It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda WAF-as-a-Service
Overview Documentation Training Certification Materials

12.2 Release Notes

  • Last updated on

Features and Enhancements in Version 12.2

  • Support for exempting security checks on JSON profiles is available on the JSON Security page.

  • Ability to configure HTTP response status codes that needs to be exempted from cloaking in the URL policy.

  • Fair Usage Policy: The Fair Usage Policy provides a detailed view of bandwidth consumption and request count across all applications linked to a WAF-as-a-Service account. It empowers users with actionable insights into traffic patterns and resource utilization, helping them make informed decisions.

    • Key Enhancements:

      • License Management: Monitors bandwidth usage and request counts across all associated applications, presenting a rolling three-month average on the License Management page.

      • Reports: Ability to generate comprehensive reports that break down bandwidth usage and request activity for each month within the rolling three-month period, enabling effective tracking and proactive resource management.

  • Security checks on JSON requests can be enabled or disabled for a JSON profile. When set to Disabled, all JSON requests that match the JSON profile are exempted from security checks.

  • Two new Gen AI bot categories (Gen AI (Language Model) and Gen AI (Conversational Agent)) have been added as predefined BOT Categories in the Blocked Categories list.

  • Traffic rules are now exported as part of the application snapshot.

  • Enhanced Endpoint Discovery: Endpoints containing multiple dynamic path segments are now identified to increase visibility and enable more effective security profiling.

  • Configuration backups are now accessible through the Barracuda WAF-as-a-Service web interface. Direct access to Barracuda's GitHub repository has been deprecated and is no longer available.

  • Ability to export and import app group settings using app group snapshots.

  • Added support for importing WAF snapshots, and creation of custom services on WAF-as-a-Service.

  • Application configuration snapshot can be imported and exported using API.

  • Extended Match now includes support for IP ranges and CIDR notation.

  • This feature is available only for applications deployed in custom containers.
    Barracuda WAF-as-a-Service now integrates with AWS Secrets Manager for certificate management. Certificates formatted with a newline character (/n) at the end of each line are supported.

Bugs/Fixes

  • Audit log now displays the uploaded trusted certificate details.

  • Connection to the Barracuda update server is now established only through port 443.

  • A slow leak in the datapath due to rapid or frequent updates of IPs which resolve to a hostname lookup in server configuration, is addressed.

  • Payloads having GET, POST, PUT, PATCH, DELETE and PURGE methods with/without content-length header are not blocked.

  • The VERSION-CONTROL HTTP method can now be added in URL profiles. The HTTP method validation logic has been updated to recognize valid VERSION-CONTROL requests, ensuring they are no longer blocked.

  • BNWF-56194 – For details, refer to WAF 12.2 Release Notes.