- 16 Mar 2023
- Updated on 16 Mar 2023
- Custom cookie header is processed in addition to (not instead of) default cookie header
- Custom cookie header default value has been set to x-px-cookies
- Added support for filtering requests by HTTP method
- Added support for CORS functionalities and configurations, including enabling default CORS headers for block requests and custom generation of CORS headers for block requests.
- Fixed the Credential Intelligence custom login successful function, which now returns
falsein case of error.
- Added JSON files for Property Manager rules and variables for use in CDN Deploy Tool
- Support for reporting GraphQL operations, including:
- Support for enabling and disabling GraphQL processing
- Support for custom configurable GraphQL routes
- Support for sensitive GraphQL operations based on operation name and type
- Support for handling multiple GraphQL operations in a single HTTP request
- Support for custom Credential Intelligence extraction function (
- Support for user identifiers (CTS and JWT via either cookie or header) as part of Account Defender
- Property Manager rule changes to support triggering of ResponseProvider event in GraphQL and CI cases separately
- Enforcer functions as either OnClientRequest handler or ResponseProvider handler depending on Credentials Intelligence
- Added support for Credentials Intelligence, including:
- Support for
- Support for extracting credentials from headers, query params, and request bodies with
- Sending a header to the origin when compromised credentials are identified
- Sending additional S2S activity automatically or adding a request header so that the origin can send the activity manually
- Support for automatic additional S2S login successful reporting methods
- Support for optionally sending the raw username on the additional S2S activity
- Support for
- Preferred TLS cipher names on risk and async activities
- Content type header reported on risk activity
- Added Property Manager rules to trigger site failover if EdgeWorker failures occur
- Added reporting of TLS protocol and cipher on enforcer activities for improved detection
- Fixed bug that caused VID and UUID from invalid cookies to be added to PX context and throw size exception on block page response
- Fixed issue where first-party captcha.js request returned 404 due to misalignment with PM rules
- Minor code optimizations
- Enrich Custom Parameters support
- Fixed handling of undefined and empty value telemetry header request
- Fixed bug that caused URLs with periods to sometimes be filtered out
- Added support for enforcer telemetry command
- Added custom logo to the JSON block response (ABR).
- Modified the block page to use an upgraded block template.
- Modified the
c.jsfile and removed the
c.cssfile to align with the new block page.
- Fixed a bug wherein a request without a User-Agent header would throw an exception.
- Made filtered extensions and s2s timeout values configurable.
- Added data enrichment parsing of the risk response.
- Aligned configuration keys and values to simplify and clarify the configuration process.
- Aligned all activity schemas to minimize errors and optimize detections.
- Shortened NetStorage static file names to minimize mobile block response size. (Due to a limitation in Akamai wherein EdgeWorkers cannot return responses larger than 2048 KB.)
- Changed the rate limit response status code to be 429 rather than 403.
- Fixed bugs related to enforced routes, monitored routes, bypass monitor header, and CSS ref.
- Added enhanced reporting in cases of
s2s_errorto allow for faster and more thorough analysis.
- Added an absolute path for
- Supported features include basic enforcer flow; first party requests; monitor and active blocking modes; cookie v2 support; PXDE, PXHD, and PXVID cookie support; advanced blocking response; mobile support; filtering by routes and user agent; sensitive routes; sensitive headers, CSS and JS refs.