AppWall 755 RN

AppWall
Release Notes
Version 7.5.5
October 03, 2017
TABLE OF CONTENTS
CONTENT ..................................................................................................................................................... 3
SUPPORTED PLATFORMS AND MODULES ............................................................................................ 3
UPGRADE PATH ......................................................................................................................................... 3
UPGRADE PROCEDURE ............................................................................................................................. 3
PRODUCT MODIFICATIONS....................................................................................................................... 4
APPWALL VERSION 7.5.1 .......................................................................................................................... 4
APPWALL VERSION 7.3.4 .......................................................................................................................... 4
APPWALL VERSION 7.3.2 .......................................................................................................................... 4
APPWALL VERSION 7.1.1 .......................................................................................................................... 4
APPWALL VERSION 6.6.1 .......................................................................................................................... 4
APPWALL VERSION 6.4.1 .......................................................................................................................... 4
APPWALL VERSION 6.2.1 .......................................................................................................................... 4
WHATS NEW ............................................................................................................................................... 5
APPWALL VERSION 7.5.2 .......................................................................................................................... 5
APPWALL VERSION 7.3.2 .......................................................................................................................... 5
APPWALL VERSION 7.1.1 .......................................................................................................................... 5
APPWALL VERSION 6.6.1 .......................................................................................................................... 5
APPWALL VERSION 6.5.1 .......................................................................................................................... 5
APPWALL VERSION 6.4.1 .......................................................................................................................... 6
APPWALL VERSION 6.2.2 .......................................................................................................................... 6
APPWALL VERSION 6.2.1 .......................................................................................................................... 6
RELATED DOCUMENTATION .................................................................................................................... 8
FIXED BUGS ................................................................................................................................................ 9
KNOWN LIMITATIONS .............................................................................................................................. 27
Release Notes: AppWall version 7.5.5, October 03, 2017 Page 2

Content
Radware announces the release of AppWall version 7.5.5. These release notes describe known
product offerings and known limitations in the version.
Supported Platforms and Modules

This version is supported by the following platforms:
Platform Notes and Exceptions
On Demand Switch VL
VMware ESX/ESXi 5.0, 5.1, 5.5 & 6.0
For more information on platform specifications, refer to the AppWall Installation and
Maintenance Guide.
Upgrade Path
You can upgrade to this version from AppWall versions 5.7.2 and higher.
For AppWall VA only, starting from version 5.5.1, there is no upgrade path from AppWall VA
(32bit) to AppWall VA (64 bit).
Upgrade Procedure
General upgrade instructions are found in the AppWall Installation and Maintenance Guide.

Product Modifications
AppWall Version 7.5.1
A new Form Field and URL Protection feature license is added for form field and URL
protection as part of the Session security filter. Without this license, the Session filter
only protects cookies. Since this feature is rarely used, the introduction of this license
simplifies the operation and management of AppWall. When upgrading and existing
AppWall from older versions, this functionality will be functional without the need for a
new license.
Because of its very limited use, the internal web crawler was removed from AppWall.
You can no longer define crawling jobs for the purpose of Auto Policy Generation.
The Allow List security filter no longer treats HEAD requests as GET requests. This
affects refinements of GET requests that no longer allow HEAD requests to pass.
Kerberos S4U2Self tickets are now cached

Database and Vulnerability security filters now support patch mode
SSL protocol violation events now provide more detailed information
Perfect Forward Secrecy (PFS) is now available using DiffieHellman Ephemeral (DHE)
and Elliptic Curve DiffieHellman (ECDH) for HTTPs Tunnels.
APSolute Vision configuration now supports multiple APSolute Vision servers.
OpenSSL version was updated to version 1.0.1p.

IP Blocking module was updated to support device fingerprinting blocking and was
renamed Source Blocking module.
OpenSSL version was updated to 1.0.1m.

Whats New
This version includes the following new capabilities:
A new Low and Slow attack mitigation capability is introduced. AppWall behavioral Low
and Slow attack detection is based on HTTP timeouts and HTTP request throughput for a
much more efficient mitigation. New Low and Slow protection settings are done at the
tunnel level.
Ability to group hosts under a single security policy.

Improved AppWall cluster management in multiple datacenters:
o AppWall allows setting different protected entities address to different nodes in
a cluster.
o AppWall allows setting different APSolute Vision servers to different nodes in a
cluster.
HPE WebInspect DAST integration support:

o AppWall imports HPEs WebInspect vulnerability report and update the security
policy accordingly.
o AppWall initiates HPEs WebInspect scan on new or changed resources
Improvements to Authentication Gateway:

o AppWalls SSO capabilities support authenticating the user with the protected
web server using Kerberos Constrained Delegation (KCD), NTLM, Basic
Authentication and Digest Authentication.
o AppWalls Form-Based Authentication supports two-factor authentication.
Improvements to HTTPs Tunnel chippers suites:
o Added support for Perfect Forward Secrecy (PFS) using DiffieHellman
Ephemeral (DHE) and Elliptic Curve DiffieHellman (ECDH).
1. Improvements to Forensics view:

a. Added Go-To-Policy option from the Forensics view. From the security logs, the
user can go to the relevant security module in the security policy view.
b. Added grouping of security events based on source IP and/or attack type.
2. Improvements to RESTful API added support for new flows such as:
a. Cluster management
b. Service management
c. Tunnel configuration export
d. Network management: Routing, LAG, VLANs
e. Users provisioning.
1. Activity Tracking Improvements:

o Added support for IP groups whitelisting. Whitelisting an IP group causes
AppWall not to track it even in fingerprint mode.
o Added support for refinement of device fingerprinting to the whitelist.
o Various other technical improvements.
2. Device Fingerprinting Outside the Activity Tracking Module When device
fingerprinting is enabled, devices are identified via fingerprint in modules outside of the
Activity Tracking module. This causes forensic events with the fingerprint hash and
Source/IP blocking module to work based on the device fingerprint and not IP address.
3. TLS1.2 support in monitor mode AppWall Out-of-Path mode supports TLS1.2 traffic.
4. RESTful API AppWall supports RESTful API allowing configuring AppWall
programmatically of common flows.
5. APSolute Vision Integration AppWall has initial support for integration with the
APSolute Vision management system for common flows.
1. Regular Expression Support in Vulnerabilities Security Filter While regular

expressions are widely used in AppWall for inspecting various HTTP message elements,
including parameter values and paths, HTTP headers were not scanned with regular
expression. This version adds support for regular expressions in vulnerabilities custom
patterns and signature files. Along with this functionality, a new regular expression-
based rule to block MS15-034 / CVE-2015-1635 was added.
1. Activity Tracking Early Availability Functionality: Bot activity and attacks targeting
Web applications are a complex threat for many site operators. While simple script-
based bots are not much of a challenge to detect and block, advanced bots dramatically
complicate the mitigation process using techniques such as mimicking user behavior,

using dynamic IP addresses, operating behind anonymous proxies and CDNs, etc. The
various bots aim to achieve different goals, where the most common ones are web
scraping, Web application DDoS and clickjacking. In this version AppWall introduces a
new Activity Tracking Module which deals with these bot-generated threats. AppWalls
Activity Tracking mechanism can be set to one of two operational modes:
o Anti-DDoS
o Anti-Scraping
Application DDoS does not necessarily target specific resources (though it may
sometimes be the case). Configuring AppWall to the Anti-DDoS mode tracks the activity
of the users at the domain level. If applied at the <Any Host> level, activity will be
globally tracked (domain agnostic).
Scraping, however, is data-focused and usually targets specific Web pages where
relevant information can be extracted. In the Anti-Scraping mode, tracking is narrowed
to the configured URI(s). The Activity Tracking module counts the HTTP transaction rate
to the defined application scope (domain/page) per user per second. Once reaching the
threshold, a security page is returned instead of the requested resource.
The Activity Tracking module can be set to one of two tracking modes:
o IP-based tracking (available both in Passive and Active modes) is not intrusive.
o Device Fingerprint-based tracking (available only in Active mode) is intrusive.
While IP-based tracking offers the value of non-intrusive activity tracking and detection
capabilities, device fingerprint-based tracking offers IP-agnostic source tracking.
AppWall can detect bots operating in a dynamic IP environment and activity behind an
sNAT (source NAT), such as an enterprise network or proxy. Even if the bot dynamically
changes its source IP address, its device fingerprint does not change. AppWall tracks the
device activity and correlates the source security violations across different sessions
over time.
Device fingerprint technology employs various tools and methodologies to gather IP-
agnostic information about the source, including running JavaScript on the client side.
Once the JavaScript is processed, an AJAX request is generated from the client side to
AppWall with the fingerprint information.
When Activity Tracking is set to IP-based tracking, it can be correlated with the IP
blocking module. Once a source IP reaches a configured threshold, the source IP is
blocked (either Layer 3 or Layer7).
To avoid scenarios where AppWall mistakenly detects search engine bots (for example,
Google or Yahoo) as malicious bots, there is a mechanisms in AppWall that detects and
verifies legitimate search engine bots by running a reverse-DNS lookup process to verify
their source and to excluded them from the list of tracked sources.
2. Link Aggregation Support: Link Aggregation is a method for aggregating multiple
network interfaces in parallel in order to increase throughput beyond what a single NIC
can sustain, and to provide redundancy in case one of the links should fail. AppWall Link

Aggregation implementation is based on a Linux bonding. AppWall Link Aggregation is
configured in the AppWall Management Application Web interface.
3. OS X Support: The AppWall Management Application can now run on OS X. Supported
browsers are Safari and Firefox. Chrome is not supported (due to Java FX compatibility
issues with Chrome on OS X).
4. Range Header Removal: AppWall now supports disabling HTTP Range header. Once this
http parsing property checked, the Range header is removed from the HTTP request.
CVE-2015-1635 (MS15-034) can be addressed by disabling the Range header.
5. Management Application Timeout: AppWall now has a default timeout of 60 minutes
for its management application connectivity to the AppWall server.
6. Internally Hosted Security Page: When configuring the security page of a host within a
Web application, you can define a locally-hosted security page. This is in addition to the
option of referring to a security page hosted on the secured Web server.
7. Tech Support File: AppWall now supports generating a tech support file. Several levels
of detail can be selected to derive the size of the tech support file. When submitting a
support case, the tech support file contains important information for analysis,
recreation and root cause analysis (RCA).
Related Documentation
The following documentation is related to this version:

AppWall Installation and Maintenance Guide
AppWall User Guide
APSolute Vision User Guide
For the latest Radware product documentation, download it from
http://www.radware.com/Customer/Portal/default.asp.

Fixed Bugs
The following is a list of bugs fixed in AppWall version 7.5.5:
Item Description Bug Number
AppWall Gateway
1. Memory leak in Activity Tracking module was fixed DE27548
2. When an HTTP parsing failure occurred, a wrong security event message DE24622
appears
3. Under certain condition, the options Support Base 64 Data and Support DE23364
XML Data within the database filter become disabled although they have
been enabled
4. HTTP parser block requests with double slash in URL without any security DE25505
event
5. When changing the Cluster Managers management IP address, policies DE24408
sync between the nodes and the Cluster Manager failed
6. AppWall disk partition become full due to an unmanaged log file DE25918
7. Different AppWall instances running on Alteon platform send logs to Vision DE28056
with different hostnames but with the same management IP address.
8. Failure in the AppWall Management Application occurred after creating a DE28086
complex RegEX in the security policies settings
9. Hostname field is truncate in the logs sent to Vision DE28456
10. Under certain condition, AppWall send messages to Vision with a wrong DE28650
destination IP address in the message
11. Under certain condition, the Tunnel name is not properly imported during DE28721
an import process

AppWall Gateway
1. When AppWall is in Monitor mode, the Security Event in Forensics present DE12173
a wrong Source Port than in pcap.
2. Error in the AppWall Management Application when a rule in the Database DE18775
filter is added.
3. Security logs for HTTP Parsing violation does not show the Host name DE20023
value.
4. Security logs for header size exceeding the limit does not show the correct DE22565
cookie header value.
5. AppWall responds to ARP calls with wrong MAC address. DE22978
6. After an upgrade from 5.8.10 to 7.3.3, memory usage increases from 65% DE23877
to 80% after several days because of a memory leak. DE27889
7. In Monitor mode, in the tunnel configuration, the field Device in Use DE23966
presents wrong information.
8. AppWall does not block a double encoded attack. DE24389
9. The Description field in the security logs sent to the Vision Server does not DE24534
contain all the expected information.
10. Adding two refinements for the same URI with different character case DE24880
causes an AppWall failure.
11. A failure on the HTTP Parse service occurs after sending a huge amount of DE25161
traffic just after applying the configuration.
12. In AppWall Monitor, under certain conditions, HTTPS traffic causes an DE25174
AppWall failure. DE27352
DE7475
13. An error message appears in a pop-up when configuring Vision. DE25778
14. In Cluster mode, under certain conditions, synchronization issues occur. DE6805
15. Under certain conditions (high throughput, specific HTTP requests) DE25277
AppWall failed to process the traffic. DE25278
DE25606
16. The Event type field sent to Vision Server is wrong. DE25445
17. When the AppWall Activity Tracking module is set to Fingerprint mode and DE25541
Source Blocking is enabled, the IP sources are not blocked by the Source

Blocking module. Attacks are still blocked by Activity Tracking and other
modules.
18. The Configuration file is reset when performing a Repair option. DE8231

AppWall Gateway
1. Failed to decode the & character in configuration files. As a result, the DE21729
role name Proxies&Untrusted was saved and presented as
Proxies&Untrusted.
2. Does not detect a double encoded attack. DE23964
3. Blocked a legit JSON request with allowed body {}. DE21592
4. Memory and CPU utilization significantly increases when processing a huge DE6957
request line (1000s of characters).

AppWall Gateway
1. When Activity Tracking module is set to Active mode, rarely, it may impact DE19558
legitimate traffic.
2. Upon an HTTP RFC parsing violation, a security event may not include the DE19870
source IP address of the attack source.
3. Several Database Security Filter bugs, when both regular expression DE21308
refinements and explicit refinements on parameter name are handled DE22744
inaccurately. Now, when an explicit refinement is added on top of an DE22863
existing regular expression refinement for the same parameter on the DE22472
same page, the new refinement is merged into the already existing regular
expression.
4. Parameters security filter may cause false positives when the parameter DE17387
contained the char . This special character is not encoded properly in
the configuration, resulting in a failure of the regular expression match.
5. Rarely, when a POST request with JSON body is decoded and inspected by DE17571
the Database Security Filter, a failure occurs.
6. Rarely, under specific scenarios, the AppWall Management Application DE18217
does not refine a SafeReply security event from the Forensics view.
7. Cannot delete a user group that has no reference in the security policy. DE18859

AppWall Gateway
8. BruteForce security filter may cause failure under specific configuration DE18961
conditions.
9. Dashboard activity graphs under the Tunnels view are not refreshed DE19224
properly.
10. Failures during importing a tunnel configuration from a file. DE19288
11. Some JSON parsing violations are not properly mapped to the compatible DE19806
paring exception. For the patter {_!RmEndMessage_} Disabling JSON
parsing was required rather than just "Allow curly brackets after JSON
block".
12. Fails to detect Scraping attack in Activity Tracking module when the DE21184
protected URI is defined with capital letters.
13. When HTTP message body size is set to a 10 digits value (e.g. 9000000000), DE20289
the system used the default value of 45,056.
14. Newly-added tunnels are not presented under the Default Web Application DE21235
view.
15. Application Path policy distribution causes an AppWall Management DE21384
Application exception failing the distribution operation.
16. Adding a Database refinement for exclude rules causes AppWall DE23714
Management Application exception failing the operation
17. Activity Tracking mechanism generates DNS reverse lookups to exclude DE18890
good bots from the detection process. A short timeout of 3 seconds may
lead to system log errors notifying about DNS lookup failure. The default
value is now 5 seconds and the administrator can configure it to longer
timeouts.

AppWall Gateway
18. When configured in Passive mode, Session filter removes cookies. DE18992
19. Always blocks source IP failed to work. DE19307
20. After upgrade to 7.3.2, tunnel initialization failed on a Cluster node. DE19529
21. HTTP request which were expected to be blocked by AllowList security DE19322
filter were not blocked when the folder name includes a dot (e.g.
http://www.host.com/index.php/exxx).
22. Blank error message were occasionally shown when saving configuration DE19290
changes.

AppWall Gateway
23. Database Security Filter may apply optimization process on the DE19561
refinements generated automatically, using a parameter trimming
mechanism, to reduce the number of refinements. When processing HTTP
requests with JSON body, the JSON structure was not handled properly by
the Database security filter when the trimming mechanism is enabled. This
may lead to blocking legitimate request resulting with false positives.
24. A rare Kernel panic on AppWall VA. DE19479
25. Loop of netconfig.php: Permission denied printouts in /var/log/httpd- DE19298
ssl/error.log.
26. Memory leak in publisher ODBC recipient. DE8737

AppWall Gateway
1. Under certain conditions, signaling to DefensePro in monitor (out-of-path) DE16309
mode may cause an AppWall failure.
2. Under certain conditions, when AppWall is working in monitor (out-of- DE16158
path) mode, source blocking signal to DefensePro is not sent.
3. Under certain conditions, AppWall fails to un-block IPs from DefensePro DE15196
after the blocking period is over.
4. Under certain conditions, database security filter refinements containing DE14942
regular expressions are not taken into consideration blocking legitimate DE15026
traffic.
5. Under certain conditions, upgrading from an older version will cause DE16297
database security filter refinements to be removed.
6. Under certain conditions, request that are matched by multiple database DE15536
security filter refinements are blocked by the filter regardless of the
refinement.
7. AppWall PCI Compliance report shows session security filter as disabled, DE12574
while actually enabled.
8. Under certain conditions, tunnel working in passive mode will close DE16818
connections that exceed the HTTP max body size parameter.
9. Under certain conditions, tunnel working in passive mode will not pass a DE12442
request containing a HTTP parsing error to the protected entity.
10. Under certain conditions, AppWall in monitor (out-of-path) mode may
DE8036
experience a failure.

AppWall Gateway
11. Vision shows wrong "deployed in" mode when connecting to AppWall
DE11170
deployed in monitor mode.
12. After the blocking period time, AppWall may fail to unblock the Singled IP
DE18836
sources in DefensePro.
DE18004
In a related scenario, AppWall may fail to block the attack source on a
DE18291
subsequent signaling flow.
13. Response data is greyed out in Forensics view. DE14059
14. Unable to create custom pattern for Safe Reply security filter. DE15797
15. AppWall
3 initialization error due to problem in .lrn file. DE16194

AppWall Gateway
1. Under certain conditions, AppWall truncates cookies. DE15586
2. Under certain conditions, HTTP pipelining in SSL sessions may cause an DE14980
AppWall failure
3. Unable to add a Gateway to the Cluster Manager on an encrypted DE8185
connection.
4. AppWall management Application may not display correctly large response DE9846
data in the security forensics.
5. Failure in APSolute Vision may lead to an AppWall failure DE14856
6. SYNC_START error when adding a new node to a cluster environment DE8930
7. AppWall management Application is not saving ADV configuration file DE9487
changed via the configuration file editor

AppWall Gateway
1. Under certain conditions, HTTPS tunnels in passive mode may cause an DE14710
AppWall failure.

AppWall Gateway
1. Under certain conditions no response data is shown in the security event DE9163
log.
2. Under certain conditions HTTP HEAD requests are blocked. DE13333
3. Setting the HTTP response headers size limit to zero results in AppWall DE12889
blocking responses.
4. HTTP POST requests with content-type application/JavaScript are parsed as DE13321
JSON requests even when they contain no JSON body.
5. Vulnerability Security Filter doesnt apply specific header limitations for DE12920
certain patterns. This could result in false positives for patterns such as
9841.
6. AppWall management Java applet doesnt open in Ubuntu-based DE10974
machines.
7. Issue with configuring an external security page. DE10854
8. JSON parsing blocks JSON with numbers exceeding the 32bit integer max DE8888
value.
9. Cluster-Node sync issues may occur with very large Allow List security filter DE8702
settings (when AllowList.adv size is over 2 MB).
10. Under certain conditions AppWall sends SYSLOG reports to APSolute Vision DE10443
over the service interface.
11. AppWall closes the connection for HTTP Parsing error in HTTP POST request DE10983
instead of returning a security page.
12. Quick-Click refinement of directory listing events may not work. DE4179
13. In passive mode, HTTP RFC violation events are not shown with the X- DE13576
Forwarded-For (Layer 7) IP address.

AppWall Gateway
1. After upgrade to 6.4.1 management interface IP address is changed to DE6770
127.0.0.1.
2. IP Blocking wildcard based setting in the never block list is not enforced DE6981
3. Under certain scenarios, Parameters filter manual refinement may cause DE7522
duplication of page references in configuration resulting in initialization
error.

AppWall Gateway
4. Blocked a legitimate request when it contains more than one parameter DE6890
that match a pre-defined regex refinement
5. When Auto Policy Generation module adds a vulnerability refinement for a DE7165
custom pattern rule, the refinement may have ID 0 values resulting in
initialization error.
6. When reviewing the Security Logs in the Cluster Manager, logs of nodes DE7214
may not show request data.
7. A Viewer user cannot edit his own password. DE5860
8. When clicking Request Data button the mouse curser freezes for several DE8918
seconds.
9. Allow List filter does not let methods other than GET or POST be configured DE9478
10. JSON parsing failure (e.g. as a result of non-valid structure) with sensitive DE9147
parameters within the JSON object, may cause inconsistent behavior.
11. Regular expression based patters in Safe Reply security filter are not DE5943
working properly.
12. Import of SSL certificates in PEM format into AppWall Monitor may cause DE6611
an AppWall failure.
13. AppWall Management Application exception when trying to activate DE6768
Hotlink security settings.
14. AppWall Management Application exception when trying to add custom DE8104
pattern in Vulnerabilities security filter
15. AppWall Management Application exception when trying to edit Allow List DE8610
refinement.

AppWall Gateway
1. AppWall occasionally crashes during apply operations. DE2722
2. Certificate DB is corrupted after upgrade. DE3880
3. Exception when configuring refinement under global session filter on the DE4438
host level.
4. Database quick click refinement parameters should be copied from existing DE4459
"all other pages" refinements.
5. AppWall crashes when Vision reporter is enabled. DE4690
6. IP addresses and default routes assigned to bond interfaces are removed DE5860
on reboot.

AppWall Gateway
7. When clicking Request Data button the mouse curser freezes for several DE6044
seconds.
8. A request with a double slash produces an RFC violation security event. DE6045
9. Creating a bond does not work and the AppWall Management Application DE5276
show errors.
10. Events are not saved to the event database. DE2047
11. AppWall crashes when importing a certificate. DE3511
12. When AppWall receives a HEAD request it sends GET to the Web server. DE4465
13. All MNG-Server-Connections addresses change to ethMNG after upgrade. DE4970
14. XFF addresses are not extracted in tunnel events. US4704
15. GET requests to security pages contain content-length headers. DE4463
16. BypassExtentions.cfg file is not upgraded when restoring old configuration. DE2053
17. SSO /w SharePoint does not work. US6894
18. Monitor fails to see TLS 1.2 traffic. US6889
19. Service default route is removed from the routing table when changing the DE5383
bond hash policy on AppWall.

AppWall Gateway
1. Added auto-detection of screen resolution and auto-sizing of dialogs larger
than the viewable area. If a dialog is larger than the viewable area, the
dialog will automatically be shortened and a scroll bar added.

AppWall Gateway
1. The order of security filters when manually adding a new Application Path. prod00216797
2. There was a memory leak in the AppWall Monitor. US4552
3. Reply auto-policy rules (e.g., 302 instead of 404) were not maintained after US5990
upgrade.
4. When multiple HTTP Connection headers were found in an HTTP request, US6086
AppWall retained only the first. In some scenarios, where header values
were not contradicting (for example, keep-alive and close) AppWall
retained both headers.

AppWall Gateway
5. When a tunnel is set to passive mode, parsing errors were not counted for US4814
IP blocking purposes. prod00229770
6. HTTP message sizes in server replies were not optimized when tunnel US4547
optimization was checked.
7. When AppWall redirects the user to an SSO server, it uses HTTP links, while DE2263
in some cases the actual tunnel is HTTPS. A new check-box Force HTTPS
usage for redirection was added under the Form Based Authentication tab
under the host to address this scenario.
8. AppWall Management Application now allows adding new refinements to prod00210890
Allow List Auto Policy locked tab.
9. You can select a Protected Entity or add a new tunnel in bridge mode. prod00226540
10. Clicking the filter button on a nodes forensics view in the AppWall prod00221708
Management Application now works properly.
11. The scenario where a legitimate JSON request was blocked as a non-RFC prod00225338
compliant POST request now works properly.
12. The error in the configuration of the signature sent to DefensePro once prod00224133
AppWall detects an attack based on X-FORWARDED-FOR header was fixed.
13. An AppWall Management application exception that occurred under prod00229733
specific configuration scenarios during the login process was fixed.
14. An AppWall Management application exception when disabling or enabling prod00229254
security filters was fixed.
15. A possible AppWall failure during fallback from primary to secondary prod00231025
Radius server was fixed.
16. An administrative AppWall user of the Viewer role can also see the prod00226931
Configuration view.
17. Various AppWall management application Refresh and view bugs were prod00228648
fixed. prod00227620
prod00212014
prod00228648
prod00191784
18. A wrong DefensePro user password provided in AppWall while configuring prod00224994
the signaling does not result in locking the user.
19. An exception preventing form clicking the Refine button in Forensics prod00223836
view of a node was fixed.
20. Compatibility issues with AppWall Management application with JRE prod00225118
version 8 update 25.

AppWall Gateway
21. When an Auto Policy mode is set to Known Types of Attacks, Database prod00190723
security filter generates automatically only "Apply to all other page"
refinements.
22. When clicking the Refine button in the Forensics view on and HTTP prod00185553
parsing violation event, the URL is stripped form the query parameters to
refer only to the Web page.
23. When refining a database security filter event with "Apply to All Other prod00173733
Pages, the Refine options for all other pages in the logs are no longer
available.
24. It is now possible to run an Application Path level policy distribution from prod00159160
an AppWall server to itself.
25. Bugs related to wrong red coloring of left-hand side tree view (indicating prod00222187
missing or wrong configuration) of nodes that are properly configured was
fixed.
26. Added a counter to the Blocked IPs table in the IP blocking module. prod00220270
27. The order of the Application Paths list in a host was fixed. prod00205166

AppWall Gateway
1. An HTTP request with a very long start line sometimes led to an AppWall prod00223054
failure.
2. When processing an HTTP request with a space character within a cookie prod00228767
value, the cookie was not parsed properly and was removed from the
request forwarded to the Web server.
3. There were AppWall Management Application exceptions in SSL bridge
tunnel settings.
4. Added form-based authentication support for a single login page per
domain.
5. Added support to bind to the management interface IP address when
connecting to LDAP and Radius servers. If a management Default Gateway
was defined and when checking the new Force Management IP
checkbox, Radius/LDAP traffic is processed only over management
interface.
6. Added configurable penalty scores support for HTTP parsing violations. prod00229772

AppWall Gateway
7. Vulnerabilities security filters have visibility into the rule and signature with prod00205081
additional detailed information from the security policy view.
8. Transaction ID was not visible in redirection to a security page in the
directory listing violations.
9. Security logs for directory listing violations and 500 status code replies that
are replaced with a black page did not show the XFF header IP address.
10. There was an AppWall Management Application exception when the prod00221708
Forensics view of an AppWall node was accessed.
11. There was a possible AppWall failure during the fallback from the primary prod00231025
to the secondary Radius server.
12. Logging into AppWall with a Radius user when AppWall was inspecting very prod00147290
high traffic volume may lead to an AppWall failure.
13. A high rate of security log generation (for example, high attack traffic prod00147290
volume) may lead to a memory leak in an AppWall Node when sending logs
to the Cluster Manager. This issue was introduced in version 5.8.3.
14. Parsing properties violations in passive mode tunnel caused IP blocking. prod00229770

AppWall Gateway
1. AppWall Management Application login form works properly with Java 8. prod00225118
2. Most of the Networking Problems events were found to be false alarm prod00224657
not reflecting any practical networking impact and were therefore
removed. A log file describing a scenario with connectivity issues is
generated.
3. Rarely, the process of launching a new AppWall instance in the event of prod00225509
Apply changes ended with errors which sometimes led to traffic
interruption.
4. Legitimate JSON request (URL-encoded) are no longer blocked as a non- prod00225338
RFC compliant POST request.
5. Country names that contain an apostrophe (for example, Cote d'Ivoire) are prod00224776
processed properly and do not activate a loop of Database Security filter
events.
6. The Auto Policy Generation process now goes through a sanitation process
on learned characters of Application Paths to avoid writing special
characters (such as %) into configuration files.

AppWall Gateway
7. Open SSL was upgrade to version 1.0.1j for the proper handling of poodle prod00226105
SSL v3 vulnerability.
8. The AppWall Management exception when adding a new Bridge Mode prod00227544
tunnel was fixed.
9. The HTTP and HTTPS bridge tunnel in the AppWall Management prod00227447
Application are presented with support of SSL options.
10. When selecting the Demo mode in the Auto Policy Generation wizard, a
warning message Not for production environment is shown.

AppWall Gateway
1. Corrected HTTP reader parsing to support proper parsing of multiline prod00224529
headers. This issue also relates to ShellShock vulnerability which can take
advantage of this parsing process to evade an attack that is split into
multiple lines (separated with \r\n).

AppWall Gateway
1. SSL termination errors do not cause SSL session traffic interruptions (in prod00219418
AppWall stream 5.8.*).
2. All attack source IPs are properly added to DefensePro layer 3 black list and prod00211995
layer 7 signatures.
3. Blocked IP are unblocked after penalty time is over. prod00215013
4. Improved IP blocking mechanism to handle high attack rate. prod00217083
5. Improved simultaneous signaling to multiple DefensePro devices. prod00217759
prod00211774
prod00218254
6. Added wildcard support for IP Blocking "Never Block" list. prod00213386
7. Fixed Response Data in AppWall Monitor events. prod00213483
8. New Cross site scripting signatures added. prod00219437

AppWall Gateway
9. DefensePro black list and signature leftovers after attacking IPs are signaled prod00209543
are now properly cleaned once attack is over.
10. UI refresh fixes related to IP Blocking which may have been shown as prod00209207
disabled while active.
11. A SafeReply security filter refinement which may have caused AppWall to prod00206463
show "Ended with Errors" message.
12. Fixed 1012 error message when deleting a parameter from the Global prod00084174
Parameter configuration.
13. IP address base policy works properly in AppWall Monitor. prod00212703
14. A DefensePro Destination Network setting is required only for layer 7 prod00216305
signature signaling.
15. Fixed Throughput info presentation in the Dashboard for AppWall Monitor. prod00218929
16. Improved JSON parsing. prod00219361
17. Added check button when adding a DefensePro device to validate prod00214322
connectivity and settings.
18. Fixed handling of configuration change when existing database security prod00206446
filter refinement is changed to "Apply to other pages".
19. Added "Response Data" in HTTP parsing errors logs in reply. prod00137313
20. Improved signaling mechanism to DefensePro. prod00217088
21. CPU usage is 100% when applet opens on Dashboard. prod00210827
22. IP Blocking "Never Block" form accepts wildcards (e.g. 192.168.6.*). prod00213386
23. Added a Check connectivity button when adding a DefensePro device. prod00214322
24. Fixed "Blocked IPs" form refresh in IP blocking. prod00209553
25. Auto Policy with Browsing and Crawling profiles correctly mapped to prod00218257
Production Profile making Auto Policy Generation Process shorter.

AppWall Gateway
1. Updated
1 the OpenSSL library version in AppWall to version 1.0.1g in order prod00210190
to address the HeartBleed vulnerability (CVE-2014-0160) discovered in the
previous OpenSSL 1.0.1 versions.
Relevant to versions 5.7.1 through 5.8.1 which use OpenSSL version 1.0.1e.

AppWall Gateway
Previous versions, using older Open SSL versions, are not vulnerable to
HeartBleed.
2. AppWall now also masks as sensitive data the XML-formatted Request prod00193787
Data.

AppWall Gateway
1. Fixed Management Application backward compatibility issues where spaces prod00197438
were not allowed in Web Application, Tunnel and Web server names in
versions 5.7.*.
2. Static routing rule are now properly preserved after the upgrade process. prod00197376
The issue was identified when upgrading from 5.6.* to 5.7.* systems.
3. After upgrade, you can properly save changes to the configuration, also on prod00206122
Monitor.
4. An SSL Server Certificate import problem was fixed. prod00205369
5. You can edit a cluster nodes listen and forwarded IP addresses in the prod00203158
tunnels.
6. Fixed an issue of refreshing with a signature update. prod00198811
7. AppWall traffic capture tool now properly maintains the number of capture prod00186478
cycles to 20 and limits each capture file to 5 MB.
8. AppWall Management Application allows enabling Authentication and SSO prod00203817
options only on active tunnels.
9. Added sorting the "Host Names" by the name option in the tunnels. prod00197363
10. AppWall Publisher now correctly indicates when the tunnel is in passive prod00177033
mode in the Syslog messages.
11. AppWall updater, which was a legacy update system, is removed from the prod00201020
Web Interface. AppWall publisher is not related to the signature update
service.
12. Added Counter to the Tunnel's Host Name tab. prod00197361
13. You can add multiple database security filter refinements with "Apply To All prod00173734
Other Pages" in an application path.
14. Slowloris protection, based on the Protection against idle-connections prod00139651
DoS HTTP property setting, is now associated with the IP Blocking
mechanism. Thus a source which is hitting the secured application with a
Slowloris attack will be blocked by the IP Blocking.

AppWall Gateway
15. Auto Discovery with a Hebrew folder name appears with readable prod00208664
characters.
16. Improved latency issues when using AppWall Management Application to prod00198116
manage remote AppWall servers.
17. Added support for Auto Policy Analysis rules to address scenarios where a prod00200684
"Page was not found" is not always a 404 response.
18. When creating an SSO server with an HTTPS tunnel, the "Secure" cookie is prod00198117
no longer checked automatically and the SSO client now works properly.
19. Improved support for Internet Explorer with SSO deployment scenarios. prod00197477
20. SafeReply security filter False Positive in Social Security Numbers is fixed. prod00190127
21. Fixed a bug in AppWall Management Application related to the LDAP prod00189015
browsing process.
22. Fixed a bug which may rarely cause an AppWall failure during SSL traffic prod00188998
processing.
23. When reply security filters are not enabled (e.g. no Safe Reply) and the prod00179575
security page is a static HTML page, the transaction ID is properly
presented with the injected JavaScript.
24. Added a Forensics Filter based on a Web role. prod00187586
25. Fixed a bug where in a multi-tenancy configuration, an application owner prod00170841
and viewer have access to view refinements of other Web applications.
26. AppWalls internal Web daemon server certificate is renewed. prod00167660
27. When there is no Web application defined in the AppWall policy, AppWall prod00201492
does not fail.
28. Alerts sent to Vision Reporter are properly sanitized from attack prod00205601
information.

AppWall Gateway
1. SSL termination errors do not cause SSL session traffic interruptions. prod00219418

AppWall Gateway
1. Updated OpenSSL library version in AppWall to version 1.0.1h in order to prod00210190
address the HeartBleed vulnerability (CVE-2014-0160) discovered in the
previous OpenSSL 1.0.1 versions.
2. Allows adding multiple database security filter refinements with "Apply To prod00173734
All Other Pages" in an application path.
3. IP blocking works properly.

AppWall Gateway
1. On-board bridge network bypass (fail open) is no longer on when the prod00200547
working mode is set to Reverse Proxy. This had happened when enabling
Fail-Open in Bridge mode and then switching back to Reverse Proxy mode.
2. Auto-Policy Generation is now properly disabled when disabled in all prod00201953
application paths in all Web applications.
3. Static routing rules may have disappeared after reboot. prod00197376
4. Potential failure in AppWall upon HTTP parsing error when default Web prod00201492
App is not enabled was fixed.
5. Applet certificate is now valid until 2017.

AppWall Gateway
1. Content-Length header values are properly scanned and validated prod00190905
according to the security policy.
2. The cluster manager now properly synchronizes the configuration to the prod00190552
nodes, even when the last modified date of a file is in the future.
3. The Policy Distribution wizard running on a Windows device with primary prod00193844
language other than English is working properly.
4. When enabling a TLS 1.2 in an AppWall tunnel, the application is no longer prod00168171
BEAST vulnerable.

AppWall Gateway
5. The cluster.cfg file on a node is now visible using the Configuration File prod00193561
Editor.
6. Session cookie refinements are mapped properly to the correct prod00185513
tunnel\host.
7. For HTTP RFC and parsing violations events, the sources IP address prod00178640
presented in the log is the IP address as retrieved from the X-FORWARDED-
FOR header.
8. The publisher.cfg configuration file is part of the configuration backup. prod00186701
9. HEAD requests sent by Web clients are now replied to without a body, only prod00196067
start line and headers.
10. Resubmit credentials, when SSO client page contains special tags, is
working properly.
AppWall Gateway
1. The AllowList security filter does not learn non-legitimate HTTP method prod00189899
names which resulted in a broken AllowList configuration file.
2. You can open ethSRV and ethMNG addresses for cluster control without prod00186776
the need to change the Cluster Manager IP address in the Cluster.cfg file.
3. The Auto Policy Generation settings in the Filter table are disabled when prod00184571
Auto Policy Generation is disabled for the Application Path.
4. The AppWall Management Application warns to "save" when setting prod00165888
Publishing Rules and exiting the screen.
5. The dashboard presents correct IP addresses for the cluster nodes. prod00174692
6. The Cluster Manager synchronizes the users.cfg file. All user credential prod00152077
modifications or processes of adding/deleting a user on the Cluster
Manager are synchronized with the nodes.
7. The x-country-code HTTP header (mobile devices header) does not cause prod00187740
false positives.
8. When Auto Policy is enabled on an application path, AppWall properly prod00187887
generates security events for the IP role.
9. Viewer users can add new application paths. prod00177079
10. Dashboard statistics (max values) reset after applying or restarting. prod00177590
11. You can select a page in the forensics logs. prod00171345

AppWall Gateway
12. The "Illegal Combination" message in Auto Policy Generation indicates the prod00187714
specific problem.
13. Refresh issues and long response times in Auto Discovery, when processing prod00089183
large tree structures, are resolved. prod00175768
prod00142113
14. The AppWall Management Application properly displays parameter values prod00141092
in the Auto Discovery view.
15. Support for VLAN tagged environment is supported. prod00168303
16. Watchdog log events are aligned with the configured local time zone. prod00191506
17. User tracking works properly with IP based roles. prod00188196
18. The Apache daemon is not affected by the log rotation process. prod00178883
19. AppWall signature update requests contain only a single User-Agent prod00178778
header.
20. All relevant information, including references to external sources, is prod00154151
properly presented for Vulnerabilities security events.
21. Upon an unsuccessful login attempt, AppWall properly indicates the prod00151281
username.
22. You can filter security events for Passive and Active events. prod00127152
Known Limitations
The following are known limitations for this version:

Item Description
AppWall Gateway
1. AppWall in monitor mode cannot work with Perfect Forward Secrecy
(i.e. Diffie-Hellman ciphers).
2. AppWall Authentication Gateway and SSO may not be backward compatible with
previous versions. Customers using the Authentication Gateway should contact
Radware Technical Support prior to upgrading.
3. Under the condition where multiple Database Security Filter refinements will match
on the same request only the first refinement will be considered. This is relevant for
the case where a refinement containing regular expression is created.

Item Description
AppWall Gateway
4. When backing up the configuration on a Cluster Manager, the cluster.cfg configuration
file that stores the nodes in the cluster is being backed-up. However, when restoring
the configuration backup this file is not restored as this may cause challenges when
restoring on a device different from the one where the backup was taken. This may
cause configuration inconsistencies. If the restore operation is on the original Cluster
Manager from where the backup was taken, you can manually restore the Cluster.cfg
file to preserve the full configuration.

North America International
Radware Inc. Radware Ltd.
575 Corporate Drive 22 Raoul Wallenberg St.
Mahwah, NJ 07430 Tel Aviv 69710, Israel
Tel: +1-888-234-5763 Tel: 972 3 766 8666
2017Radware, Ltd. All Rights Reserved. Radware and all other Radware product and service names are registered
trademarks of Radware in the U.S. and other countries. All other trademarks and names are the property of their respective
owners. Printed in the USA.

AppWall 755 RN

Diunggah oleh

Informasi Dokumen

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

AppWall 755 RN

Diunggah oleh

Hak Cipta:

Format Tersedia

AppWall

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 2

Supported Platforms and Modules

Platform Notes and Exceptions

VMware ESX/ESXi 5.0, 5.1, 5.5 & 6.0

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 3

AppWall Version 7.3.4

AppWall Version 7.3.2

AppWall Version 7.1.1

Kerberos S4U2Self tickets are now cached

AppWall Version 6.6.1

AppWall Version 6.4.1

OpenSSL version was updated to version 1.0.1p.

AppWall Version 6.2.1

OpenSSL version was updated to 1.0.1m.

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 4

AppWall Version 7.5.2

AppWall Version 7.3.2

Ability to group hosts under a single security policy.

AppWall Version 7.1.1

HPE WebInspect DAST integration support:

AppWall Version 6.6.1

Improvements to Authentication Gateway:

AppWall Version 6.5.1

1. Improvements to Forensics view:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 5

AppWall Version 6.4.1

1. Activity Tracking Improvements:

AppWall Version 6.2.2

1. Regular Expression Support in Vulnerabilities Security Filter While regular

AppWall Version 6.2.1

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 6

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 7

The following documentation is related to this version:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 8

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 9

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 10

The following is a list of bugs fixed in AppWall version 7.5.1:

The following is a list of bugs fixed in AppWall version 7.4.2:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 11

The following is a list of bugs fixed in AppWall version 7.3.4:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 12

The following is a list of bugs fixed in AppWall version 7.3.2:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 13

The following is a list of bugs fixed in AppWall version 7.1.1:

The following is a list of bugs fixed in AppWall version 6.6.2:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 14

The following is a list of bugs fixed in AppWall version 6.5.1:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 15

The following is a list of bugs fixed in AppWall version 6.4.1:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 16

The following is a list of bugs fixed in AppWall version 6.2.2:

The following is a list of bugs fixed in AppWall version 6.2.1:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 17

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 18

The following is a list of bugs fixed in AppWall version 5.8.9:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 19

The following is a list of bugs fixed in AppWall version 5.8.8:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 20

The following is a list of bugs fixed in AppWall version 5.8.7:

The following is a list of bugs fixed in AppWall version 5.8.6:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 21

The following is a list of bugs fixed in AppWall version 5.8.2:

Release Notes: AppWall version 7.5.5, October 03, 2017 Page 22