What's New

Version 0.12.2

Released 2022-10-13

Added

  • px_filter_by_extension and px_filter_by_http_method configurations
  • Support of RPM packages build

Fixed

  • Always send VID with async activities
  • IP address with port extraction from px_ip_headers
  • Port the latest code to Windows OS
  • Apache module order

Changed

  • px_cookie_custom_parameters now accepts empty parameters
  • Whitelist extensions only for GET requests

Version 0.12.1

Released 2022-09-20

Fixed

  • memory usage improvements

Version 0.12.0

Released 2022-09-08

Added

  • GraphQL support
  • New configuration directives:
    px_sensitive_routes_regex
    px_sensitive_graphql_operation_types
    px_sensitive_graphql_operation_names
    px_graphql_routes
  • TLS information extraction for newer Apache versions

Fixed

  • Apache / Nginx / Envoy modules configuration code
  • PX-interested POST body detection, cache POST body
  • Initialization of old OpenSSL library versions
  • Use of proxy password (if set) for all network activities

Changed

  • TLS field names alignment for all activities
  • Request header keys are always compared and stored in lower case

Version 0.11.2

Released 2022-07-25

Added

  • new configuration directives:
    px_login_successful_header_value_regex
    px_login_successful_query_key
    px_login_successful_query_value

Fixed

  • Default CI version (v2)

Version 0.11.1

Released 2022-07-13

Added

  • New configuration directive px_block_page_template_file

Version 0.11.0

Released 2022-07-06

Added

  • PerimeterX Envoy module

Changed

  • Moved the network code into a separate module

Version 0.10.6

Released 2022-06-27

Fixed

  • Use of milliseconds to compare telemetry timestamps

Version 0.10.5

Released 2022-06-15

Added

  • CI v2 support
  • OpenSSL v3.0 support
  • New CI configuration directives

Fixed

  • CI related fixes
  • Alpine Linux compilation

Changed

  • px_whitelist_uri_regex accepts a pair of regex and the HTTP method
  • Switched to the new block page
  • Moved the crypto-related code into a separate module

Version 0.10.4

Released 2022-04-12

Fixed

  • Send JSON response, even if a redirect URL is set.

Version 0.10.3

Released 2022-03-03

Added

  • Ability to Send CORs headers with the block page
  • Proxy authorization
  • px_monitor_by_cookie feature

Fixed

  • A compilation error in the recent Nginx versions

Version 0.10.2

Released 2021-09-15

Added

  • px_proxy_userpwd feature: set [user name]:[password] to connect to the HTTP proxy

Version 0.10.1

Released 2021-06-30

Added

  • PXDE features:
    px_pxde_header_name
    px_enable_pxde
  • px_cookie_custom_parameters feature
  • CSP features:
    px_code_defender_enabled
    px_code_defender_update_sec
  • px_whitelist_uri_regex feature

Changed

  • Switch to the new Nginx module configuration

Version 0.10.0

Released 2021-03-11

Added

  • px_enablement_header_name feature
  • Support of px_enforced_routes and px_monitored_routes
  • login credentials extraction
  • GO module
  • Python module

Fixed

  • redirect issue for px_custom_block_url

Changed

  • libpcre is a new required dependency

Version 0.9.5

Released 2020-10-26

Fixed

  • incorrect base64 buffer size for SSL ciphers encoding

Version 0.9.4

Released 2020-10-21

Fixed

  • Close beacon connection for 204 (no content) and 304 (not modified) responses

Version 0.9.3

Released 2020-06-29

Fixed

  • Nginx event handling during async tasks
  • PX module compilation for old distros

Version 0.9.2

Released 2020-06-19

Fixed

  • Fix for Nginx internal redirects

Version 0.9.1

Released 2020-06-15

Changed

  • Added support for an empty body from the PX Collector.
  • Disabled HTTP2 communication with PX servers for all modules.

Version 0.9.0

Released 2020-05-18

Added

  • Caching of first party resources
  • Varnish module
  • Cowboy module

Fixed

  • Build scripts fixes and improvements
  • Windows support

Changed

  • JSON activity/riskAPI objects
  • Refresh version naming scheme

Version 0.8.10

Released 2020-05-25

Added

  • Send score header to an upstream

Fixed

  • Multiple PX Nginx module execution for a single request, if a request hits multiple locations

Version 0.8.9

Released 2020-04-23

Fixed

  • Incorrect usage of the ngx_log_error() function

Version 0.8.8

Released 2020-04-21

Added

  • New directive px_enabled_routes

Version 0.8.7

Released 2020-04-14

Added

  • Support for Nginx "server" type module

Version 0.8.6

Released 2020-03-31

Added

  • Support for Nginx variables expanding

Version 0.8.5

Released 2020-03-26

Added

  • Support for Nginx server wide configuration

Version 0.8.4

Released 2020-03-18

Fixed

  • Compatibility with Nginx ngx_http_rewrite_module

Version 0.8.3

Released 2019-12-05

Added

  • Print dependencies versions (used in compilation and actually loaded)

Changed

  • The custom parameters behavior - Values are now taken from a list of headers

Fixed

  • Handle SSL decryption errors

Version 0.8.2

Released 2019-11-14

Added

  • SSL to RiskAPI connection information

Fixed

  • RiskAPI requests are not sent for high score requests with a PX cookie
  • Read 304 response body

Changed

  • Connections for blocked requests are not closed now

Version 0.8.1

Released 2019-11-12

Fixed

  • Null s2s_call_reason

Version 0.8.0

Released 2019-10-29

Added

  • Support of async request processing
  • Ability to send JSON activities objects in bulk
  • Builder script and build recipes

Fixed

  • HAProxy module
  • Nginx module memory

Changed

  • Use of keep alive connections to PX servers

Version 0.7.5

Released 2019-09-18

Added

  • px_allowed_cookies feature - a list of cookies to send to PX

Version 0.7.4

Released 2019-09-11

Fixed

  • Copying response headers to the Nginx memory

Version 0.7.3

Released 2019-08-21

Added

  • Support of Nginx variables

Fixed

  • Set custom base_url / risk_api via configuration

Version 0.7.2

Released 2019-07-01

Added

  • The firstPartyEnabled value to the captcha template
  • Processing times report for a debug build

Fixed

  • The Nginx module crashing when a request with no headers is received
  • Compilation on Alpine Linux

Changed

  • Use of first_party_timeout_ms for a redirect timeout
  • Lua and HAProxy modules update

Version 0.7.1

Released 2019-06-17

Added

  • px_first_party_timeout configuration directive

Version 0.7.0

Released 2019-06-05

Added

  • Pbdk2 crypto values caching
  • Support of module activation via HTTP header
  • Configuration parameters for cURL connection pools

Fixed

  • Cleanup resources on Nginx reload

Changed

  • Removed callbacks based SWIG interface