Deep dive on PCI DSS 4.0 API Security Requirements

Deployment - NGINX Load-Balancer

  1. AppSentinels comes with NGINX module that is deployed on the NGINX server.

  2. Additionally AppSentinels Edge Controller is deployed in the environment and should be reachable from the NGINX plugin.

  3. AppSentinels NGINX plugin gets HTTP traffic and forward the logs to AppSentinels Edge Controller for security processing.

  4. AppSentinels NGINX plugin supports two modes configurable via a knob – OOB/Transparent & Service-chaining/Enforcement. In both the modes, AppSentinels process a copy of the packet.

  5. In OOB/transparent mode, plugin forwards the packet to the Application and Edge controller simultaneously. In service-chaining mode, the plugin forwards the packet to Edge Controller and waits for it’s output before forwarding the packet to Application. This allows the plugin to enforce inline action based on response received from Edge Controller.

  6. AppSentinels Service-chaining mode has optional max-latency configuration. In case Edge controller response is delayed and latency crosses configured threshold, plugin gets into fail-open mode and forwards the packet to Application thereby ensuring availability and responsiveness in case of a slowness or an outage.