WAF rule set update for 2017-08-14  (legacy)

IMPORTANT

As of July 13, 2020, Fastly's original WAF offering became a legacy product. It will continue to be supported for all existing users. As alternatives, Signal Sciences Cloud WAF or Signal Sciences Next-Gen WAF both offer proactive monitoring of and protection against suspicious and anomalous web traffic directed at your applications and origin servers. Each can be controlled via the web interface dashboard or application programming interface (API). Contact sales@fastly.com or your Fastly account team to evaluate or move to the Signal Sciences WAF options.

The following information describes the updates and changes to the rule set.

ID

4Z09wgjp7do8NrOIzlckFS

Version

v3

Date

2017-08-14

Type of Change

• Reintroduction of individual threshold variables: http_violation_score_threshold, lfi_score_threshold, php_injection_score_threshold, rce_score_threshold, rfi_score_threshold, session_fixation_score_threshold, sql_injection_score_threshold, xss_score_threshold
• Removal of unused threshold variables: brute_force_counter_threshold, dos_counter_threshold, outbound_anomaly_score_threshold, trojan_score_threshold
• Additional bug fixes in OWASP rule set

Affected Rule Sets

• OWASP
• Trustwave

For more information, see our guide on Fastly WAF rule set updates and maintenance.

Was this guide helpful?

Yes No Comment only

Tell us what worked and what we could do better.

Do not use this form to send sensitive information. If you need assistance, contact support@fastly.com.