Yandex Smart Web Security release notes
Written by
Updated at March 3, 2025
January 2025
Smart Web Security got certificates of compliance with 152-FZ, GOST R 57589, and PCI DSS.
Q4 2024
- Added IP blacklists and whitelists. These allow managing the traffic and creating security rules based on IP reputation analysis. You can use the preset Yandex Cloud blacklists and whitelists or create your own.
- Added the calculator for quicker service cost calculations.
- Improved low-rate DoS analysis and blocking algorithms.
- Optimized the error code page size.
- Smart Web Security has successfully passed an external audit for 152-FZ, GOST R 57589, and PCI DSS compliance.
Q3 2024
- Web Application Firewall (WAF) and Advanced Rate Limiter (ARL) entered the General Availability stage.
- There are some changes in the pricing:
- You only pay for legitimate requests.
- Profiles and rules are not billable.
- Under basic rules, you now can send requests to Yandex SmartCaptcha.
- Implemented sending data events to Yandex Audit Trails:
ArlMatchedRequest
,WafMatchedExclusionRule
, andWafMatchedRule
. - API, CLI, and Terraform are now supported.
- For traffic conditions that use regular expressions, you can now use case-sensitive string search. For more information, see Regular expression format.
Q2 2024
-
Implemented Web Application Firewall (WAF) to protect web applications against external threats, such as SQL injections, cross-site scripting, and other vulnerabilities. WAF analyzes and filters HTTP requests blocking potentially malicious data.
This feature is available at the Preview stage.
-
Implemented Advanced Rate Limiter (ARL) to manage web app loads. ARL allows you to set a limit on the number of requests over a certain period of time. This prevents overload and ensures stable operation of the application.
This feature is available at the Preview stage.
Q1 2024
- Released the service for general availability.
- Now you can select the Yandex SmartCaptcha user CAPTCHA.
- Added the limit for the maximum number of requests per second (RPS) in total for all load balancer virtual hosts connected to the same security profile.
- Added logs of a security profile connected to a virtual host to the Yandex Application Load Balancer log list.
- Implemented sending of management event audit logs in Yandex Audit Trails.
Q4 2023
- Now you can create security profiles from a preset template.
- Implemented sending metrics to Yandex Monitoring.
- Fixed the error of matching a string in the
Host
condition when creating a security rule. - Improved the stability by implementing a new pattern for Application Load Balancer and Smart Web Security interaction.
Q3 2023
- The service is available at the Preview stage.