NGINX App Protect WAF 4.2
March 29, 2023
This release includes new signatures for Anti Automation (bot defense):
- Added the following Site Monitor bot signatures: 404enemy, Munin Monitor
- Added the following Spam Bot bot signatures: 01h4x, AIBOT
- Added the following Service Agent bot signatures: 404checker, Adyen, Autohost Threat Intel API, Paystack, Pixalate, PureRef, TwilioProxy, SpamExperts
- Added the following Crawler bot signatures: FullStoryBot, GeedoBot, infoobot, IonCrawl, MuscatFerret Crawler, NETVIBES Crawler, SeobilityBot, SMTBot, Summify, WEDOS Crawler, Yahoo Ad monitoring
- Added the following RSS Reader bot signatures: Feed Wrangler, flusio, Page2RSS, Unread RSS Reader
- Added the following Vulnerability Scanner bot signature: Node.js, zerodium Tester
- Added the following DoS Tool bot signature: Siege DoS Tool
- Added the following Exploit Tool bot signature: Criptonize Mirai Installer
- app-protect_28+4.218.0-1~bullseye_amd64.deb
- app-protect_28+4.218.0-1~bionic_amd64.deb
- app-protect_28+4.218.0-1~focal_amd64.deb
- app-protect-28+4.218.0-1.el7.ngx.x86_64.rpm
- app-protect-28+4.218.0-1.el8.ngx.x86_64.rpm
- app-protect-28.4.218.0-r1.apk
- app-protect-28+4.218.0-1.el8.ngx.x86_64.rpm
- 
7411 Fixed - The Protocol Buffers library has been updated to enable the usage of keywords that were previously unsupported in gRPC IDL files. 
- 
7986 Fixed - When converting a policy from BIG-IP, collections with wildcardOrder, such as “urls”, may result with the default “*” element being in the wrong order relative to the other wildcard entries. This lead to unexpected and incorrect policy enforcement. convert-policy now writes these elements in the correct order. Importing a policy with an unexpected order also works as expected. 
- 
7939 Fixed - Requests blocked due to VIOL_ATTACK_SIGNATUREalthough all signatures disabled.
- 
7199 Fixed - Alignment of notification and availability of NGINX App Protect Signature updates. 
- 
This release introduces a change in the package dependencies for NGINX App Protect WAF. Customers who work in a SELinux-enforced environment should now explicitly list app-protect-selinuxpackage when performing App Protect clean install and upgrade.
 NGINX App Protect WAF’s SELinux module is now an optional package (meaning - not included in default installation). In order to installapp-protectwithapp-protect-selinuxpackage, use the following command:yum install app-protect app-protect-selinux