NGINX App Protect 5.5 release #112
Conversation
…109) As part of the NGINX App Protect WAF 5.5 release, Alpine 1.19 support has been added. This commit updates the relevant sections of documentation that mention Alpine support, while also fixing up the metadata for some related pages.
✅ Deploy Preview will be available once build job completes!
|
add brute force configuration
content/includes/nap-waf/config/v5/build-nginx-image-oss/build-alpine.md
Outdated
Show resolved
Hide resolved
doc: Update policy schema Compiler 11.246.0-nap-release-4-13-0-13336475 (7fab3dc1)
fix some alpine v4 misses
* Update policy.html * Update policy.html fix some lines and remove more tables * Update policy.html clean the code
resharp the comment for an upgrade to a specific version of AS/BS/TC
adding a note to upgrade to a specific version
* Update about-4.13.md * Update about-5.5.md * Update compiler.md
|
|
||
| Brute force attacks are attempts to break in to secured areas of a web application by trying exhaustive, | ||
| systematic, username/password combinations to discover legitimate authentication credentials. | ||
| To prevent brute force attacks, WAF tracks the number of failed attempts to reach login pages |
There was a problem hiding this comment.
In most of the other references to "WAF" in this guide it is "Nginx App Protect (NAP) WAF"
|
|
||
| bruteForceProtectionForAllLoginPages: | ||
| When enabled, enables Brute Force Protection for all configured login URLs. | ||
| When disabled, only brute force configurations for specific login pages are applied in case they exist. |
There was a problem hiding this comment.
If the order doesn't matter, put the url entry next to this, and reference the url entry (which is the url to fill in case this is false)
so instead "When disabled, only brute force configurations for specific login pages are applied in case they exist.
"
I think it should be something like:
"When disabled, the url entry below should contain a url that is defined as a login page".
| When disabled, only brute force configurations for specific login pages are applied in case they exist. | ||
|
|
||
| detectionCriteria: | ||
| Specifies configuration for detecting distributed brute force attacks. |
There was a problem hiding this comment.
Are we sure that this is only for the distributed attack? If so, there should be more explanation about distributed.
It should be something in the lines of:
"This section describe a distributed attack detection where the system see many failed login but can't detect a specific username or IP address causing this. In this case, since the detection applies to all the users, the only mitigation possible is to alert".
|
|
||
| failedLoginAttemptsRateReached: | ||
| After configured threshold (number of failed login attempts within measurementPeriod) defined | ||
| action will be applied for the next login attempt. |
There was a problem hiding this comment.
Action will not be exactly on the next login applied. (as the decision is happening on a different thread). I would write that a brute force attack will be detected.
| action will be applied for the next login attempt. | ||
|
|
||
| loginAttemptsFromTheSameUser: | ||
| Specifies configuration for detecting brute force attacks for Username. |
There was a problem hiding this comment.
Username shouldn't be captial letter. Should be "for a specific username".
|
|
||
| action: | ||
| Specifies action that is applied when defined threshold is reached. | ||
| - **alarm**: The system will log the login attempt. |
| When enabled, the system counts failed login attempts for each Username. | ||
|
|
||
| threshold: | ||
| After configured threshold (number of failed login attempts for each Username) defined |
There was a problem hiding this comment.
Also here, don't write "the next login attempts. It will be one of the next login attempts".
8 participants
Proposed changes
Full description pending.
Checklist
Before merging a pull request, run through this checklist and mark each as complete.
README.mdandCHANGELOG.md)Potentially sensitive changes include anything involving code, personally identify information (PII), live URLs or significant amounts of new or revised documentation.
Please refer to our style guide for guidance about placeholder content.