WAF Rule Set Update Announcement

Name	waf.sig
Version	1.2.41
StoneOS Version	5.5R2-W-1.1 or above, BDS 5.5R8-3.4 or above
Release Date	2025-10-27
New Rules (8)	Rule ID	Rule Name	Rule Details
	1020810049	Smarty Server Side Template Injection	Click for Details
	1020810050	Smarty Server Side Template Injection - if statement	Click for Details
	1020810051	Smarty Server Side Template Injection - php statement	Click for Details
	1020810052	Smarty Server Side Template Injection - getStreamVariable	Click for Details
	1020810053	Smarty Server Side Template Injection - writeFile	Click for Details
	1020810054	Jinja2 Server Side Template Injection	Click for Details
	1020810055	Jinja2 Server Side Template Injection	Click for Details
	1020810056	Velocity Server Side Template Injection	Click for Details
Updated Rules (16)	Rule ID	Description	Ruel Details
	1030000003	Detect XSS Injection with JavaScript Function 'getparentfolder'	Click for Details
	1030000012	Detect XSS Injection with JavaScript Function 'createTextRange'	Click for Details
	1030000014	Detect XSS Injection with JavaScript Function 'copyparentfolder'	Click for Details
	1030000017	Detect XSS Injection with JavaScript Function 'getspecialfolder'	Click for Details
	1030000030	Detect XSS Injection with type=text/ecmascript	Click for Details
	1030000039	Detect XSS Injection with type=application/x-javascript	Click for Details
	1030000043	Detect XSS Injection with type=text/jscript	Click for Details
	1030000045	Detect XSS Injection with type=application/x-vbscript	Click for Details
	1030000048	Detect XSS Injection with type=text/vbscript	Click for Details
	1030000057	Detect XSS Injection with '@import'	Click for Details
	1030000068	Detect XSS Injection with type=text/javascript	Click for Details
	1030000075	Detect XSS Injection via keywords such as 'livescript:'	Click for Details
	1030000078	Detect XSS Injection with CSS	Click for Details
	1000010056	Invalid HTTP Request Header X-Forwarded-For -- Loopback Address	Click for Details
	1000010057	Invalid HTTP Request Header X-Forwarded-For -- Broadcast Address	Click for Details
	1000010058	Invalid HTTP Request Header X-Forwarded-For -- Multicast Address	Click for Details