- bugfix: now first party resources are automatically compressed via gzip regardless the default policy
- Added PXHD cookie to risk request for improved detection.
- Fixed bugs in JWT token decoding and parsing such that the user_id field is extracted and reported properly.
- Added support for server info related fields on RiskAPI to improve detection
- Added to Credentials Intelligence support adding to the request an indication of compromised credentials in the form of a query string
- Added to Credentials Intelligence support modifying the status code of a successful login response which was made with compromised credentials
- Added to Credentials Intelligence support PUT method in the extraction of the Credentials Intelligence details
- Fixed px_shield snippet bug that deactivated shielding for certain requests while in monitor mode.
- GraphQL query parsing ignores whitespace and
\nat the beginning of the string
- Added JA3 fingerprint to enforcer activities for detection improvement
- Added request cookie names to page_requested and block activities for detection improvement
- Fixed custom block page default template compilation issue
- Fixed request cookie names unnecessary spaces issue
- Rearranged the code slightly so more fields on the request are accessible in the custom parameters subroutine
- Improved validation of pxvid cookie.
- Added support for User identifiers feature - extract application user id and additional fields from JWT token.
enables Account defender support on Fastly Enforcer.
- Fixed send redundant page_requested in addition to block activity on sensitive routes on specific cases bug.
- Added configurable first party sensor endpoint to circumvent adblockers that prevent requests to the default
init.jsendpoint. The default
init.jsendpoint remains active even when a custom endpoint is configured. Note that the sensor endpoint must be changed to use the custom endpoint in the JS snippet as well.
- Added Custom logo in block JSON response
- Updated block page to use new template
- Credential Intelligence - added ci_version, sso_step, credentials_compromised fields to block activity for complete visibility for the CI feature on PerimeterX's portal.
- Improved custom block page code structure and code separation for in PX_CUSTOM.vcl and Internal code.
- Improved upgradability
- Updated px_metadata.json
- Removed redundant default values assignments from px_configs table
- Added Sensitive GraphQL operation support, in order to distinguish between GraphQL operations that are sensitive and require RISK validation, support for GraphQL detection enhancement.
- Added Additional Activity Handler support - customizable callback The Enforcer runs after sending page_requested or block_activity.
- Added Filter by HTTP method, user agent, route and IP - customizable callbacks that can skip Enforcer validation flow based on rules of the request HTTP method, user agent, route or IP.
- Added Support First Party Gzip Compression - Allowing compression of first party content such as PerimeterX's sensor.
- Core refactor - The enforcer is now support automatic update.
- Minor bug fixes and improvements
- Added Support for credentials intelligence protocols
- Added Support for login successful reporting methods
- Added Support for automatic sending of
- Added Support for manual sending of
additional_s2sactivity via request header
- Added Support for sending raw username on
- Added Support for login credentials extraction via custom callback
- Added New
request_idfield to all enforcer activities
- Added Login credentials extraction handles body encoding based on
Content-Typerequest header (supports
- Added Successful login credentials extraction automatically triggers risk_api call without needing to enable sensitive routes
- Fixed the bug of Unset
X-PX-uuidheader before sending request to customer's origin
- Fixed the bug of Fastly WAF is called twice on some requests due to restart caused by the Enforcer.
- Added server_info_origin to all Enforcer activities - indicates which CDN POP/Datacenter the request hit.
- Added Compromised credentials header support - indicates the origin of that a compromised credentials was detected by PerimeterX.
- Added CDN Deploy Tool installation support - support for clean/install of the enforcer using automated tool.
- Changed initial, threshold, and window configs for backend health check to align with Fastly new limitations and avoid requests timeouts.
- increased timeout for backend health check to align with Fastly new limitations and avoid requests timeouts.
- Added support for login credentials extraction - This feature extracts credentials (hashed username and password) from requests and sends them to PerimeterX as additional info in the risk api call. The feature can be toggled on and off, and may be set for any number of unique paths.
- Added tier 2 for CSP report only policy
- Moved to user subroutines instead of vcl snippets in main.vcl to enforce code order on Main.vcl file.
- Moved to using px_shield snippet instead of do_shield subroutine.
- Updated main.vcl base file to be aligned with Fastly's new boilerplate format.
- Fixed the issue of missing vid in risk_api activity when call reason is cookie_expired
- Fixed the issue of missing risk_rtt field in block activity
- Fixed the issue of module version is sent without version number
- Added Send page_response activity
- Code optimization to reduce memory usage
- Added support for remote data
- Added CSP module (Content Security Policy)
- Fixed the issue of invalid cookies by limit cookie characters to a specific range of characters
- Added px_orig_cookie field on page_requested and block to contain the original cookie value
- Fixed cookie with non-printable characters fix may cause being mishandled.
- Fixed Telemetry Json formatting
- Added support for PXHD cookie secure mode via config
- Fixed Handle header size overflow. Fail-Open or Fail-Close is configurable in such case.
- Removed hard-coded tokens that required Fastly Deploy Tool to be used
- Detect edge better to prevent attacks
- delete x-px-cookie-data header
- Header px-orig-cookie to include the original cookie in case of decryption failed
- Added utf-8 validation before requesting px backend to prevent s2s_error
- Fixed the issue of page_requested not being sent due to redundant spaces
- Added support for single or multiple (4) backends to work with PerimeterX
- Decreased number of headers being used on PX module.
- Fixed the issue of expired cookie with year of 1990 and below was not parsed well.
Updated about 1 month ago