• F5

    Deliver and secure every app

  • DevCentral

    Connect & learn in our hosted community

  • MyF5

    Your key to everything F5, including support, registration keys, and subscriptions

  • NGINX

    Learn more about NGINX Open Source and read the community blog

  • Community Forum

    Engage with the broader NGINX community for discussions and troubleshooting

Technical specifications

This page outlines the technical specifications for F5 WAF for NGINX, which includes the minimum requirements and supported platforms.

Supported deployment environments

You can deploy F5 WAF for NGINX in the following environments:

Supported operating systems

Distribution Version
Alpine Linux 3.19
Amazon Linux 2023
Debian 11, 12
Oracle Linux 8.1
Ubuntu 22.04, 24.04
RHEL / Rocky Linux 8, 9

For release-specific packages, view the Changelog.

Package dependencies

The F5 WAF for NGINX package has the following dependencies:

Module name Description
nginx-plus-module-appprotect NGINX Plus dynamic module for F5 WAF for NGINX
app-protect-engine The F5 WAF for NGINX enforcement engine
app-protect-plugin The F5 WAF for NGINX connector API between the engine and the NGINX Plus dynamic module
app-protect-compiler The F5 WAF for NGINX enforcement engine compiler agent
app-protect-common The F5 WAF for NGINX shared libraries package
app-protect-geoip The F5 WAF for NGINX geolocation update package
app-protect-graphql The F5 WAF for NGINX shared library package for GraphQL protection
app-protect-attack-signatures The F5 WAF for NGINX attack signatures update package
app-protect-threat-campaigns The F5 WAF for NGINX threat campaigns update package
app-protect-bot-signatures The F5 WAF for NGINX bot signatures update package
app-protect-selinux (1) The prebuilt SELinux policy module for F5 WAF for NGINX
app-protect-ip-intelligence (1, 2) Necessary for the IP intelligence feature
  1. Optional dependencies
  2. This package needs to be installed separately, and includes a client for downloading and updating the feature’s database

Supported security policy features

The following security policy features are available with F5 WAF for NGINX.

The names link to additional information in the Policies section.

Feature Description
Attack signatures The default policy covers the OWASP top 10 attack patterns. Specific signature sets can be added or disabled.
IP intelligence Configure the IP Intelligence feature to customize enforcement based on the source IP of the request, limiting access from IP addresses with questionable reputation.
User-defined HTTP headers Handling headers as a special part of requests
XFF headers and trust Disabled by default, and can accept an optional list of custom XFF headers.
View source
Edit this page
Create a new issue