In this release:

New Features

None.

Enhancements

API: Changes in API responses

As part of an upgraded certificate validation process, changes were made to API responses that affect several APIs.

What changed:

  • When the action performed by the APIs requires DNS verification by the user, the response includes the domain_dns key. Previously, this key contained a single value. Now it is an object composed of key/value pairs (domain name: array of values).

    For example:

    Before Now
    {"res":0,"res_message":"OK","debug_info":{"id-info":"999999","domain_dns":"_globalsign-domain-verification content\u00-####-93403"}} {"res":0,"res_message":"OK","debug_info":{"id-info":"999999", "domain_dns”:{“example.com”:[“_globalsign-domain-verification\u00-####-93403”]}}

    The APIs impacted by this change are:

    • Modify Site Configuration
    • Move Site

  • For APIs that include site status details in the response structure, the array of objects under ssl > generated certificate > validation data previously contained only one element. Now it can have up to 2 elements.

    In addition, the set_data_to field previously contained only one element. Now it can have up to 4 elements.

    For example:

    "validation_data": [
                            {
                              "dns_record_name": "incaptest.co",
                              "set_type_to": "TXT",
                              "set_data_to": [
                                "_globalsign-domain-verification=sdl_####_####_w9",
                                "_globalsign-domain-verification=70en#######DXSrwYj"
                              ]
                            },
                           {
                              "dns_record_name": "test.incaptest.co",
                              "set_type_to": "TXT",
                              "set_data_to": [
                                "_globalsign-domain-verification=ldsFF########50725"
                                               ]
                           }
                         ]

    The APIs impacted by this change are any that include site status details in the response structure.

For more details on the APIs, see Site Management API.

API: List all custom cache rules API added

A new (version 2) API was added to enable you to retrieve the list of all custom cache rules defined for a site:

GET /sites/{siteId}/settings/cache/rules

What changed: Previously you could retrieve details of a single rule only by specifying a specific rule ID.

For details, see Cache Settings API Definition.

For details on version 2 API, see API Version 2.

API: Change in edit cache and delivery settings APIs

To better align with REST API best practices, the following version 2 APIs were changed from POST to PUT operations:

  • /sites/{siteId}/settings/cache (Modify cache settings)
  • /sites/{siteId}/settings/delivery (Modify delivery settings)

For details on cache and delivery APIs, see the Cache Settings API Definition.

For details on version 2 API, see API Version 2.

Fixes

Origin Lock fix

Origin Lock associates a specific IP with your account to prevent other accounts on the Imperva service from setting up sites that forward traffic to that origin IP.

Problem: If a parent account configured origin lock but does not have any sites configured directly under it, the IPs configured for origin lock were ignored and not locked.

Solution: The bug is fixed. All IPs configured for origin lock in an account are locked for use by the account and its sub accounts only.

Known Issues

None.

Change in Feature Availability

Heads Up: Policy Management rollout / Change in website ACL API

On June 7, 2020, we are starting a gradual rollout of the new Policy Management feature.

As part of the rollout, website access control lists (ACLs) will be automatically migrated to the new policies, and the APIs used for website ACLs will be replaced with new APIs.

The following Site Management APIs will be replaced:

  • Modify site access control list (ACL) configuration
  • Modify whitelist configuration

ACL details will be removed from the following Site Management APIs:

  • Get site status
  • All other Site Management APIs that return details of the site’s ACL configuration

What is Policy Management? Currently, each website protected by Imperva must be configured separately. Manually configuring a large number of sites can be resource-intensive, time-consuming, and error-prone. Policy Management introduces the ability to centrally configure and manage settings, save them as a policy, and then apply the policy to multiple sites in your account.

For details on Policy Management and the migration process, see the Policy Management beta documentation.

Policy Management rollout plan:

  • June 7, 2020: The feature will be available to all new accounts, by default.
  • June 14, 2020: The feature will be available to any customer, by request. Contact Imperva Support or your sales representative to schedule a time for migration.
  • June 21, 2020: Automatic migration of existing free, pro, and business plan accounts begins.
  • June 28, 2020: Automatic migration of existing enterprise and FlexProtect customer accounts begins.

 

Tip: Open the latest release notes directly from the Cloud Security Console's Help menu.

 

To subscribe to updates about weekly releases, add the following link to your RSS feed reader: https://docs.imperva.com/bundle/cloud-application-security/page/release-notes.rss