2023 archive
This page is an archive of changelog entries for 2023.
For the current year, view the top-level changelog topic.
December 19, 2023
In this release, F5 WAF for NGINX supports NGINX Plus R31.
- RHEL 9+ Support
- app-protect-31.4.641.0-r1.apk
- app-protect-31.4.641.0-r1.apk
- app-protect-31+4.641.0-1.el7.ngx.x86_64.rpm
- app-protect_31+4.641.0-1~bullseye_amd64.deb
- app-protect-31+4.641.0-1.el8.ngx.x86_64.rpm
- app-protect-31+4.641.0-1.el8.ngx.x86_64.rpm
- app-protect-31+4.641.0-1.el9.ngx.x86_64.rpm
- app-protect_31+4.641.0-1~focal_amd64.deb
- app-protect_31+4.641.0-1~jammy_amd64.deb
- NGINX Plus R31
- 9065 Fixed - Increasing the limit for "max_request_size" in log configuration from 2k to 10k. The default will change from "any" to 2k to maintain the old behaviour.
- 9297 Fixed - Add new limit from
responseCheckLengthto response ingress event handling in order to reduce the memory used for buffering.
- 9992 - There is a limitation on Edwards-curve Digital Signature Algorithm (EdDSA) protocol on CentOS 7 as the Enforcer does not support this protocol on this Operating System (OS). When a JSON Web Token (JWT) signed with EdDSA is used on CentOS 7, it results in a
VIOL_ACCESS_INVALIDerror.
-
Starting with this release, the bot signatures list is generated automatically as a part of the app-protect-bot-signatures package, which is a dependency of the app-protect-compiler package. It resembles a format similar to the README-style text file found in the attack signature. Refer to the Bot Signatures Update File for more details.
-
Starting with the next release version of F5 WAF for NGINX, the existing bot signatures file
included_bot_signatureswhich is located at the following path:/opt/app-protect/var/update_files/included_bot_signatureswill be removed from the app-protect-compile package.
October 17, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Crawler bot signature: CheckMarkNetwork, FileHound, ReverseEngineeringBot, University Of Edinburgh, Audisto, crawler eb germany, FAST Enterprise, AASA-Bot, Neticle, newslookup-bot, MYIP.MS, Boomtrain Content Bot, Ads Standards Bot, Seamless Link Tester, CMS detector bot, Aesop, BullsEye, Drip, EyeNetIE Scanner, IIS bot, OWLer, RetrevoPageAnalyzer, criteo-crawler, trafilatura
- Added the following HTTP Library bot signatures: libtorrent, Apache-HttpAsyncClient, RobotsTxtParser-VIPnytt, OpenAI Python Library, OpenAPI Generator, ServiceNow Http Client, CarrierWave
- Added the following Service Agent bot signatures: Symbolicator, admantx-sap, SISTRIX Optimizer, anomify.ai ssl_check, CyberPatrol SiteCat Webbot, DaniBot, SiteMonitor Enterprise, GumGum
- Added the following Vulnerability Scanner bot signatures: interact.sh bot, AcuMonitor bot, interact.sh 2 bot
- Added the following Exploit Tool bot signatures: feroxbuster, WebApp Attacker
- Added the following Site Monitor bot signature: Allmystery, httpstatus
- Added the following Web Downloader bot signatures: FlashGet
- Updated the following Vulnerability Scanner bot signature: OpenVAS
- Updated the following HTTP Library bot signature: DynatraceSynthetic
- Ubuntu 22.04 Support
- JSON Web Token Protection](https://frontdoor-test-docs.nginx.com/previews/docs/1492/waf/policies/jwt-protection/)
- Custom Dimensions Log Entries
- app-protect-30.4.583.0-r1.apk
- app-protect-30.4.583.0-r1.apk
- app-protect-30+4.583.0-1.el7.ngx.x86_64.rpm
- app-protect_30+4.583.0-1~bullseye_amd64.deb
- app-protect-30+4.583.0-1.el8.ngx.x86_64.rpm
- app-protect-30+4.583.0-1.el8.ngx.x86_64.rpm
- app-protect_30+4.583.0-1~focal_amd64.deb
- app-protect_30+4.583.0-1~jammy_amd64.deb
- 8264 Fixed - Implemented the capability to turn enforcer debug logs on/off without the need for a system reload to apply the changes.
- 9060 Fixed - Default uri size is changed from 2k to 8k so that the user can send bigger uri without any configuration change. Now the user will be able to control the size by using policy configuration.
- 9185 Fixed - Unparsable requests, rejected by NGINX are now flagged with
SECURITY_WAF_VIOLATIONinstead ofSECURITY_WAF_VIOLATION_TRANSPARENT. - 8339 Fixed - Attack signatures accuracy is now available for configuration in the security log.
-
Starting with this release, the
app_protect_compressed_requests_actiondirective has been deprecated from the nginx configuration. Now by default the enforcer will decompress all the HTTP compressed payload request and will apply the enforcement. -
The F5 WAF for NGINX has been enhanced to include response signature checks within the "filetypes" section. You have an option to enable the signature verification in the response by setting the
responseCheckparameter to true. By default, this parameter is set to false. See Restrict Response Signatures for more details.
August 15, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Crawler bot signatures: SEOChecker, ev-crawler, FFZBot ImageGrabber, ConveraCrawler, EveryoneSocialBot, Google Ads Bot
- Added the following HTTP Library bot signatures: Airbnb calendar importer
- Added the following Exploit Tool bot signatures: ThinkPHP Malicious Bot, KPLR-requests
- Added the following Service Agent bot signatures: Pleroma, ChatGPT-User, Netflix Media Player, KickFire Extension
- Added the following Social Media Agent bot signatures: Misskey Agent, Lemmy Agent
- Added the following Site Monitor bot signatures: StatusCake Monitor
- Added the following Web Downloader bot signatures: Transmission Bot
In this release, F5 WAF for NGINX supports NGINX Plus R30.
- Alpine 3.17 Support
- app-protect-30.4.457.0-r1.apk
- app-protect-30.4.457.0-r1.apk
- app-protect-30+4.457.0-1.el7.ngx.x86_64.rpm
- app-protect_30+4.457.0-1~bullseye_amd64.deb
- app-protect-30+4.457.0-1.el8.ngx.x86_64.rpm
- app-protect-30+4.457.0-1.el8.ngx.x86_64.rpm
- app-protect_30+4.457.0-1~focal_amd64.deb
- NGINX Plus R30
- 8976 Fixed - When using multiple arcsight remote loggers for F5 WAF for NGINX policy, some requests may cause enforcer to crash.
- 8312 Fixed - Running the get-signatures utility writes output to a different location.
- 8936 Fixed - To reduce potential false positives, user defined Headers and Cookies that do not specify whether their decodeValueAsBase64 value, are now
disabledinstead ofenabledby default. - 8939 Fixed - The issue with rejected gRPC request support id logged as "Passed" has been fixed.
- 8821 Fixed - The Override Rules now support gRPC traffic. The previous limitation regarding the use of Override Rules with gRPC traffic has been resolved.
- 9061 Fixed - Evasions configuration does not work in an Override Rule policy.
- Starting with this release, Ubuntu 18.04 support has been deprecated.
July 5, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Crawler bot signatures: IAS Crawler, Bing Crawler, DIS Group Crawler, WebBot Scrapper, AddSearch Bot, WPWS bot, iSec_Bot, Newstral Crawler, layoftheland.online Crawler, Quantcastbot, Spiceworks Crawlers, CYRATING Crawler, Jooblebot, YouBot, MetaJobBot, ScooperBot, WebwikiBot, JusProg - Domain Crawler, TinEye-Web, PEER39 Crawler, AMPPARIT Crawler, RuxitSynthetic
- Added the following HTTP Library bot signatures: Atoka Logo Fetcher, Zend Http Client Class, Home Assistant API, Probe Image Size, Webpage.rs, Okta Open ID Connect Library, MetadataScraper, node-openid-client, Embed PHP Library, PHP-SOAP
- Added the following Service Agent bot signatures: OpenSearch Service, Plesk screenshot bot, EasyBib+AutoCite
- Added the following Site Monitor bot signatures: Nx Witness Monitor, Newslitbot, Mattermost Bot
- Added the following RSS Reader bot signatures: RSStT, w1NewsBot-RSS, RSS Guard, FeedViewer
- Added the following Spam Bot bot signatures: Ixquick.com
- Added the following Search Bot bot signatures: Xpanse Search Bot
- app-protect_29+4.402.0-1~bullseye_amd64.deb
- app-protect_29+4.402.0-1~bionic_amd64.deb
- app-protect_29+4.402.0-1~focal_amd64.deb
- app-protect-29+4.402.0-1.el7.ngx.x86_64.rpm
- app-protect-29+4.402.0-1.el8.ngx.x86_64.rpm
- app-protect-29.4.402.0-r1.apk
- app-protect-29+4.402.0-1.el8.ngx.x86_64.rpm
- 8302 Fixed - Remote logging destinations when IPv6 is disabled system-wide.
- 7819 Fixed - The login issue encountered on the iOS client when using the AJAX Response Page has been resolved. This problem specifically occurs on iOS devices when NGINX’s
proxy_bufferingis disabled. - 8261 Fixed - Binaries have been upgraded with module and version updates to address and resolve identified vulnerabilities.
- 8477 Fixed - TCP connections in the CLOSE_WAIT state for specific types of requests.
-
There is a limitation when using Override Rules with gRPC. The Override Rules do not provide support for gRPC traffic. If the Override Rules are configured to match gRPC traffic, it will result in the blocking of such traffic.
-
Starting with the upcoming release version of NGINX Plus R30, Ubuntu 18.04 will no longer be supported and will be deprecated.
May 2, 2023
In this release, F5 WAF for NGINX supports NGINX Plus R29.
This release includes new signatures for Anti Automation (bot defense):
- Added the following Crawler bot signatures: YOURLS Crawler, Atomseo broken link checker, proxylist.to Checker, Aspiegel Crawler, digitalshadowsbot, idealo-bot pricevalidator
- Added the following Exploit Tool bot signatures: BackDoorBot
- Added the following Site Monitor bot signatures: RWTH Aachen University Scanner
- Added the following Service Agent bot signatures: AirPlay Server Info, WP Rocket Preload
- app-protect_29+4.279.0-1~bullseye_amd64.deb
- app-protect_29+4.279.0-1~bionic_amd64.deb
- app-protect_29+4.279.0-1~focal_amd64.deb
- app-protect-29+4.279.0-1.el7.ngx.x86_64.rpm
- app-protect-29+4.279.0-1.el8.ngx.x86_64.rpm
- app-protect-29.4.279.0-r1.apk
- app-protect-29+4.279.0-1.el8.ngx.x86_64.rpm
- NGINX Plus R29
- 7987 Fixed - Fixed Violation Rating calculation for trusted bots, untrusted bots and malicious bots.
- 8010 Fixed - Handling of response headers.
This release introduces a change in the json_log field output for Violation details. Starting with F5 WAF for NGINX release 4.3, the Security Log’s json_log field will include all available information regarding Violation details in JSON format. Refer to the Security Log document for more details.
March 29, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Site Monitor bot signatures: 404enemy, Munin Monitor
- Added the following Spam Bot bot signatures: 01h4x, AIBOT
- Added the following Service Agent bot signatures: 404checker, Adyen, Autohost Threat Intel API, Paystack, Pixalate, PureRef, TwilioProxy, SpamExperts
- Added the following Crawler bot signatures: FullStoryBot, GeedoBot, infoobot, IonCrawl, MuscatFerret Crawler, NETVIBES Crawler, SeobilityBot, SMTBot, Summify, WEDOS Crawler, Yahoo Ad monitoring
- Added the following RSS Reader bot signatures: Feed Wrangler, flusio, Page2RSS, Unread RSS Reader
- Added the following Vulnerability Scanner bot signature: Node.js, zerodium Tester
- Added the following DoS Tool bot signature: Siege DoS Tool
- Added the following Exploit Tool bot signature: Criptonize Mirai Installer
- app-protect_28+4.218.0-1~bullseye_amd64.deb
- app-protect_28+4.218.0-1~bionic_amd64.deb
- app-protect_28+4.218.0-1~focal_amd64.deb
- app-protect-28+4.218.0-1.el7.ngx.x86_64.rpm
- app-protect-28+4.218.0-1.el8.ngx.x86_64.rpm
- app-protect-28.4.218.0-r1.apk
- app-protect-28+4.218.0-1.el8.ngx.x86_64.rpm
- 7411 Fixed - The Protocol Buffers library has been updated to enable the usage of keywords that were previously unsupported in gRPC IDL files.
- 7986 Fixed - When converting a policy from BIG-IP, collections with wildcardOrder, such as "urls", may result with the default "*" element being in the wrong order relative to the other wildcard entries. This lead to unexpected and incorrect policy enforcement. convert-policy now writes these elements in the correct order. Importing a policy with an unexpected order also works as expected.
- 7939 Fixed - Requests blocked due to
VIOL_ATTACK_SIGNATUREalthough all signatures disabled. - 7199 Fixed - Alignment of notification and availability of NGINX App Protect Signature updates.
- This release introduces a change in the package dependencies for F5 WAF for NGINX. Customers who work in a SELinux-enforced environment should now explicitly list
app-protect-selinuxpackage when performing App Protect clean install and upgrade. - F5 WAF for NGINX’s SELinux module is now an optional package (meaning - not included in default installation). In order to install
app-protectwithapp-protect-selinuxpackage, use the following command:
yum install app-protect app-protect-selinuxJanuary 31, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Site Monitor bot signatures: OhDear, Cloudflare Monitor, Google Uptime Monitor, NIXStatsbot
- Added the following Service Agent bot signatures: semanticbot, Datafeedwatch, W3C_Unicorn
- Added the following Crawler bot signatures: SearchAtlas, Baidu-YunGuanCe-Bot, Capsulink Crawler, arocom Crawler, sovrn Crawler, TangibleeBot Crawler, Curebot Crawler, DnyzBot Crawler, bitbot Crawler, Botify Crawler, myUsage Cralwer, RepoLookoutBot, Grafana Crawler
- Alpine 3.16 Support
- Apreload - F5 WAF for NGINX Standalone Configuration
- app-protect_28+4.100.1-1~bullseye_amd64.deb
- app-protect_28+4.100.1-1~bionic_amd64.deb
- app-protect_28+4.100.1-1~focal_amd64.deb
- app-protect-28+4.100.1-1.el7.ngx.x86_64.rpm
- app-protect-28+4.100.1-1.el8.ngx.x86_64.rpm
- app-protect-28.4.100.0-r1.apk
- app-protect-28+4.100.1-1.el8.ngx.x86_64.rpm
- 7298 Fixed - decodeValueAsBase64 feature is now disabled and the default value for
decodeValueAsBase64is set todisabledto avoid high chance of false positive violations. - 7238 Fixed - Hyphen metacharacter is now allowed by default in JSON and XML Profiles.