NGINX.COM
Web Server Load Balancing with NGINX Plus

Enhance Security, Automate Defense, and Accelerate Protection with NGINX

Achieve comprehensive protection against DoS and DDoS attacks for your apps and APIs with a multi-layered, adaptive, automated mitigation strategy for DevOps environments. Running natively on NGINX Plus and NGINX Ingress Controller, NGINX App Protect DoS is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.

NGINX App Protect DoS defends apps and APIs from Layer 7 DoS attacks

Why Use NGINX App Protect DoS

  • Multi-Layered Defense
  • Mitigate Attacks
  • Platform-Agnostic
  • Automate Security

Multi-Layered App and API Defense

Mitigate against Layer 7 DoS attacks using machine learning and adaptive security for comprehensive protection at scale. With NGINX App Protect DoS you can:

  • Implement a multi-layered DDoS defense strategy managed by your app and API teams that includes blocking bad-actor IP addresses and bad requests, and applying global rate limiting as needed
  • Reduce operational costs and false positives with machine learning to establish normal baseline patterns, detect anomalies, and block malicious traffic without affecting legitimate traffic
  • Continuously measure mitigation effectiveness with adaptive learning for no-touch policy configuration that enables cost-effective DDoS protection at scale
  • Track and analyze over 300 metrics of user and app behavior and deploy dynamic signatures to automatically mitigate and defend against zero-day attacks.
  • Enhance security with advanced attack detection that tracks client traffic patterns, reviews service health checks, and uses eBPF with XDP technology for accelerated protection

Mitigate DDoS Attack Types

Protect against multiple Layer 7 DDoS attack types that evade traditional network defenses. With NGINX App Protect DoS you can:

  • Protect traditional HTTP/S and modern HTTP/2 apps – plus gRPC and WebSocket traffic – against various low-and-slow DDoS attacks including Slow POST, Slow Read, Slowloris and more
  • Block GET and POST flood attacks which overwhelm the server or API with a high volume of requests, rendering it unable to respond to real users
  • Block Challenger Collapsar attacks where frequent requests appear normal except the requested URI requires complicated computations designed to exhaust server resources
  • Accurately detect bad actors using encryption or NAT to evade detection using TLS fingerprinting for IPv4 in combination with IP address
  • Ensure app uptime and protect against targeted SSL/TLS attacks that abuse the handshake protocol using a signatures mechanism for anomaly detection and mitigation based on the CLIENT HELLO message
NGINX App Protect WAF in a modern app environment

Deploy Platform-Agnostic Protection

Ensure consistent app and API security with seamless integration throughout your entire infrastructure. With NGINX App Protect DoS you can:

  • Easily implement protection across distributed architectures and environments including on-premises, hybrid and multi-cloud
  • Natively deploy DoS protection in a flexible software form factor on NGINX Plus as a load balancer or API gateway, and on NGINX Ingress Controller or as a per-pod or per-service proxy
  • Build consistent security controls for web apps, microservices, containers, and APIs
  • Reduce complexity and tool sprawl using the NGINX portfolio for single-vendor DoS mitigation
  • Scale your DoS protection for Kubernetes apps in the cloud with this lightweight, high-performance, low-latency, and low-compute security solution
How to shift left using Security as Code with NGINX App Protect WAF and DoS for DevSecOps

Support for Security Automation, DevSecOps, and Shift Left

Enable a shift-left strategy where DoS protection is incorporated into every stage of the software development lifecycle (SDLC). With NGINX App Protect DoS you can:

  • Implement DevSecOps with seamless integration of changes to your configured security posture into your CI/CD pipelines with security-as-code for Layer 7 DoS defense
  • Apply consistent app and API DoS protection with declarative security policies created by SecOps and deployed by DevOps
  • Enable cost-effective DDoS protection at scale with no-touch configuration
  • Leverage easy policy integration via the Kubernetes API
  • Keep developers agile and focused on delivering new capabilities, accelerating time to market at a reduced cost

Technical Specifications

Distributions

  • Docker
  • Kubernetes

Architectures

  • x86

Operating Systems

  • Alpine Linux
  • Amazon Linux
  • CentOS
  • Debian
  • Oracle Linux
  • Red Hat Enterprise Linux
  • Ubuntu

Cloud Platforms

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Google Cloud Platform (GCP)
woman typing at desk computer

Visit NGINX Docs For Full Technical Specifications

Modern app security solution that works seamlessly in DevOps environments.

NGINX App Protect DoS Documentation

Resources

NGINX App Protect DoS

Datasheet

NGINX App Protect DoS

Protect apps and APIs from sophisticated Layer 7 denial-of-service attacks, including DDoS, using a multi-layered defense strategy designed for DevOps teams.

 
Automate Security with F5 NGINX App Protect and F5 NGINX Plus to Reduce the Cost of Breaches

Blog

Automate Security with F5 NGINX App Protect and F5 NGINX Plus to Reduce the Cost of Breaches

Lower data breach costs by 80% by adding automation and AI into your security solution with F5 NGINX App Protect and F5 NGINX Plus for DoS protection, WAF, and authentication and...

 
Securing Modern Apps Against Layer 7 DoS Attacks

Whitepaper

Securing Modern Apps Against Layer 7 DoS Attacks

Attempting to balance development speed and security for modern applications isn’t always easy – in fact it’s extremely difficult. But it doesn’t have to be. Read this NGINX...