Site icon 지락문화예술공작단

F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life

F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life

For the past five years, F5 NGINX has been pleased to provide our customers with the NGINX ModSecurity WAF module for NGINX Plus with support against standard classes of vulnerabilities using the OWASP ModSecurity Core Rule Set (CRS). However, due to recent changes to third‑party support for ModSecurity WAF, we regret that we are transitioning NGINX ModSecurity WAF to End-of-Life (EoL) effective March 31, 2024.

Our decision is due in part to the recent announcement from Trustwave, the organization that has been maintaining ModSecurity, that as of July 1, 2024, it will:

Additionally, the OWASP ModSecurity Core Rule Set (CRS) project has announced that it is switching its focus to a new WAF called Coraza, and therefore is no longer continuing to provide updated, basic protection from the OWASP Top 10 attacks for ModSecurity users.

NGINX ModSecurity WAF is based on open source ModSecurity v3 and is backed by our support and testing that ensures the NGINX ModSecurity WAF module works correctly with NGINX Plus. We do not, however, maintain the ModSecurity code itself and the lack of support from Trustwave combined with reduced contribution to the open source ModSecurity project leave NGINX Plus customers with a product that might not meet their requirements for security and stability.

NGINX moved to End-of-Sale (EoS) and stopped selling NGINX ModSecurity WAF on April 1, 2022. If you are a customer with an active license, you can renew your subscription and receive full support – including updates to the NGINX ModSecurity WAF package – until the EoL date (March 31, 2024). NGINX plans to have NGINX ModSecurity package updates until March 31, 2024, with the goal of providing customers with enough time to migrate to a new solution. Your account manager will reach out to you directly to discuss your application security solution needs going forward. If you would like to contact your account manager at any time, please reach out to us. As of April 1, 2023, no further renewals will be accepted.

Dedication to Open Source Remains Integral to NGINX DNA

Although the NGINX ModSecurity WAF product is moving to EoL, we remain committed to our participation in and support of the open source community. NGINX values the collaboration and innovation of open source community members who are dedicated to advancing technology and making it better. We believe that open source encourages the broader use of core foundational security and benefits us all by reducing the attack surface of the global application infrastructure.

In line with those values, NGINX continues to lead the NGINX Open Source and NGINX Unit projects. We take great pride in our security efforts while also recognizing that it takes a broader team to secure the technology fabric we all increasingly rely on in our daily lives. As such, we are pleased to support OSS projects that directly enhance the security of the Internet, including sponsorship of the OWASP Core Rule Set (CRS), Let’s Encrypt, and Open SSL projects.

Has Digital Transformation Changed Your Security Needs?

You may have initially chosen NGINX ModSecurity WAF as a supported version of the open source ModSecurity WAF to protect your apps against general classes of vulnerabilities with the OWASP CRS or to comply with PCI DSS compliance requirements in a standard WAF implementation. Over the past two years, however, the COVID‑19 pandemic has forced organizations to accelerate their digital transformation to keep pace with demand as businesses and consumers alike have shifted to online purchase and consumption of goods and services.

With cyberattacks against web applications and APIs on the rise, it might be the right time to re‑evaluate what you need from a WAF and to implement a more comprehensive level of protection, reliability, and performance required to drive business growth. We offer F5 NGINX App Protect WAF as an alternative security solution that can scale with your business.

NGINX App Protect WAF – Advanced Security for Your Modern Apps and APIs

NGINX App Protect WAF provides several advantages:

Learn why automobile tire vendor Reifen.com chose NGINX App Protect WAF over NGINX ModSecurity WAF when it needed to improve its online performance and meet internal and external security and compliance standards. As e‑commerce consultant to Reifen.com Sascha Petranka explains, “We decided to go with NGINX App Protect WAF because it gave us the best performance, the best long‑term solution, and the combined expertise of NGINX and F5 together.”

Enable Your Business with Optimal App Security

NGINX App Protect WAF can help your organization improve the security and performance of its applications and APIs while bringing DevOps and SecOps teams closer together. It is a lightweight security solution that enables businesses to protect against revenue impacting attacks, data theft, reputational damage, and regulatory non‑compliance. To test drive NGINX App Protect WAF for yourself, start a free 30-day trial or contact us to discuss your use cases.

The post F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life appeared first on NGINX.

Source: F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life

Exit mobile version