Enforcer frameworksFastly VCL

Fastly VCL changelog

June 6, 2024

Version 11.0.0

Added

  • Added the px_advanced_blocking_response_enabled configuration option, which allows you to turn off ABR feature functionality.
  • Added support for custom first party endpoints

Fixed

  • Unsetting all HUMAN headers on enforcer initialization

Changed

  • The px_enable_error_logs configuration option has been removed. Rather, we now check the logger severity configuration
  • The px_enable_redirect_xhr configuration option has been removed. Instead, we now check only the first party configuration option
  • The px_send_page_activities configuration option has been removed, so that the async activities always be sent
  • The px_custom_access_control_header, px_enable_access_control_header configuration options have been removed. Instead, use the px_custom_cors_set_custom_block_response_headers configuration.
  • The px_custom_captcha_handler configuration option has been removed. Instead, use the px_custom_create_synthetic_web_response custom subroutine.
  • The px_custom_check_block_post_url and px_custom_check_block_by_size configuration options which were never executed, have been removed,
  • The px_custom_check_enabled_route and px_custom_redirect configuration option which is not according to spec has been removed. This logic can be implemented in the customers’ VCL as desired.
  • The px_custom_data_enrichment_handler configuration option which is not according to spec has been removed.
  • Removed logic related to error code 996 which was never executed
  • Removed px_ip_headers dependency from PX.vcl, and instead added px_custom_client_ip_extraction subroutine that returns custom IP header value.
  • Rename the login-set header to px-creds:endpoint-index
  • The custom subroutine px_custom_set_login_successful_response_header now returns 0 or 1 indicating whether the login was successful, instead of returning the indication in the resp.http.x-px-login-successful header.
  • Removed the deprecated CSP feature
  • The use_callback option of px_login_credentials_extraction has been moved to be one of the sent_through field options.
  • The px_custom_create_block_page custom subroutine has been removed. This logic should be implemented in the custom px_custom_create_synthetic_web_response and px_custom_create_synthetic_mobile_response custom subroutines
  • The px_custom_extract_jwt_additional_fields custom subroutine now returns the jwt additional fields in format of: “fieldName1”:“fieldValue1”,“fieldName2”:“fieldValue2”
  • The px_custom_create_block_page custom subroutine has been renamed to px_custom_block_page_content.
  • The px_custom_create_synthetic_mobile_response custom subroutine which is not according to spec has been removed.
  • The px_custom_create_synthetic_web_response custom subroutine has been renamed to px_custom_web_block_page_response.
  • The px_custom_block_handler custom subroutine has been removed. Instead, use the px_custom_web_block_page_response custom subroutine.
  • The px_custom_post_block_handler custom subroutine which were never executed, have been removed.
  • The px_bypass_monitor_header default value was changed from empty to x-px-block.
  • eng_key in cs_data table moved to px_configs and renamed to px_fastly_api_token
  • px_enforcer_config_rdata_id in cs_data table moved to px_configs
  • cs_data table removed
  • px_enforcer_config_rdata table changed to dictionary always
  • px_remote_config_secret renamed to px_remote_config_auth_token
  • Added remote config ID and secret to Risk API and async activities
  • Modified remote log key names for remote config (from remoteConfigVersion to configVersion, from remoteConfigID to configID) and added moduleVersion