Nginx has brought Nginx Plus R10 as the most recent version of its open source web server. This new release is targeted to improve the security and performance of applications and integrates with the initial version of ModSecurity-powered web application firewall (WAF).
The ModSecurity WAF on the newest Nginx Plus is based on ModSecurity 3. It enables security tools like IP blacklisting to protect web applications.
“Nginx Plus with ModSecurity WAF is a must‑have solution to help secure critical applications. It provides a cost‑effective alternative to inflexible and costly hardware appliances, such as those provided by F5, Citrix and Imperva, while also exceeding their capabilities with the flexibility of software,” Nginx writes in a blog post.
In addition to the firewall, clients are provided with JSON web tokens (JWT) to offer them support for authentication. The server validates JWTs to allow access to APIs. Also, Nginx has designed its dual-stack support that works with both RSA and ECC certificates.
The latest Nginx Plus is the commercial variant of the free and open source Nginx. To add the ModSecurity WAF, clients need to pay an additional charge of $2,000 on top of the base fee of the server.