Cloud Armor release notes

Cloud Armor's Hierarchical security policies that facilitate centralized control, enhanced consistency, operational efficiency, and effective delegation of security policy management is Generally Available.

Cloud Armor's support for Autonomous System Numbers (ASNs) in globally scoped edge security policies for Media CDN edge cache services is Generally Available.

Cloud Armor's support for Network Threat Intelligence (NTI) in globally scoped edge security policies for Media CDN edge cache services is Generally Available.

Cloud Armor support for organization-scoped address groups for security policies is Generally Available.

Cloud Armor supports Autonomous System Numbers (ASNs) in globally scoped edge security policies for Media CDN edge cache services in Preview.

Cloud Armor supports internal service security policies for the service mesh to enforce global server-side rate limiting per client in Preview.

Cloud Armor preconfigured WAF rules can now inspect up to the first 64kB (either 8kB, 16kB, 32kB, 48kB, or 64kB) of the POST or PATCH request body content in Preview.

Cloud Armor's Hierarchical security policies facilitate centralized control, enhanced consistency, operational efficiency, and effective delegation of security policy management in Preview.

Cloud Armor supports organization-scoped address groups for security policies in Preview.

Cloud Armor supports Network Threat Intelligence (NTI) in globally scoped edge security policies for Media CDN edge cache services in Preview.

Cloud Armor support for JA4 rate limiting key is Generally Available. For more information, see Configure rate limiting.

Granular models for Cloud Armor Adaptive Protection are now Generally Available. For more information, see the Adaptive Protection overview.

The following new NTI feeds are now available:

• iplist-vpn-providers
• iplist-anon-proxies
• iplist-crypto-miners

For more information about Network Threat Intelligence, see the overview.

The following features are now Generally Available:

• Parsing of the GraphQL content-type
• Support for User IP request headers
• Support for JA3 fingerprints

For more information about parsing GraphQL content, see Apply parsing on custom Content-Type header values. For more information about User IP request headers and JA3, see Configure custom rules language attributes.

Preview mode is now Generally Available for advanced network DDoS protection, allowing you to receive all the logging and telemetry about the detected attack without enforcing the mitigation.

The rule signature 942550-sqli, which covers the vulnerability in which malicious attackers can bypass WAF by appending JSON syntax to SQL injection payloads, is now available. For more information, see the WAF rules overview.

Advanced network DDoS protection is now Generally Available for network load balancers, protocol forwarding, and VMs with public IP addresses. Metering and billing of Managed Protection Plus protected resources and the data processing fee for the endpoint covered by advanced Network DDoS protection will begin on Jan 31, 2023. For more information, see Configure advanced DDoS protection and the Cloud armor pricing page.

Three new rate limiting keys are now Generally Available:

• HTTP-PATH
• SNI
• REGION-CODE

For more information about using rate limiting keys, see the Rate limiting overview.

Default security policies are now Generally Available. You can configure a default rate-limiting security policy when you use the Google Cloud Console to set up your load balancer. For more information, see the Rate limiting overview.

Google Cloud Armor now supports parsing of the JSON content of POST bodies when preconfigured WAF rules are evaluated. JSON parsing must be enabled on a per-security-policy basis. In addition, you can enable verbose request logging to provide more details about why a particular rule was triggered. These features are Generally Available.

Managed Protection Plus subscribers are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased Google Cloud usage as a result being target by a DDoS attack.

For more information, see the public docs.

Google Cloud Armor monitoring is available in GA.

Google Cloud Armor deny lists and allow lists are available in GA.

Google Cloud Armor security policies cannot be attached to backend services that are configured to use the HTTP/2 protocol.