Due to changes in third-party support for ModSecurity, F5 NGINX ModSecurity WAF will reach end-of-life in March 2024. Learn about the benefits of our replacement WAF, NGINX App Protect.
Mitigating the log4j Vulnerability (CVE-2021-44228) with NGINX
NGINX can help you protect your apps against the Log4Shell vulnerability in Apache log4j (CVE-2021-44228), with NGINX App Protect, NGINX ModSecurity WAF, or a script using the NGINX JavaScript Module.
NGINX Announces Sponsorship of the OWASP ModSecurity CRS Project
NGINX, a part of F5, Inc., is pleased to announce that we have become the first Gold sponsor of the OWASP ModSecurity Core Rule Set (CRS) project. We look forward to working with the CRS team and helping ensure the CRS project’s long-term success.
Addressing a DoS Vulnerability (CVE-2020-15598) in ModSecurity
On 14 September 2020 we released an update to the NGINX Plus ModSecurity module (for NGINX Plus R20, R21, and R22) in response to CVE-2020-15598. We encourage NGINX Plus subscribers to upgrade to the patched module.
Ask NGINX | April 2019
In this installment of our "Ask NGINX" series, we discuss how NGINX and NGINX Plus work with Diffie-Hellman, support for Datagram Transport Layer Security, how to control the lifetime of content in the cache, and how to add the NGINX WAF to an NGINX Plus subscription.
Securing Applications in Microsoft Azure App Service with NGINX Plus
With NGINXÂ Plus in front of your web apps, API, and mobile backends hosted in Microsoft Azure App Service, you can load balance and secure applications at a global scale with a high level of protection against exploits and attacks from the web.
The NGINX ModSecurity WAF Joins the Google Cloud Security Partner Ecosystem
The NGINX Web Application Firewall (WAF) is now certified in the Google Cloud Security Partner Ecosystem, protecting applications hosted on the Google Cloud Platform from Layer 7 attacks like SQLi and RCE.
Using ModSecurity to Virtually Patch Apache Struts CVE-2017-5638
When a CVE appears, updating affected libraries and re-testing can be too slow. See how to quickly apply a "virtual patch" with ModSecurity.
Top 5 NGINX Blog Posts for 2017 – NGINX Plus R12, Microservices, & More
Top 5 2017 blog posts: NGINX Plus Release 12, microservices, load balancing, security, and the NGINX Application Platform.
ModSecurity: Logging and Debugging
In this blog post, we describe the basics of logging and debugging with ModSecurity and provide audit log and debug log examples
- 1
- 2
