NGINX App Protect DoS Release 2.1
Here you can find the release information for NGINX App Protect DoS v2.1. NGINX App Protect DoS provides behavioral protection against Denial of Service (DoS) for your web applications.
December 29, 2021
- Support for RHEL (7.4.x and above) Virtual Machine (VM) deployment
- Support for RHEL 8 and UBI 8
- GRPC and HTTP/2 protection support for Centos (7.4.x and above) and RHEL (7.4.x and above)
App Protect DoS
CentOS 7.4+ / RHEL 7.4+ / UBI7
RHEL 8 / UBI8
- NGINX Plus R25
app_protect_dos_namedirective is not inherited by the inner blocks, causing to have more VSs than expected.
Signature should not be created if good and bad actor use the same type of traffic.
When there’s a clear anomaly on the User-Agent header signal, the signature doesn’t include it.
HTTP Method signal is named incorrectly in signatures.
proxy_request_bufferingoff is not supported.
gRPC and HTTP/2 protection require active monitoring of the protected service. The directive
app_protect_dos_monitoris mandatory for these use cases, otherwise, the attack will not be detected.
TLS fingerprint feature is not used in CentOS 7.4 and RHEL 7 / UBI 7 due to the old OpenSSL version. The required OpenSSL version is 1.1.1 or higher.
Slow POST attack always mitigates with block action while other types of attacks can also be mitigated with redirection or JS challenges.
The recommended option of running NGINX Plus in a Docker Container is with the
daemon offflag. It’s mandatory for UBI 8.
This documentation applies to the following versions of NGINX App Protect DoS: 2.1.