What’s CHANGED in 32.4.10.0
Empty Group Association to FQDN Server and Virtual Service
A group without servers can now be associated to an FQDN server. With this association, the group name (description) is automatically set on apply (so that the group’s configuration will be different than the factory default).
In addition, you can now assign a group without real servers to other components (virtual service, filter, sideband, and so on) as long as the group description is not empty.
NFR ID: 220111-000026, 210302-000006
HTTP Header Length
The maximum HTTP header length that Alteon can process in proxy mode has now been increased to 128000 bytes.
NFR ID: 211209-000097
Treck Version
The Treck version has been updated to 6.0.1.76.
Remove Vulnerable Expat Library
To eliminate vulnerabilities, the old and unused Expat library was removed. The XML configuration was also removed from the CLI and WBM as it uses the Expat library.
Ignore Non-existing Fields in JSON
REST requests will now ignore non-existing fields and will not fail the transaction. This is required to allow using the same REST API calls for different versions (backward-compatibility support).
Event Counter Default Change
The event counter (/stat/counter/) is used for debugging purposes. As this counter has an impact on performance. it is now set to disabled by default.
When requested by TAC, enable event counter using the command /stat/counter/event ena before issuing TechData. Radware recommends disabling again when it is completed.
Disabling/enabling the event counter is available in vADC, VA, and Standalone.
Disabling/enabling the event counter is available in vADC, VA, and Standalone.
AppWall Integrated
SafeReply Filter: The settings of the SafeReply filter have been moved. Previously, the settings were global when the SafeReply filter was activated. In this version, the settings can be specifically set per Application Path. API Security: When merging a new OpenAPI schema in an existing configuration, the merge policy can be defined. In this version, during the merge process, the value for the Quota is set, by default, to “Keep”.Tunnel Parsing Properties: In the “Request Boundaries" section, AppWall can accept HTTP GET requests with a Body to mitigate attacks, such as HTTP Request Smuggling attacks. In this version, the “Support Framing for Request Message” option has been removed (doing a TCP reset) rather than presenting a Security Page by the “Allow a GET request with body” option.Auto-Discovery and Auto-Policy: These two features, Auto-Discovery and Auto-Policy, have been coupled. When activating Auto-Policy in an Application Path, Auto-Discovery is automatically activated. When Auto-Policy in the last Application Path is deactivated, Auto-Discovery will also be automatically deactivated. It is still possible, though, to Activate Auto-Discovery alone. This will require manual deactivation. Forensics Security Events:It is now possible to filter security events per key words found in the security event Description field.It is now possible to filter WebSocket Security Events.