Release Notes: F5 Essential App Protect Service¶
Essential App Protect Service provides instant, out-of-the-box protection from common web exploits, malicious IPs and coordinated attack types. It includes a live interactive map display, integration with F5 Labs, and multiple web application firewall (WAF) security capabilities.
- Integration with Amazon CloudFront for an easy and cost effective way to distribute content with low latency and high data transfer speeds. See CloudFront Integration.
- URI based policy enforcement, so you can direct where you want protection and where you don’t. See protected_uris and unprotected_uris.
- Specify additional subdomains to protect in the portal. See Additional FQDNs in Protect Application - General.
- Support for NTLM integration. See Enable NTLM authentication in Protect Application - General.
- Over 600 new and updated attack signatures. See the Attack Signature Table.
- New support for CIDR notation when specifying allowed and blocked ranges for IP enforcement.
- You can now allow requests from IPs marked as malicious while still enforcing your security policy. See Ignore Malicious IP.
- Better viewing of security events with automated updates and the option for pagination to avoid missing events during a high-volume attack. See View Events.
- New support for TLS 1.2 allowing you to increase your security posture.
- A new protection status page shows data visualizations that communicate your application protection perimeter in a single view in the form of a shareable report.
- Continuous monitoring of region and endpoints to show the health of your application based on the health of the endpoints and the status of the regions. See Manage Regions.
- Configuration versioning allows undo and roll-back capabilities - see Service-specific Events and Roll back Configuration Changes.
- Newly discovered attack signatures are now automatically added and logged as service events - see Service-specific Events.
- Deployed new service regions - see Add deployment regions to allow list. whitelist
- Known attack signatures are now identified by ID in the portal, shown in the documentation, and available through the API.
- Listeners for HTTP and HTTPS, SSL/TLS certificates, and the choice to redirect HTTP traffic to HTTPS can now be easily updated from within the portal.
- Regions can now be completely managed in the portal, allowing you to add, modify, and delete.
- Service configuration changes are now logged so you can track what changed, when, and by whom.
General Availability (GA) Release 2020-03-17¶
This is the first general availability release following a successful preview period.
- Out-of-the-box protection against common web exploits, malicious IPs, and coordinated attacks
- Checkbox-simple setup and configuration—Setup instructions
- Tight integration with F5 Labs threat intelligence
- Intuitive, graphical user interface (UI)
- Full declarative API support for integration into CI/CD pipelines
SaaS Continuous Integration, Continuous Development (CI/CD)
Essential App Protect is a SaaS solution developed using the latest CI/CD techniques for automating new feature integration and delivery, so you always have up-to-date software protecting your application. While the initial release offers great protection, our security team is continually working to deliver the latest capabilities for the best application security available. Here are some of the extensions we plan to add in the near future:
- SIEM Integration
- CDN Integration
Additionally, Essential App Protect manages the security posture for your application—our security research team will continuously search for and discover new vulnerabilities, create new attack signatures to cover them, and deliver as part of our regular updates. For those who want to manually control the attack signatures and certain security settings, we’ll be adding the following UI capabilities:
- Listing/disabling/enabling specific attack signatures for your application
- Uploading TLS cert post onboarding
- Creating new endpoints with the portal
- Fixed: User was not able to change or add an SSL/TLS certificate on subscriptions that were already active.
- Fixed: NGINX was replacing Host header with an incorrect value—Host: backend:8080. Essential App Protect now preserves the original Host header.
- Everything else is fine, we hope.
Getting help for F5 Cloud Services¶
You can find additional support resources and technical documentation through a variety of sources: