F5 WAF for NGINX 3.10

May 25, 2022

This release includes updated signatures for the Anti Automation (bot defense) feature as follows:

  • Added the following Spam Bot bot signatures: MediaControl Rumble, Internet Fuzzer, NEKO
  • Added the following Service Agent bot signatures: ShadowByte, BackupLand, Virusdie, DropboxPreviewBot, GnowitNewsbot, SiteScoreBot, Hardenize
  • Added the following Exploit Tool bot signatures: Jndi Tomcat Exploiter, struts-pwn, Onapsis ICMAD tool, b3astmode, TNAS, Abyssal, Web shell injector for Joomla, QBOT
  • Added the following Crawler bot signatures: FAST Enterprise Crawler, fluid, ANSSI, INETDEX-BOT, BluechipBacklinks, MRGbot, webgains-bot
  • Added the following HTTP Library bot signatures: AutoIt
  • Added the following Vulnerability Scanner bot signatures: SpringShell XSS Detector
  • Updated the following Exploit Tool bot signatures: Hello, World
  • Updated the following Spam Bot bot signatures: facebot
  • Updated the following Service Agent bot signatures: unshortenit
  • Updated the following Search Engine bot signatures: startpage, startpage

Supported Packages

App Protect

Debian 10
  • app-protect_26+3.890.0-1~buster_amd64.deb
Ubuntu 18.04
  • app-protect_26+3.890.0-1~bionic_amd64.deb
Ubuntu 20.04
  • app-protect_26+3.890.0-1~focal_amd64.deb
CentOS 7.4+ / RHEL 7.4+ / Amazon Linux 2
  • app-protect-26+3.890.0-1.el7.ngx.x86_64.rpm
RHEL 8.1+
  • app-protect-26+3.890.0-1.el8.ngx.x86_64.rpm

Resolved Issues

  • 5800 Fixed - Fixed warning message on Attack Signatures or Threat Campaigns removal on debian-based operating systems.
  • 5946 Fixed - When using custom security policy in transparent mode with bot defense enabled - F5 WAF for NGINX blocks requests without User-Agent.
  • 5947 Fixed - When using default security policy - F5 WAF for NGINX reports wrong outcome_reason) when sending requests without User-Agent.
  • 5780 Fixed - Vulnerability in F5 WAF for NGINX allows a user in some particular circumstances to compose a Security Policy with arbitrary code which will be executed where it is deployed.
  • 6008 Fixed - Using an external reference botDefenseReference for the bot-defense configuration did not correctly take effect on the policy.
  • 6196 Fixed - Updated information on changing the total_xml_memory value in F5 WAF for NGINX Admin guide.

Important Note

When upgrading the F5 WAF for NGINX deployments on Virtual Machines (VM), where the upgrade includes a NGINX Plus release upgrade as well, customers might witness an error message about the upgrade failure.
Customers are advised to ignore this message and continue with the upgrade procedure as described in the F5 WAF for NGINX Admin guide.