F5 WAF for NGINX integration overview

You can now integrate the features of F5 WAF for NGINX v4 and v5 in F5 NGINX One Console. F5 WAF for NGINX offers advanced Web Application Firewall (WAF) capabilities. Through the NGINX One Console UI, you can now set up the F5 WAF for NGINX firewall. This solution provides robust security and scalability.

Features

Once you’ve connected to the NGINX One Console, select WAF > Policies. You can add new policies or edit existing policies, as defined in the F5 WAF for NGINX Configure policies topic.

Through the NGINX One Console UI, you can:

• Add and configure a policy
• Review existing policies
• Deploy policies on instances and Config Sync Groups
• Configure log profiles that control how security events are logged and formatted for monitoring and analysis
• Review log profiles
• Deploy log profiles to instances and Config Sync Groups

You can also set up policies through the NGINX One Console API, and log profiles through the Log Profile API.

Log profiles define the format, destination, and filtering criteria for security logs generated by F5 WAF for NGINX. For detailed information about security logging capabilities, see Security Logs.

Set up F5 WAF for NGINX

You can install and upgrade F5 WAF for NGINX

Container-related configuration requirements

F5 WAF for NGINX has specific requirements for the configuration with Docker containers:

WAF Policy

• Directory associated with the volume, which you may configure in a docker-compose.yaml file.

  • You may set it up with the volumes directive with a directory like /etc/nginx/app_protect_policies.

  • You need to set up the container volume. So when the policy bundle is referenced in the nginx directive, the file path is what the container sees.

  • You need to also include an app_protect_policy_file, as described in F5 WAF for NGINX Directives

  • You’ll need to set a policy bundle (in compressed tar format) in a configured volume.

  • Make sure the directory for NGINX Agent includes /etc/nginx/app_protect_policies.

When you deploy NAP policy through NGINX One Console, do not also use plain JSON policy in the same NGINX instance.

Log profiles

To use security logs with F5 WAF for NGINX in containers, you need to set up the following:

• Compile log profiles: Before you apply a log configuration, you need to Compile the log profile the JSON log configuration file into a logging profile bundle (in compressed tar format).
• Configure NGINX directives in nginx.conf:
  • Add app_protect_security_log_enable on to enable security logging in the respective context (http, server, or location).
  • Add app_protect_security_log to specify the log profile bundle path and destination. For example: app_protect_security_log /mounted_host_dir/logging_profile.tgz /mounted_host_dir/security.log.
• Mount volumes for log destinations: Because logs are generated from the waf-enforcer container, you need to mount paths to the host when using file destinations. You can configure this in your docker-compose.yaml file with the volumes directive.