F5 DoS for NGINX 2.1
Here you can find the release information for F5 F5 DoS for NGINX v2.1. F5 DoS for NGINX provides behavioral protection against Denial of Service (DoS) for your web applications.
December 29, 2021
- Support for RHEL (7.4.x and above) Virtual Machine (VM) deployment
- Support for RHEL 8 and UBI 8
- GRPC and HTTP/2 protection support for Centos (7.4.x and above) and RHEL (7.4.x and above)
- app-protect-dos-25+2.1.8-1.el7.ngx.el7.ngx.x86_64.rpm
- app-protect-dos-25+2.1.8-1.el8.ngx.el8.ngx.x86_64.rpm
- app-protect-dos_25+2.1.8-1~buster_amd64.deb
- app-protect-dos_25+2.1.8-1~bionic_amd64.deb
- app-protect-dos_25+2.1.8-1~focal_amd64.deb
- NGINX Plus R25
- 
The app_protect_dos_namedirective is not inherited by the inner blocks, causing to have more VSs than expected.
- 
Signature should not be created if good and bad actor use the same type of traffic. 
- 
When there’s a clear anomaly on the User-Agent header signal, the signature doesn’t include it. 
- 
HTTP Method signal is named incorrectly in signatures. 
- 
proxy_request_bufferingoff is not supported.
- 
gRPC and HTTP/2 protection require active monitoring of the protected service. The directive app_protect_dos_monitoris mandatory for these use cases, otherwise, the attack will not be detected.
- 
TLS fingerprint feature is not used in CentOS 7.4 and RHEL 7 / UBI 7 due to the old OpenSSL version. The required OpenSSL version is 1.1.1 or higher. 
- 
Slow POST attack always mitigates with block action while other types of attacks can also be mitigated with redirection or JS challenges. 
- 
The recommended option of running NGINX Plus in a Docker Container is with the daemon offflag. It’s mandatory for UBI 8.