November 30, 2020: Updates to free SSL certificates
In the StackPath Control Portal, the process to obtain a free SSL certificate has been updated to improve user experience. Specifically, the previous Validation and Validation Method sections have been merged and renamed to Verify Domain Ownership. With this update, the step to select a validation method has been removed; by default, both validation options will display.
For API users, the APIs below have been updated. Specifically, the response now includes a statusDetail entry that displays details about the certificate's status, including a list of verification failure reasons.
- Get verification details (CDN SSL)
- Get sites associated with a certificate (WAF SSL)
- Get a certificate (SSL)
- Get a certificate’s latest version (SSL)
Additionally, for SSL API calls, there are new certificate statuses:
- This status indicates that the certificate has issued, but has not been downloaded yet.
- This status indicates that the certificate has been revoked by the SSL provider.
To learn more about SSL certificates, see Create and Manage SSL Certificates.
November 12, 2020: Updates to WAF services
On November 12, 2020, StackPath replaced WAF Events with WAF Requests in the StackPath Control Portal (SP2) platform, as well as the corresponding StackPath API system.
At a high level, compared to WAF Events, WAF Requests capture more data, including expanded user agent information and details about the origin's response to the user. Similarly, WAF Requests are easier to search and process.
Which users are affected by this update?
This update applies if you use the StackPath Control Portal with an active WAF service.
This update does not relate if you use the MaxCDN, Highwinds, or legacy StackPath platforms.
Will the StackPath Control Portal change?
Yes. In the Security Events table, you can now filter requests based on the triggered rule type:
- To filter requests that triggered StackPath's predefined rules, select Policy.
- To filter requests that triggered custom rules created by users on your account, select Custom Rules.
Additionally, the name of the main WAF-related graph has been updated to display the term requests.
Do I need to update anything to prepare for this change?
If you use the StackPath API system, you must update your code to replace the soon-to-be deprecated event-related calls with the newly created request-equivalent calls.
Starting on November 12, 2020, for 30 days both the event-related calls and the request-related calls will be available; however, after 30 days, the event-related calls will be formally removed. As a result, StackPath recommends that you replace the calls as soon as possible.
Review the following calls to replace:
Get Request Statistics
Replace the old call with the new call to get request statistics:
For this call, only the call's URL has changed. The inputs and outputs are the same.
Get All Requests
Replace the old call with the new call to get all WAF requests:
Get an Individual Request
Replace the old call with the new calls to get individual WAF event information:
The first new call retrieves an event summary.
The second new call returns a full event object.
Get WAF Traffic Report
Replace the old call with the new call to get WAF traffic reports:
The new call's inputs have an additional DAILY resolution, as well as a simplified output structure.
To learn more about the StackPath WAF in the portal, see WAF.
To learn more about the Stack API system for WAF, see Requests.