What's New

Version 3.2.0

Released 2023-03-09

• Custom cookie header is processed in addition to (not instead of) default cookie header
• Custom cookie header default value has been set to x-px-cookies

Version 3.1.0

Released 2023-02-01

• Added support for filtering requests by HTTP method
• Added support for CORS functionalities and configurations, including enabling default CORS headers for block requests and custom generation of CORS headers for block requests.
• Fixed the Credential Intelligence custom login successful function, which now returns null rather than false in case of error.

Version 3.0.0

Released 2022-12-21

• Added JSON files for Property Manager rules and variables for use in CDN Deploy Tool
• Support for reporting GraphQL operations, including:
  • Support for enabling and disabling GraphQL processing
  • Support for custom configurable GraphQL routes
  • Support for sensitive GraphQL operations based on operation name and type
  • Support for handling multiple GraphQL operations in a single HTTP request
• Support for custom Credential Intelligence extraction function (px_custom_extract_credentials)
• Support for user identifiers (CTS and JWT via either cookie or header) as part of Account Defender
• Property Manager rule changes to support triggering of ResponseProvider event in GraphQL and CI cases separately

Version 2.0.0

Released 2022-10-03

• Enforcer functions as either OnClientRequest handler or ResponseProvider handler depending on Credentials Intelligence
• Added support for Credentials Intelligence, including:
  • Support for v2 and multistep_sso CI protocols
  • Support for extracting credentials from headers, query params, and request bodies with json and x-www-form-urlencoded content types
  • Sending a header to the origin when compromised credentials are identified
  • Sending additional S2S activity automatically or adding a request header so that the origin can send the activity manually
  • Support for automatic additional S2S login successful reporting methods header, status, body, and custom
  • Support for optionally sending the raw username on the additional S2S activity
• Preferred TLS cipher names on risk and async activities
• Content type header reported on risk activity
• Renamed s2s_error_message field to error_message

Version 1.4.0

Released 2022-09-06

• Added Property Manager rules to trigger site failover if EdgeWorker failures occur
• Added reporting of TLS protocol and cipher on enforcer activities for improved detection

Version 1.3.5

Released 2022-08-09

• Fixed bug that caused VID and UUID from invalid cookies to be added to PX context and throw size exception on block page response

Version 1.3.4

Released 2022-08-04

• Fixed issue where first-party captcha.js request returned 404 due to misalignment with PM rules
• Minor code optimizations

Version 1.3.3

Released 2022-07-14

• Enrich Custom Parameters support

Version 1.3.2

Released 2022-07-07

• Fixed handling of undefined and empty value telemetry header request

Version 1.3.1

Released 2022-07-02

• Fixed bug that caused URLs with periods to sometimes be filtered out

Version 1.3.0

Released 2022-06-27

• Added support for enforcer telemetry command

Version 1.2.0

Released 2022-04-10

• Added custom logo to the JSON block response (ABR).
• Modified the block page to use an upgraded block template.
• Modified the c.js file and removed the c.css file to align with the new block page.

Version 1.1.1

Released 2022-04-04

• Fixed a bug wherein a request without a User-Agent header would throw an exception.

Version 1.1.0

Released 2022-04-03

• Made filtered extensions and s2s timeout values configurable.
• Added data enrichment parsing of the risk response.
• Aligned configuration keys and values to simplify and clarify the configuration process.
• Aligned all activity schemas to minimize errors and optimize detections.
• Shortened NetStorage static file names to minimize mobile block response size. (Due to a limitation in Akamai wherein EdgeWorkers cannot return responses larger than 2048 KB.)
• Changed the rate limit response status code to be 429 rather than 403.
• Fixed bugs related to enforced routes, monitored routes, bypass monitor header, and CSS ref.

Version 1.0.6

Released 2022-03-15

• Added enhanced reporting in cases of s2s_error to allow for faster and more thorough analysis.

Version 1.0.1

Released 2021-10-26

• Added an absolute path for nscontent.

Version 1.0.0

Released 2021-06-27

• Supported features include basic enforcer flow; first party requests; monitor and active blocking modes; cookie v2 support; PXDE, PXHD, and PXVID cookie support; advanced blocking response; mobile support; filtering by routes and user agent; sensitive routes; sensitive headers, CSS and JS refs.