- DevCentral
  Connect & learn in our hosted community
- MyF5
  Your key to everything F5, including support, registration keys, and subscriptions
- NGINX
  Learn more about NGINX Open Source and read the community blog

NGINX App Protect WAF 4.0

November 29, 2022

In this release, NGINX App Protect WAF supports NGINX Plus R28.

This release includes new signatures for Anti Automation (bot defense):

Added the following Spam Bot bot signatures: RealStresser, AraTurka, Ocarinabot, A Fake Google Certificates Bridge
Added the following Exploit Tool bot signatures: RealityCheats, Root S, Report Runner, Momentum, 103scUWU
Added the following Service Agent bot signatures: AppDynamics, Blackbox Exporter, B2B Bot, BlogTraffic, Fyrebot, CipaCrawler, redditbot, jpg-newsbot, Elastic-Heartbeat, W3C-mobileOK, WGETbot, BoxcarBot, DynatraceSynthetic, Rackspace Monitoring, Site24x7, webchk
Added the following Crawler bot signatures: blogmuraBot Crawler, contxbot, SocialRankIO Bot, DataProvider crawler, Speedy Spider, SiteExplorer, Taboolabot, Eyeotabot, Mappy, PiplBot, PR-CY.RU, NTENTbot, FemtosearchBot, CrunchBot, Whoiswebsitebot, CC Metadata Scaper, eright, wp.com feedbot, G2 Web Services, duedil crawler, IT Stuttgart Crawler, 2ip.ru CMS Crawler, startmebot, StorygizeBot
Added the following Social Media Agent bot signatures: @LinkArchiver twitter bot
Added the following Site Monitor bot signatures: Uptime-Kuma, Google-Structured-Data-Testing-Tool, Dubbotbot
Added the following RSS Reader bot signatures: rssbot
Added the following Network Scanner bot signatures: Baidu-YunGuanCe-SLABot

New Features

Supported Packages

App Protect

Debian 11

app-protect_28+4.2.0-1~bullseye_amd64.deb

Ubuntu 18.04

app-protect_28+4.2.0-1~bionic_amd64.deb

Ubuntu 20.04

app-protect_28+4.2.0-1~focal_amd64.deb

CentOS 7.4+ / RHEL 7.4+ / Amazon Linux 2

app-protect-28+4.2.0-1.el7.ngx.x86_64.rpm

RHEL 8.1+

app-protect-28+4.2.0-1.el8.ngx.x86_64.rpm

Oracle Linux 8.1+

app-protect-28+4.2.0-1.el8.ngx.x86_64.rpm

NGINX Plus

NGINX Plus R28

Resolved Issues

6561 Fixed - Some updates to NGINX App Protect WAF policy template as listed below:
1. The policy field enablePassiveMode is not supported in NGINX App Protect WAF and has been removed from configurable elements.
2. HTTP protocol compliance sub-violation “Check maximum number of cookies” is now enabled by default. A request which contains over 100 cookies will be marked illegal.

Last modified November 19, 2024