nginx · JTorreG · Dec 16, 2025 · Dec 15, 2025 · Dec 15, 2025 · Dec 15, 2025
@@ -3,8 +3,8 @@ title: F5 NGINX Product Documentation
 description: Learn how to deliver, manage, and protect your applications using F5 NGINX products.
 ---
 
-# F5 NGINX Product Documentation 
-Learn how to deliver, manage, and protect your applications using F5 NGINX products. 
+# F5 NGINX Product Documentation
+Learn how to deliver, manage, and protect your applications using F5 NGINX products.
 
 {{<card-section showAsCards="true" title="F5 NGINX One">}}
   {{<card title="F5 NGINX One Console" titleUrl="/nginx-one-console/" brandIcon="NGINX-One-product-icon.svg" isLanding="true">}}

@@ -1,25 +1,16 @@
 ---
-# The title is the product name
 title: "F5 WAF for NGINX"
-# The URL is the base of the deployed path, becoming "docs.nginx.com/<url>/<other-pages>"
 url: /waf/
-# The cascade directive applies its nested parameters down the page tree until overwritten
 cascade:
-  # The logo file is resolved from the theme, in the folder /static/images/icons/
   logo: NGINX-App-Protect-WAF-product-icon.svg
-# The subtitle displays directly underneath the heading of a given page
 nd-banner:
     enabled: true
     start-date: 2025-08-30
     md: /_banners/waf-unification-notice.md
 nd-subtitle: A lightweight, high-performance web application firewall for protecting APIs and applications
-# Indicates that this is a custom landing page
 nd-landing-page: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: landing-page
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 ## About

@@ -1,12 +1,8 @@
 ---
 title: "2023 archive"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 200
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
 nd-product: F5WAFN
 ---
 
@@ -151,7 +147,7 @@ This release includes new signatures for Anti Automation (bot defense):
 
 ### **Important Notes**
 
-- Starting with this release, the `app_protect_compressed_requests_action` directive has been deprecated from the nginx configuration. Now by default the enforcer will decompress all the HTTP compressed payload request and will apply the enforcement. 
+- Starting with this release, the `app_protect_compressed_requests_action` directive has been deprecated from the nginx configuration. Now by default the enforcer will decompress all the HTTP compressed payload request and will apply the enforcement.
 
 - The F5 NGINX App Protect WAF has been enhanced to include response signature checks within the "filetypes" section. You have an option to enable the signature verification in the response by setting the `responseCheck` parameter to true. By default, this parameter is set to false. See [Restrict Response Signatures]({{< ref "/waf/policies/response-signatures.md" >}}) for more details.
 

@@ -1,13 +1,8 @@
 ---
 title: "2024 archive"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 100
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
 nd-product: F5WAFN
 ---
 

@@ -1,14 +1,9 @@
 ---
-# We use sentence case and present imperative tone
 title: "Changelog"
 url: /waf/changelog/
-# Weights are assigned in increments of 100: determines sorting order
 weight: 600
-# Creates a table of contents and sidebar, useful for large documents
 nd-landing-page: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
 nd-product: F5WAFN
 ---
 

@@ -1,15 +1,9 @@
 ---
-# We use sentence case and present imperative tone
 title: "Apply security policy updates without reloading NGINX using apreload"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 100
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 This document describes how to use `apreload`, a tool for updating F5 WAF for NGINX configuration without reloading NGINX.
@@ -61,7 +55,7 @@ When calling _apreload_ directly, it is possible to run it while the previous ex
 
 The new execution will will apply a new configuration, and the most recent configuration will only apply during during the execution period.
 
-In a scenario where an execution from an NGINX reload is followed by a direct _ap_reload_ call, the NGINX workers with the new NGINX configuration will be loaded as soon as the Enforcer finishes processing the existing configuration. 
+In a scenario where an execution from an NGINX reload is followed by a direct _ap_reload_ call, the NGINX workers with the new NGINX configuration will be loaded as soon as the Enforcer finishes processing the existing configuration.
 
 Once complete, the most recent F5 WAF for NGINX configuration will be loaded using with the same NGINX worker instances.
 
@@ -77,10 +71,10 @@ If you want to apply either of the two, reload NGINX instead of using _apreload_
 
 ## apreload events
 
-_apreload_ events use the same format as operation log events written in the NGINX error log, reporting `configuration_load_success` or `configuration_load_failure` with JSON formatted details. 
+_apreload_ events use the same format as operation log events written in the NGINX error log, reporting `configuration_load_success` or `configuration_load_failure` with JSON formatted details.
 
-If any of the configuration files are invalid, _apreload_ will discover that and return the proper error message in the `configuration_load_failure event`. 
+If any of the configuration files are invalid, _apreload_ will discover that and return the proper error message in the `configuration_load_failure event`.
 
-The enforcer will continue to run with the previous working configuration. 
+The enforcer will continue to run with the previous working configuration.
 
 For more information, see the [Operation logs]({{< ref "/waf/logging/operation-logs.md">}}) topic.
@@ -1,18 +1,14 @@
 ---
-# We use sentence case and present imperative tone
 title: "Build and use the compiler tool"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 200
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
 nd-product: F5WAFN
 ---
 
 This document describes how to use the F5 WAF for NGINX compiler, a tool for converting security policies and logging profiles from JSON to a bundle file that F5 WAF can process and apply.
 
-You can use it to get the latest security updates for [Attack signatures]({{< ref "/waf/policies/attack-signatures.md" >}}), Threat campaigns and Bot signatures. 
+You can use it to get the latest security updates for [Attack signatures]({{< ref "/waf/policies/attack-signatures.md" >}}), Threat campaigns and Bot signatures.
 
 The compiler is packaged as a Docker image and can executed using the Docker CLI or as part of a continuous integration/continuous delivery (CI/CD) pipeline.
 
@@ -106,7 +102,7 @@ You can can upgrade or downgrade one of the Signatures by specifying a specific
 
 You can use the Docker registry API to list the available image tags.
 
-Replace `<path-to-your-nginx-repo.key>` with the location of your client key and `<path-to-your-nginx-repo.crt>` with the location of your client certificate. 
+Replace `<path-to-your-nginx-repo.key>` with the location of your client key and `<path-to-your-nginx-repo.crt>` with the location of your client certificate.
 
 ```shell
 curl -s https://private-registry.nginx.com/v2/nap/waf-compiler/tags/list --key <path-to-your-nginx-repo.key> --cert <path-to-your-nginx-repo.crt>
@@ -150,7 +146,7 @@ Ensure that the output directory is writable, otherwise you may encounter a perm
 
 {{< /call-out >}}
 
-To use multiple policy bundles within a single NGINX configuration, you must supply a [global settings](#global-settings) JSON file. 
+To use multiple policy bundles within a single NGINX configuration, you must supply a [global settings](#global-settings) JSON file.
 
 This ensures that all bundles have a common foundation such as cookie seed and user-defined signatures.
 
@@ -184,7 +180,7 @@ docker run --rm \
  -include-source -full-export -g $(pwd)/global_settings.json -p $(pwd)/policy.json -o $(pwd)/compiled_policy.tgz
 ```
 
-This will transform any configuration that relies on external references into an inline configuration within the bundled source. 
+This will transform any configuration that relies on external references into an inline configuration within the bundled source.
 
 Additionally, when `-include-source` is combined with `-full-export`, the policy.json within the bundle will contain the entire source policy, including any default settings from the base template.
 

@@ -1,18 +1,12 @@
 ---
-# We use sentence case and present imperative tone
 title: "Build and use the converter tools"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 300
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
-This document describes the tools F5 WAF for NGINX has to convert existing resources or configuration files from a BIG-IP environment for use with F5 WAF for NGINX. 
+This document describes the tools F5 WAF for NGINX has to convert existing resources or configuration files from a BIG-IP environment for use with F5 WAF for NGINX.
 
 {{< call-out "important" >}}
 
@@ -158,10 +152,10 @@ docker run -it --rm \
   waf-compiler-<version-tag>:custom \
   -i /tmp/convert/policy.xml \
   -o /tmp/convert/policy.json \
-  --full-export 
+  --full-export
 ```
 
-### Keep full configuration (retain elements that may be invalid or irrelevant):
+### Keep full configuration (retain elements that may be invalid or irrelevant)
 ```shell
 docker run -it --rm \
   -v "$(pwd)":/tmp/convert \

@@ -1,15 +1,9 @@
 ---
-# We use sentence case and present imperative tone
 title: "Add a read-only filesystem for Kubernetes  "
-# Weights are assigned in increments of 100: determines sorting order
 weight: 600
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 This page describes how to add a read-only filesystem when deploying F5 WAF for NGINX when using Kubernetes.

@@ -1,19 +1,13 @@
 ---
-# We use sentence case and present imperative tone
 title: "Configure NGINX features with F5 WAF"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 700
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
-This document shows examples of how to modify your NGINX configuration to enable F5 WAF for NGINX features. 
+This document shows examples of how to modify your NGINX configuration to enable F5 WAF for NGINX features.
 
-It is intended as a reference for small, self-contained examples of how F5 WAF for NGINX can be configured. 
+It is intended as a reference for small, self-contained examples of how F5 WAF for NGINX can be configured.
 
 Important constraints when F5 WAF for NGINX is enabled:
 
@@ -24,7 +18,7 @@ For additional information on configuring NGINX, you should view the [NGINX docu
 
 ## Subrequest-based modules
 
-F5 WAF for NGINX inspects direct client-facing requests, but does not inspect internal subrequests generated by subrequest-based modules. 
+F5 WAF for NGINX inspects direct client-facing requests, but does not inspect internal subrequests generated by subrequest-based modules.
 
 Examples of subrequest-based modules:
 

@@ -1,22 +1,16 @@
 ---
-# We use sentence case and present imperative tone
 title: "Secure traffic using mTLS"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 500
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 This document describes how to secure traffic between NGINX and the F5 WAF enforcer using mTLS.
 
 It explains how to generate the necessary certificates, then update configuration files to use them.
 
-A mutual TLS (mTLS) connection creates authentication between both NGINX (client) and F5 WAF Enforcer (server). 
+A mutual TLS (mTLS) connection creates authentication between both NGINX (client) and F5 WAF Enforcer (server).
 
 This adds an extra layer of security, ensuring that both parties are who they claim to be.
 
@@ -26,7 +20,7 @@ To enable mTLS, you must first create certificates.
 
 {{< call-out "note" >}}
 
-The following commands will generate self-signed certificates in _/etc/ssl/certs/_ valid for the default period of 30 days. You can adjust the command to fit your needs. 
+The following commands will generate self-signed certificates in _/etc/ssl/certs/_ valid for the default period of 30 days. You can adjust the command to fit your needs.
 
 For instance, to specify a different validity period, add the _-days_ option followed by the number of days you want the certificate to be valid (Such as _-days 90_).
 

@@ -1,20 +1,14 @@
 ---
-# We use sentence case and present imperative tone
 title: "Configure SELinux"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 400
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 The default settings for Security-Enhanced Linux (SELinux) on modern Red Hat Enterprise Linux (RHEL) and related distros can be very strict, prioritizing security over user convenience.
 
-To ensure F5 WAF for NGINX operates smoothly without compromising security, consider setting up a custom SELinux policy or AppArmor profile. 
+To ensure F5 WAF for NGINX operates smoothly without compromising security, consider setting up a custom SELinux policy or AppArmor profile.
 
 For troubleshooting, you may use permissive (SELinux) or complain (AppArmor) mode to avoid these restrictions, but this is inadvisable for prolonged use.
 

@@ -1,18 +1,12 @@
 ---
-# We use sentence case and present imperative tone
 title: "Overview"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 100
-# Creates a table of contents and sidebar, useful for large documents
 toc: false
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
-[F5 WAF for NGINX](https://www.f5.com/products/nginx/nginx-app-protect) (formerly NGINX App Protect WAF) is an advanced, lightweight and high-performance web application firewall (WAF) for applications and APIs. 
+[F5 WAF for NGINX](https://www.f5.com/products/nginx/nginx-app-protect) (formerly NGINX App Protect WAF) is an advanced, lightweight and high-performance web application firewall (WAF) for applications and APIs.
 
 It provides protection for the OWASP Top 10, with additional functionality:
 
@@ -37,4 +31,4 @@ It is platform-agnostic and supports a range of deployment options:
 
 For more details, see the [Technical specifications]({{< ref "/waf/fundamentals/technical-specifications.md" >}}).
 
-F5 WAF for NGINX is part of the [NGINX One](https://www.f5.com/products/nginx/one) premium packages and runs natively on [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) and [NGINX Ingress Controller](https://www.f5.com/products/nginx/nginx-ingress-controller). 
+F5 WAF for NGINX is part of the [NGINX One](https://www.f5.com/products/nginx/one) premium packages and runs natively on [NGINX Plus](https://www.f5.com/products/nginx/nginx-plus) and [NGINX Ingress Controller](https://www.f5.com/products/nginx/nginx-ingress-controller).
@@ -1,15 +1,9 @@
 ---
-# We use sentence case and present imperative tone
 title: "Technical specifications"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 200
-# Creates a table of contents and sidebar, useful for large documents
 toc: true
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 This page outlines the technical specifications for F5 WAF for NGINX, which includes the minimum requirements and supported platforms.

@@ -1,15 +1,9 @@
 ---
-# We use sentence case and present imperative tone
 title: "Terminology"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 300
-# Creates a table of contents and sidebar, useful for large documents
 toc: false
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: reference
-# Intended for internal catalogue and search, case sensitive:
-# Agent, N4Azure, NIC, NIM, NGF, NAP-DOS, NAP-WAF, NGINX One, NGINX+, Solutions, Unit
-nd-product: NAP-WAF
+nd-product: F5WAFN
 ---
 
 This page defines terminology used when describing functionality of F5 WAF for NGINX.

@@ -1,11 +1,7 @@
 ---
-# We use sentence case and present imperative tone
 title: "Disconnected or air-gapped environments"
-# Weights are assigned in increments of 100: determines sorting order
 weight: 500
-# Creates a table of contents and sidebar, useful for large documents
 toc: false
-# Types have a 1:1 relationship with Hugo archetypes, so you shouldn't need to change this
 nd-content-type: how-to
 nd-product: F5WAFN
 ---