NGINX App Protect WAF Release 4.6
October 17, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Crawler bot signature: CheckMarkNetwork, FileHound, ReverseEngineeringBot, University Of Edinburgh, Audisto, crawler eb germany, FAST Enterprise, AASA-Bot, Neticle, newslookup-bot, MYIP.MS, Boomtrain Content Bot, Ads Standards Bot, Seamless Link Tester, CMS detector bot, Aesop, BullsEye, Drip, EyeNetIE Scanner, IIS bot, OWLer, RetrevoPageAnalyzer, criteo-crawler, trafilatura
- Added the following HTTP Library bot signatures: libtorrent, Apache-HttpAsyncClient, RobotsTxtParser-VIPnytt, OpenAI Python Library, OpenAPI Generator, ServiceNow Http Client, CarrierWave
- Added the following Service Agent bot signatures: Symbolicator, admantx-sap, SISTRIX Optimizer, anomify.ai ssl_check, CyberPatrol SiteCat Webbot, DaniBot, SiteMonitor Enterprise, GumGum
- Added the following Vulnerability Scanner bot signatures: interact.sh bot, AcuMonitor bot, interact.sh 2 bot
- Added the following Exploit Tool bot signatures: feroxbuster, WebApp Attacker
- Added the following Site Monitor bot signature: Allmystery, httpstatus
- Added the following Web Downloader bot signatures: FlashGet
- Updated the following Vulnerability Scanner bot signature: OpenVAS
- Updated the following HTTP Library bot signature: DynatraceSynthetic
- 8264 Fixed - Implemented the capability to turn enforcer debug logs on/off without the need for a system reload to apply the changes.
- 9060 Fixed - Default uri size is changed from 2k to 8k so that the user can send bigger uri without any configuration change. Now the user will be able to control the size by using policy configuration.
- 9185 Fixed - Unparsable requests, rejected by NGINX are now flagged with
- 8339 Fixed - Attack signatures accuracy is now available for configuration in the security log.
Starting with this release, the
app_protect_compressed_requests_actiondirective has been deprecated from the nginx configuration. Now by default the enforcer will decompress all the HTTP compressed payload request and will apply the enforcment. See Handling Compressed Requests for more details.
The NGINX App Protect WAF has been enhanced to include response signature checks within the “filetypes” section. You have an option to enable the signature verification in the response by setting the
responseCheckparameter to true. By default, this parameter is set to false. See Restrict Response Signatures for more details.
This documentation applies to the following versions of NGINX App Protect WAF: 4.6.