Google Cloud Armor release notes

This page contains release notes for features and updates to Google Cloud Armor.

You can see the latest product updates for all of Google Cloud on the Google Cloud page, browse and filter all release notes in the Google Cloud console, or programmatically access release notes in BigQuery.

To get the latest product updates delivered to you, add the URL of this page to your feed reader, or add the feed URL directly: https://cloud.google.com/feeds/armor-release-notes.xml

February 13, 2024

The following new NTI feeds are now available:

  • iplist-vpn-providers
  • iplist-anon-proxies
  • iplist-crypto-miners

For more information about Network Threat Intelligence, see the overview.

January 25, 2024

The following features are now Generally Available:

  • Parsing of the GraphQL content-type
  • Support for User IP request headers
  • Support for JA3 fingerprints

For more information about parsing GraphQL content, see Apply parsing on custom Content-Type header values. For more information about User IP request headers and JA3, see Configure custom rules language attributes.

December 21, 2023

Google Cloud Armor integration with reCAPTCHA Enterprise for mobile devices is now in General Availability. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.

December 11, 2023

You can now enroll your projects into Managed Protection Plus through a pay-as-you-go option (Preview) instead of subscribing for a one year term. Activating Managed Protection Plus PAYGO gives you access to Cloud Armor premium features such as Adaptive Protection, Threat Intelligence, and Advanced Network DDoS Protection, without the requirements of annual commitment and with the ability to cancel anytime. Learn more about what's included and pricing.

December 04, 2023

DDoS attack visibility is now Generally Available. For more information, see Access DDoS attack visibility telemetry.

November 21, 2023

Network edge security polices (custom rules) are now available to allowlisted users. For more information about network edge policies, see Types of security policies. In addition, you can learn how to Configure network edge security policies.

October 20, 2023

Cloud Armor for regional HTTP(S) load balancers is now Generally Available. For more information, see the Security policy overview.

August 21, 2023

Adaptive Protection suggested rules can now be deployed automatically in General Availability. For more information, see Automatically deploy Adaptive Protection suggested rules.

July 17, 2023

Cloud Armor supports parsing of the GraphQL content-type in public preview. For more information, see POST body content parsing.

Cloud Armor allows you to filter using custom rules or apply Adaptive Protection based on originating client IP addresses in public preview. If you have an upstream proxy, you can use this feature to evaluate Cloud Armor rules against the original clients' IP addresses, rather than your upstream proxy's IP address. For more information, see the rules language reference.

June 20, 2023

DDoS attack visibility is now available in public preview. For more information, see Access DDoS attack visibility telemetry.

Network edge security polices are now available in public preview to allowlisted users. For more information about network edge policies, see Types of security policies. In addition, you can learn how to Configure network edge security policies.

June 12, 2023

Cloud Armor for regional HTTP(S) load balancers is now available in public preview. For more information, see the Security policy overview.

April 26, 2023

Google Cloud Armor now supports rate limiting based on multiple keys in General Availability. For more information, see Apply rate limiting.

April 12, 2023

Advanced rule tuning features for preconfigured WAF rules are now Generally Available. For more information about the new tuning features, see Tune Google Cloud Armor preconfigured WAF rules.

March 21, 2023

Preview mode is now Generally Available for advanced network DDoS protection, allowing you to receive all the logging and telemetry about the detected attack without enforcing the mitigation.

December 28, 2022

The rule signature 942550-sqli, which covers the vulnerability in which malicious attackers can bypass WAF by appending JSON syntax to SQL injection payloads, is now available. For more information, see the WAF rules overview.

December 16, 2022

Advanced network DDoS protection is now Generally Available for network load balancers, protocol forwarding, and VMs with public IP addresses. Metering and billing of Managed Protection Plus protected resources and the data processing fee for the endpoint covered by advanced Network DDoS protection will begin on Jan 31, 2023. For more information, see Configure advanced DDoS protection and the Cloud armor pricing page.

November 29, 2022

Three new rate limiting keys are now Generally Available:

  • HTTP-PATH
  • SNI
  • REGION-CODE

For more information about using rate limiting keys, see the Rate limiting overview.

October 24, 2022

Default security policies are now Generally Available. You can configure a default rate-limiting security policy when you use the Google Cloud Console to set up your load balancer. For more information, see the Rate limiting overview.

September 28, 2022

The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in General Availability. For more information, see Tuning Google Cloud Armor WAF rules.

September 21, 2022

Google Cloud Armor Threat Intelligence (Threat Intel) is generally available. Threat Intelligence lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.

September 16, 2022

The following four libinjection signatures have been added to the sqli-v33-stable and xss-v33-stable rules:

  • owasp-crs-v030301-id942100-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id942101-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id941100-xss: XSS Attack Detected via libinjection
  • owasp-crs-v030301-id941101-xss: XSS Attack Detected via libinjection

Advanced rule tuning features for preconfigured WAF rules is now available in public preview. For more information about the new tuning features, see Tune Google Cloud Armor preconfigured WAF rules.

September 07, 2022

Adaptive Protection suggested rules can now be deployed automatically in public preview. For more information, see Automatically deploy Adaptive Protection suggested rules.

August 31, 2022

The Google Cloud Armor custom rules language now supports URL, URL Unicode and utf-8 decoding.

August 16, 2022

The following two preconfigured WAF rulesets are now available for Google Cloud Armor in public preview:

  • Java attack: java-v33-stable and java-v33-canary
  • NodeJS attack: nodejs-v33-stable and nodejs-v33-canary

In addition, the following four libinjection signatures have been added to the sqli-v33-canary and xss-v33-canary rules:

  • owasp-crs-v030301-id942100-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id942101-sqli: SQL Injection Attack Detected via libinjection
  • owasp-crs-v030301-id941100-xss: XSS Attack Detected via libinjection
  • owasp-crs-v030301-id941101-xss: XSS Attack Detected via libinjection

June 30, 2022

Google Cloud Armor now supports TCP Proxy load balancers and SSL proxy load balancers in General Availability For more information, see the security policy overview.

Advanced network DDoS protection is now available for network load balancers, protocol forwarding, and VMs with public IP addresses in public preview. For more information, see Configure advanced DDoS protection.

June 07, 2022

Google Cloud Armor Threat Intelligence (Threat Intel) is available in public preview. Threat Intel lets you secure your traffic by allowing or blocking traffic to your HTTP(S) load balancers based on threat intelligence data. For more information, see Configuring Threat Intelligence.

May 25, 2022

Google Cloud Armor integration with reCAPTCHA Enterprise is now in General Availability. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.

May 16, 2022

The rule source for Cloud Armor preconfigured rules now includes ModSecurity Core Rule Set (CRS) 3.3 in public preview. For more information, see Tuning Google Cloud Armor WAF rules.

April 01, 2022

Google Cloud Armor now supports TCP Proxy load balancers and SSL proxy load balancers in public preview. For more information, see the security policy overview.

February 07, 2022

Google Cloud Armor Rate Limiting is now in General Availability.

September 30, 2021

Google Cloud Armor Adaptive Protection is now in General Availability.

August 23, 2021

Google Cloud Armor now has rate-based throttling and ban rules that enable you to limit requests from clients. These rules help you protect your applications from a large volume of requests that flood your instances and block access for legitimate users.

August 16, 2021

Google Cloud Armor integration with reCAPTCHA Enterprise is now available in Public Preview. See the Cloud Armor bot management overview and the Overview of reCAPTCHA Enterprise for WAF and Google Cloud Armor integration.

July 15, 2021

Google Cloud Armor now supports edge security policies in public preview. Edge security policies enable users to configure filtering and access control policies for content that is stored in cache; this includes endpoints like CDN-enabled backend services and storage buckets.

For more information, see the public docs.

June 30, 2021

Google Cloud Armor now supports parsing of the JSON content of POST bodies when preconfigured WAF rules are evaluated. JSON parsing must be enabled on a per-security-policy basis. In addition, you can enable verbose request logging to provide more details about why a particular rule was triggered. These features are Generally Available.

April 14, 2021

Managed Protection Plus subscribers are also eligible to receive reactive or proactive DDoS response support from Google's DDoS mitigation experts to help triage and mitigate ongoing attacks, as well as DDoS bill protection to provide credits for some bill spikes caused by increased Google Cloud usage as a result being target by a DDoS attack.

For more information, see the public docs.

March 01, 2021

Google Cloud Armor Managed Protection Plus Tier is in General Availability. Managed Protection Plus Tier offers a monthly subscription that includes all of the features of Standard Tier, and bundles Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP lists.

February 19, 2021

Google Cloud Armor Adaptive Protection is available in Public Preview. Adaptive Protection builds machine-learning models that help you protect your Google Cloud applications, websites, and services against L7 distributed denial-of-service (DDoS) attacks.

December 16, 2020

Google Cloud Armor Managed Protection Plus tier is now available in public preview.

December 15, 2020

Third-party named IP address lists are now in general availability. Note that when Google Cloud Armor Managed Protection Plus tier is in general availability, your ability to use third-party named IP address lists will be affected by which Managed Protection tier your projects are in.

The following new WAF rules have been added in public preview:

  • Method enforcement
  • Scanner detection
  • Protocol attack
  • PHP injection attack
  • Session fixation

December 03, 2020

The Google Cloud Armor documentation set has been reorganized. Key updates include:

August 31, 2020

Google Cloud Armor Managed Protection Plus Tier is in Beta. Managed Protection Plus Tier offers a monthly subscription that includes all of the features of Standard Tier, and bundles Google Cloud Armor WAF policy, rules, HTTP request usage, and named IP lists.

Pre-configured rules for local file inclusion (LFI), remote file inclusion (RFI), and remote code execution (RCE) are now in General Availability.

June 23, 2020

Promotional pricing for Google Cloud Armor is extended to July 31, 2020.

May 27, 2020

Error correction: Beta flag removed from feature Google Cloud Armor with Cloud CDN. This feature was released with the status General Availabiliity.

April 15, 2020

Google Cloud Armor support for CDN origins and hybrid origins is now available in General Availability.

April 13, 2020

Update to rules language syntax. Adds support for the CEL 'has' macro so that Google Cloud Armor check for absence of a header in the 'request.headers' map.

March 31, 2020

March 30, 2020

March 17, 2020

Custom rules language, pre-configured WAF rules, and geography-based access controls are now in General Availability.

November 22, 2019

Custom rules language, pre-configured WAF rules, and geography-based access controls are in public Beta.

October 24, 2019

Custom rules language, pre-configured WAF rules, and geography-based access controls are in private Beta.

June 18, 2019

December 06, 2018

Google Cloud Armor monitoring is available in GA.

December 03, 2018

Google Cloud Armor security policies cannot be attached to backend services that are configured to use the HTTP/2 protocol.

March 19, 2018

Google Cloud Armor allow lists are available in Beta.

September 27, 2017

Google Cloud Armor deny lists and allow lists are available in Private Beta.

May 15, 2017