Apache agent releases

v3.5.1

2022-09-26

New

• We improved the performance of the internal agent.

Fixed

• We fixed a bug introduced in 3.6.0. The agent now correctly receives policy updates after updating denylisted IPs addresses.

v3.5.0

2022-08-08

New

• The agent now supports IP blocking by country, see the ip groups page for more details.

v3.4.0

2022-04-14

New

• Now supports inspecting multipart form-data. For more information, see Server Agent Options
• JS Agent Subresource Integrity (SRI) support

Fixed

• Blocked requests would circumstantially generate duplicate blocking events.

v3.3.0

2022-02-10

Fixed

• The agent would stop sending events after an extended period of time or after heavy load.
• Memory leak was noticeable after several days of uptime.

v3.2.2

2022-01-25

Fixed

• Updated build tools to address security vulnerability CVE-2022-21658.

v3.2.1

2021-12-31

Fixed

• The agent now uses the actual reverse_proxy configuration value, instead of always assuming it is true. The reverse_proxy value now defaults to false.
  
  You must explicitly set your agent's reverse_proxy value to true to have it use the X-Forwarded-For header to determine the remote IP address.

v3.2.0

2021-09-24

Fixed

• An erroneous port 0 was being added to some URIs.
• Many 4xx and 5xx response code events were never being emitted.
• User agent empty events are now sent where appropriate, and without an accompanying "not_applicable" user agent.
• Certain IPv6 addresses were erroneously interpreted as blacklisted.
• Dot notation in App Firewall Blocking Rules JSON parameters was not parsed correctly, which impacted policy enforcement.

v3.1.1

2021-04-23

Fixed

• We fixed an issue with content type parsing.
• We fixed a bug where the agent was incompatible with Apache 2.2 which caused a crash on startup.
• We upgraded libtcellagent to fix a bug with Jenkins builds on Mac.
• We upgraded Rust to fix a bug where the Cargo audit failed to compile.

v3.1.0

2020-11-20

New

• We added support for Classless Inter-Domain Routing (CIDR) filters in app firewall configurations.

Fixed

• We fixed an issue where the agent failed to parse configuration files in UTF-8 BOM format.
• We fixed an issue where log messages near the beginning of the agent lifecycle were missing.
• We improved agent recovery when attempting to apply a corrupted policy.

v3.0.0

2020-08-07

New

• The Apache agent can now be used offline. To do so, first specify a cache directory in the configuration file, and then place a file containing the cached policy in that same directory. If used while online, any policy will be cached to the directory for future use.
• tCell now logs startup progress and system-level failures to the Apache error_log. After the agent has started running, the agent will log to the default tcell.log file.
• For added security, tCell has a new configuration option called server_header_off. The tCell agent will remove the Server: header from all responses when set to "true".

Fixed

• If the Apache agent is started on Unix without configuring a log directory, the agent now writes the log file to the /tmp folder. Before, the agent used the /var/log directory, but would fail due to permissions errors.

v2.0.3

2020-02-16

New

• Support for diagnostics packages.
• support for TCELL_LOG_DIR environment variable

Fixed

• Fixed a bug where Apache would continue to process a request after it had been blocked by the agent
• Fixed a bug where cookies would be displayed with their encompassing quotation marks in the UI. Now the Apache agent matches behavior of other agents and does not display encompassing quotation marks
• When redirects are blocked redirects correctly redirect to '/' instead of returning a 403
• JS Agent can now insert itself into pages with attributed head tags

v2.0.2

2019-05-22

Fixed

• We fixed an issue that occurred when terminating large PUT requests that sent the full URL with the inspection event instead of only the path and query parameters.
• We fixed an issue with the event sender where the Apache agent would disconnect from the tCell Cloud.

v1.2.1

2018-08-07

New

• Starting with 1.2.1, Apache Agent uses RustTLS for TLS encryption. It should be noted that the agent only makes outbound connections, and does not act as a server. Root certificate validation of tCell servers is configured by using standard Mozilla root certificates. For more information, see https://docs.rs/rustls/0.13.0/rustls/.
• Support path exclusion rules for js agent.
• Added support for clickjacking feature in the agent. For more information on configuring and enabling clickjacking, see the help article.
• Added support for path aware Content Security Policy.

Fixed

• Fixed an issue where sometimes the Application Firewall event data sent to the cloud had incorrect remote IP address information.

v1.1.1

2018-06-12

New

• When configured on, add a Content-Security-Policy (CSP) header, even if the response already has a CSP header. Previously, the apache agent would not add a CSP header in this case.
  • The result of this situation will be that there are multiple policies in place on the document, which is a fully supported scenario in the CSP specification, and by CSP-implementing browsers.

Fixed

• Fixed an apache process hang that could occur when using simple ip blocking (suspicious actors in blocking mode, or IP blocking), while handling a request from a blocked IP.
• Fixed sending duplicate events for the same request for large requests.

v1.1.0

2018-06-06

Fixed

• Use X-Forwarded-For address consistently when present. Previously, when the X-Forwarded-For header was supplying the client ip, the socket IP would still sometimes used when reporting events.
• Fixed an issue where some POST body inspection cases were not operating correctly. This could result in no event sent to the tCell service when an event should be sent in some cases.

v1.0.14

2018-05-18

Fixed

• Fixed a problem where some HTTP headers were not being inspected.
• Previously, Unusual Response Size events might not be generated for some proxied requests that lacked a Content-length header. This has been fixed.

v1.0.12

2018-05-09

New

• Inspection of POST bodies is now limited, by default, to 1MB (2^20 bytes). This can be altered with the environment variable TCELL_MAX_BODY_PARSE_SIZE if necessary (the value is in units of bytes).
• The previous limit on CSP header size of 2048 bytes has been raised to 8192 bytes. Real-world policies are unlikely to exceed this size. However, this limit can be adjusted via the TCELL_MAX_HTTP_HEADER_SIZE environment variable.

v1.0.11

2018-06-25

Fixed

• Fixed a problem where automatic Javscript Agent (jsagent) insertion might not work on certain responses with internal intermediate content-types.
  • Essentially a detail of how some Apache configurations are set up, responses might not be text/html at all points within the internal logic. This was observed with with python and uwsgi.
  • The fix was generic, to detect these cases and check later to see if the content-type changes to html.

v1.0.10

2018-06-23

Fixed

• Update native library to resolve a memory leak in v1.0.5.

v1.0.5

2018-05-16

Fixed

• Improved full support of log location configuration directives from the tcell_agent.config file.

v1.0.3

2018-05-05

New

• Block events are now sent to the tCell service flagged explicitly as block events, enabling them to appear in a dedicated view.

Fixed

• Fixed a problem where the jsagent might be inserted in content that was not content-type text/html.
• Fixed some cases where User-Agent Empty events might be reported falsely.
• Improved tcell.log file behavior.

v1.0.2

2018-03-10

Fixed

• Fixed a defect where the agent could return HTTP 500 errors when jsagent insertion was disabled.

v1.0.1

2017-03-05

Newß

• Apache Agent released! The Apache Agent is a Web Server Agent (WSA) and provides protections by monitoring http/s requests and responses passed through an Apache proxy.
• Apache versions 2.2.x and 2.4.x are supported.