NGINX App Protect WAF Release 4.0
November 29, 2022
In this release, NGINX App Protect WAF supports NGINX Plus R28.
This release includes new signatures for Anti Automation (bot defense):
- Added the following Spam Bot bot signatures: RealStresser, AraTurka, Ocarinabot, A Fake Google Certificates Bridge
- Added the following Exploit Tool bot signatures: RealityCheats, Root S, Report Runner, Momentum, 103scUWU
- Added the following Service Agent bot signatures: AppDynamics, Blackbox Exporter, B2B Bot, BlogTraffic, Fyrebot, CipaCrawler, redditbot, jpg-newsbot, Elastic-Heartbeat, W3C-mobileOK, WGETbot, BoxcarBot, DynatraceSynthetic, Rackspace Monitoring, Site24x7, webchk
- Added the following Crawler bot signatures: blogmuraBot Crawler, contxbot, SocialRankIO Bot, DataProvider crawler, Speedy Spider, SiteExplorer, Taboolabot, Eyeotabot, Mappy, PiplBot, PR-CY.RU, NTENTbot, FemtosearchBot, CrunchBot, Whoiswebsitebot, CC Metadata Scaper, eright, wp.com feedbot, G2 Web Services, duedil crawler, IT Stuttgart Crawler, 2ip.ru CMS Crawler, startmebot, StorygizeBot
- Added the following Social Media Agent bot signatures: @LinkArchiver twitter bot
- Added the following Site Monitor bot signatures: Uptime-Kuma, Google-Structured-Data-Testing-Tool, Dubbotbot
- Added the following RSS Reader bot signatures: rssbot
- Added the following Network Scanner bot signatures: Baidu-YunGuanCe-SLABot
- NGINX Plus R28
- 6561 Fixed - Some updates to NGINX App Protect WAF policy template as listed below:
- The policy field
enablePassiveModeis not supported in NGINX App Protect WAF and has been removed from configurable elements.
- HTTP protocol compliance sub-violation “Check maximum number of cookies” is now enabled by default. A request which contains over 100 cookies will be marked illegal.
- The policy field
This documentation applies to the following versions of NGINX App Protect WAF: 4.0.