Skip to content

Frontdoor - DRS Changelog: 1.1 → 2.0

Generated: 05 July 2026 | Base: 1.1 | Target: 2.0

Summary: 44 added · 0 removed · 126 changed

Added Rules

Rule ID Rule Group Name Description Action State
200002 General Failed to parse request body. AnomalyScoring Enabled
200003 General Multipart request body failed strict validation AnomalyScoring Enabled
911100 METHOD-ENFORCEMENT Method is not allowed by policy AnomalyScoring Enabled
920100 PROTOCOL-ENFORCEMENT Invalid HTTP Request Line AnomalyScoring Enabled
920120 PROTOCOL-ENFORCEMENT Attempted multipart/form-data bypass AnomalyScoring Enabled
920121 PROTOCOL-ENFORCEMENT Attempted multipart/form-data bypass AnomalyScoring Enabled
920160 PROTOCOL-ENFORCEMENT Content-Length HTTP header is not numeric. AnomalyScoring Enabled
920170 PROTOCOL-ENFORCEMENT GET or HEAD Request with Body Content. AnomalyScoring Enabled
920171 PROTOCOL-ENFORCEMENT GET or HEAD Request with Transfer-Encoding. AnomalyScoring Enabled
920180 PROTOCOL-ENFORCEMENT POST without Content-Length or Transfer-Encoding headers. AnomalyScoring Enabled
920190 PROTOCOL-ENFORCEMENT Range: Invalid Last Byte Value. AnomalyScoring Enabled
920200 PROTOCOL-ENFORCEMENT Range: Too many fields (6 or more) AnomalyScoring Enabled
920201 PROTOCOL-ENFORCEMENT Range: Too many fields for pdf request (63 or more) AnomalyScoring Enabled
920210 PROTOCOL-ENFORCEMENT Multiple/Conflicting Connection Header Data Found. AnomalyScoring Enabled
920220 PROTOCOL-ENFORCEMENT URL Encoding Abuse Attack Attempt AnomalyScoring Enabled
920230 PROTOCOL-ENFORCEMENT Multiple URL Encoding Detected AnomalyScoring Enabled
920240 PROTOCOL-ENFORCEMENT URL Encoding Abuse Attack Attempt AnomalyScoring Enabled
920260 PROTOCOL-ENFORCEMENT Unicode Full/Half Width Abuse Attack Attempt AnomalyScoring Enabled
920270 PROTOCOL-ENFORCEMENT Invalid character in request (null character) AnomalyScoring Enabled
920271 PROTOCOL-ENFORCEMENT Invalid character in request (non printable characters) AnomalyScoring Enabled
920280 PROTOCOL-ENFORCEMENT Request Missing a Host Header AnomalyScoring Enabled
920290 PROTOCOL-ENFORCEMENT Empty Host Header AnomalyScoring Enabled
920300 PROTOCOL-ENFORCEMENT Request Missing an Accept Header AnomalyScoring Enabled
920310 PROTOCOL-ENFORCEMENT Request Has an Empty Accept Header AnomalyScoring Enabled
920311 PROTOCOL-ENFORCEMENT Request Has an Empty Accept Header AnomalyScoring Enabled
920320 PROTOCOL-ENFORCEMENT Missing User Agent Header AnomalyScoring Enabled
920330 PROTOCOL-ENFORCEMENT Empty User Agent Header AnomalyScoring Enabled
920340 PROTOCOL-ENFORCEMENT Request Containing Content, but Missing Content-Type header AnomalyScoring Enabled
920341 PROTOCOL-ENFORCEMENT Request Containing Content Requires Content-Type header AnomalyScoring Enabled
920350 PROTOCOL-ENFORCEMENT Host header is a numeric IP address AnomalyScoring Enabled
920420 PROTOCOL-ENFORCEMENT Request content type is not allowed by policy AnomalyScoring Enabled
920430 PROTOCOL-ENFORCEMENT HTTP protocol version is not allowed by policy AnomalyScoring Enabled
920440 PROTOCOL-ENFORCEMENT URL file extension is restricted by policy AnomalyScoring Enabled
920450 PROTOCOL-ENFORCEMENT HTTP header is restricted by policy AnomalyScoring Enabled
920470 PROTOCOL-ENFORCEMENT Illegal Content-Type header AnomalyScoring Enabled
920480 PROTOCOL-ENFORCEMENT Request content type charset is not allowed by policy AnomalyScoring Enabled
933200 PHP PHP Injection Attack: Wrapper scheme detected AnomalyScoring Enabled
933210 PHP PHP Injection Attack: Variable Function Call Found AnomalyScoring Enabled
934100 NODEJS Node.js Injection Attack AnomalyScoring Enabled
941360 XSS JSFuck / Hieroglyphy obfuscation detected AnomalyScoring Enabled
941370 XSS JavaScript global variable found AnomalyScoring Enabled
941380 XSS AngularJS client side template injection detected AnomalyScoring Enabled
942500 SQLI MySQL in-line comment detected. AnomalyScoring Enabled
942510 SQLI SQLi bypass attempt by ticks or backticks detected. AnomalyScoring Enabled

Removed Rules

No rules removed.

Changed Rules

Rule ID Rule Group Field Before After
921110 PROTOCOL-ATTACK Action Block AnomalyScoring
921120 PROTOCOL-ATTACK Action Block AnomalyScoring
921130 PROTOCOL-ATTACK Action Block AnomalyScoring
921140 PROTOCOL-ATTACK Action Block AnomalyScoring
921150 PROTOCOL-ATTACK Action Block AnomalyScoring
921151 PROTOCOL-ATTACK Action Block AnomalyScoring
921160 PROTOCOL-ATTACK Action Block AnomalyScoring
930100 LFI Action Block AnomalyScoring
930110 LFI Action Block AnomalyScoring
930120 LFI Action Block AnomalyScoring
930130 LFI Action Block AnomalyScoring
931100 RFI Action Block AnomalyScoring
931110 RFI Action Block AnomalyScoring
931120 RFI Action Block AnomalyScoring
931130 RFI Description Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link (replaced by rule #99032002) Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link
931130 RFI Action Block AnomalyScoring
932100 RCE Action Block AnomalyScoring
932105 RCE Action Block AnomalyScoring
932110 RCE Action Block AnomalyScoring
932115 RCE Action Block AnomalyScoring
932120 RCE Action Block AnomalyScoring
932130 RCE Action Block AnomalyScoring
932140 RCE Action Block AnomalyScoring
932150 RCE Action Block AnomalyScoring
932160 RCE Action Block AnomalyScoring
932170 RCE Action Block AnomalyScoring
932171 RCE Action Block AnomalyScoring
932180 RCE Action Block AnomalyScoring
933100 PHP Action Block AnomalyScoring
933110 PHP Action Block AnomalyScoring
933120 PHP Action Block AnomalyScoring
933130 PHP Action Block AnomalyScoring
933140 PHP Action Block AnomalyScoring
933150 PHP Action Block AnomalyScoring
933151 PHP Action Block AnomalyScoring
933160 PHP Action Block AnomalyScoring
933170 PHP Action Block AnomalyScoring
933180 PHP Action Block AnomalyScoring
941100 XSS Action Block AnomalyScoring
941101 XSS Action Block AnomalyScoring
941110 XSS Action Block AnomalyScoring
941120 XSS Action Block AnomalyScoring
941130 XSS Action Block AnomalyScoring
941140 XSS Action Block AnomalyScoring
941150 XSS Action Block AnomalyScoring
941160 XSS Action Block AnomalyScoring
941170 XSS Action Block AnomalyScoring
941180 XSS Action Block AnomalyScoring
941190 XSS Action Block AnomalyScoring
941200 XSS Action Block AnomalyScoring
941210 XSS Action Block AnomalyScoring
941220 XSS Action Block AnomalyScoring
941230 XSS Action Block AnomalyScoring
941240 XSS Action Block AnomalyScoring
941250 XSS Action Block AnomalyScoring
941260 XSS Action Block AnomalyScoring
941270 XSS Action Block AnomalyScoring
941280 XSS Action Block AnomalyScoring
941290 XSS Action Block AnomalyScoring
941300 XSS Action Block AnomalyScoring
941310 XSS Action Block AnomalyScoring
941320 XSS Action Block AnomalyScoring
941330 XSS Action Block AnomalyScoring
941340 XSS Action Block AnomalyScoring
941350 XSS Action Block AnomalyScoring
942100 SQLI Action Block AnomalyScoring
942110 SQLI Action Block AnomalyScoring
942120 SQLI Action Block AnomalyScoring
942140 SQLI Action Block AnomalyScoring
942150 SQLI Description SQL Injection Attack SQL Injection Attack (replaced by rule #99031003)
942150 SQLI Action Block AnomalyScoring
942160 SQLI Action Block AnomalyScoring
942170 SQLI Action Block AnomalyScoring
942180 SQLI Action Block AnomalyScoring
942190 SQLI Action Block AnomalyScoring
942200 SQLI Action Block AnomalyScoring
942210 SQLI Action Block AnomalyScoring
942220 SQLI Action Block AnomalyScoring
942230 SQLI Action Block AnomalyScoring
942240 SQLI Action Block AnomalyScoring
942250 SQLI Action Block AnomalyScoring
942260 SQLI Description Detects basic SQL authentication bypass attempts ⅔ Detects basic SQL authentication bypass attempts ⅔ (replaced by rule #99031004)
942260 SQLI Action Block AnomalyScoring
942270 SQLI Action Block AnomalyScoring
942280 SQLI Action Block AnomalyScoring
942290 SQLI Action Block AnomalyScoring
942300 SQLI Action Block AnomalyScoring
942310 SQLI Action Block AnomalyScoring
942320 SQLI Action Block AnomalyScoring
942330 SQLI Action Block AnomalyScoring
942340 SQLI Description Detects basic SQL authentication bypass attempts 3/3 Detects basic SQL authentication bypass attempts 3/3 (replaced by rule #99031006)
942340 SQLI Action Block AnomalyScoring
942350 SQLI Action Block AnomalyScoring
942360 SQLI Action Block AnomalyScoring
942361 SQLI Action Block AnomalyScoring
942370 SQLI Action Block AnomalyScoring
942380 SQLI Action Block AnomalyScoring
942390 SQLI Action Block AnomalyScoring
942400 SQLI Action Block AnomalyScoring
942410 SQLI Action Block AnomalyScoring
942430 SQLI Description Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) (replaced by rule #99031005)
942430 SQLI Action Block AnomalyScoring
942440 SQLI Description SQL Comment Sequence Detected. SQL Comment Sequence Detected (replaced by rule #99031002).
942440 SQLI Action Block AnomalyScoring
942450 SQLI Action Block AnomalyScoring
942470 SQLI Action Block AnomalyScoring
942480 SQLI Action Block AnomalyScoring
943100 FIX Action Block AnomalyScoring
943110 FIX Action Block AnomalyScoring
943120 FIX Action Block AnomalyScoring
944100 JAVA Action Block AnomalyScoring
944110 JAVA Action Block AnomalyScoring
944120 JAVA Action Block AnomalyScoring
944130 JAVA Action Block AnomalyScoring
944200 JAVA Action Block AnomalyScoring
944210 JAVA Action Block AnomalyScoring
944240 JAVA Action Block AnomalyScoring
944250 JAVA Action Block AnomalyScoring
99001001 MS-ThreatIntel-CVEs Action Block AnomalyScoring
99001014 MS-ThreatIntel-CVEs Action Block AnomalyScoring
99001015 MS-ThreatIntel-CVEs Action Block AnomalyScoring
99001016 MS-ThreatIntel-CVEs Action Block AnomalyScoring
99001017 MS-ThreatIntel-CVEs Action Block AnomalyScoring
99001018 MS-ThreatIntel-CVEs Action Block AnomalyScoring
99005002 MS-ThreatIntel-WebShells Action Block AnomalyScoring
99005003 MS-ThreatIntel-WebShells Action Block AnomalyScoring
99005004 MS-ThreatIntel-WebShells Action Block AnomalyScoring
99005006 MS-ThreatIntel-WebShells Action Block AnomalyScoring
99030001 MS-ThreatIntel-AppSec Action Block AnomalyScoring
99030002 MS-ThreatIntel-AppSec Action Block AnomalyScoring
99031001 MS-ThreatIntel-SQLI Action Block AnomalyScoring
99031002 MS-ThreatIntel-SQLI Action Block AnomalyScoring