What's New

Version 3.0.0

Released 2022-12-21

Added JSON files for Property Manager rules and variables for use in CDN Deploy Tool
Support for reporting GraphQL operations, including:
- Support for enabling and disabling GraphQL processing
- Support for custom configurable GraphQL routes
- Support for sensitive GraphQL operations based on operation name and type
- Support for handling multiple GraphQL operations in a single HTTP request
Support for custom Credential Intelligence extraction function (px_custom_extract_credentials)
Support for user identifiers (CTS and JWT via either cookie or header) as part of Account Defender
Property Manager rule changes to support triggering of ResponseProvider event in GraphQL and CI cases separately

Released 2022-10-03

Enforcer functions as either OnClientRequest handler or ResponseProvider handler depending on Credentials Intelligence
Added support for Credentials Intelligence, including:
- Support for v2 and multistep_sso CI protocols
- Support for extracting credentials from headers, query params, and request bodies with json and x-www-form-urlencoded content types
- Sending a header to the origin when compromised credentials are identified
- Sending additional S2S activity automatically or adding a request header so that the origin can send the activity manually
- Support for automatic additional S2S login successful reporting methods header, status, body, and custom
- Support for optionally sending the raw username on the additional S2S activity
Preferred TLS cipher names on risk and async activities
Content type header reported on risk activity
Renamed s2s_error_message field to error_message

Released 2022-09-06

Added Property Manager rules to trigger site failover if EdgeWorker failures occur
Added reporting of TLS protocol and cipher on enforcer activities for improved detection

Released 2022-08-09

Fixed bug that caused VID and UUID from invalid cookies to be added to PX context and throw size exception on block page response

Released 2022-08-04

Fixed issue where first-party captcha.js request returned 404 due to misalignment with PM rules
Minor code optimizations

Released 2022-07-14

Released 2022-07-07

Released 2022-07-02

Released 2022-06-27

Released 2022-04-10

Added custom logo to the JSON block response (ABR).
Modified the block page to use an upgraded block template.
Modified the c.js file and removed the c.css file to align with the new block page.

Released 2022-04-04

Fixed a bug wherein a request without a User-Agent header would throw an exception.

Released 2022-04-03

Made filtered extensions and s2s timeout values configurable.
Added data enrichment parsing of the risk response.
Aligned configuration keys and values to simplify and clarify the configuration process.
Aligned all activity schemas to minimize errors and optimize detections.
Shortened NetStorage static file names to minimize mobile block response size. (Due to a limitation in Akamai wherein EdgeWorkers cannot return responses larger than 2048 KB.)
Changed the rate limit response status code to be 429 rather than 403.
Fixed bugs related to enforced routes, monitored routes, bypass monitor header, and CSS ref.

Released 2022-03-15

Added enhanced reporting in cases of s2s_error to allow for faster and more thorough analysis.

Released 2021-10-26

Released 2021-06-27

Supported features include basic enforcer flow; first party requests; monitor and active blocking modes; cookie v2 support; PXDE, PXHD, and PXVID cookie support; advanced blocking response; mobile support; filtering by routes and user agent; sensitive routes; sensitive headers, CSS and JS refs.