Skip to content

v1.29.0 (unstable)

Choose a tag to compare

View all tags
@github-actions github-actions released this 01 Oct 09:54
· 22 commits to master since this release
1.29.0
bea83f9
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

New Features

This release introduces a focused set of features addressing the most pressing use cases. Barring any necessary patch releases, this will constitute the final v1.x release.

Block ID

Block and redirect actions now include a block_id in their action parameters. This same ID is also included in the generated event, allowing the WAF caller to reference it in the blocking response or add it as a query parameter in a redirect. This ensures that each blocking action can be reliably correlated with its corresponding event.

The following is an example of a block request action, including the new ID:

actions:
  block_request:
    status_code: 403
    grpc_status_code: 10
    type: auto
    block_id: "55af6314-9e02-11f0-b0a3-23dee2d4f390"

Identifier validation through checksums

A new operator, match_regex_with_checksum, has been introduced to improve the accuracy of detections performed using a regular expression, when the identifier itself has a built-in validation mechanism, by performing a secondary validation through a checksum. The checksum may be a purpose-built or generic algorithm, however at this time only the Luhn algorithm is supported.

The configuration of the operator is equivalent to the match_regex operator, except for the addition of the checksum parameter:

operator: match_regex_with_checksum
parameters:
  inputs: [{ address: server.request.body }]
  regex: "\\b4\\d{3}(?:(?:,\\d{4}){3}|(?:\\s\\d{4}){3}|(?:\\.\\d{4}){3}|(?:-\\d{4}){3})\\b"
  options: { min_length: 16 }
  checksum: luhn

Incremental processor overrides

Processor overrides have been updated to allow for incremental additions or removals of scanners to a given processor. Before this release, processor overrides fully replaced the list of scanners of a processor, however now each override contributes to the set by either adding or removing scanners.

While this is technically a breaking change, processor overrides are not currently in use. An example of a processor override including and excluding scanners can be seen below:

{
  "processor_overrides": [
    {
      "target": [{ "id": "extract-content" }],
      "scanners": {
        "include": [{ "id": "scanner-001" }],
        "exclude": [{ "tags": { "type": "email" } }]
      }
    }
  ]
}

Release changelog

Fixes

  • Fix single-char matches on phrase_match (#462)

Changes

  • match_regex_with_checksum operator: match and verify regexes with a checksum (#450)
  • Add block ID to block & redirect action parameters & event (#459)
  • Incremental processor overrides (#461)

Miscellaneous

  • Replace number with integer for integer-only attrs (#457)
Assets 32
Loading