F5 NGINX App Protect DoS

Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs.

Enhance Security, Automate Defense, and Accelerate Protection with NGINX

Achieve comprehensive protection against DoS and DDoS attacks for your apps and APIs with a multi-layered, adaptive, automated mitigation strategy for DevOps environments. Running natively on NGINX Plus and NGINX Ingress Controller, NGINX App Protect DoS is platform-agnostic and supports deployment options ranging from edge load balancers to individual pods in Kubernetes clusters.

NGINX App Protect DoS Defends Apps and APIs from Layer 7 DoS Attacks

Why Use NGINX App Protect DoS

Mitigate DDoS Attack Types

Protect against multiple Layer 7 DDoS attack types that evade traditional network defenses. With NGINX App Protect DoS you can:

  • Protect traditional HTTP/S and modern HTTP/2 apps – plus gRPC and WebSocket traffic – against various low-and-slow DDoS attacks including Slow POST, Slow Read, Slowloris and more
  • Block GET and POST flood attacks which overwhelm the server or API with a high volume of requests, rendering it unable to respond to real users
  • Block Challenger Collapsar attacks where frequent requests appear normal except the requested URI requires complicated computations designed to exhaust server resources
  • Accurately detect bad actors using encryption or NAT to evade detection using TLS fingerprinting for IPv4 in combination with IP address
  • Ensure app uptime and protect against targeted SSL/TLS attacks that abuse the handshake protocol using a signatures mechanism for anomaly detection and mitigation based on the CLIENT HELLO message

shift left diagram

Support for Security Automation, DevSecOps, and Shift Left

Enable a shift-left strategy where DoS protection is incorporated into every stage of the software development lifecycle (SDLC). With NGINX App Protect DoS you can:

  • Implement DevSecOps with seamless integration of changes to your configured security posture into your CI/CD pipelines with security-as-code for Layer 7 DoS defense
  • Apply consistent app and API DoS protection with declarative security policies created by SecOps and deployed by DevOps
  • Enable cost-effective DDoS protection at scale with no-touch configuration
  • Leverage easy policy integration via the Kubernetes API
  • Keep developers agile and focused on delivering new capabilities, accelerating time to market at a reduced cost


Technical Specifications


Modern app security solution that works seamlessly in DevOps environments.






Operating Systems

Alpine Linux

Amazon Linux



Oracle Linux

Red Hat Enterprise Linux


Cloud Platforms

Amazon Web Services (AWS)

Microsoft Azure

Google Cloud Platform (GCP)

Next Steps