NGINX App Protect WAF Release 3.11
June 28, 2022
In this release, support for NGINX App Protect WAF is added to NGINX Plus R27.
This release includes updated signatures for the Anti Automation (bot defense) feature as follows:
- Added the following HTTP Library bot signatures: req
- Added the following Exploit Tool bot signatures: spring4shell-scan, DIVD Vulnerability Scanner, JNDI Exploit Bot, D-Link DNS Change Exploiter
- Added the following Spam Bot bot signatures: l9scan, HomeNet
- Added the following Crawler bot signatures: Keybot Translation-Search-Machine
- Updated the following Exploit Tool bot signatures: JNDI Exploit Bot, Hello-World API
- NGINX Plus R27
- 6084 Fixed - The
nginx -tcommand will fail in cases when there is no
userdirective defined in
- 6321 Fixed - Updated the
max_request_sizelog format parameter to accept the 2k range value using k string.
When upgrading the NGINX App Protect WAF deployments on Virtual Machines (VM), where the upgrade includes a NGINX Plus release upgrade as well, customers might witness some error messages about the upgrade failure. Customers are advised to ignore these messages and continue with the upgrade procedure as described in the NGINX App Protect WAF Admin guide. Additional NGINX restart might be required in order to complete the upgrade procedure.
This documentation applies to the following versions of NGINX App Protect WAF: 3.11.