NGINX Introduces Web Application Firewall

NGINX has announced its new Web Application Firewall (WAF) platform to strengthen its existing suite of application delivery tools. The WAF is used on the popular ModSecurity open source software, which is already used by over a million websites. In its design, the NGINX WAF is comprehensive and sturdy.

The NGINX team is clearly well aware of the variety of attacks, DDoS and otherwise, that plague companies nowadays. We can break down the NGINX WAF into four main components. The first is designed to detect and prevent Layer 7 attacks. These can be difficult to detect and, as such, some of the most devastating for file loss and service interruption. Attack varieties like SQL injection (SQLi), cross-site scripting (XSS), and Local File Include (LFI) account for almost all of the known Layer 7 attacks documented in the last few years.

The WAF allows developers and engineers to write and modify their own regex-based rules to customize security for a given network. The firewall is capable of differentiating between malicious and legitimate user traffic. Some firewalls struggle to distinguish bad and good traffic, and either incidentally permit bad traffic or block good traffic. The NGINX firewall’s sophisticated design puts it above the rest in this regard.

The WAF also protects against DDoS attacks. This is a standard model for almost all WAFs these days, but of course it is a very necessary feature. The WAF’s automated design will instantly detect high volumes of HTTP requests, block access to malicious traffic, and manage traffic thresholds to minimize false positives.

The WAF also leverages the Project Honey database to deny access to blacklisted IP addresses. Engineers and developers can share known malicious bot and user accounts through the open source community and software. They can also set up their own honeypot of malicious IP addresses in the case of an attack and help their peers prevent similar future attacks.

Finally, the WAF tracks all traffic activity and transactions. The system logs raw data and archives it for the record and for analysis. Engineers can see which firewall rules were activated during a given attack or breach and prepare for future attacks. Engineers can also get a better sense of how attacks begin to better predict an incoming siege.

The unique thing about the NGINX WAF is that it is hardware-free. It is fully open source integrated and can be deployed in any given network or infrastructure environment. The open source technology also helps breed collaboration as engineers can troubleshoot and share known malicious IPs to prevent attacks across entire sectors and network markets. The power of this open source community on the security sector is often underutilized, and it is refreshing to see this kind of OSS model in the WAF space.