WAF rule set update for 2018-09-05  (legacy)

IMPORTANT

As of July 13, 2020, Fastly's original WAF offering became a legacy product. It will continue to be supported for all existing users. As alternatives, Signal Sciences Cloud WAF or Signal Sciences Next-Gen WAF both offer proactive monitoring of and protection against suspicious and anomalous web traffic directed at your applications and origin servers. Each can be controlled via the web interface dashboard or application programming interface (API). Contact sales@fastly.com or your Fastly account team to evaluate or move to the Signal Sciences WAF options.

The following information describes the updates and changes to the rule set.

ID

3vnl3cwPda9Q3WYCDRuGW

Version

v10

Date

2018-09-05

Type of Change

• Introduced new OWASP rule 932190, which mitigates RCE (OS File Access Attempt) on low paranoia level WAF
• Introduced new OWASP rule 941110, which mitigates XSS using script tag vector
• Introduced new OWASP rule 944100, which mitigates RCE via Java deserialization vulnerabilities (CVE-2017-9805, CVE-2017-10271)
• Introduced new OWASP rule 944110, which mitigates RCE via Java process spawn vulnerability (CVE-2017-9805)
• Introduced new OWASP rule 944120, which mitigates RCE via Java serialization (CVE-2015-5842)
• Introduced new OWASP rule 944240, which mitigates RCE via Java serialization (CVE-2015-5842)
• Introduced new OWASP rule 944130, which detects suspicious Java classes
• Introduced new OWASP rule 944250, which detects RCE via Java method
• Introduced new OWASP rule 944200, which detects magic bytes being used that signal Java serialization
• Introduced new OWASP rule 944210, which detects magic bytes being Base64 encoded that signal Java serialization
• Introduced new OWASP rule 944220, which detects vulnerable Java class in use
• Introduced new OWASP rule 944300, which detects Base64 encoded string that matched suspicious keyword
• Introduced new Fastly internal rule 4134010, which mitigates CVE-2018-11776 Apache Struts v2 vulnerability
• Introduced new Fastly internal rule 4113010, which detects suspicious X-Rewrite-URL header
• Introduced new Fastly internal rule 4113020, which detects suspicious X-Original-URL header
• Introduced new Fastly internal rule 4113030, which detects ESI directives in request
• Introduced new Fastly internal rule 4113050, which detects ESI directives in body
• Removed Trustwave rule 2200000, IP blocklist
• Removed Trustwave rule 2200002, TOR Exit Nodes blocklist

Affected Rule Sets

• OWASP
• Fastly Rules
• Trustwave

For more information, see our guide on Fastly WAF rule set updates and maintenance.

Was this guide helpful?

Yes No Comment only

Tell us what worked and what we could do better.

Do not use this form to send sensitive information. If you need assistance, contact support@fastly.com.