What's New
Version 3.5.4
Released 2024-11-19
- Risk_api call fails in case of a non-ASCII character on a request header
Version 3.5.3
Released 2024-09-16
- Response provider enforcer (for Credential Intelligence, GraphQL) includes HTTP response status code on page_requested and block activities
Version 3.5.2
Released 2024-09-05
- User request's Authorization header no longer overriding the header that is being sent on risk api
- Upgrading tests version
Version 3.5.1
Released 2024-08-13
- Fixed an issue with parsing cookie values
Version 3.5.0
Released 2024-07-08
- Added all request headers to activities instead of only specific ones
- Added support for the sensitive headers feature
Version 3.4.0
Released 2024-06-18
- Modified
px_enrich_custom_parametersto be async and acceptpxContextas a second parameter, allowing for enriching the custom parameters using async/await - Fixed issue of inaccurate content-length with non-UTF-8 characters
- Added custom function to cookie parser to handle broken URI decoded cookies
Version 3.3.3
Released 2023-11-12
- Fixed cookies and custom cookie invalid chars exception bug
Version 3.3.2
Released 2023-10-18
- captcha.js src route for first party
- headers format in async activities
Version 3.3.1
 Released 2023-08-09
- Fixed risk additional info type
Version 3.3.0
 Released 2023-08-08
- New block page support (NOTE: changed c.js file in net-storage, by that, it needs to be updated in upgrade)
- PXHD domain support
- Risk/Async activities alignment
Version 3.2.2
 Released 2023-06-13
- Handling of
content-lengthheader on both risk and origin calls.
Version 3.2.1
- wrong reporting of
simulated_blockwhen current path is part ofenforced_routes
Version 3.2.0
Released 2023-03-09
- Custom cookie header is processed in addition to (not instead of) default cookie header
- Custom cookie header default value has been set to x-px-cookies
Released 2023-02-01
- Added support for filtering requests by HTTP method
- Added support for CORS functionalities and configurations, including enabling default CORS headers for block requests and custom generation of CORS headers for block requests.
- Fixed the Credential Intelligence custom login successful function, which now returns
nullrather thanfalsein case of error.
Released 2022-12-21
- Added JSON files for Property Manager rules and variables for use in CDN Deploy Tool
- Support for reporting GraphQL operations, including:
- Support for enabling and disabling GraphQL processing
- Support for custom configurable GraphQL routes
- Support for sensitive GraphQL operations based on operation name and type
- Support for handling multiple GraphQL operations in a single HTTP request
- Support for custom Credential Intelligence extraction function (
px_custom_extract_credentials) - Support for user identifiers (CTS and JWT via either cookie or header) as part of Account Defender
- Property Manager rule changes to support triggering of ResponseProvider event in GraphQL and CI cases separately
Released 2022-10-03
- Enforcer functions as either OnClientRequest handler or ResponseProvider handler depending on Credentials Intelligence
- Added support for Credentials Intelligence, including:
- Support for
v2andmultistep_ssoCI protocols - Support for extracting credentials from headers, query params, and request bodies with
jsonandx-www-form-urlencodedcontent types - Sending a header to the origin when compromised credentials are identified
- Sending additional S2S activity automatically or adding a request header so that the origin can send the activity manually
- Support for automatic additional S2S login successful reporting methods
header,status,body, andcustom - Support for optionally sending the raw username on the additional S2S activity
- Support for
- Preferred TLS cipher names on risk and async activities
- Content type header reported on risk activity
- Renamed
s2s_error_messagefield toerror_message
Released 2022-09-06
- Added Property Manager rules to trigger site failover if EdgeWorker failures occur
- Added reporting of TLS protocol and cipher on enforcer activities for improved detection
Released 2022-08-09
- Fixed bug that caused VID and UUID from invalid cookies to be added to PX context and throw size exception on block page response
Released 2022-08-04
- Fixed issue where first-party captcha.js request returned 404 due to misalignment with PM rules
- Minor code optimizations
Released 2022-07-14
- Enrich Custom Parameters support
Released 2022-07-07
- Fixed handling of undefined and empty value telemetry header request
Released 2022-07-02
- Fixed bug that caused URLs with periods to sometimes be filtered out
Released 2022-06-27
- Added support for enforcer telemetry command
Released 2022-04-10
- Added custom logo to the JSON block response (ABR).
- Modified the block page to use an upgraded block template.
- Modified the
c.jsfile and removed thec.cssfile to align with the new block page.
Released 2022-04-04
- Fixed a bug wherein a request without a User-Agent header would throw an exception.
Released 2022-04-03
- Made filtered extensions and s2s timeout values configurable.
- Added data enrichment parsing of the risk response.
- Aligned configuration keys and values to simplify and clarify the configuration process.
- Aligned all activity schemas to minimize errors and optimize detections.
- Shortened NetStorage static file names to minimize mobile block response size. (Due to a limitation in Akamai wherein EdgeWorkers cannot return responses larger than 2048 KB.)
- Changed the rate limit response status code to be 429 rather than 403.
- Fixed bugs related to enforced routes, monitored routes, bypass monitor header, and CSS ref.
Released 2022-03-15
- Added enhanced reporting in cases of
s2s_errorto allow for faster and more thorough analysis.
Released 2021-10-26
- Added an absolute path for
nscontent.
Released 2021-06-27
- Supported features include basic enforcer flow; first party requests; monitor and active blocking modes; cookie v2 support; PXDE, PXHD, and PXVID cookie support; advanced blocking response; mobile support; filtering by routes and user agent; sensitive routes; sensitive headers, CSS and JS refs.
Updated 12 days ago