Glossary

This glossary defines terms used in the F5 NGINX One Console and F5 Distributed Cloud.

General terms

General terms

Term	Definition
Config Sync Group	A group of NGINX systems (or instances) with identical configurations. They may also share the same certificates. However, the instances in a Config Sync Group could belong to different systems and even different clusters. For more information, see this explanation of Important considerations
Control Plane	The control plane is the part of a network architecture that manages and controls the flow or data or traffic (the Data Plane). It is responsible for system-level tasks such as routing and traffic management.
Data Plane	The data plane is the part of a network architecture that carries user traffic. It handles tasks like forwarding data packets between devices and managing network communication. In the context of NGINX, the data plane is responsible for tasks such as load balancing, caching, and serving web content.
Instance	An instance is an individual system with NGINX installed. You can group the instances of your choice in a Config Sync Group. When you add an instance to NGINX One, you need to use a data plane key.
Namespace	In F5 Distributed Cloud, a namespace groups a tenant’s configuration objects, similar to administrative domains. Every object in a namespace must have a unique name, and each namespace must be unique to its tenant. This setup ensures isolation, preventing cross-referencing of objects between namespaces. You’ll see the namespace in the NGINX One Console URL as `/namespaces/<namespace name>/`
NGINX Agent	A lightweight software component installed on NGINX instances to enable communication with the NGINX One console.
Staged Configurations	Also known as Staged Configs. Allows you to save “work in progress.” You can create it from scratch, an Instance, another Staged Config, or a Config Sync Group. It does not have to be a working configuration until you publish it to an instance or a Config Sync Group. You can even manage your Staged Configurations through our API.
Tenant	A tenant in F5 Distributed Cloud is an entity that owns a specific set of configuration and infrastructure. It is fundamental for isolation, meaning a tenant cannot access objects or infrastructure of other tenants. Tenants can be either individual or enterprise, with the latter allowing multiple users with role-based access control (RBAC).

Term	Definition
Config Sync Group	A group of NGINX systems (or instances) with identical configurations. They may also share the same certificates. However, the instances in a Config Sync Group could belong to different systems and even different clusters. For more information, see this explanation of Important considerations
Control Plane	The control plane is the part of a network architecture that manages and controls the flow or data or traffic (the Data Plane). It is responsible for system-level tasks such as routing and traffic management.
Data Plane	The data plane is the part of a network architecture that carries user traffic. It handles tasks like forwarding data packets between devices and managing network communication. In the context of NGINX, the data plane is responsible for tasks such as load balancing, caching, and serving web content.
Instance	An instance is an individual system with NGINX installed. You can group the instances of your choice in a Config Sync Group. When you add an instance to NGINX One, you need to use a data plane key.
Namespace	In F5 Distributed Cloud, a namespace groups a tenant’s configuration objects, similar to administrative domains. Every object in a namespace must have a unique name, and each namespace must be unique to its tenant. This setup ensures isolation, preventing cross-referencing of objects between namespaces. You’ll see the namespace in the NGINX One Console URL as `/namespaces/<namespace name>/`
NGINX Agent	A lightweight software component installed on NGINX instances to enable communication with the NGINX One console.
Staged Configurations	Also known as Staged Configs. Allows you to save “work in progress.” You can create it from scratch, an Instance, another Staged Config, or a Config Sync Group. It does not have to be a working configuration until you publish it to an instance or a Config Sync Group. You can even manage your Staged Configurations through our API.
Tenant	A tenant in F5 Distributed Cloud is an entity that owns a specific set of configuration and infrastructure. It is fundamental for isolation, meaning a tenant cannot access objects or infrastructure of other tenants. Tenants can be either individual or enterprise, with the latter allowing multiple users with role-based access control (RBAC).

NGINX App Protect WAF terminology

NGINX App Protect WAF terminology

This guide assumes that you have some familiarity with various Layer 7 (L7) Hypertext Transfer Protocol (HTTP) concepts, such as Uniform Resource Identifier (URI)/Uniform Resource Locator (URL), method, header, cookie, status code, request, response, and parameters.

Term	Definition
Alarm	If selected, the NGINX App Protect WAF system records requests that trigger the violation in the remote log (depending on the settings of the logging profile).
Attack signature	Textual patterns which can be applied to HTTP requests and/or responses by NGINX App Protect WAF to determine if traffic is malicious. For example, the string `<script>` inside an HTTP request triggers an attack signature violation.
Attack signature set	A collection of attack signatures designed for a specific purpose (such as Apache).
Bot signatures	Textual patterns which can be applied to an HTTP request’s User Agent or URI by NGINX App Protect WAF to determine if traffic is coming from a browser or a bot (trusted, untrusted or malicious). For example, the string `googlebot` inside the User-Agent header will be classified as `trusted bot`, and the string `Bichoo Spider` will be classified as `malicious bot`.
Block	To prevent a request from reaching a protected web application. If selected (and enforcement mode is set to Blocking), NGINX App Protect WAF blocks requests that trigger the violation.
Blocking response page	A blocking response page is displayed to a client when a request from that client has been blocked. Also called blocking page and response page.
Enforcement mode	Security policies can be in one of two enforcement modes: Transparent mode In Transparent mode, Blocking is disabled for the security policy. Traffic is not blocked even if a violation is triggered with block flag enabled. You can use this mode when you first put a security policy into effect to make sure that no false positives occur that would stop legitimate traffic. Blocking mode In Blocking mode, Blocking is enabled for the security policy, and you can enable or disable the Block setting for individual violations. Traffic is blocked when a violation occurs if you configure the system to block that type of violation. You can use this mode when you are ready to enforce the security policy. You can change the enforcement mode for a security policy in the security policy JSON file.
Entities	The elements of a security policy, such as HTTP methods, as well as file types, URLs, and/or parameters, which have attributes such as byte length. Also refers to elements of a security policy for which enforcement can be turned on or off, such as an attack signature.
False positive	An instance when NGINX App Protect WAF treats a legitimate request as a violation.
File types	Examples of file types are .php, .asp, .gif, and .txt. They are the extensions for many objects that make up a web application. File Types are one type of entity a NGINX App Protect WAF policy contains.
Illegal request	A request which violates a security policy
Legal request	A request which has not violated the security policy.
Loosening	The process of adapting a security policy to allow specific entities such as File Types, URLs, and Parameters. The term also applies to attack signatures, which can be manually disabled — effectively removing the signature from triggering any violations.
Parameters	Parameters consist of “name=value” pairs, such as OrderID=10. The parameters appear in the query string and/or POST data of an HTTP request. Consequently, they are of particular interest to NGINX App Protect WAF because they represent inputs to the web application.
TPS/RPS	Transactions per second (TPS)/requests per second (RPS). In NGINX App Protect WAF, these terms are used interchangeably.
Tuning	Making manual changes to an existing security policy to reduce false positives and increase the policy’s security level.
URI/URL	The Uniform Resource Identifier (URI) specifies the name of a web object in a request. A Uniform Resource Locator (URL) specifies the location of an object on the Internet. For example, in the web address, `http://www.siterequest.com/index.html`, index.html is the URI, and the URL is `http://www.siterequest.com/index.html`. In NGINX App Protect WAF, the terms URI and URL are used interchangeably.
Violation	Violations occur when some aspect of a request or response does not comply with the security policy. You can configure the blocking settings for any violation in a security policy. When a violation occurs, the system can Alarm or Block a request (blocking is only available when the enforcement mode is set to Blocking).

Term	Definition
Alarm	If selected, the NGINX App Protect WAF system records requests that trigger the violation in the remote log (depending on the settings of the logging profile).
Attack signature	Textual patterns which can be applied to HTTP requests and/or responses by NGINX App Protect WAF to determine if traffic is malicious. For example, the string `<script>` inside an HTTP request triggers an attack signature violation.
Attack signature set	A collection of attack signatures designed for a specific purpose (such as Apache).
Bot signatures	Textual patterns which can be applied to an HTTP request’s User Agent or URI by NGINX App Protect WAF to determine if traffic is coming from a browser or a bot (trusted, untrusted or malicious). For example, the string `googlebot` inside the User-Agent header will be classified as `trusted bot`, and the string `Bichoo Spider` will be classified as `malicious bot`.
Block	To prevent a request from reaching a protected web application. If selected (and enforcement mode is set to Blocking), NGINX App Protect WAF blocks requests that trigger the violation.
Blocking response page	A blocking response page is displayed to a client when a request from that client has been blocked. Also called blocking page and response page.
Enforcement mode	Security policies can be in one of two enforcement modes: Transparent mode In Transparent mode, Blocking is disabled for the security policy. Traffic is not blocked even if a violation is triggered with block flag enabled. You can use this mode when you first put a security policy into effect to make sure that no false positives occur that would stop legitimate traffic. Blocking mode In Blocking mode, Blocking is enabled for the security policy, and you can enable or disable the Block setting for individual violations. Traffic is blocked when a violation occurs if you configure the system to block that type of violation. You can use this mode when you are ready to enforce the security policy. You can change the enforcement mode for a security policy in the security policy JSON file.
Entities	The elements of a security policy, such as HTTP methods, as well as file types, URLs, and/or parameters, which have attributes such as byte length. Also refers to elements of a security policy for which enforcement can be turned on or off, such as an attack signature.
False positive	An instance when NGINX App Protect WAF treats a legitimate request as a violation.
File types	Examples of file types are .php, .asp, .gif, and .txt. They are the extensions for many objects that make up a web application. File Types are one type of entity a NGINX App Protect WAF policy contains.
Illegal request	A request which violates a security policy
Legal request	A request which has not violated the security policy.
Loosening	The process of adapting a security policy to allow specific entities such as File Types, URLs, and Parameters. The term also applies to attack signatures, which can be manually disabled — effectively removing the signature from triggering any violations.
Parameters	Parameters consist of “name=value” pairs, such as OrderID=10. The parameters appear in the query string and/or POST data of an HTTP request. Consequently, they are of particular interest to NGINX App Protect WAF because they represent inputs to the web application.
TPS/RPS	Transactions per second (TPS)/requests per second (RPS). In NGINX App Protect WAF, these terms are used interchangeably.
Tuning	Making manual changes to an existing security policy to reduce false positives and increase the policy’s security level.
URI/URL	The Uniform Resource Identifier (URI) specifies the name of a web object in a request. A Uniform Resource Locator (URL) specifies the location of an object on the Internet. For example, in the web address, `http://www.siterequest.com/index.html`, index.html is the URI, and the URL is `http://www.siterequest.com/index.html`. In NGINX App Protect WAF, the terms URI and URL are used interchangeably.
Violation	Violations occur when some aspect of a request or response does not comply with the security policy. You can configure the blocking settings for any violation in a security policy. When a violation occurs, the system can Alarm or Block a request (blocking is only available when the enforcement mode is set to Blocking).

NGINX Alerts

NGINX Alerts

You can configure a variety of NGINX alerts in the F5 Distributed Cloud. If you have access to the F5 Distributed Cloud, log in and select the Audit Logs & Alerts tile.

Go to Notifications > Alerts. Select the gear icon and select Alert Name > Active Alerts. You may see one or more of the following alerts in the Audit Logs & Alerts Console.

Alert Labels

Alert Labels

Alertname	Description	Alert Level	Action
HighCVENGINX	A high-severity CVE is impacting an NGINX instance	Critical	Review the CVE details in the NGINX One Console. Apply updates or change configurations to resolve the vulnerability.
MediumCVENGINX	A medium-severity CVE is impacting an NGINX instance	Major	Review the CVE details in the NGINX One Console. Apply updates or configuration changes as needed.
LowCVENGINX	A low-severity CVE is impacting an NGINX instance	Minor	Review the CVE details in the NGINX One Console. Consider updates or configuration changes to maintain security.
SecurityRecommendationNGINX	A security recommendation has been found for an NGINX configuration	Critical	Review the configuration issue in the NGINX One Console. Follow the recommendations to secure the instance or Config Sync Group.
OptimizationRecommendationNGINX	An optimization recommendation has been found for an NGINX configuration	Major	Review the optimization details in the NGINX One Console. Update the configuration to for the instance or Config Sync Group to enhance performance.
BestPracticeRecommendationNGINX	A best practice recommendation has been found for an NGINX configuration	Minor	Review the best practice recommendation in the NGINX One Console. Update the configuration for the instance or Config Sync Group to align with industry standards.
NGINXOffline	An NGINX instance is now offline	Major	Verify the host is online. Check the NGINX Agent’s status on the instance and ensure it is connected to the NGINX One Console.
NGINXUnavailable	An NGINX instance is now unavailable	Major	Ensure the NGINX Agent and host are active. Verify the NGINX Agent can connect to the NGINX One Console and resolve any network issues.
NewNGINX	A new NGINX instance has connected to NGINX One	Minor	Review the instance details in the NGINX One Console. Confirm availability, CVEs, and recommendations to ensure the instance is operational.

Alert Labels

Alert Labels

Alertname	Description	Alert Level	Action
HighCVENGINX	A high-severity CVE is impacting an NGINX instance	Critical	Review the CVE details in the NGINX One Console. Apply updates or change configurations to resolve the vulnerability.
MediumCVENGINX	A medium-severity CVE is impacting an NGINX instance	Major	Review the CVE details in the NGINX One Console. Apply updates or configuration changes as needed.
LowCVENGINX	A low-severity CVE is impacting an NGINX instance	Minor	Review the CVE details in the NGINX One Console. Consider updates or configuration changes to maintain security.
SecurityRecommendationNGINX	A security recommendation has been found for an NGINX configuration	Critical	Review the configuration issue in the NGINX One Console. Follow the recommendations to secure the instance or Config Sync Group.
OptimizationRecommendationNGINX	An optimization recommendation has been found for an NGINX configuration	Major	Review the optimization details in the NGINX One Console. Update the configuration to for the instance or Config Sync Group to enhance performance.
BestPracticeRecommendationNGINX	A best practice recommendation has been found for an NGINX configuration	Minor	Review the best practice recommendation in the NGINX One Console. Update the configuration for the instance or Config Sync Group to align with industry standards.
NGINXOffline	An NGINX instance is now offline	Major	Verify the host is online. Check the NGINX Agent’s status on the instance and ensure it is connected to the NGINX One Console.
NGINXUnavailable	An NGINX instance is now unavailable	Major	Ensure the NGINX Agent and host are active. Verify the NGINX Agent can connect to the NGINX One Console and resolve any network issues.
NewNGINX	A new NGINX instance has connected to NGINX One	Minor	Review the instance details in the NGINX One Console. Confirm availability, CVEs, and recommendations to ensure the instance is operational.

Legal notice: Licensing agreements for NGINX products

Legal notice: Licensing agreements for NGINX products

Using NGINX One is subject to our End User Service Agreement (EUSA). For NGINX Plus, usage is governed by the End User License Agreement (EULA). Open source projects, including NGINX Agent and NGINX Open Source, are covered under their respective licenses. For more details on these licenses, follow the provided links.