PingAccess

PingAccess agent for NGINX 2.2 (December 2024)

Agent SDK for C compatibility

Info

Compatible with the Agent SDK for C version 1.4.1.

RHEL 7 deprecation

Info

Support for RHEL 7 will be deprecated in version 1.5.

Cache multiple token-types for Web + API applications

New PA-15516

If you use a Web + API application, the vnd-pi-resource-cache PingAccess agent protocol (PAAP) header now contains an additional path so Web + API applications can cache both cookie and authorization header token-types. Learn more in the Cache multiple token-types for Web + API applications entry in the PingAccess 8.1 release notes, and the agent.cache.defaultTokenType property on the NGINX agent configuration page.

Existing agent environments ignore the new vnd-pi-token-cache-oauth-ttl header and additional paths in the vnd-pi-resource-cache header.

To see the performance boost, upgrade to PingAccess 8.1 or later and upgrade to the latest version of the NGINX agent. Otherwise, continue to use an earlier agent version.

Block bad characters in NGINX agent deployments

New PAA-251

Configure the PingAccess agent for NGINX to block requests that contain bad characters in the URI, query parameters, form parameters, or request body without reaching out to PingAccess for a decision.

Added eight new properties to the agent:

  1. agent.request.block.xss.characters

  2. agent.request.block.uri.characters

  3. agent.request.block.query.characters

  4. agent.request.block.form.characters

  5. agent.request.block.xss.http.status

  6. agent.request.block.uri.http.status

  7. agent.request.block.query.http.status

  8. agent.request.block.form.http.status

Learn more in the NGINX agent configuration page.

For large scale or more complex blocking decisions, it’s best practice for the agent to reach out to PingAccess for a decision.