Yandex Smart Web Security release notes

January 2025January 2025

Smart Web Security got certificates of compliance with 152-FZ, GOST R 57589, and PCI DSS.

Q4 2024Q4 2024

• Added IP blacklists and whitelists. These allow managing the traffic and creating security rules based on IP reputation analysis. You can use the preset Yandex Cloud blacklists and whitelists or create your own.
• Added the calculator for quicker service cost calculations.
• Improved low-rate DoS analysis and blocking algorithms.
• Optimized the error code page size.
• Smart Web Security has successfully passed an external audit for 152-FZ, GOST R 57589, and PCI DSS compliance.

Q3 2024Q3 2024

• Web Application Firewall (WAF) and Advanced Rate Limiter (ARL) entered the General Availability stage.
• There are some changes in the pricing:
  • You only pay for legitimate requests.
  • Profiles and rules are not billable.
• Under basic rules, you now can send requests to Yandex SmartCaptcha.
• Implemented sending data events to Yandex Audit Trails: ArlMatchedRequest, WafMatchedExclusionRule, and WafMatchedRule.
• API, CLI, and Terraform are now supported.
• For traffic conditions that use regular expressions, you can now use case-sensitive string search. For more information, see Regular expression format.

Q2 2024Q2 2024

• Implemented Web Application Firewall (WAF) to protect web applications against external threats, such as SQL injections, cross-site scripting, and other vulnerabilities. WAF analyzes and filters HTTP requests blocking potentially malicious data.

  This feature is available at the Preview stage.

• Implemented Advanced Rate Limiter (ARL) to manage web app loads. ARL allows you to set a limit on the number of requests over a certain period of time. This prevents overload and ensures stable operation of the application.

  This feature is available at the Preview stage.

Q1 2024Q1 2024

• Released the service for general availability.
• Now you can select the Yandex SmartCaptcha user CAPTCHA.
• Added the limit for the maximum number of requests per second (RPS) in total for all load balancer virtual hosts connected to the same security profile.
• Added logs of a security profile connected to a virtual host to the Yandex Application Load Balancer log list.
• Implemented sending of management event audit logs in Yandex Audit Trails.

Q4 2023Q4 2023

• Now you can create security profiles from a preset template.
• Implemented sending metrics to Yandex Monitoring.
• Fixed the error of matching a string in the Host condition when creating a security rule.
• Improved the stability by implementing a new pattern for Application Load Balancer and Smart Web Security interaction.

Q3 2023Q3 2023

• The service is available at the Preview stage.