- Product Manual for v2.16 - Mobile SDK
Reblaze's tag-based traffic processing has several enhancements.
Additional external threat intelligence sources have been integrated into Reblaze's Tag Rules.
A Tag Rule includes a list of criteria; if a request matches them, the tag will be attached to it.
Previously, the criteria list had one comparison condition (AND or OR), applied throughout the list. For v2.16, admins can now group the criteria into sections. Each section can have its own internal comparison condition, and the sections have a separate condition applied between them.
Reblaze's tag-based traffic processing can now be configured globally.
Tags are defined in a UI page that was previously called Session Profiling. For v2.16, it has been renamed to Tag Rules.
In v2.14, the actions to enforce for each tag are defined via ACL Policies. In turn, ACL Policies are assigned to web application paths/locations via Security Profiles on the Web Proxy page.
This workflow is useful for granular processing of tags, and it is still available. However, it can be inconvenient in situations where granularity is not necessary, and an admin wants to define an action that will be enforced everywhere for that tag. For example, an admin might want to automatically reject all requests that came from an IP on the Spamhaus DROP list.
To support this, v2.16 adds an Action field to each Tag Rule. When an action is defined here, it is applied globally for that tag throughout the planet, to every site, web application, etc. Every incoming request which has that tag will have that action performed on it.
Reblaze has new capabilities for administering SSL certificates. SSL for cloud load balancers previously had to be managed outside of Reblaze; now the Reblaze UI provides the ability to attach/change/detach certificates to AWS and GCP load balancers.
Reblaze admins can now create user accounts with a variety of access levels. In ascending order of permissions, they are:
Viewer (can see the Traffic section, i.e. the Dashboard and View Log)
Editor (has Viewer permissions, and can also configure security rulesets and policies)
Organization Admin (has Editor permissions, and can also manage users)
Reblaze Admin (has Organization Admin permissions, and can also access some additional settings)
Also, Reblaze users can now receive OTPs (One Time Passwords) via email instead of SMS.
Reblaze now supports SSO.
A flexible UI is provided for integrating with various SAML2 providers.
Step-by-step instructions are provided for using Okta and Microsoft Azure SSO.
Previously, Rate Limits were linked to URLs via Security Profiles on the Web Proxy page. For v2.16, they can also be linked while editing the rule itself. When a new Rate Limit is created and the changes are saved, a Links to URLs section appears at the bottom of the UI.
The Rate Limiting UI now has a tab to provide Redis Management, which previously had to be done manually.
Various revisions were made to show more information on the screen, ease navigation, and reduce the number of clicks to perform operations.
A number of pages within the UI (including Tag Rules, Rate Limiting, and Cloud Functions) are now using a grid-based interface. A list of entries is presented in a consistent format, and users can drill down into individual entries for expanded details or editing. A walkthrough of the grid structure is here.
In many places within the UI, an admin must save changes, and then publish them. In v2.16, after changes are saved, a popup reminder will now appear as a reminder to publish the changes as well.
A number of legacy bugs were fixed in v2.16.