What's new
- Support for response detection
- Custom rules now include new matching conditions: "Response Body", "Full HTTP Response Headers", and "Full HTTP Request Headers"
- Rate limiting supports independent policies for different URL paths, enabling interface-level granular traffic control
- Statistics for blocked counts now include blacklist quantity statistics
- Lite application limit increased to 20
- PRO AUTH user seats increased to 5,000
Fix
- Fixed occasional aggregation failures in attack events
- Fixed form validation errors in custom rules
- Fixed XSS injection issue in Custom HTML color schemes
Semantic Analysis Engine Improvements
Optimizations
- CMD Inj, SQL Inj, XSS, File Uploading, File Including, Java Code Inj, Java Unserialize and PHP Code Inj detection logic
- JSON, XML, Base64 and Hex decoding logic
- HTTP protocol parsing logic
Fixes
- Detection bypass issues in certain malformed HTTP request scenarios
Refactoring
- SSRF detection module to support detection of more bypass techniques