Web Server Load Balancing with NGINX Plus

This week, some details about security flaws in several microprocessors were publicly shared; a full disclosure is expected to follow. The flaws take several forms, and have been named Meltdown and Spectre.

You can find more information about the scope of both Meltdown and Spectre at

A process (application) running on a server can use these flaws to access the protected memory used by other processes. The bugs can be exploited between processes and across containers, and even in some cloud and virtual environments.

As with all other processes, memory used by NGINX and NGINX Plus is vulnerable to snooping from another process running on the same host. For servers you control, NGINX, Inc. strongly recommends that you apply the appropriate OS patches to protect against this. For cloud and other platform providers that you use, we strongly recommend that you verify that your provider has applied these patches.

As far as we are aware, NGINX and NGINX Plus themselves do not provide an attack vector that a remote user can use to exploit these vulnerabilities. Even if such an attack vector were discovered, it may not be possible to prevent it, so applying the recommended OS patches is a priority.

The appropriate advisories are listed at

We also advise rotating sensitive data – such as authentication credentials and private keys – stored on vulnerable hardware, because both local attacks and remote attacks are generally impossible to detect. This is a higher priority for cloud‑hosted servers, where it may be easier to mount such attacks.

Once the patches are applied, processes that perform large numbers of system calls reportedly will incur a performance penalty due to the impact of the patches. NGINX and NGINX Plus, for example, may therefore require additional CPU resources; monitor the effect of the patch and be prepared to scale up or scale out if necessary.

We are closely following details of these vulnerabilities and will update this notice as more details emerge.

Further Reading

Hero image
Managing Kubernetes Traffic with F5 NGINX: A Practical Guide

Learn how to manage Kubernetes traffic with F5 NGINX Ingress Controller and F5 NGINX Service Mesh and solve the complex challenges of running Kubernetes in production.

About The Author

Owen Garrett

Sr. Director, Product Management

Owen is a senior member of the NGINX Product Management team, covering open source and commercial NGINX products. He holds a particular responsibility for microservices and Kubernetes‑centric solutions. He’s constantly amazed by the ingenuity of NGINX users and still learns of new ways to use NGINX with every discussion.

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at or join the conversation by following @nginx on Twitter.