTTP response status code on page_requested and block activities
Version 3.5.2
Released 2024-09-05
User request's Authorization header no longer overriding the header that is being sent on risk api
Upgrading tests version
Version 3.5.1
Released 2024-08-13
Fixed an issue with parsing cookie values
Version 3.5.0
Released 2024-07-08
Added all request headers to activities instead of only specific ones
Added support for the sensitive headers feature
Version 3.4.0
Released 2024-06-18
Modified
px_enrich_custom_parameters
to be async and acceptpxContext
as a second parameter, allowing for enriching the custom parameters using async/awaitFixed issue of inaccurate content-length with non-UTF-8 characters
Added custom function to cookie parser to handle broken URI decoded cookies
Version 3.3.3
Released 2023-11-12
Fixed cookies and custom cookie invalid chars exception bug
Version 3.3.2
Released 2023-10-18
captcha.js src route for first party
headers format in async activities
Version 3.3.1
Released 2023-08-09
Fixed risk additional info type
Version 3.3.0
Released 2023-08-08
New block page support (NOTE: changed c.js file in net-storage, by that, it needs to be updated in upgrade)
PXHD domain support
Risk/Async activities alignment
Version 3.2.1
wrong reporting of
simulated_block
when current path is part ofenforced_routes
Version 3.2.0
Released 2023-03-09
Custom cookie header is processed in addition to (not instead of) default cookie header
Custom cookie header default value has been set to x-px-cookies
Version 3.1.0
Released 2023-02-01
Added support for filtering requests by HTTP method
Added support for CORS functionalities and configurations, including enabling default CORS headers for block requests and custom generation of CORS headers for block requests.
Fixed the Credential Intelligence custom login successful function, which now returns
null
rather thanfalse
in case of error.
Version 3.0.0
Released 2022-12-21
Added JSON files for Property Manager rules and variables for use in CDN Deploy Tool
Support for reporting GraphQL operations, including:
Support for enabling and disabling GraphQL processing
Support for custom configurable GraphQL routes
Support for sensitive GraphQL operations based on operation name and type
Support for handling multiple GraphQL operations in a single HTTP request
Support for custom Credential Intelligence extraction function (
px_custom_extract_credentials
)Support for user identifiers (CTS and JWT via either cookie or header) as part of Account Defender
Property Manager rule changes to support triggering of ResponseProvider event in GraphQL and CI cases separately
Version 2.0.0
Released 2022-10-03
Enforcer functions as either OnClientRequest handler or ResponseProvider handler depending on Credentials Intelligence
Added support for Credentials Intelligence, including:
Support for
v2
andmultistep_sso
CI protocolsSupport for extracting credentials from headers, query params, and request bodies with
json
andx-www-form-urlencoded
content typesSending a header to the origin when compromised credentials are identified
Sending additional S2S activity automatically or adding a request header so that the origin can send the activity manually
Support for automatic additional S2S login successful reporting methods
header
,status
,body
, andcustom
Support for optionally sending the raw username on the additional S2S activity
Preferred TLS cipher names on risk and async activities
Content type header reported on risk activity
Renamed
s2s_error_message
field toerror_message
Version 1.4.0
Released 2022-09-06
Added Property Manager rules to trigger site failover if EdgeWorker failures occur
Added reporting of TLS protocol and cipher on enforcer activities for improved detection
Version 1.3.5
Released 2022-08-09
Fixed bug that caused VID and UUID from invalid cookies to be added to PX context and throw size exception on block page response
Version 1.3.4
Released 2022-08-04
Fixed issue where first-party captcha.js request returned 404 due to misalignment with PM rules
Minor code optimizations
Version 1.3.3
Released 2022-07-14
Enrich Custom Parameters support
Version 1.3.2
Released 2022-07-07
Fixed handling of undefined and empty value telemetry header request
Version 1.3.1
Released 2022-07-02
Fixed bug that caused URLs with periods to sometimes be filtered out
Version 1.3.0
Released 2022-06-27
Added support for enforcer telemetry command
Version 1.2.0
Released 2022-04-10
Added custom logo to the JSON block response (ABR).
Modified the block page to use an upgraded block template.
Modified the
c.js
file and removed thec.css
file to align with the new block page.
Version 1.1.1
Released 2022-04-04
Fixed a bug wherein a request without a User-Agent header would throw an exception.
Version 1.1.0
Released 2022-04-03
Made filtered extensions and s2s timeout values configurable.
Added data enrichment parsing of the risk response.
Aligned configuration keys and values to simplify and clarify the configuration process.
Aligned all activity schemas to minimize errors and optimize detections.
Shortened NetStorage static file names to minimize mobile block response size. (Due to a limitation in Akamai wherein EdgeWorkers cannot return responses larger than 2048 KB.)
Changed the rate limit response status code to be 429 rather than 403.
Fixed bugs related to enforced routes, monitored routes, bypass monitor header, and CSS ref.
Version 1.0.6
Released 2022-03-15
Added enhanced reporting in cases of
s2s_error
to allow for faster and more thorough analysis.
Version 1.0.1
Released 2021-10-26
Added an absolute path for
nscontent
.
Version 1.0.0
Released 2021-06-27
Supported features include basic enforcer flow; first party requests; monitor and active blocking modes; cookie v2 support; PXDE, PXHD, and PXVID cookie support; advanced blocking response; mobile support; filtering by routes and user agent; sensitive routes; sensitive headers, CSS and JS refs.