WAF rule set update for 2019-03-25 (legacy)
As of July 13, 2020, Fastly's original WAF offering became a legacy product. It will continue to be supported for all existing users. As an alternative, Fastly Next-Gen WAF (powered by Signal Sciences) offers proactive monitoring of and protection against suspicious and anomalous web traffic directed at your applications and origin servers. It can be controlled via the web interface dashboard or application programming interface (API). Contact firstname.lastname@example.org or your Fastly account team to evaluate or move to the Fastly Next-Gen WAF option.
The following information describes the updates and changes to the rule set.
Type of Change
- Introduced new Fastly rule 4170010, which detects CVE-2019-6340 (Drupal 8 core Highly critical RCE)
- Introduced new Fastly rule 4170020, which detects the Magento Magestore Store Locator extension vulnerability
- Updated Fastly rule 4112031 to include additional user agents
- Updated Fastly rules 4113001, 4120010, and 4120011 to show correct match data
- Removed OWASP rules 905100 and 905110, which would never match
- Updated OWASP rules 932100 and 932110 to avoid false positives for Windows and Unix command injection
Affected Rule Sets
- Fastly Rules