# Create a security policy bundle Type of document: How-to guide Product: NGINX Instance Manager > Create a precompiled security bundle that packages your F5 WAF for NGINX policies, signatures, and threat campaigns into a single file for efficient, reusable deployment across instances. --- F5 NGINX Instance Manager lets you package your complete F5 WAF for NGINX configuration into a precompiled bundle for faster, more reliable deployments. A security policy bundle includes your policies, attack signatures, bot signatures, and threat campaigns—compiled into a single `.tgz` file that can be deployed across multiple instances. Precompiling with NGINX Instance Manager reduces processing overhead on WAF instances and ensures consistent, reusable configurations. **Note:** For a full overview of how NGINX Instance Manager handles WAF policy management, compilation, and deployment, see [How WAF policy management works](/nim/waf-integration/overview.md). #### Web interface To create a security policy bundle using the NGINX Instance Manager web interface: 1. In your browser, go to the FQDN for your NGINX Instance Manager host and log in. 2. In the left menu, select **WAF > Policies**. 3. On the **Security Policies** page, find the policy you want to create a bundle for. 4. Select the **Actions** menu (…) and choose **Compile**. 5. Check the **Compilation Status** column to monitor the bundle creation progress. - The default status is **Not Compiled**. - Other states include **Compiling**, **Compiled**, and **Error**. > **Note:** By default, **Compile** uses the latest revision of the selected policy, the latest available compiler version, and the most recent versions of attack signatures, bot signatures, and threat campaigns. #### REST API To create a security policy bundle, send a `POST` request to the Security Policy Bundles API. The policies you want to include in the bundle must already exist in NGINX Instance Manager. Each bundle includes: - A security policy - Attack signatures - Bot signatures - Threat campaigns - A version of F5 WAF for NGINX - Supporting files required to compile and deploy the bundle ### Required fields - `appProtectWAFVersion`: The version of F5 WAF for NGINX to target. - `policyName`: The name of the policy to include. Must reference an existing policy. - `policyUID`: Optional. If omitted, the latest revision of the specified policy is used. This field does **not** accept the keyword `latest`. If you don’t include `attackSignatureVersionDateTime`, `botSignatureVersionDateTime`, or `threatCampaignVersionDateTime`, the latest versions are used by default. You can also set them explicitly by using `"latest"` as the value. | Method | Endpoint | |--------|-----------| | POST | `/api/platform/v1/security/policies/bundles` | Example: ```shell curl -X POST https:///api/platform/v1/security/policies/bundles \ -H "Authorization: Bearer " \ -H "Content-Type: application/json" \ -d @security-policy-bundles.json ``` #### JSON request ```json { "bundles": [ { "appProtectWAFVersion": "4.457.0", "policyName": "default-enforcement", "policyUID": "", "attackSignatureVersionDateTime": "2023.06.20", "botSignatureVersionDateTime": "2023.07.09", "threatCampaignVersionDateTime": "2023.07.18" }, { "appProtectWAFVersion": "4.279.0", "policyName": "default-enforcement", "attackSignatureVersionDateTime": "latest", "botSignatureVersionDateTime": "latest", "threatCampaignVersionDateTime": "latest" }, { "appProtectWAFVersion": "4.457.0", "policyName": "ignore-xss" } ] } ``` #### JSON response ```json { "items": [ { "metadata": { "created": "2023-10-04T23:19:58.502Z", "modified": "2023-10-04T23:19:58.502Z", "appProtectWAFVersion": "4.457.0", "policyName": "default-enforcement", "policyUID": "", "attackSignatureVersionDateTime": "2023.06.20", "botSignatureVersionDateTime": "2023.07.09", "threatCampaignVersionDateTime": "2023.07.18", "uid": "" }, "content": "", "compilationStatus": { "status": "compiling", "message": "" } }, { "metadata": { "created": "2023-10-04T23:19:58.502Z", "modified": "2023-10-04T23:19:58.502Z", "appProtectWAFVersion": "4.279.0", "policyName": "default-enforcement", "policyUID": "", "attackSignatureVersionDateTime": "2023.08.10", "botSignatureVersionDateTime": "2023.08.09", "threatCampaignVersionDateTime": "2023.08.09", "uid": "" }, "content": "", "compilationStatus": { "status": "compiling", "message": "" } }, { "metadata": { "created": "2023-10-04T23:19:58.502Z", "modified": "2023-10-04T23:19:58.502Z", "appProtectWAFVersion": "4.457.0", "policyName": "ignore-xss", "policyUID": "", "attackSignatureVersionDateTime": "2023.08.10", "botSignatureVersionDateTime": "2023.08.09", "threatCampaignVersionDateTime": "2023.08.09", "uid": "" }, "content": "", "compilationStatus": { "status": "compiling", "message": "" } } ] } ```