Release Notes: Imunify360 firewall module v7.7
We are glad to announce the latest release of Imunify360, introducing a new feature: the ability to add Graylist records. This feature enhances server security control by allowing administrators to manage visitor access more precisely in border cases.
What is Graylist
The Graylist is an existing Imunify360 feature: it is automatically filled with IP addresses for which the protection has detected unsafe behavior. If the IP of website visitors is added to the Graylist (the access is blocked), then the CAPTCHA allows the visitors to unblock themselves. When they attempt to access the website, they are redirected to the CAPTCHA page, where they can see the protection page asking to tick a checkbox. Until the CAPTCHA challenge is passed, all requests from the IP are blocked. This applies to requests to any ports - both web and non-web.
The Graylist feature needs the Webshield to be enabled.
The new manual Graylisting feature highlights
Imunify360 now offers the capability to add graylist records manually, using the CLI command, enabling a more accurate tool for handling visitor IPs in cases such as when the server administrator sees suspicious behavior that is not intense enough to trigger automatic blocking.
The IP could be added to the Graylist only using the CLI command:
Imunify360-agent graylist ip add 192.0.2.0 --comment “suspicious behavior on non-web ports”
The following additional parameters could be used when graylisting:
--comment - allows to add comments to the item.
--expiration - allows specifying expiration time for the blacklisted IP (in seconds since epoch). As the expiration time is measured in seconds since the epoch, you can use a construction like --expiration $(($(date “+%s”)+3600)) to set the TTL for 1 hour from the present moment.
--scope - allows to graylist the IP for the server’s group by setting ‘--scope group’.
Note: when the --expiration parameter is not specified the record is added to the Graylist without an expiration date. But when a visitor with an IP passes the CAPTCHA page the system adds the IP to the whitelist for the next 24 hours only.
The IP could be deleted from the Graylist via UI by the following CLI:
Imunify360-agent graylist ip delete 192.0.2.0
Read the Graylist documentation for more information
We also recommend checking and configuring the CAPTCHA_DOS section of parameters to blacklist IPs after repetitive requests to the captcha.
Changelog
Please see the detailed description of the product changes we made in version 7.7 through our publicly available changelog for Imunify360.
How to install or update
To install the new Imunify360 v.7.7, follow the instructions in the documentation.
To upgrade to the new version, follow the instructions in the documentation.
Stay in touch
We encourage you to provide feedback to our product team regarding the new features.
Please share your ideas and feature requests through feedback@imunify360.com or via our feedback form.
If you encounter any issues with this release, please send a comment or request to our Imunify support team via the Support Portal.