For our F5 NGINX Plus customers, you may be aware that there has been a product called NGINX ModSecurity WAF we offer. It was recently announced this offering will be transitioning to End-of-Life (EoL) effective March 31, 2024. It was moved to End-of-Sale (EoS) recently on April 1, 2022.
This comes after a recent announcement from Trustwave, who has been maintaining the ModSecurity project, that they will cease support of ModSecurity open source code and will be returning responsibility to the open source community.
Additionnaly, while the OWASP ModSecurity Core Rule Set (CRS) project plans to continue their support for ModSecurity, it is transitioning its focus to a new WAF called Coraza, having concerns over the viability of the ModSecurity project given the actions and announcement to changes in support by Trustwave.
With that said, F5 NGINX has great transition options that have additional capabilities. To explore these opportunities, as well as further details on the changes to the NGINX ModSecurity WAF, please visit this NGINX Blog article.