NGINX App Protect DoS Release 2.1

Here you can find the release information for NGINX App Protect DoS v2.1. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications.

Release 2.1

December 29, 2021

New Features

Supported Packages

App Protect DoS

CentOS 7.4+ / RHEL 7.4+ / UBI7
  • app-protect-dos-25+2.1.8-1.el7.ngx.el7.ngx.x86_64.rpm
RHEL 8 / UBI8
  • app-protect-dos-25+2.1.8-1.el8.ngx.el8.ngx.x86_64.rpm
Debian 10
  • app-protect-dos_25+2.1.8-1~buster_amd64.deb
Ubuntu 18.04
  • app-protect-dos_25+2.1.8-1~bionic_amd64.deb
Ubuntu 20.04
  • app-protect-dos_25+2.1.8-1~focal_amd64.deb

NGINX Plus

  • NGINX Plus R25

Resolved Issues

  • The app_protect_dos_name directive is not inherited by the inner blocks, causing to have more VSs than expected.

  • Signature should not be created if good and bad actor use the same type of traffic.

  • When there’s a clear anomaly on the User-Agent header signal, the signature doesn’t include it.

  • HTTP Method signal is named incorrectly in signatures.

Important Notes

  • proxy_request_buffering off is not supported.

  • gRPC and HTTP/2 protection require active monitoring of the protected service. The directive app_protect_dos_monitor is mandatory for these use cases, otherwise, the attack will not be detected.

  • TLS fingerprint feature is not used in CentOS 7.4 and RHEL 7 / UBI 7 due to the old OpenSSL version. The required OpenSSL version is 1.1.1 or higher.

  • Slow POST attack always mitigates with block action while other types of attacks can also be mitigated with redirection or JS challenges.

  • The recommended option of running NGINX Plus in a Docker Container is with the daemon off flag. It’s mandatory for UBI 8.