NGINX.COM
Web Server Load Balancing with NGINX Plus

Please note that NGINX ModSecurity WAF officially went End-of-Sale as of April 1, 2022 and is transitioning to End-of-Life effective March 31, 2024. For more details please read this blog announcement.

We are pleased to announce that the NGINX ModSecurity Web Application Firewall (WAF) is now part of the Google Cloud Security Partner Ecosystem. The NGINX WAF has been validated by both NGINX, Inc. and Google as a solution for protecting Google Cloud Platform (GCP) applications from Layer 7 attacks, such as SQL injection (SQLi) and remote code execution (RCE).

“We’re proud to be partnering with Google to bring the advanced capabilities of NGINX Plus to the Google Cloud Platform,” said Paul Oh, head of Business Development at NGINX. “NGINX was one of the inaugural members in the Google Cloud Marketplace and we look forward to continuing to collaborate on improving our capabilities for mutual customers.”

What Is theNGINX ModSecurity WAF?

The NGINX ModSecurity WAF is our build of the well‑known and respected ModSecurity software and loads directly into NGINX Plus as a dynamic module. Originally a plug‑in for the Apache HTTP Server, ModSecurity was rewritten in version 3.0 to work natively with NGINX Plus and NGINX Open Source.

A WAF is a widely used solution for improving web application security. The NGINX ModSecurity WAF is specialized to focus on HTTP traffic. When an HTTP request is made, the NGINX ModSecurity WAF inspects all parts of the request for any malicious content or anomalies in the traffic. If the packet is deemed malicious it can be blocked, logged, or both, depending on configuration.

The NGINX ModSecurity WAF protects applications from Layer 7 attacks

The NGINX ModSecurity WAF uses a database of “rules” that define malicious behaviors. It supports the OWASP ModSecurity Core Rule Set (CRS), the most widely used rule set for ModSecurity. The OWASP CRS is community‑maintained and has been tuned through wide exposure to block a broad range of attacks with very few false positives.

The OWASP CRS blocks many new web application vulnerabilities out of the gate. For example, the recent Drupalgeddon 2 vulnerability (CVE-2018-7600) is correctly identified and blocked as an RCE vulnerability by the NGINX WAF with the CRS. As of June 2018, there are more than 115,000 websites still vulnerable to Drupalgeddon 2.

For attacks that are not blocked by the CRS, ModSecurity has a flexible rules language that is based on standard Perl Compatible Regular Expressions (PCRE) syntax, the same syntax NGINX uses. ModSecurity rules can be used to virtually patch vulnerabilities, which protects applications until a proper patch can be deployed (for an example, see our blog).

How Do I Get Started?

To get started using the NGINX WAF in GCP, please contact our sales team.

To learn more about using NGINX Plus on GCP, please see our NGINX and GCP partner page.

Learn More

Please note that NGINX ModSecurity WAF officially went End-of-Sale as of April 1, 2022 and is transitioning to End-of-Life effective March 31, 2024. For more details please read this blog announcement.

Hero image
ModSecurity 3.0 and NGINX: Quick Start Guide

The world's most widely deployed WAF, now available for NGINX

About The Author

Faisal Memon

Software Engineer

About F5 NGINX

F5, Inc. is the company behind NGINX, the popular open source project. We offer a suite of technologies for developing and delivering modern applications. Together with F5, our combined solution bridges the gap between NetOps and DevOps, with multi-cloud application services that span from code to customer.

Learn more at nginx.com or join the conversation by following @nginx on Twitter.