NGINX App Protect WAF Release 1.3

July 21, 2020

New Features

• RHEL 7.4+ Support
• RHEL UBI7 Support
• SELinux Configuration
• New Strict Security Policy
• Security Log Write To File

Supported Packages

App Protect

Debian

• app-protect_22+3.90.2-1~stretch_amd64.deb

CentOS / RHEL

• app-protect-22+3.90.2-1.el7.ngx.x86_64.rpm

Known Issues

1868 - Removal of the app-protect RPM package results in SELinux-related failure messages

This is a cosmetic issue only:

yum remove app-protect

Erasing : app-protect-22+3.90.2-1.el7.ngx.x86_64 1/5
libsemanage.semanage_direct_remove_key: Removing last app-protect module (no other app-protect module exists at another priority).
restorecon: lstat(/usr/lib64/systemd/system/nginx-app-protect-compiler.service) failed: No such file or directory
restorecon: lstat(/usr/lib64/systemd/system/nginx-app-protect.service) failed: No such file or directory

Resolved Issues

• 1758 Fixed - Non-CSV-compliant escaping of quotes as %22 in default security log fields.
• 1774 Added - Default security log settings file /etc/app_protect/conf/log_default.json.
• 1784 Added - “Unescaped space in URL” sub-violation.
• 1785 Fixed - LIBDATASYNC|ERR messages in bd-socket-plugin.log.
• 1811 Fixed - Empty non-CSV-compliant ‘is_truncated’ field in default security log settings.