Frontdoor - DRS Changelog: 2.1 → 2.2¶
Generated: 05 July 2026 | Base: 2.1 | Target: 2.2
Summary: 12 added · 0 removed · 65 changed
Added Rules¶
| Rule ID | Rule Group Name | Description | Action | State |
|---|---|---|---|---|
| 920530 | PROTOCOL-ENFORCEMENT | Restrict charset parameter inside content type header to occur max once | AnomalyScoring | Enabled |
| 920620 | PROTOCOL-ENFORCEMENT | Multiple Content-Type Request Headers | AnomalyScoring | Enabled |
| 921421 | PROTOCOL-ATTACK | Content-Type header: Dangerous content type outside the mime type declaration | AnomalyScoring | Enabled |
| 921422 | PROTOCOL-ATTACK | Detect content types in the Content-Type header outside of the actual content type declaration | AnomalyScoring | Disabled |
| 99030003 | MS-ThreatIntel-AppSec | URL encoded file path | AnomalyScoring | Disabled |
| 99030004 | MS-ThreatIntel-AppSec | Missing brotli encoding from supporting browser with https referer | AnomalyScoring | Disabled |
| 99030005 | MS-ThreatIntel-AppSec | Missing brotli encoding from supporting browser over HTTP/2 | AnomalyScoring | Disabled |
| 99030006 | MS-ThreatIntel-AppSec | Illegal character in requested filename | AnomalyScoring | Disabled |
| 99031005 | MS-ThreatIntel-SQLI | Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12) (replacing rule #942430) | AnomalyScoring | Disabled |
| 99031006 | MS-ThreatIntel-SQLI | Detects basic SQL authentication bypass attempts 3/3 (replacing rule #942340) | AnomalyScoring | Disabled |
| 99032001 | MS-ThreatIntel-XSS | XSS Filter - Category 2: Event Handler Vector (replacing rule #941120) | AnomalyScoring | Enabled |
| 99032002 | MS-ThreatIntel-XSS | Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link (replacing rule #931130) | AnomalyScoring | Disabled |
Removed Rules¶
No rules removed.
Changed Rules¶
| Rule ID | Rule Group | Field | Before | After |
|---|---|---|---|---|
| 920121 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920200 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920201 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920230 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920271 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920300 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920320 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920341 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 920420 | PROTOCOL-ENFORCEMENT | State | Enabled | Disabled |
| 921151 | PROTOCOL-ATTACK | State | Enabled | Disabled |
| 931100 | RFI | State | Enabled | Disabled |
| 931130 | RFI | State | Enabled | Disabled |
| 933151 | PHP | State | Enabled | Disabled |
| 941101 | XSS | State | Enabled | Disabled |
| 941120 | XSS | State | Enabled | Disabled |
| 941150 | XSS | State | Enabled | Disabled |
| 941320 | XSS | State | Enabled | Disabled |
| 941330 | XSS | State | Enabled | Disabled |
| 941340 | XSS | State | Enabled | Disabled |
| 941380 | XSS | State | Enabled | Disabled |
| 942120 | SQLI | State | Enabled | Disabled |
| 942180 | SQLI | State | Enabled | Disabled |
| 942200 | SQLI | State | Enabled | Disabled |
| 942210 | SQLI | State | Enabled | Disabled |
| 942300 | SQLI | State | Enabled | Disabled |
| 942310 | SQLI | State | Enabled | Disabled |
| 942330 | SQLI | State | Enabled | Disabled |
| 942340 | SQLI | State | Enabled | Disabled |
| 942361 | SQLI | State | Enabled | Disabled |
| 942370 | SQLI | State | Enabled | Disabled |
| 942380 | SQLI | State | Enabled | Disabled |
| 942390 | SQLI | State | Enabled | Disabled |
| 942400 | SQLI | State | Enabled | Disabled |
| 942410 | SQLI | State | Enabled | Disabled |
| 942450 | SQLI | State | Enabled | Disabled |
| 942470 | SQLI | State | Enabled | Disabled |
| 942480 | SQLI | State | Enabled | Disabled |
| 942510 | SQLI | State | Enabled | Disabled |
| 944200 | JAVA | State | Enabled | Disabled |
| 944210 | JAVA | State | Enabled | Disabled |
| 944240 | JAVA | State | Enabled | Disabled |
| 944250 | JAVA | State | Enabled | Disabled |
| 99001001 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001002 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001003 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001004 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001005 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001006 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001007 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001008 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001009 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001010 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001011 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001012 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99001013 | MS-ThreatIntel-CVEs | State | Enabled | Disabled |
| 99005002 | MS-ThreatIntel-WebShells | State | Enabled | Disabled |
| 99005003 | MS-ThreatIntel-WebShells | State | Enabled | Disabled |
| 99005004 | MS-ThreatIntel-WebShells | State | Enabled | Disabled |
| 99005005 | MS-ThreatIntel-WebShells | State | Enabled | Disabled |
| 99030001 | MS-ThreatIntel-AppSec | State | Enabled | Disabled |
| 99030002 | MS-ThreatIntel-AppSec | State | Enabled | Disabled |
| 99031001 | MS-ThreatIntel-SQLI | State | Enabled | Disabled |
| 99031002 | MS-ThreatIntel-SQLI | State | Enabled | Disabled |
| 99031003 | MS-ThreatIntel-SQLI | State | Enabled | Disabled |
| 99031004 | MS-ThreatIntel-SQLI | State | Enabled | Disabled |