NGINX App Protect DoS Arbitrator 1.1.0
Here you can find the release information for F5 NGINX App Protect DoS Arbitrator v1.1.0.
December 1, 2021
This release is focused on security and stability.
- 
Improve security by enabling the arbitrator to work as a non-root user. 
- 
Remove operating system dependencies to work as a native service utilizing golang. 
- Special characters like a slash inside the protected object name prevented Arbitrator to save the state file.
- 
The current release upgrades Arbitrator service only. This change is agnostic to NGINX App Protect DoS functionalities. 
- 
proxy_request_bufferingoff is not supported.
- 
gRPC and HTTP/2 protection require active monitoring of the protected service. The directive app_protect_dos_monitoris mandatory for these use cases, otherwise, the attack will not be detected.
- 
gRPC and HTTP/2 protection are available only on Debian 10, Ubuntu 18.04, and Ubuntu 20.04 platforms. For the rest of the platforms, NGINX App Protect DoS does not protect gRPC and HTTP/2 services. The traffic is bypassed. 
- 
TLS fingerprint feature is not used in CentOS 7.4 due to the old OpenSSL version. The required OpenSSL version is 1.1.1 or higher. 
- 
Slow POST attack always mitigates with block action while other types of attacks can also be mitigated with redirection or JS challenges. 
- 
New optional configuration parameters of the directive app_protect_dos_monitorto support gRPC and HTTP/2 protocols.
- 
Added new fields in Security Log: - baseline_dps(datagrams per second) instead of- baseline_tps,- incoming_datagrams
- successful_responsesinstead of- successful_transactions
- unsuccessful_requestsinstead of- unsuccessful_requests_count.
 
- 
In the case of an upgrade from the previous app-protect-dosversion, it’s necessary to remove the oldnginx-plusand install the newapp-protect-dosthat will install a correspondent version ofnginx-plusas described in the NGINX App Protect DoS Deployment Guide.