With the growing complexity of new applications and technology stacks, as well as evolving attack techniques, we can implement regular improvements in how the Wallarm WAF detects attacks. Here are some highlights from March 2020 that our detection team wants to share:

• Expanded list of possible NoSQLi (NoSQL Injection) vectors that can be detected;
• Improved the mechanism for detecting SSTI (Server Side Template Injection) attacks;
• Redesigned SSI (Server Side Includes) discovery mechanism;
• New rules for detecting IMAPi (Mail Injection) have been added.

This update will expand the WAF's ability to detect attacks by adding new rules and reducing the number of false positives by optimizing existing algorithms.

Do I need to update anything to apply these changes?
No, all improvements in the attack detection techniques are delivered to customers automatically.

How do you ensure that these changes will not affect my traffic flow?

For the next two weeks, the update will work in the experimental mode without any additional blocking. Changes will be activated once we make sure no additional false positives are introduced.

For questions related to the detects and updated rules, you can contact our support team.