WAF rule set update for 2018-09-05  (legacy)

IMPORTANT: Our original WAF offering is now a legacy product. It was superseded by a new version, including a new interface and API, on July 13, 2020. The legacy version will continue to be supported for all existing users. The new version is available to all customers and is the default version for new customers as of July 13, 2020. Customers of the legacy WAF can contact support@fastly.com or their Fastly account team to upgrade.

The following information describes the updates and changes to the rule set.

ID

3vnl3cwPda9Q3WYCDRuGW

Version

v10

Date

2018-09-05

Type of Change

• Introduced new OWASP rule 932190, which mitigates RCE (OS File Access Attempt) on low paranoia level WAF
• Introduced new OWASP rule 941110, which mitigates XSS using script tag vector
• Introduced new OWASP rule 944100, which mitigates RCE via Java deserialization vulnerabilities (CVE-2017-9805, CVE-2017-10271)
• Introduced new OWASP rule 944110, which mitigates RCE via Java process spawn vulnerability (CVE-2017-9805)
• Introduced new OWASP rule 944120, which mitigates RCE via Java serialization (CVE-2015-5842)
• Introduced new OWASP rule 944240, which mitigates RCE via Java serialization (CVE-2015-5842)
• Introduced new OWASP rule 944130, which detects suspicious Java classes
• Introduced new OWASP rule 944250, which detects RCE via Java method
• Introduced new OWASP rule 944200, which detects magic bytes being used that signal Java serialization
• Introduced new OWASP rule 944210, which detects magic bytes being Base64 encoded that signal Java serialization
• Introduced new OWASP rule 944220, which detects vulnerable Java class in use
• Introduced new OWASP rule 944300, which detects Base64 encoded string that matched suspicious keyword
• Introduced new Fastly internal rule 4134010, which mitigates CVE-2018-11776 Apache Struts v2 vulnerability
• Introduced new Fastly internal rule 4113010, which detects suspicious X-Rewrite-URL header
• Introduced new Fastly internal rule 4113020, which detects suspicious X-Original-URL header
• Introduced new Fastly internal rule 4113030, which detects ESI directives in request
• Introduced new Fastly internal rule 4113050, which detects ESI directives in body
• Removed Trustwave rule 2200000, IP blocklist
• Removed Trustwave rule 2200002, TOR Exit Nodes blocklist

Affected Rule Sets

• OWASP
• Fastly Rules
• Trustwave

For more information, see our guide on Fastly WAF rule set updates and maintenance.

Was this guide helpful?

Yes No Comment only

Tell us what worked and what we could do better.

Do not use this form to send sensitive information. If you need assistance, contact support@fastly.com.

Back to Top