WAF rule set update for 2018-09-05 (legacy)
IMPORTANT
As of July 13, 2020, Fastly's original WAF offering became a legacy product. It will continue to be supported for all existing users. As an alternative, Fastly Next-Gen WAF (powered by Signal Sciences) offers proactive monitoring of and protection against suspicious and anomalous web traffic directed at your applications and origin servers. It can be controlled via the web interface dashboard or application programming interface (API). Contact sales@fastly.com or your Fastly account team to evaluate or move to the Fastly Next-Gen WAF option.
The following information describes the updates and changes to the rule set.
ID
3vnl3cwPda9Q3WYCDRuGW
Version
v10Date
2018-09-05Type of Change
- Introduced new OWASP rule 932190, which mitigates RCE (OS File Access Attempt) on low paranoia level WAF
- Introduced new OWASP rule 941110, which mitigates XSS using script tag vector
- Introduced new OWASP rule 944100, which mitigates RCE via Java deserialization vulnerabilities (CVE-2017-9805, CVE-2017-10271)
- Introduced new OWASP rule 944110, which mitigates RCE via Java process spawn vulnerability (CVE-2017-9805)
- Introduced new OWASP rule 944120, which mitigates RCE via Java serialization (CVE-2015-5842)
- Introduced new OWASP rule 944240, which mitigates RCE via Java serialization (CVE-2015-5842)
- Introduced new OWASP rule 944130, which detects suspicious Java classes
- Introduced new OWASP rule 944250, which detects RCE via Java method
- Introduced new OWASP rule 944200, which detects magic bytes being used that signal Java serialization
- Introduced new OWASP rule 944210, which detects magic bytes being Base64 encoded that signal Java serialization
- Introduced new OWASP rule 944220, which detects vulnerable Java class in use
- Introduced new OWASP rule 944300, which detects Base64 encoded string that matched suspicious keyword
- Introduced new Fastly internal rule 4134010, which mitigates CVE-2018-11776 Apache Struts v2 vulnerability
- Introduced new Fastly internal rule 4113010, which detects suspicious X-Rewrite-URL header
- Introduced new Fastly internal rule 4113020, which detects suspicious X-Original-URL header
- Introduced new Fastly internal rule 4113030, which detects ESI directives in request
- Introduced new Fastly internal rule 4113050, which detects ESI directives in body
- Removed Trustwave rule 2200000, IP blocklist
- Removed Trustwave rule 2200002, TOR Exit Nodes blocklist
Affected Rule Sets
- OWASP
- Fastly Rules
- Trustwave